Home | History | Annotate | Download | only in ap
      1 /*
      2  * hostapd / WPS integration
      3  * Copyright (c) 2008-2010, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This software may be distributed under the terms of the BSD license.
      6  * See README for more details.
      7  */
      8 
      9 #include "utils/includes.h"
     10 
     11 #include "utils/common.h"
     12 #include "utils/eloop.h"
     13 #include "utils/uuid.h"
     14 #include "crypto/dh_groups.h"
     15 #include "common/wpa_ctrl.h"
     16 #include "common/ieee802_11_defs.h"
     17 #include "common/ieee802_11_common.h"
     18 #include "eapol_auth/eapol_auth_sm.h"
     19 #include "eapol_auth/eapol_auth_sm_i.h"
     20 #include "wps/wps.h"
     21 #include "wps/wps_defs.h"
     22 #include "wps/wps_dev_attr.h"
     23 #include "hostapd.h"
     24 #include "ap_config.h"
     25 #include "ap_drv_ops.h"
     26 #include "beacon.h"
     27 #include "sta_info.h"
     28 #include "wps_hostapd.h"
     29 
     30 
     31 #ifdef CONFIG_WPS_UPNP
     32 #include "wps/wps_upnp.h"
     33 static int hostapd_wps_upnp_init(struct hostapd_data *hapd,
     34 				 struct wps_context *wps);
     35 static void hostapd_wps_upnp_deinit(struct hostapd_data *hapd);
     36 #endif /* CONFIG_WPS_UPNP */
     37 
     38 static int hostapd_wps_probe_req_rx(void *ctx, const u8 *addr, const u8 *da,
     39 				    const u8 *bssid,
     40 				    const u8 *ie, size_t ie_len);
     41 static void hostapd_wps_ap_pin_timeout(void *eloop_data, void *user_ctx);
     42 
     43 
     44 struct wps_for_each_data {
     45 	int (*func)(struct hostapd_data *h, void *ctx);
     46 	void *ctx;
     47 };
     48 
     49 
     50 static int wps_for_each(struct hostapd_iface *iface, void *ctx)
     51 {
     52 	struct wps_for_each_data *data = ctx;
     53 	size_t j;
     54 
     55 	if (iface == NULL)
     56 		return 0;
     57 	for (j = 0; j < iface->num_bss; j++) {
     58 		struct hostapd_data *hapd = iface->bss[j];
     59 		int ret = data->func(hapd, data->ctx);
     60 		if (ret)
     61 			return ret;
     62 	}
     63 
     64 	return 0;
     65 }
     66 
     67 
     68 static int hostapd_wps_for_each(struct hostapd_data *hapd,
     69 				int (*func)(struct hostapd_data *h, void *ctx),
     70 				void *ctx)
     71 {
     72 	struct hostapd_iface *iface = hapd->iface;
     73 	struct wps_for_each_data data;
     74 	data.func = func;
     75 	data.ctx = ctx;
     76 	if (iface->for_each_interface == NULL)
     77 		return wps_for_each(iface, &data);
     78 	return iface->for_each_interface(iface->interfaces, wps_for_each,
     79 					 &data);
     80 }
     81 
     82 
     83 static int hostapd_wps_new_psk_cb(void *ctx, const u8 *mac_addr, const u8 *psk,
     84 				  size_t psk_len)
     85 {
     86 	struct hostapd_data *hapd = ctx;
     87 	struct hostapd_wpa_psk *p;
     88 	struct hostapd_ssid *ssid = &hapd->conf->ssid;
     89 
     90 	wpa_printf(MSG_DEBUG, "Received new WPA/WPA2-PSK from WPS for STA "
     91 		   MACSTR, MAC2STR(mac_addr));
     92 	wpa_hexdump_key(MSG_DEBUG, "Per-device PSK", psk, psk_len);
     93 
     94 	if (psk_len != PMK_LEN) {
     95 		wpa_printf(MSG_DEBUG, "Unexpected PSK length %lu",
     96 			   (unsigned long) psk_len);
     97 		return -1;
     98 	}
     99 
    100 	/* Add the new PSK to runtime PSK list */
    101 	p = os_zalloc(sizeof(*p));
    102 	if (p == NULL)
    103 		return -1;
    104 	os_memcpy(p->addr, mac_addr, ETH_ALEN);
    105 	os_memcpy(p->psk, psk, PMK_LEN);
    106 
    107 	p->next = ssid->wpa_psk;
    108 	ssid->wpa_psk = p;
    109 
    110 	if (ssid->wpa_psk_file) {
    111 		FILE *f;
    112 		char hex[PMK_LEN * 2 + 1];
    113 		/* Add the new PSK to PSK list file */
    114 		f = fopen(ssid->wpa_psk_file, "a");
    115 		if (f == NULL) {
    116 			wpa_printf(MSG_DEBUG, "Failed to add the PSK to "
    117 				   "'%s'", ssid->wpa_psk_file);
    118 			return -1;
    119 		}
    120 
    121 		wpa_snprintf_hex(hex, sizeof(hex), psk, psk_len);
    122 		fprintf(f, MACSTR " %s\n", MAC2STR(mac_addr), hex);
    123 		fclose(f);
    124 	}
    125 
    126 	return 0;
    127 }
    128 
    129 
    130 static int hostapd_wps_set_ie_cb(void *ctx, struct wpabuf *beacon_ie,
    131 				 struct wpabuf *probe_resp_ie)
    132 {
    133 	struct hostapd_data *hapd = ctx;
    134 	wpabuf_free(hapd->wps_beacon_ie);
    135 	hapd->wps_beacon_ie = beacon_ie;
    136 	wpabuf_free(hapd->wps_probe_resp_ie);
    137 	hapd->wps_probe_resp_ie = probe_resp_ie;
    138 	if (hapd->beacon_set_done)
    139 		ieee802_11_set_beacon(hapd);
    140 	return hostapd_set_ap_wps_ie(hapd);
    141 }
    142 
    143 
    144 static void hostapd_wps_pin_needed_cb(void *ctx, const u8 *uuid_e,
    145 				      const struct wps_device_data *dev)
    146 {
    147 	struct hostapd_data *hapd = ctx;
    148 	char uuid[40], txt[400];
    149 	int len;
    150 	char devtype[WPS_DEV_TYPE_BUFSIZE];
    151 	if (uuid_bin2str(uuid_e, uuid, sizeof(uuid)))
    152 		return;
    153 	wpa_printf(MSG_DEBUG, "WPS: PIN needed for E-UUID %s", uuid);
    154 	len = os_snprintf(txt, sizeof(txt), WPS_EVENT_PIN_NEEDED
    155 			  "%s " MACSTR " [%s|%s|%s|%s|%s|%s]",
    156 			  uuid, MAC2STR(dev->mac_addr), dev->device_name,
    157 			  dev->manufacturer, dev->model_name,
    158 			  dev->model_number, dev->serial_number,
    159 			  wps_dev_type_bin2str(dev->pri_dev_type, devtype,
    160 					       sizeof(devtype)));
    161 	if (len > 0 && len < (int) sizeof(txt))
    162 		wpa_msg(hapd->msg_ctx, MSG_INFO, "%s", txt);
    163 
    164 	if (hapd->conf->wps_pin_requests) {
    165 		FILE *f;
    166 		struct os_time t;
    167 		f = fopen(hapd->conf->wps_pin_requests, "a");
    168 		if (f == NULL)
    169 			return;
    170 		os_get_time(&t);
    171 		fprintf(f, "%ld\t%s\t" MACSTR "\t%s\t%s\t%s\t%s\t%s"
    172 			"\t%s\n",
    173 			t.sec, uuid, MAC2STR(dev->mac_addr), dev->device_name,
    174 			dev->manufacturer, dev->model_name, dev->model_number,
    175 			dev->serial_number,
    176 			wps_dev_type_bin2str(dev->pri_dev_type, devtype,
    177 					     sizeof(devtype)));
    178 		fclose(f);
    179 	}
    180 }
    181 
    182 
    183 struct wps_stop_reg_data {
    184 	struct hostapd_data *current_hapd;
    185 	const u8 *uuid_e;
    186 };
    187 
    188 static int wps_stop_registrar(struct hostapd_data *hapd, void *ctx)
    189 {
    190 	struct wps_stop_reg_data *data = ctx;
    191 	if (hapd != data->current_hapd && hapd->wps != NULL)
    192 		wps_registrar_complete(hapd->wps->registrar, data->uuid_e);
    193 	return 0;
    194 }
    195 
    196 
    197 static void hostapd_wps_reg_success_cb(void *ctx, const u8 *mac_addr,
    198 				       const u8 *uuid_e)
    199 {
    200 	struct hostapd_data *hapd = ctx;
    201 	char uuid[40];
    202 	struct wps_stop_reg_data data;
    203 	if (uuid_bin2str(uuid_e, uuid, sizeof(uuid)))
    204 		return;
    205 	wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_REG_SUCCESS MACSTR " %s",
    206 		MAC2STR(mac_addr), uuid);
    207 	if (hapd->wps_reg_success_cb)
    208 		hapd->wps_reg_success_cb(hapd->wps_reg_success_cb_ctx,
    209 					 mac_addr, uuid_e);
    210 	data.current_hapd = hapd;
    211 	data.uuid_e = uuid_e;
    212 	hostapd_wps_for_each(hapd, wps_stop_registrar, &data);
    213 }
    214 
    215 
    216 static void hostapd_wps_enrollee_seen_cb(void *ctx, const u8 *addr,
    217 					 const u8 *uuid_e,
    218 					 const u8 *pri_dev_type,
    219 					 u16 config_methods,
    220 					 u16 dev_password_id, u8 request_type,
    221 					 const char *dev_name)
    222 {
    223 	struct hostapd_data *hapd = ctx;
    224 	char uuid[40];
    225 	char devtype[WPS_DEV_TYPE_BUFSIZE];
    226 	if (uuid_bin2str(uuid_e, uuid, sizeof(uuid)))
    227 		return;
    228 	if (dev_name == NULL)
    229 		dev_name = "";
    230 	wpa_msg_ctrl(hapd->msg_ctx, MSG_INFO, WPS_EVENT_ENROLLEE_SEEN MACSTR
    231 		     " %s %s 0x%x %u %u [%s]",
    232 		     MAC2STR(addr), uuid,
    233 		     wps_dev_type_bin2str(pri_dev_type, devtype,
    234 					  sizeof(devtype)),
    235 		     config_methods, dev_password_id, request_type, dev_name);
    236 }
    237 
    238 
    239 static int str_starts(const char *str, const char *start)
    240 {
    241 	return os_strncmp(str, start, os_strlen(start)) == 0;
    242 }
    243 
    244 
    245 static void wps_reload_config(void *eloop_data, void *user_ctx)
    246 {
    247 	struct hostapd_iface *iface = eloop_data;
    248 
    249 	wpa_printf(MSG_DEBUG, "WPS: Reload configuration data");
    250 	if (iface->reload_config(iface) < 0) {
    251 		wpa_printf(MSG_WARNING, "WPS: Failed to reload the updated "
    252 			   "configuration");
    253 	}
    254 }
    255 
    256 
    257 static void hapd_new_ap_event(struct hostapd_data *hapd, const u8 *attr,
    258 			      size_t attr_len)
    259 {
    260 	size_t blen = attr_len * 2 + 1;
    261 	char *buf = os_malloc(blen);
    262 	if (buf) {
    263 		wpa_snprintf_hex(buf, blen, attr, attr_len);
    264 		wpa_msg(hapd->msg_ctx, MSG_INFO,
    265 			WPS_EVENT_NEW_AP_SETTINGS "%s", buf);
    266 		os_free(buf);
    267 	}
    268 }
    269 
    270 
    271 static int hapd_wps_cred_cb(struct hostapd_data *hapd, void *ctx)
    272 {
    273 	const struct wps_credential *cred = ctx;
    274 	FILE *oconf, *nconf;
    275 	size_t len, i;
    276 	char *tmp_fname;
    277 	char buf[1024];
    278 	int multi_bss;
    279 	int wpa;
    280 
    281 	if (hapd->wps == NULL)
    282 		return 0;
    283 
    284 	wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute",
    285 			cred->cred_attr, cred->cred_attr_len);
    286 
    287 	wpa_printf(MSG_DEBUG, "WPS: Received new AP Settings");
    288 	wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", cred->ssid, cred->ssid_len);
    289 	wpa_printf(MSG_DEBUG, "WPS: Authentication Type 0x%x",
    290 		   cred->auth_type);
    291 	wpa_printf(MSG_DEBUG, "WPS: Encryption Type 0x%x", cred->encr_type);
    292 	wpa_printf(MSG_DEBUG, "WPS: Network Key Index %d", cred->key_idx);
    293 	wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key",
    294 			cred->key, cred->key_len);
    295 	wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR,
    296 		   MAC2STR(cred->mac_addr));
    297 
    298 	if ((hapd->conf->wps_cred_processing == 1 ||
    299 	     hapd->conf->wps_cred_processing == 2) && cred->cred_attr) {
    300 		hapd_new_ap_event(hapd, cred->cred_attr, cred->cred_attr_len);
    301 	} else if (hapd->conf->wps_cred_processing == 1 ||
    302 		   hapd->conf->wps_cred_processing == 2) {
    303 		struct wpabuf *attr;
    304 		attr = wpabuf_alloc(200);
    305 		if (attr && wps_build_credential_wrap(attr, cred) == 0)
    306 			hapd_new_ap_event(hapd, wpabuf_head_u8(attr),
    307 					  wpabuf_len(attr));
    308 		wpabuf_free(attr);
    309 	} else
    310 		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_NEW_AP_SETTINGS);
    311 
    312 	if (hapd->conf->wps_cred_processing == 1)
    313 		return 0;
    314 
    315 	os_memcpy(hapd->wps->ssid, cred->ssid, cred->ssid_len);
    316 	hapd->wps->ssid_len = cred->ssid_len;
    317 	hapd->wps->encr_types = cred->encr_type;
    318 	hapd->wps->auth_types = cred->auth_type;
    319 	if (cred->key_len == 0) {
    320 		os_free(hapd->wps->network_key);
    321 		hapd->wps->network_key = NULL;
    322 		hapd->wps->network_key_len = 0;
    323 	} else {
    324 		if (hapd->wps->network_key == NULL ||
    325 		    hapd->wps->network_key_len < cred->key_len) {
    326 			hapd->wps->network_key_len = 0;
    327 			os_free(hapd->wps->network_key);
    328 			hapd->wps->network_key = os_malloc(cred->key_len);
    329 			if (hapd->wps->network_key == NULL)
    330 				return -1;
    331 		}
    332 		hapd->wps->network_key_len = cred->key_len;
    333 		os_memcpy(hapd->wps->network_key, cred->key, cred->key_len);
    334 	}
    335 	hapd->wps->wps_state = WPS_STATE_CONFIGURED;
    336 
    337 	len = os_strlen(hapd->iface->config_fname) + 5;
    338 	tmp_fname = os_malloc(len);
    339 	if (tmp_fname == NULL)
    340 		return -1;
    341 	os_snprintf(tmp_fname, len, "%s-new", hapd->iface->config_fname);
    342 
    343 	oconf = fopen(hapd->iface->config_fname, "r");
    344 	if (oconf == NULL) {
    345 		wpa_printf(MSG_WARNING, "WPS: Could not open current "
    346 			   "configuration file");
    347 		os_free(tmp_fname);
    348 		return -1;
    349 	}
    350 
    351 	nconf = fopen(tmp_fname, "w");
    352 	if (nconf == NULL) {
    353 		wpa_printf(MSG_WARNING, "WPS: Could not write updated "
    354 			   "configuration file");
    355 		os_free(tmp_fname);
    356 		fclose(oconf);
    357 		return -1;
    358 	}
    359 
    360 	fprintf(nconf, "# WPS configuration - START\n");
    361 
    362 	fprintf(nconf, "wps_state=2\n");
    363 
    364 	fprintf(nconf, "ssid=");
    365 	for (i = 0; i < cred->ssid_len; i++)
    366 		fputc(cred->ssid[i], nconf);
    367 	fprintf(nconf, "\n");
    368 
    369 	if ((cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK)) &&
    370 	    (cred->auth_type & (WPS_AUTH_WPA | WPS_AUTH_WPAPSK)))
    371 		wpa = 3;
    372 	else if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK))
    373 		wpa = 2;
    374 	else if (cred->auth_type & (WPS_AUTH_WPA | WPS_AUTH_WPAPSK))
    375 		wpa = 1;
    376 	else
    377 		wpa = 0;
    378 
    379 	if (wpa) {
    380 		char *prefix;
    381 		fprintf(nconf, "wpa=%d\n", wpa);
    382 
    383 		fprintf(nconf, "wpa_key_mgmt=");
    384 		prefix = "";
    385 		if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA)) {
    386 			fprintf(nconf, "WPA-EAP");
    387 			prefix = " ";
    388 		}
    389 		if (cred->auth_type & (WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK))
    390 			fprintf(nconf, "%sWPA-PSK", prefix);
    391 		fprintf(nconf, "\n");
    392 
    393 		fprintf(nconf, "wpa_pairwise=");
    394 		prefix = "";
    395 		if (cred->encr_type & WPS_ENCR_AES) {
    396 			fprintf(nconf, "CCMP");
    397 			prefix = " ";
    398 		}
    399 		if (cred->encr_type & WPS_ENCR_TKIP) {
    400 			fprintf(nconf, "%sTKIP", prefix);
    401 		}
    402 		fprintf(nconf, "\n");
    403 
    404 		if (cred->key_len >= 8 && cred->key_len < 64) {
    405 			fprintf(nconf, "wpa_passphrase=");
    406 			for (i = 0; i < cred->key_len; i++)
    407 				fputc(cred->key[i], nconf);
    408 			fprintf(nconf, "\n");
    409 		} else if (cred->key_len == 64) {
    410 			fprintf(nconf, "wpa_psk=");
    411 			for (i = 0; i < cred->key_len; i++)
    412 				fputc(cred->key[i], nconf);
    413 			fprintf(nconf, "\n");
    414 		} else {
    415 			wpa_printf(MSG_WARNING, "WPS: Invalid key length %lu "
    416 				   "for WPA/WPA2",
    417 				   (unsigned long) cred->key_len);
    418 		}
    419 
    420 		fprintf(nconf, "auth_algs=1\n");
    421 	} else {
    422 		if ((cred->auth_type & WPS_AUTH_OPEN) &&
    423 		    (cred->auth_type & WPS_AUTH_SHARED))
    424 			fprintf(nconf, "auth_algs=3\n");
    425 		else if (cred->auth_type & WPS_AUTH_SHARED)
    426 			fprintf(nconf, "auth_algs=2\n");
    427 		else
    428 			fprintf(nconf, "auth_algs=1\n");
    429 
    430 		if (cred->encr_type & WPS_ENCR_WEP && cred->key_idx <= 4) {
    431 			int key_idx = cred->key_idx;
    432 			if (key_idx)
    433 				key_idx--;
    434 			fprintf(nconf, "wep_default_key=%d\n", key_idx);
    435 			fprintf(nconf, "wep_key%d=", key_idx);
    436 			if (cred->key_len == 10 || cred->key_len == 26) {
    437 				/* WEP key as a hex string */
    438 				for (i = 0; i < cred->key_len; i++)
    439 					fputc(cred->key[i], nconf);
    440 			} else {
    441 				/* Raw WEP key; convert to hex */
    442 				for (i = 0; i < cred->key_len; i++)
    443 					fprintf(nconf, "%02x", cred->key[i]);
    444 			}
    445 			fprintf(nconf, "\n");
    446 		}
    447 	}
    448 
    449 	fprintf(nconf, "# WPS configuration - END\n");
    450 
    451 	multi_bss = 0;
    452 	while (fgets(buf, sizeof(buf), oconf)) {
    453 		if (os_strncmp(buf, "bss=", 4) == 0)
    454 			multi_bss = 1;
    455 		if (!multi_bss &&
    456 		    (str_starts(buf, "ssid=") ||
    457 		     str_starts(buf, "auth_algs=") ||
    458 		     str_starts(buf, "wep_default_key=") ||
    459 		     str_starts(buf, "wep_key") ||
    460 		     str_starts(buf, "wps_state=") ||
    461 		     str_starts(buf, "wpa=") ||
    462 		     str_starts(buf, "wpa_psk=") ||
    463 		     str_starts(buf, "wpa_pairwise=") ||
    464 		     str_starts(buf, "rsn_pairwise=") ||
    465 		     str_starts(buf, "wpa_key_mgmt=") ||
    466 		     str_starts(buf, "wpa_passphrase="))) {
    467 			fprintf(nconf, "#WPS# %s", buf);
    468 		} else
    469 			fprintf(nconf, "%s", buf);
    470 	}
    471 
    472 	fclose(nconf);
    473 	fclose(oconf);
    474 
    475 	if (rename(tmp_fname, hapd->iface->config_fname) < 0) {
    476 		wpa_printf(MSG_WARNING, "WPS: Failed to rename the updated "
    477 			   "configuration file: %s", strerror(errno));
    478 		os_free(tmp_fname);
    479 		return -1;
    480 	}
    481 
    482 	os_free(tmp_fname);
    483 
    484 	/* Schedule configuration reload after short period of time to allow
    485 	 * EAP-WSC to be finished.
    486 	 */
    487 	eloop_register_timeout(0, 100000, wps_reload_config, hapd->iface,
    488 			       NULL);
    489 
    490 	wpa_printf(MSG_DEBUG, "WPS: AP configuration updated");
    491 
    492 	return 0;
    493 }
    494 
    495 
    496 static int hostapd_wps_cred_cb(void *ctx, const struct wps_credential *cred)
    497 {
    498 	struct hostapd_data *hapd = ctx;
    499 	return hostapd_wps_for_each(hapd, hapd_wps_cred_cb, (void *) cred);
    500 }
    501 
    502 
    503 static void hostapd_wps_reenable_ap_pin(void *eloop_data, void *user_ctx)
    504 {
    505 	struct hostapd_data *hapd = eloop_data;
    506 
    507 	if (hapd->conf->ap_setup_locked)
    508 		return;
    509 	if (hapd->ap_pin_failures_consecutive >= 10)
    510 		return;
    511 
    512 	wpa_printf(MSG_DEBUG, "WPS: Re-enable AP PIN");
    513 	wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_AP_SETUP_UNLOCKED);
    514 	hapd->wps->ap_setup_locked = 0;
    515 	wps_registrar_update_ie(hapd->wps->registrar);
    516 }
    517 
    518 
    519 static int wps_pwd_auth_fail(struct hostapd_data *hapd, void *ctx)
    520 {
    521 	struct wps_event_pwd_auth_fail *data = ctx;
    522 
    523 	if (!data->enrollee || hapd->conf->ap_pin == NULL || hapd->wps == NULL)
    524 		return 0;
    525 
    526 	/*
    527 	 * Registrar failed to prove its knowledge of the AP PIN. Lock AP setup
    528 	 * for some time if this happens multiple times to slow down brute
    529 	 * force attacks.
    530 	 */
    531 	hapd->ap_pin_failures++;
    532 	hapd->ap_pin_failures_consecutive++;
    533 	wpa_printf(MSG_DEBUG, "WPS: AP PIN authentication failure number %u "
    534 		   "(%u consecutive)",
    535 		   hapd->ap_pin_failures, hapd->ap_pin_failures_consecutive);
    536 	if (hapd->ap_pin_failures < 3)
    537 		return 0;
    538 
    539 	wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_AP_SETUP_LOCKED);
    540 	hapd->wps->ap_setup_locked = 1;
    541 
    542 	wps_registrar_update_ie(hapd->wps->registrar);
    543 
    544 	if (!hapd->conf->ap_setup_locked &&
    545 	    hapd->ap_pin_failures_consecutive >= 10) {
    546 		/*
    547 		 * In indefinite lockdown - disable automatic AP PIN
    548 		 * reenablement.
    549 		 */
    550 		eloop_cancel_timeout(hostapd_wps_reenable_ap_pin, hapd, NULL);
    551 		wpa_printf(MSG_DEBUG, "WPS: AP PIN disabled indefinitely");
    552 	} else if (!hapd->conf->ap_setup_locked) {
    553 		if (hapd->ap_pin_lockout_time == 0)
    554 			hapd->ap_pin_lockout_time = 60;
    555 		else if (hapd->ap_pin_lockout_time < 365 * 24 * 60 * 60 &&
    556 			 (hapd->ap_pin_failures % 3) == 0)
    557 			hapd->ap_pin_lockout_time *= 2;
    558 
    559 		wpa_printf(MSG_DEBUG, "WPS: Disable AP PIN for %u seconds",
    560 			   hapd->ap_pin_lockout_time);
    561 		eloop_cancel_timeout(hostapd_wps_reenable_ap_pin, hapd, NULL);
    562 		eloop_register_timeout(hapd->ap_pin_lockout_time, 0,
    563 				       hostapd_wps_reenable_ap_pin, hapd,
    564 				       NULL);
    565 	}
    566 
    567 	return 0;
    568 }
    569 
    570 
    571 static void hostapd_pwd_auth_fail(struct hostapd_data *hapd,
    572 				  struct wps_event_pwd_auth_fail *data)
    573 {
    574 	hostapd_wps_for_each(hapd, wps_pwd_auth_fail, data);
    575 }
    576 
    577 
    578 static int wps_ap_pin_success(struct hostapd_data *hapd, void *ctx)
    579 {
    580 	if (hapd->conf->ap_pin == NULL || hapd->wps == NULL)
    581 		return 0;
    582 
    583 	if (hapd->ap_pin_failures_consecutive == 0)
    584 		return 0;
    585 
    586 	wpa_printf(MSG_DEBUG, "WPS: Clear consecutive AP PIN failure counter "
    587 		   "- total validation failures %u (%u consecutive)",
    588 		   hapd->ap_pin_failures, hapd->ap_pin_failures_consecutive);
    589 	hapd->ap_pin_failures_consecutive = 0;
    590 
    591 	return 0;
    592 }
    593 
    594 
    595 static void hostapd_wps_ap_pin_success(struct hostapd_data *hapd)
    596 {
    597 	hostapd_wps_for_each(hapd, wps_ap_pin_success, NULL);
    598 }
    599 
    600 
    601 static const char * wps_event_fail_reason[NUM_WPS_EI_VALUES] = {
    602 	"No Error", /* WPS_EI_NO_ERROR */
    603 	"TKIP Only Prohibited", /* WPS_EI_SECURITY_TKIP_ONLY_PROHIBITED */
    604 	"WEP Prohibited" /* WPS_EI_SECURITY_WEP_PROHIBITED */
    605 };
    606 
    607 static void hostapd_wps_event_fail(struct hostapd_data *hapd,
    608 				   struct wps_event_fail *fail)
    609 {
    610 	if (fail->error_indication > 0 &&
    611 	    fail->error_indication < NUM_WPS_EI_VALUES) {
    612 		wpa_msg(hapd->msg_ctx, MSG_INFO,
    613 			WPS_EVENT_FAIL "msg=%d config_error=%d reason=%d (%s)",
    614 			fail->msg, fail->config_error, fail->error_indication,
    615 			wps_event_fail_reason[fail->error_indication]);
    616 	} else {
    617 		wpa_msg(hapd->msg_ctx, MSG_INFO,
    618 			WPS_EVENT_FAIL "msg=%d config_error=%d",
    619 			fail->msg, fail->config_error);
    620 	}
    621 }
    622 
    623 
    624 static void hostapd_wps_event_cb(void *ctx, enum wps_event event,
    625 				 union wps_event_data *data)
    626 {
    627 	struct hostapd_data *hapd = ctx;
    628 
    629 	switch (event) {
    630 	case WPS_EV_M2D:
    631 		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_M2D);
    632 		break;
    633 	case WPS_EV_FAIL:
    634 		hostapd_wps_event_fail(hapd, &data->fail);
    635 		break;
    636 	case WPS_EV_SUCCESS:
    637 		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_SUCCESS);
    638 		break;
    639 	case WPS_EV_PWD_AUTH_FAIL:
    640 		hostapd_pwd_auth_fail(hapd, &data->pwd_auth_fail);
    641 		break;
    642 	case WPS_EV_PBC_OVERLAP:
    643 		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_OVERLAP);
    644 		break;
    645 	case WPS_EV_PBC_TIMEOUT:
    646 		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_TIMEOUT);
    647 		break;
    648 	case WPS_EV_ER_AP_ADD:
    649 		break;
    650 	case WPS_EV_ER_AP_REMOVE:
    651 		break;
    652 	case WPS_EV_ER_ENROLLEE_ADD:
    653 		break;
    654 	case WPS_EV_ER_ENROLLEE_REMOVE:
    655 		break;
    656 	case WPS_EV_ER_AP_SETTINGS:
    657 		break;
    658 	case WPS_EV_ER_SET_SELECTED_REGISTRAR:
    659 		break;
    660 	case WPS_EV_AP_PIN_SUCCESS:
    661 		hostapd_wps_ap_pin_success(hapd);
    662 		break;
    663 	}
    664 	if (hapd->wps_event_cb)
    665 		hapd->wps_event_cb(hapd->wps_event_cb_ctx, event, data);
    666 }
    667 
    668 
    669 static void hostapd_wps_clear_ies(struct hostapd_data *hapd)
    670 {
    671 	wpabuf_free(hapd->wps_beacon_ie);
    672 	hapd->wps_beacon_ie = NULL;
    673 
    674 	wpabuf_free(hapd->wps_probe_resp_ie);
    675 	hapd->wps_probe_resp_ie = NULL;
    676 
    677 	hostapd_set_ap_wps_ie(hapd);
    678 }
    679 
    680 
    681 static int get_uuid_cb(struct hostapd_iface *iface, void *ctx)
    682 {
    683 	const u8 **uuid = ctx;
    684 	size_t j;
    685 
    686 	if (iface == NULL)
    687 		return 0;
    688 	for (j = 0; j < iface->num_bss; j++) {
    689 		struct hostapd_data *hapd = iface->bss[j];
    690 		if (hapd->wps && !is_nil_uuid(hapd->wps->uuid)) {
    691 			*uuid = hapd->wps->uuid;
    692 			return 1;
    693 		}
    694 	}
    695 
    696 	return 0;
    697 }
    698 
    699 
    700 static const u8 * get_own_uuid(struct hostapd_iface *iface)
    701 {
    702 	const u8 *uuid;
    703 	if (iface->for_each_interface == NULL)
    704 		return NULL;
    705 	uuid = NULL;
    706 	iface->for_each_interface(iface->interfaces, get_uuid_cb, &uuid);
    707 	return uuid;
    708 }
    709 
    710 
    711 static int count_interface_cb(struct hostapd_iface *iface, void *ctx)
    712 {
    713 	int *count= ctx;
    714 	(*count)++;
    715 	return 0;
    716 }
    717 
    718 
    719 static int interface_count(struct hostapd_iface *iface)
    720 {
    721 	int count = 0;
    722 	if (iface->for_each_interface == NULL)
    723 		return 0;
    724 	iface->for_each_interface(iface->interfaces, count_interface_cb,
    725 				  &count);
    726 	return count;
    727 }
    728 
    729 
    730 static int hostapd_wps_set_vendor_ext(struct hostapd_data *hapd,
    731 				      struct wps_context *wps)
    732 {
    733 	int i;
    734 
    735 	for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++) {
    736 		wpabuf_free(wps->dev.vendor_ext[i]);
    737 		wps->dev.vendor_ext[i] = NULL;
    738 
    739 		if (hapd->conf->wps_vendor_ext[i] == NULL)
    740 			continue;
    741 
    742 		wps->dev.vendor_ext[i] =
    743 			wpabuf_dup(hapd->conf->wps_vendor_ext[i]);
    744 		if (wps->dev.vendor_ext[i] == NULL) {
    745 			while (--i >= 0)
    746 				wpabuf_free(wps->dev.vendor_ext[i]);
    747 			return -1;
    748 		}
    749 	}
    750 
    751 	return 0;
    752 }
    753 
    754 
    755 int hostapd_init_wps(struct hostapd_data *hapd,
    756 		     struct hostapd_bss_config *conf)
    757 {
    758 	struct wps_context *wps;
    759 	struct wps_registrar_config cfg;
    760 
    761 	if (conf->wps_state == 0) {
    762 		hostapd_wps_clear_ies(hapd);
    763 		return 0;
    764 	}
    765 
    766 	wps = os_zalloc(sizeof(*wps));
    767 	if (wps == NULL)
    768 		return -1;
    769 
    770 	wps->cred_cb = hostapd_wps_cred_cb;
    771 	wps->event_cb = hostapd_wps_event_cb;
    772 	wps->cb_ctx = hapd;
    773 
    774 	os_memset(&cfg, 0, sizeof(cfg));
    775 	wps->wps_state = hapd->conf->wps_state;
    776 	wps->ap_setup_locked = hapd->conf->ap_setup_locked;
    777 	if (is_nil_uuid(hapd->conf->uuid)) {
    778 		const u8 *uuid;
    779 		uuid = get_own_uuid(hapd->iface);
    780 		if (uuid) {
    781 			os_memcpy(wps->uuid, uuid, UUID_LEN);
    782 			wpa_hexdump(MSG_DEBUG, "WPS: Clone UUID from another "
    783 				    "interface", wps->uuid, UUID_LEN);
    784 		} else {
    785 			uuid_gen_mac_addr(hapd->own_addr, wps->uuid);
    786 			wpa_hexdump(MSG_DEBUG, "WPS: UUID based on MAC "
    787 				    "address", wps->uuid, UUID_LEN);
    788 		}
    789 	} else {
    790 		os_memcpy(wps->uuid, hapd->conf->uuid, UUID_LEN);
    791 		wpa_hexdump(MSG_DEBUG, "WPS: Use configured UUID",
    792 			    wps->uuid, UUID_LEN);
    793 	}
    794 	wps->ssid_len = hapd->conf->ssid.ssid_len;
    795 	os_memcpy(wps->ssid, hapd->conf->ssid.ssid, wps->ssid_len);
    796 	wps->ap = 1;
    797 	os_memcpy(wps->dev.mac_addr, hapd->own_addr, ETH_ALEN);
    798 	wps->dev.device_name = hapd->conf->device_name ?
    799 		os_strdup(hapd->conf->device_name) : NULL;
    800 	wps->dev.manufacturer = hapd->conf->manufacturer ?
    801 		os_strdup(hapd->conf->manufacturer) : NULL;
    802 	wps->dev.model_name = hapd->conf->model_name ?
    803 		os_strdup(hapd->conf->model_name) : NULL;
    804 	wps->dev.model_number = hapd->conf->model_number ?
    805 		os_strdup(hapd->conf->model_number) : NULL;
    806 	wps->dev.serial_number = hapd->conf->serial_number ?
    807 		os_strdup(hapd->conf->serial_number) : NULL;
    808 	wps->config_methods =
    809 		wps_config_methods_str2bin(hapd->conf->config_methods);
    810 #ifdef CONFIG_WPS2
    811 	if ((wps->config_methods &
    812 	     (WPS_CONFIG_DISPLAY | WPS_CONFIG_VIRT_DISPLAY |
    813 	      WPS_CONFIG_PHY_DISPLAY)) == WPS_CONFIG_DISPLAY) {
    814 		wpa_printf(MSG_INFO, "WPS: Converting display to "
    815 			   "virtual_display for WPS 2.0 compliance");
    816 		wps->config_methods |= WPS_CONFIG_VIRT_DISPLAY;
    817 	}
    818 	if ((wps->config_methods &
    819 	     (WPS_CONFIG_PUSHBUTTON | WPS_CONFIG_VIRT_PUSHBUTTON |
    820 	      WPS_CONFIG_PHY_PUSHBUTTON)) == WPS_CONFIG_PUSHBUTTON) {
    821 		wpa_printf(MSG_INFO, "WPS: Converting push_button to "
    822 			   "virtual_push_button for WPS 2.0 compliance");
    823 		wps->config_methods |= WPS_CONFIG_VIRT_PUSHBUTTON;
    824 	}
    825 #endif /* CONFIG_WPS2 */
    826 	os_memcpy(wps->dev.pri_dev_type, hapd->conf->device_type,
    827 		  WPS_DEV_TYPE_LEN);
    828 
    829 	if (hostapd_wps_set_vendor_ext(hapd, wps) < 0) {
    830 		os_free(wps);
    831 		return -1;
    832 	}
    833 
    834 	wps->dev.os_version = WPA_GET_BE32(hapd->conf->os_version);
    835 
    836 	if (conf->wps_rf_bands) {
    837 		wps->dev.rf_bands = conf->wps_rf_bands;
    838 	} else {
    839 		wps->dev.rf_bands =
    840 			hapd->iconf->hw_mode == HOSTAPD_MODE_IEEE80211A ?
    841 			WPS_RF_50GHZ : WPS_RF_24GHZ; /* FIX: dualband AP */
    842 	}
    843 
    844 	if (conf->wpa & WPA_PROTO_RSN) {
    845 		if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK)
    846 			wps->auth_types |= WPS_AUTH_WPA2PSK;
    847 		if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X)
    848 			wps->auth_types |= WPS_AUTH_WPA2;
    849 
    850 		if (conf->rsn_pairwise & WPA_CIPHER_CCMP)
    851 			wps->encr_types |= WPS_ENCR_AES;
    852 		if (conf->rsn_pairwise & WPA_CIPHER_TKIP)
    853 			wps->encr_types |= WPS_ENCR_TKIP;
    854 	}
    855 
    856 	if (conf->wpa & WPA_PROTO_WPA) {
    857 		if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK)
    858 			wps->auth_types |= WPS_AUTH_WPAPSK;
    859 		if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X)
    860 			wps->auth_types |= WPS_AUTH_WPA;
    861 
    862 		if (conf->wpa_pairwise & WPA_CIPHER_CCMP)
    863 			wps->encr_types |= WPS_ENCR_AES;
    864 		if (conf->wpa_pairwise & WPA_CIPHER_TKIP)
    865 			wps->encr_types |= WPS_ENCR_TKIP;
    866 	}
    867 
    868 	if (conf->ssid.security_policy == SECURITY_PLAINTEXT) {
    869 		wps->encr_types |= WPS_ENCR_NONE;
    870 		wps->auth_types |= WPS_AUTH_OPEN;
    871 	} else if (conf->ssid.security_policy == SECURITY_STATIC_WEP) {
    872 		wps->encr_types |= WPS_ENCR_WEP;
    873 		if (conf->auth_algs & WPA_AUTH_ALG_OPEN)
    874 			wps->auth_types |= WPS_AUTH_OPEN;
    875 		if (conf->auth_algs & WPA_AUTH_ALG_SHARED)
    876 			wps->auth_types |= WPS_AUTH_SHARED;
    877 	} else if (conf->ssid.security_policy == SECURITY_IEEE_802_1X) {
    878 		wps->auth_types |= WPS_AUTH_OPEN;
    879 		if (conf->default_wep_key_len)
    880 			wps->encr_types |= WPS_ENCR_WEP;
    881 		else
    882 			wps->encr_types |= WPS_ENCR_NONE;
    883 	}
    884 
    885 	if (conf->ssid.wpa_psk_file) {
    886 		/* Use per-device PSKs */
    887 	} else if (conf->ssid.wpa_passphrase) {
    888 		wps->network_key = (u8 *) os_strdup(conf->ssid.wpa_passphrase);
    889 		wps->network_key_len = os_strlen(conf->ssid.wpa_passphrase);
    890 	} else if (conf->ssid.wpa_psk) {
    891 		wps->network_key = os_malloc(2 * PMK_LEN + 1);
    892 		if (wps->network_key == NULL) {
    893 			os_free(wps);
    894 			return -1;
    895 		}
    896 		wpa_snprintf_hex((char *) wps->network_key, 2 * PMK_LEN + 1,
    897 				 conf->ssid.wpa_psk->psk, PMK_LEN);
    898 		wps->network_key_len = 2 * PMK_LEN;
    899 	} else if (conf->ssid.wep.keys_set && conf->ssid.wep.key[0]) {
    900 		wps->network_key = os_malloc(conf->ssid.wep.len[0]);
    901 		if (wps->network_key == NULL) {
    902 			os_free(wps);
    903 			return -1;
    904 		}
    905 		os_memcpy(wps->network_key, conf->ssid.wep.key[0],
    906 			  conf->ssid.wep.len[0]);
    907 		wps->network_key_len = conf->ssid.wep.len[0];
    908 	}
    909 
    910 	if (conf->ssid.wpa_psk) {
    911 		os_memcpy(wps->psk, conf->ssid.wpa_psk->psk, PMK_LEN);
    912 		wps->psk_set = 1;
    913 	}
    914 
    915 	if (conf->wps_state == WPS_STATE_NOT_CONFIGURED) {
    916 		/* Override parameters to enable security by default */
    917 		wps->auth_types = WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK;
    918 		wps->encr_types = WPS_ENCR_AES | WPS_ENCR_TKIP;
    919 	}
    920 
    921 	wps->ap_settings = conf->ap_settings;
    922 	wps->ap_settings_len = conf->ap_settings_len;
    923 
    924 	cfg.new_psk_cb = hostapd_wps_new_psk_cb;
    925 	cfg.set_ie_cb = hostapd_wps_set_ie_cb;
    926 	cfg.pin_needed_cb = hostapd_wps_pin_needed_cb;
    927 	cfg.reg_success_cb = hostapd_wps_reg_success_cb;
    928 	cfg.enrollee_seen_cb = hostapd_wps_enrollee_seen_cb;
    929 	cfg.cb_ctx = hapd;
    930 	cfg.skip_cred_build = conf->skip_cred_build;
    931 	cfg.extra_cred = conf->extra_cred;
    932 	cfg.extra_cred_len = conf->extra_cred_len;
    933 	cfg.disable_auto_conf = (hapd->conf->wps_cred_processing == 1) &&
    934 		conf->skip_cred_build;
    935 	if (conf->ssid.security_policy == SECURITY_STATIC_WEP)
    936 		cfg.static_wep_only = 1;
    937 	cfg.dualband = interface_count(hapd->iface) > 1;
    938 	if (cfg.dualband)
    939 		wpa_printf(MSG_DEBUG, "WPS: Dualband AP");
    940 
    941 	wps->registrar = wps_registrar_init(wps, &cfg);
    942 	if (wps->registrar == NULL) {
    943 		wpa_printf(MSG_ERROR, "Failed to initialize WPS Registrar");
    944 		os_free(wps->network_key);
    945 		os_free(wps);
    946 		return -1;
    947 	}
    948 
    949 #ifdef CONFIG_WPS_UPNP
    950 	wps->friendly_name = hapd->conf->friendly_name;
    951 	wps->manufacturer_url = hapd->conf->manufacturer_url;
    952 	wps->model_description = hapd->conf->model_description;
    953 	wps->model_url = hapd->conf->model_url;
    954 	wps->upc = hapd->conf->upc;
    955 #endif /* CONFIG_WPS_UPNP */
    956 
    957 	hostapd_register_probereq_cb(hapd, hostapd_wps_probe_req_rx, hapd);
    958 
    959 	hapd->wps = wps;
    960 
    961 	return 0;
    962 }
    963 
    964 
    965 int hostapd_init_wps_complete(struct hostapd_data *hapd)
    966 {
    967 	struct wps_context *wps = hapd->wps;
    968 
    969 	if (wps == NULL)
    970 		return 0;
    971 
    972 #ifdef CONFIG_WPS_UPNP
    973 	if (hostapd_wps_upnp_init(hapd, wps) < 0) {
    974 		wpa_printf(MSG_ERROR, "Failed to initialize WPS UPnP");
    975 		wps_registrar_deinit(wps->registrar);
    976 		os_free(wps->network_key);
    977 		os_free(wps);
    978 		hapd->wps = NULL;
    979 		return -1;
    980 	}
    981 #endif /* CONFIG_WPS_UPNP */
    982 
    983 	return 0;
    984 }
    985 
    986 
    987 void hostapd_deinit_wps(struct hostapd_data *hapd)
    988 {
    989 	eloop_cancel_timeout(hostapd_wps_reenable_ap_pin, hapd, NULL);
    990 	eloop_cancel_timeout(hostapd_wps_ap_pin_timeout, hapd, NULL);
    991 	if (hapd->wps == NULL)
    992 		return;
    993 #ifdef CONFIG_WPS_UPNP
    994 	hostapd_wps_upnp_deinit(hapd);
    995 #endif /* CONFIG_WPS_UPNP */
    996 	wps_registrar_deinit(hapd->wps->registrar);
    997 	os_free(hapd->wps->network_key);
    998 	wps_device_data_free(&hapd->wps->dev);
    999 	wpabuf_free(hapd->wps->dh_pubkey);
   1000 	wpabuf_free(hapd->wps->dh_privkey);
   1001 	wpabuf_free(hapd->wps->oob_conf.pubkey_hash);
   1002 	wpabuf_free(hapd->wps->oob_conf.dev_password);
   1003 	wps_free_pending_msgs(hapd->wps->upnp_msgs);
   1004 	os_free(hapd->wps);
   1005 	hapd->wps = NULL;
   1006 	hostapd_wps_clear_ies(hapd);
   1007 }
   1008 
   1009 
   1010 void hostapd_update_wps(struct hostapd_data *hapd)
   1011 {
   1012 	if (hapd->wps == NULL)
   1013 		return;
   1014 
   1015 #ifdef CONFIG_WPS_UPNP
   1016 	hapd->wps->friendly_name = hapd->conf->friendly_name;
   1017 	hapd->wps->manufacturer_url = hapd->conf->manufacturer_url;
   1018 	hapd->wps->model_description = hapd->conf->model_description;
   1019 	hapd->wps->model_url = hapd->conf->model_url;
   1020 	hapd->wps->upc = hapd->conf->upc;
   1021 #endif /* CONFIG_WPS_UPNP */
   1022 
   1023 	hostapd_wps_set_vendor_ext(hapd, hapd->wps);
   1024 
   1025 	if (hapd->conf->wps_state)
   1026 		wps_registrar_update_ie(hapd->wps->registrar);
   1027 	else
   1028 		hostapd_deinit_wps(hapd);
   1029 }
   1030 
   1031 
   1032 struct wps_add_pin_data {
   1033 	const u8 *addr;
   1034 	const u8 *uuid;
   1035 	const u8 *pin;
   1036 	size_t pin_len;
   1037 	int timeout;
   1038 	int added;
   1039 };
   1040 
   1041 
   1042 static int wps_add_pin(struct hostapd_data *hapd, void *ctx)
   1043 {
   1044 	struct wps_add_pin_data *data = ctx;
   1045 	int ret;
   1046 
   1047 	if (hapd->wps == NULL)
   1048 		return 0;
   1049 	ret = wps_registrar_add_pin(hapd->wps->registrar, data->addr,
   1050 				    data->uuid, data->pin, data->pin_len,
   1051 				    data->timeout);
   1052 	if (ret == 0)
   1053 		data->added++;
   1054 	return ret;
   1055 }
   1056 
   1057 
   1058 int hostapd_wps_add_pin(struct hostapd_data *hapd, const u8 *addr,
   1059 			const char *uuid, const char *pin, int timeout)
   1060 {
   1061 	u8 u[UUID_LEN];
   1062 	struct wps_add_pin_data data;
   1063 
   1064 	data.addr = addr;
   1065 	data.uuid = u;
   1066 	data.pin = (const u8 *) pin;
   1067 	data.pin_len = os_strlen(pin);
   1068 	data.timeout = timeout;
   1069 	data.added = 0;
   1070 
   1071 	if (os_strcmp(uuid, "any") == 0)
   1072 		data.uuid = NULL;
   1073 	else {
   1074 		if (uuid_str2bin(uuid, u))
   1075 			return -1;
   1076 		data.uuid = u;
   1077 	}
   1078 	if (hostapd_wps_for_each(hapd, wps_add_pin, &data) < 0)
   1079 		return -1;
   1080 	return data.added ? 0 : -1;
   1081 }
   1082 
   1083 
   1084 static int wps_button_pushed(struct hostapd_data *hapd, void *ctx)
   1085 {
   1086 	const u8 *p2p_dev_addr = ctx;
   1087 	if (hapd->wps == NULL)
   1088 		return 0;
   1089 	return wps_registrar_button_pushed(hapd->wps->registrar, p2p_dev_addr);
   1090 }
   1091 
   1092 
   1093 int hostapd_wps_button_pushed(struct hostapd_data *hapd,
   1094 			      const u8 *p2p_dev_addr)
   1095 {
   1096 	return hostapd_wps_for_each(hapd, wps_button_pushed,
   1097 				    (void *) p2p_dev_addr);
   1098 }
   1099 
   1100 
   1101 #ifdef CONFIG_WPS_OOB
   1102 int hostapd_wps_start_oob(struct hostapd_data *hapd, char *device_type,
   1103 			  char *path, char *method, char *name)
   1104 {
   1105 	struct wps_context *wps = hapd->wps;
   1106 	struct oob_device_data *oob_dev;
   1107 
   1108 	oob_dev = wps_get_oob_device(device_type);
   1109 	if (oob_dev == NULL)
   1110 		return -1;
   1111 	oob_dev->device_path = path;
   1112 	oob_dev->device_name = name;
   1113 	wps->oob_conf.oob_method = wps_get_oob_method(method);
   1114 
   1115 	if (wps->oob_conf.oob_method == OOB_METHOD_DEV_PWD_R) {
   1116 		/*
   1117 		 * Use pre-configured DH keys in order to be able to write the
   1118 		 * key hash into the OOB file.
   1119 		 */
   1120 		wpabuf_free(wps->dh_pubkey);
   1121 		wpabuf_free(wps->dh_privkey);
   1122 		wps->dh_privkey = NULL;
   1123 		wps->dh_pubkey = dh_init(dh_groups_get(WPS_DH_GROUP),
   1124 					 &wps->dh_privkey);
   1125 		wps->dh_pubkey = wpabuf_zeropad(wps->dh_pubkey, 192);
   1126 		if (wps->dh_pubkey == NULL) {
   1127 			wpa_printf(MSG_ERROR, "WPS: Failed to initialize "
   1128 				   "Diffie-Hellman handshake");
   1129 			return -1;
   1130 		}
   1131 	}
   1132 
   1133 	if (wps_process_oob(wps, oob_dev, 1) < 0)
   1134 		goto error;
   1135 
   1136 	if ((wps->oob_conf.oob_method == OOB_METHOD_DEV_PWD_E ||
   1137 	     wps->oob_conf.oob_method == OOB_METHOD_DEV_PWD_R) &&
   1138 	    hostapd_wps_add_pin(hapd, NULL, "any",
   1139 				wpabuf_head(wps->oob_conf.dev_password), 0) <
   1140 	    0)
   1141 		goto error;
   1142 
   1143 	return 0;
   1144 
   1145 error:
   1146 	wpabuf_free(wps->dh_pubkey);
   1147 	wps->dh_pubkey = NULL;
   1148 	wpabuf_free(wps->dh_privkey);
   1149 	wps->dh_privkey = NULL;
   1150 	return -1;
   1151 }
   1152 #endif /* CONFIG_WPS_OOB */
   1153 
   1154 
   1155 static int hostapd_wps_probe_req_rx(void *ctx, const u8 *addr, const u8 *da,
   1156 				    const u8 *bssid,
   1157 				    const u8 *ie, size_t ie_len)
   1158 {
   1159 	struct hostapd_data *hapd = ctx;
   1160 	struct wpabuf *wps_ie;
   1161 	struct ieee802_11_elems elems;
   1162 
   1163 	if (hapd->wps == NULL)
   1164 		return 0;
   1165 
   1166 	if (ieee802_11_parse_elems(ie, ie_len, &elems, 0) == ParseFailed) {
   1167 		wpa_printf(MSG_DEBUG, "WPS: Could not parse ProbeReq from "
   1168 			   MACSTR, MAC2STR(addr));
   1169 		return 0;
   1170 	}
   1171 
   1172 	if (elems.ssid && elems.ssid_len > 0 &&
   1173 	    (elems.ssid_len != hapd->conf->ssid.ssid_len ||
   1174 	     os_memcmp(elems.ssid, hapd->conf->ssid.ssid, elems.ssid_len) !=
   1175 	     0))
   1176 		return 0; /* Not for us */
   1177 
   1178 	wps_ie = ieee802_11_vendor_ie_concat(ie, ie_len, WPS_DEV_OUI_WFA);
   1179 	if (wps_ie == NULL)
   1180 		return 0;
   1181 	if (wps_validate_probe_req(wps_ie, addr) < 0) {
   1182 		wpabuf_free(wps_ie);
   1183 		return 0;
   1184 	}
   1185 
   1186 	if (wpabuf_len(wps_ie) > 0) {
   1187 		int p2p_wildcard = 0;
   1188 #ifdef CONFIG_P2P
   1189 		if (elems.ssid && elems.ssid_len == P2P_WILDCARD_SSID_LEN &&
   1190 		    os_memcmp(elems.ssid, P2P_WILDCARD_SSID,
   1191 			      P2P_WILDCARD_SSID_LEN) == 0)
   1192 			p2p_wildcard = 1;
   1193 #endif /* CONFIG_P2P */
   1194 		wps_registrar_probe_req_rx(hapd->wps->registrar, addr, wps_ie,
   1195 					   p2p_wildcard);
   1196 #ifdef CONFIG_WPS_UPNP
   1197 		/* FIX: what exactly should be included in the WLANEvent?
   1198 		 * WPS attributes? Full ProbeReq frame? */
   1199 		if (!p2p_wildcard)
   1200 			upnp_wps_device_send_wlan_event(
   1201 				hapd->wps_upnp, addr,
   1202 				UPNP_WPS_WLANEVENT_TYPE_PROBE, wps_ie);
   1203 #endif /* CONFIG_WPS_UPNP */
   1204 	}
   1205 
   1206 	wpabuf_free(wps_ie);
   1207 
   1208 	return 0;
   1209 }
   1210 
   1211 
   1212 #ifdef CONFIG_WPS_UPNP
   1213 
   1214 static int hostapd_rx_req_put_wlan_response(
   1215 	void *priv, enum upnp_wps_wlanevent_type ev_type,
   1216 	const u8 *mac_addr, const struct wpabuf *msg,
   1217 	enum wps_msg_type msg_type)
   1218 {
   1219 	struct hostapd_data *hapd = priv;
   1220 	struct sta_info *sta;
   1221 	struct upnp_pending_message *p;
   1222 
   1223 	wpa_printf(MSG_DEBUG, "WPS UPnP: PutWLANResponse ev_type=%d mac_addr="
   1224 		   MACSTR, ev_type, MAC2STR(mac_addr));
   1225 	wpa_hexdump(MSG_MSGDUMP, "WPS UPnP: PutWLANResponse NewMessage",
   1226 		    wpabuf_head(msg), wpabuf_len(msg));
   1227 	if (ev_type != UPNP_WPS_WLANEVENT_TYPE_EAP) {
   1228 		wpa_printf(MSG_DEBUG, "WPS UPnP: Ignored unexpected "
   1229 			   "PutWLANResponse WLANEventType %d", ev_type);
   1230 		return -1;
   1231 	}
   1232 
   1233 	/*
   1234 	 * EAP response to ongoing to WPS Registration. Send it to EAP-WSC
   1235 	 * server implementation for delivery to the peer.
   1236 	 */
   1237 
   1238 	sta = ap_get_sta(hapd, mac_addr);
   1239 #ifndef CONFIG_WPS_STRICT
   1240 	if (!sta) {
   1241 		/*
   1242 		 * Workaround - Intel wsccmd uses bogus NewWLANEventMAC:
   1243 		 * Pick STA that is in an ongoing WPS registration without
   1244 		 * checking the MAC address.
   1245 		 */
   1246 		wpa_printf(MSG_DEBUG, "WPS UPnP: No matching STA found based "
   1247 			   "on NewWLANEventMAC; try wildcard match");
   1248 		for (sta = hapd->sta_list; sta; sta = sta->next) {
   1249 			if (sta->eapol_sm && (sta->flags & WLAN_STA_WPS))
   1250 				break;
   1251 		}
   1252 	}
   1253 #endif /* CONFIG_WPS_STRICT */
   1254 
   1255 	if (!sta || !(sta->flags & WLAN_STA_WPS)) {
   1256 		wpa_printf(MSG_DEBUG, "WPS UPnP: No matching STA found");
   1257 		return 0;
   1258 	}
   1259 
   1260 	p = os_zalloc(sizeof(*p));
   1261 	if (p == NULL)
   1262 		return -1;
   1263 	os_memcpy(p->addr, sta->addr, ETH_ALEN);
   1264 	p->msg = wpabuf_dup(msg);
   1265 	p->type = msg_type;
   1266 	p->next = hapd->wps->upnp_msgs;
   1267 	hapd->wps->upnp_msgs = p;
   1268 
   1269 	return eapol_auth_eap_pending_cb(sta->eapol_sm, sta->eapol_sm->eap);
   1270 }
   1271 
   1272 
   1273 static int hostapd_wps_upnp_init(struct hostapd_data *hapd,
   1274 				 struct wps_context *wps)
   1275 {
   1276 	struct upnp_wps_device_ctx *ctx;
   1277 
   1278 	if (!hapd->conf->upnp_iface)
   1279 		return 0;
   1280 	ctx = os_zalloc(sizeof(*ctx));
   1281 	if (ctx == NULL)
   1282 		return -1;
   1283 
   1284 	ctx->rx_req_put_wlan_response = hostapd_rx_req_put_wlan_response;
   1285 	if (hapd->conf->ap_pin)
   1286 		ctx->ap_pin = os_strdup(hapd->conf->ap_pin);
   1287 
   1288 	hapd->wps_upnp = upnp_wps_device_init(ctx, wps, hapd,
   1289 					      hapd->conf->upnp_iface);
   1290 	if (hapd->wps_upnp == NULL)
   1291 		return -1;
   1292 	wps->wps_upnp = hapd->wps_upnp;
   1293 
   1294 	return 0;
   1295 }
   1296 
   1297 
   1298 static void hostapd_wps_upnp_deinit(struct hostapd_data *hapd)
   1299 {
   1300 	upnp_wps_device_deinit(hapd->wps_upnp, hapd);
   1301 }
   1302 
   1303 #endif /* CONFIG_WPS_UPNP */
   1304 
   1305 
   1306 int hostapd_wps_get_mib_sta(struct hostapd_data *hapd, const u8 *addr,
   1307 			    char *buf, size_t buflen)
   1308 {
   1309 	if (hapd->wps == NULL)
   1310 		return 0;
   1311 	return wps_registrar_get_info(hapd->wps->registrar, addr, buf, buflen);
   1312 }
   1313 
   1314 
   1315 static void hostapd_wps_ap_pin_timeout(void *eloop_data, void *user_ctx)
   1316 {
   1317 	struct hostapd_data *hapd = eloop_data;
   1318 	wpa_printf(MSG_DEBUG, "WPS: AP PIN timed out");
   1319 	hostapd_wps_ap_pin_disable(hapd);
   1320 	wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_AP_PIN_DISABLED);
   1321 }
   1322 
   1323 
   1324 static void hostapd_wps_ap_pin_enable(struct hostapd_data *hapd, int timeout)
   1325 {
   1326 	wpa_printf(MSG_DEBUG, "WPS: Enabling AP PIN (timeout=%d)", timeout);
   1327 	hapd->ap_pin_failures = 0;
   1328 	hapd->ap_pin_failures_consecutive = 0;
   1329 	hapd->conf->ap_setup_locked = 0;
   1330 	if (hapd->wps->ap_setup_locked) {
   1331 		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_AP_SETUP_UNLOCKED);
   1332 		hapd->wps->ap_setup_locked = 0;
   1333 		wps_registrar_update_ie(hapd->wps->registrar);
   1334 	}
   1335 	eloop_cancel_timeout(hostapd_wps_ap_pin_timeout, hapd, NULL);
   1336 	if (timeout > 0)
   1337 		eloop_register_timeout(timeout, 0,
   1338 				       hostapd_wps_ap_pin_timeout, hapd, NULL);
   1339 }
   1340 
   1341 
   1342 static int wps_ap_pin_disable(struct hostapd_data *hapd, void *ctx)
   1343 {
   1344 	os_free(hapd->conf->ap_pin);
   1345 	hapd->conf->ap_pin = NULL;
   1346 #ifdef CONFIG_WPS_UPNP
   1347 	upnp_wps_set_ap_pin(hapd->wps_upnp, NULL);
   1348 #endif /* CONFIG_WPS_UPNP */
   1349 	eloop_cancel_timeout(hostapd_wps_ap_pin_timeout, hapd, NULL);
   1350 	return 0;
   1351 }
   1352 
   1353 
   1354 void hostapd_wps_ap_pin_disable(struct hostapd_data *hapd)
   1355 {
   1356 	wpa_printf(MSG_DEBUG, "WPS: Disabling AP PIN");
   1357 	hostapd_wps_for_each(hapd, wps_ap_pin_disable, NULL);
   1358 }
   1359 
   1360 
   1361 struct wps_ap_pin_data {
   1362 	char pin_txt[9];
   1363 	int timeout;
   1364 };
   1365 
   1366 
   1367 static int wps_ap_pin_set(struct hostapd_data *hapd, void *ctx)
   1368 {
   1369 	struct wps_ap_pin_data *data = ctx;
   1370 	os_free(hapd->conf->ap_pin);
   1371 	hapd->conf->ap_pin = os_strdup(data->pin_txt);
   1372 #ifdef CONFIG_WPS_UPNP
   1373 	upnp_wps_set_ap_pin(hapd->wps_upnp, data->pin_txt);
   1374 #endif /* CONFIG_WPS_UPNP */
   1375 	hostapd_wps_ap_pin_enable(hapd, data->timeout);
   1376 	return 0;
   1377 }
   1378 
   1379 
   1380 const char * hostapd_wps_ap_pin_random(struct hostapd_data *hapd, int timeout)
   1381 {
   1382 	unsigned int pin;
   1383 	struct wps_ap_pin_data data;
   1384 
   1385 	pin = wps_generate_pin();
   1386 	os_snprintf(data.pin_txt, sizeof(data.pin_txt), "%08u", pin);
   1387 	data.timeout = timeout;
   1388 	hostapd_wps_for_each(hapd, wps_ap_pin_set, &data);
   1389 	return hapd->conf->ap_pin;
   1390 }
   1391 
   1392 
   1393 const char * hostapd_wps_ap_pin_get(struct hostapd_data *hapd)
   1394 {
   1395 	return hapd->conf->ap_pin;
   1396 }
   1397 
   1398 
   1399 int hostapd_wps_ap_pin_set(struct hostapd_data *hapd, const char *pin,
   1400 			   int timeout)
   1401 {
   1402 	struct wps_ap_pin_data data;
   1403 	int ret;
   1404 
   1405 	ret = os_snprintf(data.pin_txt, sizeof(data.pin_txt), "%s", pin);
   1406 	if (ret < 0 || ret >= (int) sizeof(data.pin_txt))
   1407 		return -1;
   1408 	data.timeout = timeout;
   1409 	return hostapd_wps_for_each(hapd, wps_ap_pin_set, &data);
   1410 }
   1411 
   1412 
   1413 static int wps_update_ie(struct hostapd_data *hapd, void *ctx)
   1414 {
   1415 	if (hapd->wps)
   1416 		wps_registrar_update_ie(hapd->wps->registrar);
   1417 	return 0;
   1418 }
   1419 
   1420 
   1421 void hostapd_wps_update_ie(struct hostapd_data *hapd)
   1422 {
   1423 	hostapd_wps_for_each(hapd, wps_update_ie, NULL);
   1424 }
   1425 
   1426 
   1427 int hostapd_wps_config_ap(struct hostapd_data *hapd, const char *ssid,
   1428 			  const char *auth, const char *encr, const char *key)
   1429 {
   1430 	struct wps_credential cred;
   1431 	size_t len;
   1432 
   1433 	os_memset(&cred, 0, sizeof(cred));
   1434 
   1435 	len = os_strlen(ssid);
   1436 	if ((len & 1) || len > 2 * sizeof(cred.ssid) ||
   1437 	    hexstr2bin(ssid, cred.ssid, len / 2))
   1438 		return -1;
   1439 	cred.ssid_len = len / 2;
   1440 
   1441 	if (os_strncmp(auth, "OPEN", 4) == 0)
   1442 		cred.auth_type = WPS_AUTH_OPEN;
   1443 	else if (os_strncmp(auth, "WPAPSK", 6) == 0)
   1444 		cred.auth_type = WPS_AUTH_WPAPSK;
   1445 	else if (os_strncmp(auth, "WPA2PSK", 7) == 0)
   1446 		cred.auth_type = WPS_AUTH_WPA2PSK;
   1447 	else
   1448 		return -1;
   1449 
   1450 	if (encr) {
   1451 		if (os_strncmp(encr, "NONE", 4) == 0)
   1452 			cred.encr_type = WPS_ENCR_NONE;
   1453 		else if (os_strncmp(encr, "WEP", 3) == 0)
   1454 			cred.encr_type = WPS_ENCR_WEP;
   1455 		else if (os_strncmp(encr, "TKIP", 4) == 0)
   1456 			cred.encr_type = WPS_ENCR_TKIP;
   1457 		else if (os_strncmp(encr, "CCMP", 4) == 0)
   1458 			cred.encr_type = WPS_ENCR_AES;
   1459 		else
   1460 			return -1;
   1461 	} else
   1462 		cred.encr_type = WPS_ENCR_NONE;
   1463 
   1464 	if (key) {
   1465 		len = os_strlen(key);
   1466 		if ((len & 1) || len > 2 * sizeof(cred.key) ||
   1467 		    hexstr2bin(key, cred.key, len / 2))
   1468 			return -1;
   1469 		cred.key_len = len / 2;
   1470 	}
   1471 
   1472 	return wps_registrar_config_ap(hapd->wps->registrar, &cred);
   1473 }
   1474