Line data Source code
1 : /*
2 : * Wi-Fi Protected Setup - Enrollee
3 : * Copyright (c) 2008, Jouni Malinen <j@w1.fi>
4 : *
5 : * This software may be distributed under the terms of the BSD license.
6 : * See README for more details.
7 : */
8 :
9 : #include "includes.h"
10 :
11 : #include "common.h"
12 : #include "crypto/crypto.h"
13 : #include "crypto/sha256.h"
14 : #include "crypto/random.h"
15 : #include "wps_i.h"
16 : #include "wps_dev_attr.h"
17 :
18 :
19 45 : static int wps_build_wps_state(struct wps_data *wps, struct wpabuf *msg)
20 : {
21 : u8 state;
22 45 : if (wps->wps->ap)
23 45 : state = wps->wps->wps_state;
24 : else
25 0 : state = WPS_STATE_NOT_CONFIGURED;
26 45 : wpa_printf(MSG_DEBUG, "WPS: * Wi-Fi Protected Setup State (%d)",
27 : state);
28 45 : wpabuf_put_be16(msg, ATTR_WPS_STATE);
29 45 : wpabuf_put_be16(msg, 1);
30 45 : wpabuf_put_u8(msg, state);
31 45 : return 0;
32 : }
33 :
34 :
35 29 : static int wps_build_e_hash(struct wps_data *wps, struct wpabuf *msg)
36 : {
37 : u8 *hash;
38 : const u8 *addr[4];
39 : size_t len[4];
40 :
41 29 : if (random_get_bytes(wps->snonce, 2 * WPS_SECRET_NONCE_LEN) < 0)
42 0 : return -1;
43 29 : wpa_hexdump(MSG_DEBUG, "WPS: E-S1", wps->snonce, WPS_SECRET_NONCE_LEN);
44 29 : wpa_hexdump(MSG_DEBUG, "WPS: E-S2",
45 29 : wps->snonce + WPS_SECRET_NONCE_LEN, WPS_SECRET_NONCE_LEN);
46 :
47 29 : if (wps->dh_pubkey_e == NULL || wps->dh_pubkey_r == NULL) {
48 0 : wpa_printf(MSG_DEBUG, "WPS: DH public keys not available for "
49 : "E-Hash derivation");
50 0 : return -1;
51 : }
52 :
53 29 : wpa_printf(MSG_DEBUG, "WPS: * E-Hash1");
54 29 : wpabuf_put_be16(msg, ATTR_E_HASH1);
55 29 : wpabuf_put_be16(msg, SHA256_MAC_LEN);
56 29 : hash = wpabuf_put(msg, SHA256_MAC_LEN);
57 : /* E-Hash1 = HMAC_AuthKey(E-S1 || PSK1 || PK_E || PK_R) */
58 29 : addr[0] = wps->snonce;
59 29 : len[0] = WPS_SECRET_NONCE_LEN;
60 29 : addr[1] = wps->psk1;
61 29 : len[1] = WPS_PSK_LEN;
62 29 : addr[2] = wpabuf_head(wps->dh_pubkey_e);
63 29 : len[2] = wpabuf_len(wps->dh_pubkey_e);
64 29 : addr[3] = wpabuf_head(wps->dh_pubkey_r);
65 29 : len[3] = wpabuf_len(wps->dh_pubkey_r);
66 29 : hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
67 29 : wpa_hexdump(MSG_DEBUG, "WPS: E-Hash1", hash, SHA256_MAC_LEN);
68 :
69 29 : wpa_printf(MSG_DEBUG, "WPS: * E-Hash2");
70 29 : wpabuf_put_be16(msg, ATTR_E_HASH2);
71 29 : wpabuf_put_be16(msg, SHA256_MAC_LEN);
72 29 : hash = wpabuf_put(msg, SHA256_MAC_LEN);
73 : /* E-Hash2 = HMAC_AuthKey(E-S2 || PSK2 || PK_E || PK_R) */
74 29 : addr[0] = wps->snonce + WPS_SECRET_NONCE_LEN;
75 29 : addr[1] = wps->psk2;
76 29 : hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
77 29 : wpa_hexdump(MSG_DEBUG, "WPS: E-Hash2", hash, SHA256_MAC_LEN);
78 :
79 29 : return 0;
80 : }
81 :
82 :
83 25 : static int wps_build_e_snonce1(struct wps_data *wps, struct wpabuf *msg)
84 : {
85 25 : wpa_printf(MSG_DEBUG, "WPS: * E-SNonce1");
86 25 : wpabuf_put_be16(msg, ATTR_E_SNONCE1);
87 25 : wpabuf_put_be16(msg, WPS_SECRET_NONCE_LEN);
88 25 : wpabuf_put_data(msg, wps->snonce, WPS_SECRET_NONCE_LEN);
89 25 : return 0;
90 : }
91 :
92 :
93 23 : static int wps_build_e_snonce2(struct wps_data *wps, struct wpabuf *msg)
94 : {
95 23 : wpa_printf(MSG_DEBUG, "WPS: * E-SNonce2");
96 23 : wpabuf_put_be16(msg, ATTR_E_SNONCE2);
97 23 : wpabuf_put_be16(msg, WPS_SECRET_NONCE_LEN);
98 23 : wpabuf_put_data(msg, wps->snonce + WPS_SECRET_NONCE_LEN,
99 : WPS_SECRET_NONCE_LEN);
100 23 : return 0;
101 : }
102 :
103 :
104 45 : static struct wpabuf * wps_build_m1(struct wps_data *wps)
105 : {
106 : struct wpabuf *msg;
107 : u16 config_methods;
108 :
109 45 : if (random_get_bytes(wps->nonce_e, WPS_NONCE_LEN) < 0)
110 0 : return NULL;
111 45 : wpa_hexdump(MSG_DEBUG, "WPS: Enrollee Nonce",
112 45 : wps->nonce_e, WPS_NONCE_LEN);
113 :
114 45 : wpa_printf(MSG_DEBUG, "WPS: Building Message M1");
115 45 : msg = wpabuf_alloc(1000);
116 45 : if (msg == NULL)
117 0 : return NULL;
118 :
119 45 : config_methods = wps->wps->config_methods;
120 90 : if (wps->wps->ap && !wps->pbc_in_m1 &&
121 48 : (wps->dev_password_len != 0 ||
122 3 : (config_methods & WPS_CONFIG_DISPLAY))) {
123 : /*
124 : * These are the methods that the AP supports as an Enrollee
125 : * for adding external Registrars, so remove PushButton.
126 : *
127 : * As a workaround for Windows 7 mechanism for probing WPS
128 : * capabilities from M1, leave PushButton option if no PIN
129 : * method is available or if WPS configuration enables PBC
130 : * workaround.
131 : */
132 42 : config_methods &= ~WPS_CONFIG_PUSHBUTTON;
133 42 : config_methods &= ~(WPS_CONFIG_VIRT_PUSHBUTTON |
134 : WPS_CONFIG_PHY_PUSHBUTTON);
135 : }
136 :
137 90 : if (wps_build_version(msg) ||
138 90 : wps_build_msg_type(msg, WPS_M1) ||
139 90 : wps_build_uuid_e(msg, wps->uuid_e) ||
140 90 : wps_build_mac_addr(msg, wps->mac_addr_e) ||
141 90 : wps_build_enrollee_nonce(wps, msg) ||
142 90 : wps_build_public_key(wps, msg) ||
143 90 : wps_build_auth_type_flags(wps, msg) ||
144 90 : wps_build_encr_type_flags(wps, msg) ||
145 90 : wps_build_conn_type_flags(wps, msg) ||
146 90 : wps_build_config_methods(msg, config_methods) ||
147 90 : wps_build_wps_state(wps, msg) ||
148 90 : wps_build_device_attrs(&wps->wps->dev, msg) ||
149 45 : wps_build_rf_bands(&wps->wps->dev, msg,
150 90 : wps->wps->rf_band_cb(wps->wps->cb_ctx)) ||
151 90 : wps_build_assoc_state(wps, msg) ||
152 90 : wps_build_dev_password_id(msg, wps->dev_pw_id) ||
153 90 : wps_build_config_error(msg, WPS_CFG_NO_ERROR) ||
154 90 : wps_build_os_version(&wps->wps->dev, msg) ||
155 90 : wps_build_wfa_ext(msg, 0, NULL, 0) ||
156 45 : wps_build_vendor_ext_m1(&wps->wps->dev, msg)) {
157 0 : wpabuf_free(msg);
158 0 : return NULL;
159 : }
160 :
161 45 : wps->state = RECV_M2;
162 45 : return msg;
163 : }
164 :
165 :
166 29 : static struct wpabuf * wps_build_m3(struct wps_data *wps)
167 : {
168 : struct wpabuf *msg;
169 :
170 29 : wpa_printf(MSG_DEBUG, "WPS: Building Message M3");
171 :
172 29 : if (wps->dev_password == NULL) {
173 0 : wpa_printf(MSG_DEBUG, "WPS: No Device Password available");
174 0 : return NULL;
175 : }
176 29 : wps_derive_psk(wps, wps->dev_password, wps->dev_password_len);
177 :
178 29 : msg = wpabuf_alloc(1000);
179 29 : if (msg == NULL)
180 0 : return NULL;
181 :
182 58 : if (wps_build_version(msg) ||
183 58 : wps_build_msg_type(msg, WPS_M3) ||
184 58 : wps_build_registrar_nonce(wps, msg) ||
185 58 : wps_build_e_hash(wps, msg) ||
186 58 : wps_build_wfa_ext(msg, 0, NULL, 0) ||
187 29 : wps_build_authenticator(wps, msg)) {
188 0 : wpabuf_free(msg);
189 0 : return NULL;
190 : }
191 :
192 29 : wps->state = RECV_M4;
193 29 : return msg;
194 : }
195 :
196 :
197 25 : static struct wpabuf * wps_build_m5(struct wps_data *wps)
198 : {
199 : struct wpabuf *msg, *plain;
200 :
201 25 : wpa_printf(MSG_DEBUG, "WPS: Building Message M5");
202 :
203 25 : plain = wpabuf_alloc(200);
204 25 : if (plain == NULL)
205 0 : return NULL;
206 :
207 25 : msg = wpabuf_alloc(1000);
208 25 : if (msg == NULL) {
209 0 : wpabuf_free(plain);
210 0 : return NULL;
211 : }
212 :
213 50 : if (wps_build_version(msg) ||
214 50 : wps_build_msg_type(msg, WPS_M5) ||
215 50 : wps_build_registrar_nonce(wps, msg) ||
216 50 : wps_build_e_snonce1(wps, plain) ||
217 50 : wps_build_key_wrap_auth(wps, plain) ||
218 50 : wps_build_encr_settings(wps, msg, plain) ||
219 50 : wps_build_wfa_ext(msg, 0, NULL, 0) ||
220 25 : wps_build_authenticator(wps, msg)) {
221 0 : wpabuf_free(plain);
222 0 : wpabuf_free(msg);
223 0 : return NULL;
224 : }
225 25 : wpabuf_free(plain);
226 :
227 25 : wps->state = RECV_M6;
228 25 : return msg;
229 : }
230 :
231 :
232 23 : static int wps_build_cred_ssid(struct wps_data *wps, struct wpabuf *msg)
233 : {
234 23 : wpa_printf(MSG_DEBUG, "WPS: * SSID");
235 23 : wpabuf_put_be16(msg, ATTR_SSID);
236 23 : wpabuf_put_be16(msg, wps->wps->ssid_len);
237 23 : wpabuf_put_data(msg, wps->wps->ssid, wps->wps->ssid_len);
238 23 : return 0;
239 : }
240 :
241 :
242 23 : static int wps_build_cred_auth_type(struct wps_data *wps, struct wpabuf *msg)
243 : {
244 23 : wpa_printf(MSG_DEBUG, "WPS: * Authentication Type (0x%x)",
245 23 : wps->wps->ap_auth_type);
246 23 : wpabuf_put_be16(msg, ATTR_AUTH_TYPE);
247 23 : wpabuf_put_be16(msg, 2);
248 23 : wpabuf_put_be16(msg, wps->wps->ap_auth_type);
249 23 : return 0;
250 : }
251 :
252 :
253 23 : static int wps_build_cred_encr_type(struct wps_data *wps, struct wpabuf *msg)
254 : {
255 23 : wpa_printf(MSG_DEBUG, "WPS: * Encryption Type (0x%x)",
256 23 : wps->wps->ap_encr_type);
257 23 : wpabuf_put_be16(msg, ATTR_ENCR_TYPE);
258 23 : wpabuf_put_be16(msg, 2);
259 23 : wpabuf_put_be16(msg, wps->wps->ap_encr_type);
260 23 : return 0;
261 : }
262 :
263 :
264 23 : static int wps_build_cred_network_key(struct wps_data *wps, struct wpabuf *msg)
265 : {
266 40 : if ((wps->wps->ap_auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) &&
267 17 : wps->wps->network_key_len == 0) {
268 : char hex[65];
269 : u8 psk[32];
270 : /* Generate a random per-device PSK */
271 3 : if (random_get_bytes(psk, sizeof(psk)) < 0)
272 0 : return -1;
273 3 : wpa_hexdump_key(MSG_DEBUG, "WPS: Generated per-device PSK",
274 : psk, sizeof(psk));
275 3 : wpa_printf(MSG_DEBUG, "WPS: * Network Key (len=%u)",
276 3 : (unsigned int) wps->new_psk_len * 2);
277 3 : wpa_snprintf_hex(hex, sizeof(hex), psk, sizeof(psk));
278 3 : wpabuf_put_be16(msg, ATTR_NETWORK_KEY);
279 3 : wpabuf_put_be16(msg, sizeof(psk) * 2);
280 3 : wpabuf_put_data(msg, hex, sizeof(psk) * 2);
281 3 : if (wps->wps->registrar) {
282 3 : wps_cb_new_psk(wps->wps->registrar,
283 3 : wps->peer_dev.mac_addr,
284 3 : wps->p2p_dev_addr, psk, sizeof(psk));
285 : }
286 3 : return 0;
287 : }
288 :
289 20 : wpa_printf(MSG_DEBUG, "WPS: * Network Key (len=%u)",
290 20 : (unsigned int) wps->wps->network_key_len);
291 20 : wpabuf_put_be16(msg, ATTR_NETWORK_KEY);
292 20 : wpabuf_put_be16(msg, wps->wps->network_key_len);
293 20 : wpabuf_put_data(msg, wps->wps->network_key, wps->wps->network_key_len);
294 20 : return 0;
295 : }
296 :
297 :
298 23 : static int wps_build_cred_mac_addr(struct wps_data *wps, struct wpabuf *msg)
299 : {
300 23 : wpa_printf(MSG_DEBUG, "WPS: * MAC Address (AP BSSID)");
301 23 : wpabuf_put_be16(msg, ATTR_MAC_ADDR);
302 23 : wpabuf_put_be16(msg, ETH_ALEN);
303 23 : wpabuf_put_data(msg, wps->wps->dev.mac_addr, ETH_ALEN);
304 23 : return 0;
305 : }
306 :
307 :
308 23 : static int wps_build_ap_settings(struct wps_data *wps, struct wpabuf *plain)
309 : {
310 : const u8 *start, *end;
311 : int ret;
312 :
313 23 : if (wps->wps->ap_settings) {
314 0 : wpa_printf(MSG_DEBUG, "WPS: * AP Settings (pre-configured)");
315 0 : wpabuf_put_data(plain, wps->wps->ap_settings,
316 0 : wps->wps->ap_settings_len);
317 0 : return 0;
318 : }
319 :
320 23 : wpa_printf(MSG_DEBUG, "WPS: * AP Settings based on current configuration");
321 23 : start = wpabuf_put(plain, 0);
322 69 : ret = wps_build_cred_ssid(wps, plain) ||
323 46 : wps_build_cred_mac_addr(wps, plain) ||
324 46 : wps_build_cred_auth_type(wps, plain) ||
325 69 : wps_build_cred_encr_type(wps, plain) ||
326 23 : wps_build_cred_network_key(wps, plain);
327 23 : end = wpabuf_put(plain, 0);
328 :
329 23 : wpa_hexdump_key(MSG_DEBUG, "WPS: Plaintext AP Settings",
330 23 : start, end - start);
331 :
332 23 : return ret;
333 : }
334 :
335 :
336 23 : static struct wpabuf * wps_build_m7(struct wps_data *wps)
337 : {
338 : struct wpabuf *msg, *plain;
339 :
340 23 : wpa_printf(MSG_DEBUG, "WPS: Building Message M7");
341 :
342 23 : plain = wpabuf_alloc(500 + wps->wps->ap_settings_len);
343 23 : if (plain == NULL)
344 0 : return NULL;
345 :
346 23 : msg = wpabuf_alloc(1000 + wps->wps->ap_settings_len);
347 23 : if (msg == NULL) {
348 0 : wpabuf_free(plain);
349 0 : return NULL;
350 : }
351 :
352 46 : if (wps_build_version(msg) ||
353 46 : wps_build_msg_type(msg, WPS_M7) ||
354 46 : wps_build_registrar_nonce(wps, msg) ||
355 46 : wps_build_e_snonce2(wps, plain) ||
356 69 : (wps->wps->ap && wps_build_ap_settings(wps, plain)) ||
357 46 : wps_build_key_wrap_auth(wps, plain) ||
358 46 : wps_build_encr_settings(wps, msg, plain) ||
359 46 : wps_build_wfa_ext(msg, 0, NULL, 0) ||
360 23 : wps_build_authenticator(wps, msg)) {
361 0 : wpabuf_free(plain);
362 0 : wpabuf_free(msg);
363 0 : return NULL;
364 : }
365 23 : wpabuf_free(plain);
366 :
367 23 : if (wps->wps->ap && wps->wps->registrar) {
368 : /*
369 : * If the Registrar is only learning our current configuration,
370 : * it may not continue protocol run to successful completion.
371 : * Store information here to make sure it remains available.
372 : */
373 23 : wps_device_store(wps->wps->registrar, &wps->peer_dev,
374 23 : wps->uuid_r);
375 : }
376 :
377 23 : wps->state = RECV_M8;
378 23 : return msg;
379 : }
380 :
381 :
382 7 : static struct wpabuf * wps_build_wsc_done(struct wps_data *wps)
383 : {
384 : struct wpabuf *msg;
385 :
386 7 : wpa_printf(MSG_DEBUG, "WPS: Building Message WSC_Done");
387 :
388 7 : msg = wpabuf_alloc(1000);
389 7 : if (msg == NULL)
390 0 : return NULL;
391 :
392 14 : if (wps_build_version(msg) ||
393 14 : wps_build_msg_type(msg, WPS_WSC_DONE) ||
394 14 : wps_build_enrollee_nonce(wps, msg) ||
395 14 : wps_build_registrar_nonce(wps, msg) ||
396 7 : wps_build_wfa_ext(msg, 0, NULL, 0)) {
397 0 : wpabuf_free(msg);
398 0 : return NULL;
399 : }
400 :
401 7 : if (wps->wps->ap)
402 7 : wps->state = RECV_ACK;
403 : else {
404 0 : wps_success_event(wps->wps, wps->peer_dev.mac_addr);
405 0 : wps->state = WPS_FINISHED;
406 : }
407 7 : return msg;
408 : }
409 :
410 :
411 142 : struct wpabuf * wps_enrollee_get_msg(struct wps_data *wps,
412 : enum wsc_op_code *op_code)
413 : {
414 : struct wpabuf *msg;
415 :
416 142 : switch (wps->state) {
417 : case SEND_M1:
418 45 : msg = wps_build_m1(wps);
419 45 : *op_code = WSC_MSG;
420 45 : break;
421 : case SEND_M3:
422 29 : msg = wps_build_m3(wps);
423 29 : *op_code = WSC_MSG;
424 29 : break;
425 : case SEND_M5:
426 25 : msg = wps_build_m5(wps);
427 25 : *op_code = WSC_MSG;
428 25 : break;
429 : case SEND_M7:
430 23 : msg = wps_build_m7(wps);
431 23 : *op_code = WSC_MSG;
432 23 : break;
433 : case RECEIVED_M2D:
434 0 : if (wps->wps->ap) {
435 0 : msg = wps_build_wsc_nack(wps);
436 0 : *op_code = WSC_NACK;
437 0 : break;
438 : }
439 0 : msg = wps_build_wsc_ack(wps);
440 0 : *op_code = WSC_ACK;
441 0 : if (msg) {
442 : /* Another M2/M2D may be received */
443 0 : wps->state = RECV_M2;
444 : }
445 0 : break;
446 : case SEND_WSC_NACK:
447 13 : msg = wps_build_wsc_nack(wps);
448 13 : *op_code = WSC_NACK;
449 13 : break;
450 : case WPS_MSG_DONE:
451 7 : msg = wps_build_wsc_done(wps);
452 7 : *op_code = WSC_Done;
453 7 : break;
454 : default:
455 0 : wpa_printf(MSG_DEBUG, "WPS: Unsupported state %d for building "
456 0 : "a message", wps->state);
457 0 : msg = NULL;
458 0 : break;
459 : }
460 :
461 142 : if (*op_code == WSC_MSG && msg) {
462 : /* Save a copy of the last message for Authenticator derivation
463 : */
464 122 : wpabuf_free(wps->last_msg);
465 122 : wps->last_msg = wpabuf_dup(msg);
466 : }
467 :
468 142 : return msg;
469 : }
470 :
471 :
472 35 : static int wps_process_registrar_nonce(struct wps_data *wps, const u8 *r_nonce)
473 : {
474 35 : if (r_nonce == NULL) {
475 0 : wpa_printf(MSG_DEBUG, "WPS: No Registrar Nonce received");
476 0 : return -1;
477 : }
478 :
479 35 : os_memcpy(wps->nonce_r, r_nonce, WPS_NONCE_LEN);
480 35 : wpa_hexdump(MSG_DEBUG, "WPS: Registrar Nonce",
481 35 : wps->nonce_r, WPS_NONCE_LEN);
482 :
483 35 : return 0;
484 : }
485 :
486 :
487 97 : static int wps_process_enrollee_nonce(struct wps_data *wps, const u8 *e_nonce)
488 : {
489 97 : if (e_nonce == NULL) {
490 0 : wpa_printf(MSG_DEBUG, "WPS: No Enrollee Nonce received");
491 0 : return -1;
492 : }
493 :
494 97 : if (os_memcmp(wps->nonce_e, e_nonce, WPS_NONCE_LEN) != 0) {
495 0 : wpa_printf(MSG_DEBUG, "WPS: Invalid Enrollee Nonce received");
496 0 : return -1;
497 : }
498 :
499 97 : return 0;
500 : }
501 :
502 :
503 35 : static int wps_process_uuid_r(struct wps_data *wps, const u8 *uuid_r)
504 : {
505 35 : if (uuid_r == NULL) {
506 0 : wpa_printf(MSG_DEBUG, "WPS: No UUID-R received");
507 0 : return -1;
508 : }
509 :
510 35 : os_memcpy(wps->uuid_r, uuid_r, WPS_UUID_LEN);
511 35 : wpa_hexdump(MSG_DEBUG, "WPS: UUID-R", wps->uuid_r, WPS_UUID_LEN);
512 :
513 35 : return 0;
514 : }
515 :
516 :
517 29 : static int wps_process_pubkey(struct wps_data *wps, const u8 *pk,
518 : size_t pk_len)
519 : {
520 29 : if (pk == NULL || pk_len == 0) {
521 0 : wpa_printf(MSG_DEBUG, "WPS: No Public Key received");
522 0 : return -1;
523 : }
524 :
525 29 : if (wps->peer_pubkey_hash_set) {
526 : u8 hash[WPS_HASH_LEN];
527 0 : sha256_vector(1, &pk, &pk_len, hash);
528 0 : if (os_memcmp(hash, wps->peer_pubkey_hash,
529 : WPS_OOB_PUBKEY_HASH_LEN) != 0) {
530 0 : wpa_printf(MSG_ERROR, "WPS: Public Key hash mismatch");
531 0 : wpa_hexdump(MSG_DEBUG, "WPS: Received public key",
532 : pk, pk_len);
533 0 : wpa_hexdump(MSG_DEBUG, "WPS: Calculated public key "
534 : "hash", hash, WPS_OOB_PUBKEY_HASH_LEN);
535 0 : wpa_hexdump(MSG_DEBUG, "WPS: Expected public key hash",
536 0 : wps->peer_pubkey_hash,
537 : WPS_OOB_PUBKEY_HASH_LEN);
538 0 : wps->config_error = WPS_CFG_PUBLIC_KEY_HASH_MISMATCH;
539 0 : return -1;
540 : }
541 : }
542 :
543 29 : wpabuf_free(wps->dh_pubkey_r);
544 29 : wps->dh_pubkey_r = wpabuf_alloc_copy(pk, pk_len);
545 29 : if (wps->dh_pubkey_r == NULL)
546 0 : return -1;
547 :
548 29 : if (wps_derive_keys(wps) < 0)
549 0 : return -1;
550 :
551 29 : return 0;
552 : }
553 :
554 :
555 29 : static int wps_process_r_hash1(struct wps_data *wps, const u8 *r_hash1)
556 : {
557 29 : if (r_hash1 == NULL) {
558 0 : wpa_printf(MSG_DEBUG, "WPS: No R-Hash1 received");
559 0 : return -1;
560 : }
561 :
562 29 : os_memcpy(wps->peer_hash1, r_hash1, WPS_HASH_LEN);
563 29 : wpa_hexdump(MSG_DEBUG, "WPS: R-Hash1", wps->peer_hash1, WPS_HASH_LEN);
564 :
565 29 : return 0;
566 : }
567 :
568 :
569 29 : static int wps_process_r_hash2(struct wps_data *wps, const u8 *r_hash2)
570 : {
571 29 : if (r_hash2 == NULL) {
572 0 : wpa_printf(MSG_DEBUG, "WPS: No R-Hash2 received");
573 0 : return -1;
574 : }
575 :
576 29 : os_memcpy(wps->peer_hash2, r_hash2, WPS_HASH_LEN);
577 29 : wpa_hexdump(MSG_DEBUG, "WPS: R-Hash2", wps->peer_hash2, WPS_HASH_LEN);
578 :
579 29 : return 0;
580 : }
581 :
582 :
583 29 : static int wps_process_r_snonce1(struct wps_data *wps, const u8 *r_snonce1)
584 : {
585 : u8 hash[SHA256_MAC_LEN];
586 : const u8 *addr[4];
587 : size_t len[4];
588 :
589 29 : if (r_snonce1 == NULL) {
590 0 : wpa_printf(MSG_DEBUG, "WPS: No R-SNonce1 received");
591 0 : return -1;
592 : }
593 :
594 29 : wpa_hexdump_key(MSG_DEBUG, "WPS: R-SNonce1", r_snonce1,
595 : WPS_SECRET_NONCE_LEN);
596 :
597 : /* R-Hash1 = HMAC_AuthKey(R-S1 || PSK1 || PK_E || PK_R) */
598 29 : addr[0] = r_snonce1;
599 29 : len[0] = WPS_SECRET_NONCE_LEN;
600 29 : addr[1] = wps->psk1;
601 29 : len[1] = WPS_PSK_LEN;
602 29 : addr[2] = wpabuf_head(wps->dh_pubkey_e);
603 29 : len[2] = wpabuf_len(wps->dh_pubkey_e);
604 29 : addr[3] = wpabuf_head(wps->dh_pubkey_r);
605 29 : len[3] = wpabuf_len(wps->dh_pubkey_r);
606 29 : hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
607 :
608 29 : if (os_memcmp(wps->peer_hash1, hash, WPS_HASH_LEN) != 0) {
609 4 : wpa_printf(MSG_DEBUG, "WPS: R-Hash1 derived from R-S1 does "
610 : "not match with the pre-committed value");
611 4 : wps->config_error = WPS_CFG_DEV_PASSWORD_AUTH_FAILURE;
612 4 : wps_pwd_auth_fail_event(wps->wps, 1, 1, wps->peer_dev.mac_addr);
613 4 : return -1;
614 : }
615 :
616 25 : wpa_printf(MSG_DEBUG, "WPS: Registrar proved knowledge of the first "
617 : "half of the device password");
618 :
619 25 : return 0;
620 : }
621 :
622 :
623 25 : static int wps_process_r_snonce2(struct wps_data *wps, const u8 *r_snonce2)
624 : {
625 : u8 hash[SHA256_MAC_LEN];
626 : const u8 *addr[4];
627 : size_t len[4];
628 :
629 25 : if (r_snonce2 == NULL) {
630 0 : wpa_printf(MSG_DEBUG, "WPS: No R-SNonce2 received");
631 0 : return -1;
632 : }
633 :
634 25 : wpa_hexdump_key(MSG_DEBUG, "WPS: R-SNonce2", r_snonce2,
635 : WPS_SECRET_NONCE_LEN);
636 :
637 : /* R-Hash2 = HMAC_AuthKey(R-S2 || PSK2 || PK_E || PK_R) */
638 25 : addr[0] = r_snonce2;
639 25 : len[0] = WPS_SECRET_NONCE_LEN;
640 25 : addr[1] = wps->psk2;
641 25 : len[1] = WPS_PSK_LEN;
642 25 : addr[2] = wpabuf_head(wps->dh_pubkey_e);
643 25 : len[2] = wpabuf_len(wps->dh_pubkey_e);
644 25 : addr[3] = wpabuf_head(wps->dh_pubkey_r);
645 25 : len[3] = wpabuf_len(wps->dh_pubkey_r);
646 25 : hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
647 :
648 25 : if (os_memcmp(wps->peer_hash2, hash, WPS_HASH_LEN) != 0) {
649 2 : wpa_printf(MSG_DEBUG, "WPS: R-Hash2 derived from R-S2 does "
650 : "not match with the pre-committed value");
651 2 : wps->config_error = WPS_CFG_DEV_PASSWORD_AUTH_FAILURE;
652 2 : wps_pwd_auth_fail_event(wps->wps, 1, 2, wps->peer_dev.mac_addr);
653 2 : return -1;
654 : }
655 :
656 23 : wpa_printf(MSG_DEBUG, "WPS: Registrar proved knowledge of the second "
657 : "half of the device password");
658 :
659 23 : return 0;
660 : }
661 :
662 :
663 0 : static int wps_process_cred_e(struct wps_data *wps, const u8 *cred,
664 : size_t cred_len, int wps2)
665 : {
666 : struct wps_parse_attr attr;
667 : struct wpabuf msg;
668 0 : int ret = 0;
669 :
670 0 : wpa_printf(MSG_DEBUG, "WPS: Received Credential");
671 0 : os_memset(&wps->cred, 0, sizeof(wps->cred));
672 0 : wpabuf_set(&msg, cred, cred_len);
673 0 : if (wps_parse_msg(&msg, &attr) < 0 ||
674 0 : wps_process_cred(&attr, &wps->cred))
675 0 : return -1;
676 :
677 0 : if (os_memcmp(wps->cred.mac_addr, wps->wps->dev.mac_addr, ETH_ALEN) !=
678 : 0) {
679 0 : wpa_printf(MSG_DEBUG, "WPS: MAC Address in the Credential ("
680 : MACSTR ") does not match with own address (" MACSTR
681 0 : ")", MAC2STR(wps->cred.mac_addr),
682 0 : MAC2STR(wps->wps->dev.mac_addr));
683 : /*
684 : * In theory, this could be consider fatal error, but there are
685 : * number of deployed implementations using other address here
686 : * due to unclarity in the specification. For interoperability
687 : * reasons, allow this to be processed since we do not really
688 : * use the MAC Address information for anything.
689 : */
690 : #ifdef CONFIG_WPS_STRICT
691 : if (wps2) {
692 : wpa_printf(MSG_INFO, "WPS: Do not accept incorrect "
693 : "MAC Address in AP Settings");
694 : return -1;
695 : }
696 : #endif /* CONFIG_WPS_STRICT */
697 : }
698 :
699 0 : if (!(wps->cred.encr_type &
700 : (WPS_ENCR_NONE | WPS_ENCR_TKIP | WPS_ENCR_AES))) {
701 0 : if (wps->cred.encr_type & WPS_ENCR_WEP) {
702 0 : wpa_printf(MSG_INFO, "WPS: Reject Credential "
703 : "due to WEP configuration");
704 0 : wps->error_indication = WPS_EI_SECURITY_WEP_PROHIBITED;
705 0 : return -2;
706 : }
707 :
708 0 : wpa_printf(MSG_INFO, "WPS: Reject Credential due to "
709 0 : "invalid encr_type 0x%x", wps->cred.encr_type);
710 0 : return -1;
711 : }
712 :
713 0 : if (wps->wps->cred_cb) {
714 0 : wps->cred.cred_attr = cred - 4;
715 0 : wps->cred.cred_attr_len = cred_len + 4;
716 0 : ret = wps->wps->cred_cb(wps->wps->cb_ctx, &wps->cred);
717 0 : wps->cred.cred_attr = NULL;
718 0 : wps->cred.cred_attr_len = 0;
719 : }
720 :
721 0 : return ret;
722 : }
723 :
724 :
725 8 : static int wps_process_creds(struct wps_data *wps, const u8 *cred[],
726 : size_t cred_len[], size_t num_cred, int wps2)
727 : {
728 : size_t i;
729 8 : int ok = 0;
730 :
731 8 : if (wps->wps->ap)
732 8 : return 0;
733 :
734 0 : if (num_cred == 0) {
735 0 : wpa_printf(MSG_DEBUG, "WPS: No Credential attributes "
736 : "received");
737 0 : return -1;
738 : }
739 :
740 0 : for (i = 0; i < num_cred; i++) {
741 : int res;
742 0 : res = wps_process_cred_e(wps, cred[i], cred_len[i], wps2);
743 0 : if (res == 0)
744 0 : ok++;
745 0 : else if (res == -2)
746 0 : wpa_printf(MSG_DEBUG, "WPS: WEP credential skipped");
747 : else
748 0 : return -1;
749 : }
750 :
751 0 : if (ok == 0) {
752 0 : wpa_printf(MSG_DEBUG, "WPS: No valid Credential attribute "
753 : "received");
754 0 : return -1;
755 : }
756 :
757 0 : return 0;
758 : }
759 :
760 :
761 8 : static int wps_process_ap_settings_e(struct wps_data *wps,
762 : struct wps_parse_attr *attr,
763 : struct wpabuf *attrs, int wps2)
764 : {
765 : struct wps_credential cred;
766 :
767 8 : if (!wps->wps->ap)
768 0 : return 0;
769 :
770 8 : if (wps_process_ap_settings(attr, &cred) < 0)
771 0 : return -1;
772 :
773 8 : wpa_printf(MSG_INFO, "WPS: Received new AP configuration from "
774 : "Registrar");
775 :
776 8 : if (os_memcmp(cred.mac_addr, wps->wps->dev.mac_addr, ETH_ALEN) !=
777 : 0) {
778 0 : wpa_printf(MSG_DEBUG, "WPS: MAC Address in the AP Settings ("
779 : MACSTR ") does not match with own address (" MACSTR
780 0 : ")", MAC2STR(cred.mac_addr),
781 0 : MAC2STR(wps->wps->dev.mac_addr));
782 : /*
783 : * In theory, this could be consider fatal error, but there are
784 : * number of deployed implementations using other address here
785 : * due to unclarity in the specification. For interoperability
786 : * reasons, allow this to be processed since we do not really
787 : * use the MAC Address information for anything.
788 : */
789 : #ifdef CONFIG_WPS_STRICT
790 : if (wps2) {
791 : wpa_printf(MSG_INFO, "WPS: Do not accept incorrect "
792 : "MAC Address in AP Settings");
793 : return -1;
794 : }
795 : #endif /* CONFIG_WPS_STRICT */
796 : }
797 :
798 8 : if (!(cred.encr_type & (WPS_ENCR_NONE | WPS_ENCR_TKIP | WPS_ENCR_AES)))
799 : {
800 1 : if (cred.encr_type & WPS_ENCR_WEP) {
801 1 : wpa_printf(MSG_INFO, "WPS: Reject new AP settings "
802 : "due to WEP configuration");
803 1 : wps->error_indication = WPS_EI_SECURITY_WEP_PROHIBITED;
804 1 : return -1;
805 : }
806 :
807 0 : wpa_printf(MSG_INFO, "WPS: Reject new AP settings due to "
808 0 : "invalid encr_type 0x%x", cred.encr_type);
809 0 : return -1;
810 : }
811 :
812 : #ifdef CONFIG_WPS_STRICT
813 : if (wps2) {
814 : if ((cred.encr_type & (WPS_ENCR_TKIP | WPS_ENCR_AES)) ==
815 : WPS_ENCR_TKIP ||
816 : (cred.auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) ==
817 : WPS_AUTH_WPAPSK) {
818 : wpa_printf(MSG_INFO, "WPS-STRICT: Invalid WSC 2.0 "
819 : "AP Settings: WPA-Personal/TKIP only");
820 : wps->error_indication =
821 : WPS_EI_SECURITY_TKIP_ONLY_PROHIBITED;
822 : return -1;
823 : }
824 : }
825 : #endif /* CONFIG_WPS_STRICT */
826 :
827 7 : if ((cred.encr_type & (WPS_ENCR_TKIP | WPS_ENCR_AES)) == WPS_ENCR_TKIP)
828 : {
829 1 : wpa_printf(MSG_DEBUG, "WPS: Upgrade encr_type TKIP -> "
830 : "TKIP+AES");
831 1 : cred.encr_type |= WPS_ENCR_AES;
832 : }
833 :
834 7 : if ((cred.auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) ==
835 : WPS_AUTH_WPAPSK) {
836 1 : wpa_printf(MSG_DEBUG, "WPS: Upgrade auth_type WPAPSK -> "
837 : "WPAPSK+WPA2PSK");
838 1 : cred.auth_type |= WPS_AUTH_WPA2PSK;
839 : }
840 :
841 7 : if (wps->wps->cred_cb) {
842 7 : cred.cred_attr = wpabuf_head(attrs);
843 7 : cred.cred_attr_len = wpabuf_len(attrs);
844 7 : wps->wps->cred_cb(wps->wps->cb_ctx, &cred);
845 : }
846 :
847 7 : return 0;
848 : }
849 :
850 :
851 35 : static int wps_process_dev_pw_id(struct wps_data *wps, const u8 *dev_pw_id)
852 : {
853 : u16 id;
854 :
855 35 : if (dev_pw_id == NULL) {
856 0 : wpa_printf(MSG_DEBUG, "WPS: Device Password ID");
857 0 : return -1;
858 : }
859 :
860 35 : id = WPA_GET_BE16(dev_pw_id);
861 35 : if (wps->dev_pw_id == id) {
862 35 : wpa_printf(MSG_DEBUG, "WPS: Device Password ID %u", id);
863 35 : return 0;
864 : }
865 :
866 : #ifdef CONFIG_P2P
867 : if ((id == DEV_PW_DEFAULT &&
868 : wps->dev_pw_id == DEV_PW_REGISTRAR_SPECIFIED) ||
869 : (id == DEV_PW_REGISTRAR_SPECIFIED &&
870 : wps->dev_pw_id == DEV_PW_DEFAULT)) {
871 : /*
872 : * Common P2P use cases indicate whether the PIN is from the
873 : * client or GO using Device Password Id in M1/M2 in a way that
874 : * does not look fully compliant with WSC specification. Anyway,
875 : * this is deployed and needs to be allowed, so ignore changes
876 : * between Registrar-Specified and Default PIN.
877 : */
878 : wpa_printf(MSG_DEBUG, "WPS: Allow PIN Device Password ID "
879 : "change");
880 : return 0;
881 : }
882 : #endif /* CONFIG_P2P */
883 :
884 0 : wpa_printf(MSG_DEBUG, "WPS: Registrar trying to change Device Password "
885 0 : "ID from %u to %u", wps->dev_pw_id, id);
886 :
887 0 : if (wps->dev_pw_id == DEV_PW_PUSHBUTTON && id == DEV_PW_DEFAULT) {
888 0 : wpa_printf(MSG_DEBUG,
889 : "WPS: Workaround - ignore PBC-to-PIN change");
890 0 : return 0;
891 : }
892 :
893 0 : if (wps->alt_dev_password && wps->alt_dev_pw_id == id) {
894 0 : wpa_printf(MSG_DEBUG, "WPS: Found a matching Device Password");
895 0 : os_free(wps->dev_password);
896 0 : wps->dev_pw_id = wps->alt_dev_pw_id;
897 0 : wps->dev_password = wps->alt_dev_password;
898 0 : wps->dev_password_len = wps->alt_dev_password_len;
899 0 : wps->alt_dev_password = NULL;
900 0 : wps->alt_dev_password_len = 0;
901 0 : return 0;
902 : }
903 :
904 0 : return -1;
905 : }
906 :
907 :
908 35 : static enum wps_process_res wps_process_m2(struct wps_data *wps,
909 : const struct wpabuf *msg,
910 : struct wps_parse_attr *attr)
911 : {
912 35 : wpa_printf(MSG_DEBUG, "WPS: Received M2");
913 :
914 35 : if (wps->state != RECV_M2) {
915 0 : wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
916 0 : "receiving M2", wps->state);
917 0 : wps->state = SEND_WSC_NACK;
918 0 : return WPS_CONTINUE;
919 : }
920 :
921 70 : if (wps_process_registrar_nonce(wps, attr->registrar_nonce) ||
922 70 : wps_process_enrollee_nonce(wps, attr->enrollee_nonce) ||
923 70 : wps_process_uuid_r(wps, attr->uuid_r) ||
924 35 : wps_process_dev_pw_id(wps, attr->dev_password_id)) {
925 0 : wps->state = SEND_WSC_NACK;
926 0 : return WPS_CONTINUE;
927 : }
928 :
929 : /*
930 : * Stop here on an AP as an Enrollee if AP Setup is locked unless the
931 : * special locked mode is used to allow protocol run up to M7 in order
932 : * to support external Registrars that only learn the current AP
933 : * configuration without changing it.
934 : */
935 70 : if (wps->wps->ap &&
936 70 : ((wps->wps->ap_setup_locked && wps->wps->ap_setup_locked != 2) ||
937 32 : wps->dev_password == NULL)) {
938 6 : wpa_printf(MSG_DEBUG, "WPS: AP Setup is locked - refuse "
939 : "registration of a new Registrar");
940 6 : wps->config_error = WPS_CFG_SETUP_LOCKED;
941 6 : wps->state = SEND_WSC_NACK;
942 6 : return WPS_CONTINUE;
943 : }
944 :
945 58 : if (wps_process_pubkey(wps, attr->public_key, attr->public_key_len) ||
946 58 : wps_process_authenticator(wps, attr->authenticator, msg) ||
947 29 : wps_process_device_attrs(&wps->peer_dev, attr)) {
948 0 : wps->state = SEND_WSC_NACK;
949 0 : return WPS_CONTINUE;
950 : }
951 :
952 : #ifdef CONFIG_WPS_NFC
953 29 : if (wps->peer_pubkey_hash_set) {
954 : struct wpabuf *decrypted;
955 : struct wps_parse_attr eattr;
956 :
957 0 : decrypted = wps_decrypt_encr_settings(wps, attr->encr_settings,
958 : attr->encr_settings_len);
959 0 : if (decrypted == NULL) {
960 0 : wpa_printf(MSG_DEBUG, "WPS: Failed to decrypt "
961 : "Encrypted Settings attribute");
962 0 : wps->state = SEND_WSC_NACK;
963 0 : return WPS_CONTINUE;
964 : }
965 :
966 0 : wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted "
967 : "Settings attribute");
968 0 : if (wps_parse_msg(decrypted, &eattr) < 0 ||
969 0 : wps_process_key_wrap_auth(wps, decrypted,
970 0 : eattr.key_wrap_auth) ||
971 0 : wps_process_creds(wps, eattr.cred, eattr.cred_len,
972 0 : eattr.num_cred, attr->version2 != NULL)) {
973 0 : wpabuf_free(decrypted);
974 0 : wps->state = SEND_WSC_NACK;
975 0 : return WPS_CONTINUE;
976 : }
977 0 : wpabuf_free(decrypted);
978 :
979 0 : wps->state = WPS_MSG_DONE;
980 0 : return WPS_CONTINUE;
981 : }
982 : #endif /* CONFIG_WPS_NFC */
983 :
984 29 : wps->state = SEND_M3;
985 29 : return WPS_CONTINUE;
986 : }
987 :
988 :
989 0 : static enum wps_process_res wps_process_m2d(struct wps_data *wps,
990 : struct wps_parse_attr *attr)
991 : {
992 0 : wpa_printf(MSG_DEBUG, "WPS: Received M2D");
993 :
994 0 : if (wps->state != RECV_M2) {
995 0 : wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
996 0 : "receiving M2D", wps->state);
997 0 : wps->state = SEND_WSC_NACK;
998 0 : return WPS_CONTINUE;
999 : }
1000 :
1001 0 : wpa_hexdump_ascii(MSG_DEBUG, "WPS: Manufacturer",
1002 0 : attr->manufacturer, attr->manufacturer_len);
1003 0 : wpa_hexdump_ascii(MSG_DEBUG, "WPS: Model Name",
1004 0 : attr->model_name, attr->model_name_len);
1005 0 : wpa_hexdump_ascii(MSG_DEBUG, "WPS: Model Number",
1006 0 : attr->model_number, attr->model_number_len);
1007 0 : wpa_hexdump_ascii(MSG_DEBUG, "WPS: Serial Number",
1008 0 : attr->serial_number, attr->serial_number_len);
1009 0 : wpa_hexdump_ascii(MSG_DEBUG, "WPS: Device Name",
1010 0 : attr->dev_name, attr->dev_name_len);
1011 :
1012 0 : if (wps->wps->event_cb) {
1013 : union wps_event_data data;
1014 0 : struct wps_event_m2d *m2d = &data.m2d;
1015 0 : os_memset(&data, 0, sizeof(data));
1016 0 : if (attr->config_methods)
1017 0 : m2d->config_methods =
1018 0 : WPA_GET_BE16(attr->config_methods);
1019 0 : m2d->manufacturer = attr->manufacturer;
1020 0 : m2d->manufacturer_len = attr->manufacturer_len;
1021 0 : m2d->model_name = attr->model_name;
1022 0 : m2d->model_name_len = attr->model_name_len;
1023 0 : m2d->model_number = attr->model_number;
1024 0 : m2d->model_number_len = attr->model_number_len;
1025 0 : m2d->serial_number = attr->serial_number;
1026 0 : m2d->serial_number_len = attr->serial_number_len;
1027 0 : m2d->dev_name = attr->dev_name;
1028 0 : m2d->dev_name_len = attr->dev_name_len;
1029 0 : m2d->primary_dev_type = attr->primary_dev_type;
1030 0 : if (attr->config_error)
1031 0 : m2d->config_error =
1032 0 : WPA_GET_BE16(attr->config_error);
1033 0 : if (attr->dev_password_id)
1034 0 : m2d->dev_password_id =
1035 0 : WPA_GET_BE16(attr->dev_password_id);
1036 0 : wps->wps->event_cb(wps->wps->cb_ctx, WPS_EV_M2D, &data);
1037 : }
1038 :
1039 0 : wps->state = RECEIVED_M2D;
1040 0 : return WPS_CONTINUE;
1041 : }
1042 :
1043 :
1044 29 : static enum wps_process_res wps_process_m4(struct wps_data *wps,
1045 : const struct wpabuf *msg,
1046 : struct wps_parse_attr *attr)
1047 : {
1048 : struct wpabuf *decrypted;
1049 : struct wps_parse_attr eattr;
1050 :
1051 29 : wpa_printf(MSG_DEBUG, "WPS: Received M4");
1052 :
1053 29 : if (wps->state != RECV_M4) {
1054 0 : wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
1055 0 : "receiving M4", wps->state);
1056 0 : wps->state = SEND_WSC_NACK;
1057 0 : return WPS_CONTINUE;
1058 : }
1059 :
1060 58 : if (wps_process_enrollee_nonce(wps, attr->enrollee_nonce) ||
1061 58 : wps_process_authenticator(wps, attr->authenticator, msg) ||
1062 58 : wps_process_r_hash1(wps, attr->r_hash1) ||
1063 29 : wps_process_r_hash2(wps, attr->r_hash2)) {
1064 0 : wps->state = SEND_WSC_NACK;
1065 0 : return WPS_CONTINUE;
1066 : }
1067 :
1068 29 : decrypted = wps_decrypt_encr_settings(wps, attr->encr_settings,
1069 : attr->encr_settings_len);
1070 29 : if (decrypted == NULL) {
1071 0 : wpa_printf(MSG_DEBUG, "WPS: Failed to decrypted Encrypted "
1072 : "Settings attribute");
1073 0 : wps->state = SEND_WSC_NACK;
1074 0 : return WPS_CONTINUE;
1075 : }
1076 :
1077 29 : if (wps_validate_m4_encr(decrypted, attr->version2 != NULL) < 0) {
1078 0 : wpabuf_free(decrypted);
1079 0 : wps->state = SEND_WSC_NACK;
1080 0 : return WPS_CONTINUE;
1081 : }
1082 :
1083 29 : wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted Settings "
1084 : "attribute");
1085 58 : if (wps_parse_msg(decrypted, &eattr) < 0 ||
1086 58 : wps_process_key_wrap_auth(wps, decrypted, eattr.key_wrap_auth) ||
1087 29 : wps_process_r_snonce1(wps, eattr.r_snonce1)) {
1088 4 : wpabuf_free(decrypted);
1089 4 : wps->state = SEND_WSC_NACK;
1090 4 : return WPS_CONTINUE;
1091 : }
1092 25 : wpabuf_free(decrypted);
1093 :
1094 25 : wps->state = SEND_M5;
1095 25 : return WPS_CONTINUE;
1096 : }
1097 :
1098 :
1099 25 : static enum wps_process_res wps_process_m6(struct wps_data *wps,
1100 : const struct wpabuf *msg,
1101 : struct wps_parse_attr *attr)
1102 : {
1103 : struct wpabuf *decrypted;
1104 : struct wps_parse_attr eattr;
1105 :
1106 25 : wpa_printf(MSG_DEBUG, "WPS: Received M6");
1107 :
1108 25 : if (wps->state != RECV_M6) {
1109 0 : wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
1110 0 : "receiving M6", wps->state);
1111 0 : wps->state = SEND_WSC_NACK;
1112 0 : return WPS_CONTINUE;
1113 : }
1114 :
1115 50 : if (wps_process_enrollee_nonce(wps, attr->enrollee_nonce) ||
1116 25 : wps_process_authenticator(wps, attr->authenticator, msg)) {
1117 0 : wps->state = SEND_WSC_NACK;
1118 0 : return WPS_CONTINUE;
1119 : }
1120 :
1121 25 : decrypted = wps_decrypt_encr_settings(wps, attr->encr_settings,
1122 : attr->encr_settings_len);
1123 25 : if (decrypted == NULL) {
1124 0 : wpa_printf(MSG_DEBUG, "WPS: Failed to decrypted Encrypted "
1125 : "Settings attribute");
1126 0 : wps->state = SEND_WSC_NACK;
1127 0 : return WPS_CONTINUE;
1128 : }
1129 :
1130 25 : if (wps_validate_m6_encr(decrypted, attr->version2 != NULL) < 0) {
1131 0 : wpabuf_free(decrypted);
1132 0 : wps->state = SEND_WSC_NACK;
1133 0 : return WPS_CONTINUE;
1134 : }
1135 :
1136 25 : wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted Settings "
1137 : "attribute");
1138 50 : if (wps_parse_msg(decrypted, &eattr) < 0 ||
1139 50 : wps_process_key_wrap_auth(wps, decrypted, eattr.key_wrap_auth) ||
1140 25 : wps_process_r_snonce2(wps, eattr.r_snonce2)) {
1141 2 : wpabuf_free(decrypted);
1142 2 : wps->state = SEND_WSC_NACK;
1143 2 : return WPS_CONTINUE;
1144 : }
1145 23 : wpabuf_free(decrypted);
1146 :
1147 23 : if (wps->wps->ap)
1148 23 : wps->wps->event_cb(wps->wps->cb_ctx, WPS_EV_AP_PIN_SUCCESS,
1149 : NULL);
1150 :
1151 23 : wps->state = SEND_M7;
1152 23 : return WPS_CONTINUE;
1153 : }
1154 :
1155 :
1156 8 : static enum wps_process_res wps_process_m8(struct wps_data *wps,
1157 : const struct wpabuf *msg,
1158 : struct wps_parse_attr *attr)
1159 : {
1160 : struct wpabuf *decrypted;
1161 : struct wps_parse_attr eattr;
1162 :
1163 8 : wpa_printf(MSG_DEBUG, "WPS: Received M8");
1164 :
1165 8 : if (wps->state != RECV_M8) {
1166 0 : wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
1167 0 : "receiving M8", wps->state);
1168 0 : wps->state = SEND_WSC_NACK;
1169 0 : return WPS_CONTINUE;
1170 : }
1171 :
1172 16 : if (wps_process_enrollee_nonce(wps, attr->enrollee_nonce) ||
1173 8 : wps_process_authenticator(wps, attr->authenticator, msg)) {
1174 0 : wps->state = SEND_WSC_NACK;
1175 0 : return WPS_CONTINUE;
1176 : }
1177 :
1178 8 : if (wps->wps->ap && wps->wps->ap_setup_locked) {
1179 : /*
1180 : * Stop here if special ap_setup_locked == 2 mode allowed the
1181 : * protocol to continue beyond M2. This allows ER to learn the
1182 : * current AP settings without changing them.
1183 : */
1184 0 : wpa_printf(MSG_DEBUG, "WPS: AP Setup is locked - refuse "
1185 : "registration of a new Registrar");
1186 0 : wps->config_error = WPS_CFG_SETUP_LOCKED;
1187 0 : wps->state = SEND_WSC_NACK;
1188 0 : return WPS_CONTINUE;
1189 : }
1190 :
1191 8 : decrypted = wps_decrypt_encr_settings(wps, attr->encr_settings,
1192 : attr->encr_settings_len);
1193 8 : if (decrypted == NULL) {
1194 0 : wpa_printf(MSG_DEBUG, "WPS: Failed to decrypted Encrypted "
1195 : "Settings attribute");
1196 0 : wps->state = SEND_WSC_NACK;
1197 0 : return WPS_CONTINUE;
1198 : }
1199 :
1200 8 : if (wps_validate_m8_encr(decrypted, wps->wps->ap,
1201 8 : attr->version2 != NULL) < 0) {
1202 0 : wpabuf_free(decrypted);
1203 0 : wps->state = SEND_WSC_NACK;
1204 0 : return WPS_CONTINUE;
1205 : }
1206 :
1207 8 : wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted Settings "
1208 : "attribute");
1209 16 : if (wps_parse_msg(decrypted, &eattr) < 0 ||
1210 16 : wps_process_key_wrap_auth(wps, decrypted, eattr.key_wrap_auth) ||
1211 8 : wps_process_creds(wps, eattr.cred, eattr.cred_len,
1212 16 : eattr.num_cred, attr->version2 != NULL) ||
1213 8 : wps_process_ap_settings_e(wps, &eattr, decrypted,
1214 8 : attr->version2 != NULL)) {
1215 1 : wpabuf_free(decrypted);
1216 1 : wps->state = SEND_WSC_NACK;
1217 1 : return WPS_CONTINUE;
1218 : }
1219 7 : wpabuf_free(decrypted);
1220 :
1221 7 : wps->state = WPS_MSG_DONE;
1222 7 : return WPS_CONTINUE;
1223 : }
1224 :
1225 :
1226 97 : static enum wps_process_res wps_process_wsc_msg(struct wps_data *wps,
1227 : const struct wpabuf *msg)
1228 : {
1229 : struct wps_parse_attr attr;
1230 97 : enum wps_process_res ret = WPS_CONTINUE;
1231 :
1232 97 : wpa_printf(MSG_DEBUG, "WPS: Received WSC_MSG");
1233 :
1234 97 : if (wps_parse_msg(msg, &attr) < 0)
1235 0 : return WPS_FAILURE;
1236 :
1237 194 : if (attr.enrollee_nonce == NULL ||
1238 97 : os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
1239 0 : wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
1240 0 : return WPS_FAILURE;
1241 : }
1242 :
1243 97 : if (attr.msg_type == NULL) {
1244 0 : wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute");
1245 0 : wps->state = SEND_WSC_NACK;
1246 0 : return WPS_CONTINUE;
1247 : }
1248 :
1249 97 : switch (*attr.msg_type) {
1250 : case WPS_M2:
1251 35 : if (wps_validate_m2(msg) < 0)
1252 0 : return WPS_FAILURE;
1253 35 : ret = wps_process_m2(wps, msg, &attr);
1254 35 : break;
1255 : case WPS_M2D:
1256 0 : if (wps_validate_m2d(msg) < 0)
1257 0 : return WPS_FAILURE;
1258 0 : ret = wps_process_m2d(wps, &attr);
1259 0 : break;
1260 : case WPS_M4:
1261 29 : if (wps_validate_m4(msg) < 0)
1262 0 : return WPS_FAILURE;
1263 29 : ret = wps_process_m4(wps, msg, &attr);
1264 29 : if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK)
1265 4 : wps_fail_event(wps->wps, WPS_M4, wps->config_error,
1266 4 : wps->error_indication,
1267 4 : wps->peer_dev.mac_addr);
1268 29 : break;
1269 : case WPS_M6:
1270 25 : if (wps_validate_m6(msg) < 0)
1271 0 : return WPS_FAILURE;
1272 25 : ret = wps_process_m6(wps, msg, &attr);
1273 25 : if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK)
1274 2 : wps_fail_event(wps->wps, WPS_M6, wps->config_error,
1275 2 : wps->error_indication,
1276 2 : wps->peer_dev.mac_addr);
1277 25 : break;
1278 : case WPS_M8:
1279 8 : if (wps_validate_m8(msg) < 0)
1280 0 : return WPS_FAILURE;
1281 8 : ret = wps_process_m8(wps, msg, &attr);
1282 8 : if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK)
1283 1 : wps_fail_event(wps->wps, WPS_M8, wps->config_error,
1284 1 : wps->error_indication,
1285 1 : wps->peer_dev.mac_addr);
1286 8 : break;
1287 : default:
1288 0 : wpa_printf(MSG_DEBUG, "WPS: Unsupported Message Type %d",
1289 0 : *attr.msg_type);
1290 0 : return WPS_FAILURE;
1291 : }
1292 :
1293 : /*
1294 : * Save a copy of the last message for Authenticator derivation if we
1295 : * are continuing. However, skip M2D since it is not authenticated and
1296 : * neither is the ACK/NACK response frame. This allows the possibly
1297 : * following M2 to be processed correctly by using the previously sent
1298 : * M1 in Authenticator derivation.
1299 : */
1300 97 : if (ret == WPS_CONTINUE && *attr.msg_type != WPS_M2D) {
1301 : /* Save a copy of the last message for Authenticator derivation
1302 : */
1303 97 : wpabuf_free(wps->last_msg);
1304 97 : wps->last_msg = wpabuf_dup(msg);
1305 : }
1306 :
1307 97 : return ret;
1308 : }
1309 :
1310 :
1311 6 : static enum wps_process_res wps_process_wsc_ack(struct wps_data *wps,
1312 : const struct wpabuf *msg)
1313 : {
1314 : struct wps_parse_attr attr;
1315 :
1316 6 : wpa_printf(MSG_DEBUG, "WPS: Received WSC_ACK");
1317 :
1318 6 : if (wps_parse_msg(msg, &attr) < 0)
1319 0 : return WPS_FAILURE;
1320 :
1321 6 : if (attr.msg_type == NULL) {
1322 0 : wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute");
1323 0 : return WPS_FAILURE;
1324 : }
1325 :
1326 6 : if (*attr.msg_type != WPS_WSC_ACK) {
1327 0 : wpa_printf(MSG_DEBUG, "WPS: Invalid Message Type %d",
1328 0 : *attr.msg_type);
1329 0 : return WPS_FAILURE;
1330 : }
1331 :
1332 12 : if (attr.registrar_nonce == NULL ||
1333 6 : os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN) != 0)
1334 : {
1335 0 : wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
1336 0 : return WPS_FAILURE;
1337 : }
1338 :
1339 12 : if (attr.enrollee_nonce == NULL ||
1340 6 : os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
1341 0 : wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
1342 0 : return WPS_FAILURE;
1343 : }
1344 :
1345 6 : if (wps->state == RECV_ACK && wps->wps->ap) {
1346 6 : wpa_printf(MSG_DEBUG, "WPS: External Registrar registration "
1347 : "completed successfully");
1348 6 : wps_success_event(wps->wps, wps->peer_dev.mac_addr);
1349 6 : wps->state = WPS_FINISHED;
1350 6 : return WPS_DONE;
1351 : }
1352 :
1353 0 : return WPS_FAILURE;
1354 : }
1355 :
1356 :
1357 28 : static enum wps_process_res wps_process_wsc_nack(struct wps_data *wps,
1358 : const struct wpabuf *msg)
1359 : {
1360 : struct wps_parse_attr attr;
1361 : u16 config_error;
1362 :
1363 28 : wpa_printf(MSG_DEBUG, "WPS: Received WSC_NACK");
1364 :
1365 28 : if (wps_parse_msg(msg, &attr) < 0)
1366 0 : return WPS_FAILURE;
1367 :
1368 28 : if (attr.msg_type == NULL) {
1369 0 : wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute");
1370 0 : return WPS_FAILURE;
1371 : }
1372 :
1373 28 : if (*attr.msg_type != WPS_WSC_NACK) {
1374 0 : wpa_printf(MSG_DEBUG, "WPS: Invalid Message Type %d",
1375 0 : *attr.msg_type);
1376 0 : return WPS_FAILURE;
1377 : }
1378 :
1379 56 : if (attr.registrar_nonce == NULL ||
1380 28 : os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN) != 0)
1381 : {
1382 0 : wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
1383 0 : wpa_hexdump(MSG_DEBUG, "WPS: Received Registrar Nonce",
1384 0 : attr.registrar_nonce, WPS_NONCE_LEN);
1385 0 : wpa_hexdump(MSG_DEBUG, "WPS: Expected Registrar Nonce",
1386 0 : wps->nonce_r, WPS_NONCE_LEN);
1387 0 : return WPS_FAILURE;
1388 : }
1389 :
1390 56 : if (attr.enrollee_nonce == NULL ||
1391 28 : os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
1392 0 : wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
1393 0 : wpa_hexdump(MSG_DEBUG, "WPS: Received Enrollee Nonce",
1394 0 : attr.enrollee_nonce, WPS_NONCE_LEN);
1395 0 : wpa_hexdump(MSG_DEBUG, "WPS: Expected Enrollee Nonce",
1396 0 : wps->nonce_e, WPS_NONCE_LEN);
1397 0 : return WPS_FAILURE;
1398 : }
1399 :
1400 28 : if (attr.config_error == NULL) {
1401 0 : wpa_printf(MSG_DEBUG, "WPS: No Configuration Error attribute "
1402 : "in WSC_NACK");
1403 0 : return WPS_FAILURE;
1404 : }
1405 :
1406 28 : config_error = WPA_GET_BE16(attr.config_error);
1407 28 : wpa_printf(MSG_DEBUG, "WPS: Registrar terminated negotiation with "
1408 : "Configuration Error %d", config_error);
1409 :
1410 28 : switch (wps->state) {
1411 : case RECV_M4:
1412 0 : wps_fail_event(wps->wps, WPS_M3, config_error,
1413 0 : wps->error_indication, wps->peer_dev.mac_addr);
1414 0 : break;
1415 : case RECV_M6:
1416 0 : wps_fail_event(wps->wps, WPS_M5, config_error,
1417 0 : wps->error_indication, wps->peer_dev.mac_addr);
1418 0 : break;
1419 : case RECV_M8:
1420 15 : wps_fail_event(wps->wps, WPS_M7, config_error,
1421 15 : wps->error_indication, wps->peer_dev.mac_addr);
1422 15 : break;
1423 : default:
1424 13 : break;
1425 : }
1426 :
1427 : /* Followed by NACK if Enrollee is Supplicant or EAP-Failure if
1428 : * Enrollee is Authenticator */
1429 28 : wps->state = SEND_WSC_NACK;
1430 :
1431 28 : return WPS_FAILURE;
1432 : }
1433 :
1434 :
1435 131 : enum wps_process_res wps_enrollee_process_msg(struct wps_data *wps,
1436 : enum wsc_op_code op_code,
1437 : const struct wpabuf *msg)
1438 : {
1439 :
1440 131 : wpa_printf(MSG_DEBUG, "WPS: Processing received message (len=%lu "
1441 : "op_code=%d)",
1442 : (unsigned long) wpabuf_len(msg), op_code);
1443 :
1444 131 : if (op_code == WSC_UPnP) {
1445 : /* Determine the OpCode based on message type attribute */
1446 : struct wps_parse_attr attr;
1447 8 : if (wps_parse_msg(msg, &attr) == 0 && attr.msg_type) {
1448 8 : if (*attr.msg_type == WPS_WSC_ACK)
1449 0 : op_code = WSC_ACK;
1450 8 : else if (*attr.msg_type == WPS_WSC_NACK)
1451 1 : op_code = WSC_NACK;
1452 : }
1453 : }
1454 :
1455 131 : switch (op_code) {
1456 : case WSC_MSG:
1457 : case WSC_UPnP:
1458 97 : return wps_process_wsc_msg(wps, msg);
1459 : case WSC_ACK:
1460 6 : if (wps_validate_wsc_ack(msg) < 0)
1461 0 : return WPS_FAILURE;
1462 6 : return wps_process_wsc_ack(wps, msg);
1463 : case WSC_NACK:
1464 28 : if (wps_validate_wsc_nack(msg) < 0)
1465 0 : return WPS_FAILURE;
1466 28 : return wps_process_wsc_nack(wps, msg);
1467 : default:
1468 0 : wpa_printf(MSG_DEBUG, "WPS: Unsupported op_code %d", op_code);
1469 0 : return WPS_FAILURE;
1470 : }
1471 : }
|
