Home | History | Annotate | Download | only in wpa_supplicant
      1 /*
      2  * wpa_supplicant / WPS integration
      3  * Copyright (c) 2008-2013, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This software may be distributed under the terms of the BSD license.
      6  * See README for more details.
      7  */
      8 
      9 #include "includes.h"
     10 
     11 #include "common.h"
     12 #include "eloop.h"
     13 #include "uuid.h"
     14 #include "crypto/random.h"
     15 #include "crypto/dh_group5.h"
     16 #include "common/ieee802_11_defs.h"
     17 #include "common/ieee802_11_common.h"
     18 #include "common/wpa_common.h"
     19 #include "common/wpa_ctrl.h"
     20 #include "eap_common/eap_wsc_common.h"
     21 #include "eap_peer/eap.h"
     22 #include "eapol_supp/eapol_supp_sm.h"
     23 #include "rsn_supp/wpa.h"
     24 #include "wps/wps_attr_parse.h"
     25 #include "config.h"
     26 #include "wpa_supplicant_i.h"
     27 #include "driver_i.h"
     28 #include "notify.h"
     29 #include "blacklist.h"
     30 #include "bss.h"
     31 #include "scan.h"
     32 #include "ap.h"
     33 #include "p2p/p2p.h"
     34 #include "p2p_supplicant.h"
     35 #include "wps_supplicant.h"
     36 
     37 
     38 #ifndef WPS_PIN_SCAN_IGNORE_SEL_REG
     39 #define WPS_PIN_SCAN_IGNORE_SEL_REG 3
     40 #endif /* WPS_PIN_SCAN_IGNORE_SEL_REG */
     41 
     42 static void wpas_wps_timeout(void *eloop_ctx, void *timeout_ctx);
     43 static void wpas_clear_wps(struct wpa_supplicant *wpa_s);
     44 
     45 
     46 static void wpas_wps_clear_ap_info(struct wpa_supplicant *wpa_s)
     47 {
     48 	os_free(wpa_s->wps_ap);
     49 	wpa_s->wps_ap = NULL;
     50 	wpa_s->num_wps_ap = 0;
     51 	wpa_s->wps_ap_iter = 0;
     52 }
     53 
     54 
     55 int wpas_wps_eapol_cb(struct wpa_supplicant *wpa_s)
     56 {
     57 	if (!wpa_s->wps_success &&
     58 	    wpa_s->current_ssid &&
     59 	    eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
     60 		const u8 *bssid = wpa_s->bssid;
     61 		if (is_zero_ether_addr(bssid))
     62 			bssid = wpa_s->pending_bssid;
     63 
     64 		wpa_printf(MSG_DEBUG, "WPS: PIN registration with " MACSTR
     65 			   " did not succeed - continue trying to find "
     66 			   "suitable AP", MAC2STR(bssid));
     67 		wpa_blacklist_add(wpa_s, bssid);
     68 
     69 		wpa_supplicant_deauthenticate(wpa_s,
     70 					      WLAN_REASON_DEAUTH_LEAVING);
     71 		wpa_s->reassociate = 1;
     72 		wpa_supplicant_req_scan(wpa_s,
     73 					wpa_s->blacklist_cleared ? 5 : 0, 0);
     74 		wpa_s->blacklist_cleared = 0;
     75 		return 1;
     76 	}
     77 
     78 	wpas_wps_clear_ap_info(wpa_s);
     79 	eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL);
     80 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && !wpa_s->wps_success)
     81 		wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_FAIL);
     82 
     83 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && wpa_s->current_ssid &&
     84 	    !(wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
     85 		int disabled = wpa_s->current_ssid->disabled;
     86 		unsigned int freq = wpa_s->assoc_freq;
     87 		struct wpa_bss *bss;
     88 		struct wpa_ssid *ssid = NULL;
     89 		int use_fast_assoc = 0;
     90 
     91 		wpa_printf(MSG_DEBUG, "WPS: Network configuration replaced - "
     92 			   "try to associate with the received credential "
     93 			   "(freq=%u)", freq);
     94 		wpa_supplicant_deauthenticate(wpa_s,
     95 					      WLAN_REASON_DEAUTH_LEAVING);
     96 		if (disabled) {
     97 			wpa_printf(MSG_DEBUG, "WPS: Current network is "
     98 				   "disabled - wait for user to enable");
     99 			return 1;
    100 		}
    101 		wpa_s->after_wps = 5;
    102 		wpa_s->wps_freq = freq;
    103 		wpa_s->normal_scans = 0;
    104 		wpa_s->reassociate = 1;
    105 
    106 		wpa_printf(MSG_DEBUG, "WPS: Checking whether fast association "
    107 			   "without a new scan can be used");
    108 		bss = wpa_supplicant_pick_network(wpa_s, &ssid);
    109 		if (bss) {
    110 			struct wpabuf *wps;
    111 			struct wps_parse_attr attr;
    112 
    113 			wps = wpa_bss_get_vendor_ie_multi(bss,
    114 							  WPS_IE_VENDOR_TYPE);
    115 			if (wps && wps_parse_msg(wps, &attr) == 0 &&
    116 			    attr.wps_state &&
    117 			    *attr.wps_state == WPS_STATE_CONFIGURED)
    118 				use_fast_assoc = 1;
    119 			wpabuf_free(wps);
    120 		}
    121 
    122 		if (!use_fast_assoc ||
    123 		    wpa_supplicant_fast_associate(wpa_s) != 1)
    124 			wpa_supplicant_req_scan(wpa_s, 0, 0);
    125 		return 1;
    126 	}
    127 
    128 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && wpa_s->current_ssid) {
    129 		wpa_printf(MSG_DEBUG, "WPS: Registration completed - waiting "
    130 			   "for external credential processing");
    131 		wpas_clear_wps(wpa_s);
    132 		wpa_supplicant_deauthenticate(wpa_s,
    133 					      WLAN_REASON_DEAUTH_LEAVING);
    134 		return 1;
    135 	}
    136 
    137 	return 0;
    138 }
    139 
    140 
    141 static void wpas_wps_security_workaround(struct wpa_supplicant *wpa_s,
    142 					 struct wpa_ssid *ssid,
    143 					 const struct wps_credential *cred)
    144 {
    145 	struct wpa_driver_capa capa;
    146 	struct wpa_bss *bss;
    147 	const u8 *ie;
    148 	struct wpa_ie_data adv;
    149 	int wpa2 = 0, ccmp = 0;
    150 
    151 	/*
    152 	 * Many existing WPS APs do not know how to negotiate WPA2 or CCMP in
    153 	 * case they are configured for mixed mode operation (WPA+WPA2 and
    154 	 * TKIP+CCMP). Try to use scan results to figure out whether the AP
    155 	 * actually supports stronger security and select that if the client
    156 	 * has support for it, too.
    157 	 */
    158 
    159 	if (wpa_drv_get_capa(wpa_s, &capa))
    160 		return; /* Unknown what driver supports */
    161 
    162 	if (ssid->ssid == NULL)
    163 		return;
    164 	bss = wpa_bss_get(wpa_s, cred->mac_addr, ssid->ssid, ssid->ssid_len);
    165 	if (bss == NULL) {
    166 		wpa_printf(MSG_DEBUG, "WPS: The AP was not found from BSS "
    167 			   "table - use credential as-is");
    168 		return;
    169 	}
    170 
    171 	wpa_printf(MSG_DEBUG, "WPS: AP found from BSS table");
    172 
    173 	ie = wpa_bss_get_ie(bss, WLAN_EID_RSN);
    174 	if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &adv) == 0) {
    175 		wpa2 = 1;
    176 		if (adv.pairwise_cipher & WPA_CIPHER_CCMP)
    177 			ccmp = 1;
    178 	} else {
    179 		ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
    180 		if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &adv) == 0 &&
    181 		    adv.pairwise_cipher & WPA_CIPHER_CCMP)
    182 			ccmp = 1;
    183 	}
    184 
    185 	if (ie == NULL && (ssid->proto & WPA_PROTO_WPA) &&
    186 	    (ssid->pairwise_cipher & WPA_CIPHER_TKIP)) {
    187 		/*
    188 		 * TODO: This could be the initial AP configuration and the
    189 		 * Beacon contents could change shortly. Should request a new
    190 		 * scan and delay addition of the network until the updated
    191 		 * scan results are available.
    192 		 */
    193 		wpa_printf(MSG_DEBUG, "WPS: The AP did not yet advertise WPA "
    194 			   "support - use credential as-is");
    195 		return;
    196 	}
    197 
    198 	if (ccmp && !(ssid->pairwise_cipher & WPA_CIPHER_CCMP) &&
    199 	    (ssid->pairwise_cipher & WPA_CIPHER_TKIP) &&
    200 	    (capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK)) {
    201 		wpa_printf(MSG_DEBUG, "WPS: Add CCMP into the credential "
    202 			   "based on scan results");
    203 		if (wpa_s->conf->ap_scan == 1)
    204 			ssid->pairwise_cipher |= WPA_CIPHER_CCMP;
    205 		else
    206 			ssid->pairwise_cipher = WPA_CIPHER_CCMP;
    207 	}
    208 
    209 	if (wpa2 && !(ssid->proto & WPA_PROTO_RSN) &&
    210 	    (ssid->proto & WPA_PROTO_WPA) &&
    211 	    (capa.enc & WPA_DRIVER_CAPA_ENC_CCMP)) {
    212 		wpa_printf(MSG_DEBUG, "WPS: Add WPA2 into the credential "
    213 			   "based on scan results");
    214 		if (wpa_s->conf->ap_scan == 1)
    215 			ssid->proto |= WPA_PROTO_RSN;
    216 		else
    217 			ssid->proto = WPA_PROTO_RSN;
    218 	}
    219 }
    220 
    221 
    222 static int wpa_supplicant_wps_cred(void *ctx,
    223 				   const struct wps_credential *cred)
    224 {
    225 	struct wpa_supplicant *wpa_s = ctx;
    226 	struct wpa_ssid *ssid = wpa_s->current_ssid;
    227 	u8 key_idx = 0;
    228 	u16 auth_type;
    229 #ifdef CONFIG_WPS_REG_DISABLE_OPEN
    230 	int registrar = 0;
    231 #endif /* CONFIG_WPS_REG_DISABLE_OPEN */
    232 
    233 	if ((wpa_s->conf->wps_cred_processing == 1 ||
    234 	     wpa_s->conf->wps_cred_processing == 2) && cred->cred_attr) {
    235 		size_t blen = cred->cred_attr_len * 2 + 1;
    236 		char *buf = os_malloc(blen);
    237 		if (buf) {
    238 			wpa_snprintf_hex(buf, blen,
    239 					 cred->cred_attr, cred->cred_attr_len);
    240 			wpa_msg(wpa_s, MSG_INFO, "%s%s",
    241 				WPS_EVENT_CRED_RECEIVED, buf);
    242 			os_free(buf);
    243 		}
    244 
    245 		wpas_notify_wps_credential(wpa_s, cred);
    246 	} else
    247 		wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_CRED_RECEIVED);
    248 
    249 	wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute",
    250 			cred->cred_attr, cred->cred_attr_len);
    251 
    252 	if (wpa_s->conf->wps_cred_processing == 1)
    253 		return 0;
    254 
    255 	wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", cred->ssid, cred->ssid_len);
    256 	wpa_printf(MSG_DEBUG, "WPS: Authentication Type 0x%x",
    257 		   cred->auth_type);
    258 	wpa_printf(MSG_DEBUG, "WPS: Encryption Type 0x%x", cred->encr_type);
    259 	wpa_printf(MSG_DEBUG, "WPS: Network Key Index %d", cred->key_idx);
    260 	wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key",
    261 			cred->key, cred->key_len);
    262 	wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR,
    263 		   MAC2STR(cred->mac_addr));
    264 
    265 	auth_type = cred->auth_type;
    266 	if (auth_type == (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) {
    267 		wpa_printf(MSG_DEBUG, "WPS: Workaround - convert mixed-mode "
    268 			   "auth_type into WPA2PSK");
    269 		auth_type = WPS_AUTH_WPA2PSK;
    270 	}
    271 
    272 	if (auth_type != WPS_AUTH_OPEN &&
    273 	    auth_type != WPS_AUTH_SHARED &&
    274 	    auth_type != WPS_AUTH_WPAPSK &&
    275 	    auth_type != WPS_AUTH_WPA2PSK) {
    276 		wpa_printf(MSG_DEBUG, "WPS: Ignored credentials for "
    277 			   "unsupported authentication type 0x%x",
    278 			   auth_type);
    279 		return 0;
    280 	}
    281 
    282 	if (auth_type == WPS_AUTH_WPAPSK || auth_type == WPS_AUTH_WPA2PSK) {
    283 		if (cred->key_len < 8 || cred->key_len > 2 * PMK_LEN) {
    284 			wpa_printf(MSG_ERROR, "WPS: Reject PSK credential with "
    285 				   "invalid Network Key length %lu",
    286 				   (unsigned long) cred->key_len);
    287 			return -1;
    288 		}
    289 	}
    290 
    291 	if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
    292 		wpa_printf(MSG_DEBUG, "WPS: Replace WPS network block based "
    293 			   "on the received credential");
    294 #ifdef CONFIG_WPS_REG_DISABLE_OPEN
    295 		if (ssid->eap.identity &&
    296 		    ssid->eap.identity_len == WSC_ID_REGISTRAR_LEN &&
    297 		    os_memcmp(ssid->eap.identity, WSC_ID_REGISTRAR,
    298 			      WSC_ID_REGISTRAR_LEN) == 0)
    299 			registrar = 1;
    300 #endif /* CONFIG_WPS_REG_DISABLE_OPEN */
    301 		os_free(ssid->eap.identity);
    302 		ssid->eap.identity = NULL;
    303 		ssid->eap.identity_len = 0;
    304 		os_free(ssid->eap.phase1);
    305 		ssid->eap.phase1 = NULL;
    306 		os_free(ssid->eap.eap_methods);
    307 		ssid->eap.eap_methods = NULL;
    308 		if (!ssid->p2p_group) {
    309 			ssid->temporary = 0;
    310 			ssid->bssid_set = 0;
    311 		}
    312 		ssid->disabled_until.sec = 0;
    313 		ssid->disabled_until.usec = 0;
    314 		ssid->auth_failures = 0;
    315 	} else {
    316 		wpa_printf(MSG_DEBUG, "WPS: Create a new network based on the "
    317 			   "received credential");
    318 		ssid = wpa_config_add_network(wpa_s->conf);
    319 		if (ssid == NULL)
    320 			return -1;
    321 		wpas_notify_network_added(wpa_s, ssid);
    322 	}
    323 
    324 	wpa_config_set_network_defaults(ssid);
    325 
    326 	os_free(ssid->ssid);
    327 	ssid->ssid = os_malloc(cred->ssid_len);
    328 	if (ssid->ssid) {
    329 		os_memcpy(ssid->ssid, cred->ssid, cred->ssid_len);
    330 		ssid->ssid_len = cred->ssid_len;
    331 	}
    332 
    333 	switch (cred->encr_type) {
    334 	case WPS_ENCR_NONE:
    335 		break;
    336 	case WPS_ENCR_WEP:
    337 		if (cred->key_len <= 0)
    338 			break;
    339 		if (cred->key_len != 5 && cred->key_len != 13 &&
    340 		    cred->key_len != 10 && cred->key_len != 26) {
    341 			wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key length "
    342 				   "%lu", (unsigned long) cred->key_len);
    343 			return -1;
    344 		}
    345 		if (cred->key_idx > NUM_WEP_KEYS) {
    346 			wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key index %d",
    347 				   cred->key_idx);
    348 			return -1;
    349 		}
    350 		if (cred->key_idx)
    351 			key_idx = cred->key_idx - 1;
    352 		if (cred->key_len == 10 || cred->key_len == 26) {
    353 			if (hexstr2bin((char *) cred->key,
    354 				       ssid->wep_key[key_idx],
    355 				       cred->key_len / 2) < 0) {
    356 				wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key "
    357 					   "%d", key_idx);
    358 				return -1;
    359 			}
    360 			ssid->wep_key_len[key_idx] = cred->key_len / 2;
    361 		} else {
    362 			os_memcpy(ssid->wep_key[key_idx], cred->key,
    363 				  cred->key_len);
    364 			ssid->wep_key_len[key_idx] = cred->key_len;
    365 		}
    366 		ssid->wep_tx_keyidx = key_idx;
    367 		break;
    368 	case WPS_ENCR_TKIP:
    369 		ssid->pairwise_cipher = WPA_CIPHER_TKIP;
    370 		break;
    371 	case WPS_ENCR_AES:
    372 		ssid->pairwise_cipher = WPA_CIPHER_CCMP;
    373 		break;
    374 	}
    375 
    376 	switch (auth_type) {
    377 	case WPS_AUTH_OPEN:
    378 		ssid->auth_alg = WPA_AUTH_ALG_OPEN;
    379 		ssid->key_mgmt = WPA_KEY_MGMT_NONE;
    380 		ssid->proto = 0;
    381 #ifdef CONFIG_WPS_REG_DISABLE_OPEN
    382 		if (registrar) {
    383 			wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_OPEN_NETWORK
    384 				"id=%d - Credentials for an open "
    385 				"network disabled by default - use "
    386 				"'select_network %d' to enable",
    387 				ssid->id, ssid->id);
    388 			ssid->disabled = 1;
    389 		}
    390 #endif /* CONFIG_WPS_REG_DISABLE_OPEN */
    391 		break;
    392 	case WPS_AUTH_SHARED:
    393 		ssid->auth_alg = WPA_AUTH_ALG_SHARED;
    394 		ssid->key_mgmt = WPA_KEY_MGMT_NONE;
    395 		ssid->proto = 0;
    396 		break;
    397 	case WPS_AUTH_WPAPSK:
    398 		ssid->auth_alg = WPA_AUTH_ALG_OPEN;
    399 		ssid->key_mgmt = WPA_KEY_MGMT_PSK;
    400 		ssid->proto = WPA_PROTO_WPA;
    401 		break;
    402 	case WPS_AUTH_WPA2PSK:
    403 		ssid->auth_alg = WPA_AUTH_ALG_OPEN;
    404 		ssid->key_mgmt = WPA_KEY_MGMT_PSK;
    405 		ssid->proto = WPA_PROTO_RSN;
    406 		break;
    407 	}
    408 
    409 	if (ssid->key_mgmt == WPA_KEY_MGMT_PSK) {
    410 		if (cred->key_len == 2 * PMK_LEN) {
    411 			if (hexstr2bin((const char *) cred->key, ssid->psk,
    412 				       PMK_LEN)) {
    413 				wpa_printf(MSG_ERROR, "WPS: Invalid Network "
    414 					   "Key");
    415 				return -1;
    416 			}
    417 			ssid->psk_set = 1;
    418 			ssid->export_keys = 1;
    419 		} else if (cred->key_len >= 8 && cred->key_len < 2 * PMK_LEN) {
    420 			os_free(ssid->passphrase);
    421 			ssid->passphrase = os_malloc(cred->key_len + 1);
    422 			if (ssid->passphrase == NULL)
    423 				return -1;
    424 			os_memcpy(ssid->passphrase, cred->key, cred->key_len);
    425 			ssid->passphrase[cred->key_len] = '\0';
    426 			wpa_config_update_psk(ssid);
    427 			ssid->export_keys = 1;
    428 		} else {
    429 			wpa_printf(MSG_ERROR, "WPS: Invalid Network Key "
    430 				   "length %lu",
    431 				   (unsigned long) cred->key_len);
    432 			return -1;
    433 		}
    434 	}
    435 
    436 	wpas_wps_security_workaround(wpa_s, ssid, cred);
    437 
    438 	if (cred->ap_channel)
    439 		wpa_s->wps_ap_channel = cred->ap_channel;
    440 
    441 #ifndef CONFIG_NO_CONFIG_WRITE
    442 	if (wpa_s->conf->update_config &&
    443 	    wpa_config_write(wpa_s->confname, wpa_s->conf)) {
    444 		wpa_printf(MSG_DEBUG, "WPS: Failed to update configuration");
    445 		return -1;
    446 	}
    447 #endif /* CONFIG_NO_CONFIG_WRITE */
    448 
    449 	/*
    450 	 * Optimize the post-WPS scan based on the channel used during
    451 	 * the provisioning in case EAP-Failure is not received.
    452 	 */
    453 	wpa_s->after_wps = 5;
    454 	wpa_s->wps_freq = wpa_s->assoc_freq;
    455 
    456 	return 0;
    457 }
    458 
    459 
    460 #ifdef CONFIG_P2P
    461 static void wpas_wps_pbc_overlap_cb(void *eloop_ctx, void *timeout_ctx)
    462 {
    463 	struct wpa_supplicant *wpa_s = eloop_ctx;
    464 	wpas_p2p_notif_pbc_overlap(wpa_s);
    465 }
    466 #endif /* CONFIG_P2P */
    467 
    468 
    469 static void wpa_supplicant_wps_event_m2d(struct wpa_supplicant *wpa_s,
    470 					 struct wps_event_m2d *m2d)
    471 {
    472 	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_M2D
    473 		"dev_password_id=%d config_error=%d",
    474 		m2d->dev_password_id, m2d->config_error);
    475 	wpas_notify_wps_event_m2d(wpa_s, m2d);
    476 #ifdef CONFIG_P2P
    477 	if (wpa_s->parent && wpa_s->parent != wpa_s) {
    478 		wpa_msg(wpa_s->parent, MSG_INFO, WPS_EVENT_M2D
    479 			"dev_password_id=%d config_error=%d",
    480 			m2d->dev_password_id, m2d->config_error);
    481 	}
    482 	if (m2d->config_error == WPS_CFG_MULTIPLE_PBC_DETECTED) {
    483 		/*
    484 		 * Notify P2P from eloop timeout to avoid issues with the
    485 		 * interface getting removed while processing a message.
    486 		 */
    487 		eloop_register_timeout(0, 0, wpas_wps_pbc_overlap_cb, wpa_s,
    488 				       NULL);
    489 	}
    490 #endif /* CONFIG_P2P */
    491 }
    492 
    493 
    494 static const char * wps_event_fail_reason[NUM_WPS_EI_VALUES] = {
    495 	"No Error", /* WPS_EI_NO_ERROR */
    496 	"TKIP Only Prohibited", /* WPS_EI_SECURITY_TKIP_ONLY_PROHIBITED */
    497 	"WEP Prohibited" /* WPS_EI_SECURITY_WEP_PROHIBITED */
    498 };
    499 
    500 static void wpa_supplicant_wps_event_fail(struct wpa_supplicant *wpa_s,
    501 					  struct wps_event_fail *fail)
    502 {
    503 	if (fail->error_indication > 0 &&
    504 	    fail->error_indication < NUM_WPS_EI_VALUES) {
    505 		wpa_msg(wpa_s, MSG_INFO,
    506 			WPS_EVENT_FAIL "msg=%d config_error=%d reason=%d (%s)",
    507 			fail->msg, fail->config_error, fail->error_indication,
    508 			wps_event_fail_reason[fail->error_indication]);
    509 		if (wpa_s->parent && wpa_s->parent != wpa_s)
    510 			wpa_msg(wpa_s->parent, MSG_INFO, WPS_EVENT_FAIL
    511 				"msg=%d config_error=%d reason=%d (%s)",
    512 				fail->msg, fail->config_error,
    513 				fail->error_indication,
    514 				wps_event_fail_reason[fail->error_indication]);
    515 	} else {
    516 		wpa_msg(wpa_s, MSG_INFO,
    517 			WPS_EVENT_FAIL "msg=%d config_error=%d",
    518 			fail->msg, fail->config_error);
    519 		if (wpa_s->parent && wpa_s->parent != wpa_s)
    520 			wpa_msg(wpa_s->parent, MSG_INFO, WPS_EVENT_FAIL
    521 				"msg=%d config_error=%d",
    522 				fail->msg, fail->config_error);
    523 	}
    524 	wpas_clear_wps(wpa_s);
    525 	wpas_notify_wps_event_fail(wpa_s, fail);
    526 #ifdef CONFIG_P2P
    527 	wpas_p2p_wps_failed(wpa_s, fail);
    528 #endif /* CONFIG_P2P */
    529 }
    530 
    531 
    532 static void wpas_wps_reenable_networks_cb(void *eloop_ctx, void *timeout_ctx);
    533 
    534 static void wpas_wps_reenable_networks(struct wpa_supplicant *wpa_s)
    535 {
    536 	struct wpa_ssid *ssid;
    537 	int changed = 0;
    538 
    539 	eloop_cancel_timeout(wpas_wps_reenable_networks_cb, wpa_s, NULL);
    540 
    541 	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
    542 		if (ssid->disabled_for_connect && ssid->disabled) {
    543 			ssid->disabled_for_connect = 0;
    544 			ssid->disabled = 0;
    545 			wpas_notify_network_enabled_changed(wpa_s, ssid);
    546 			changed++;
    547 		}
    548 	}
    549 
    550 	if (changed) {
    551 #ifndef CONFIG_NO_CONFIG_WRITE
    552 		if (wpa_s->conf->update_config &&
    553 		    wpa_config_write(wpa_s->confname, wpa_s->conf)) {
    554 			wpa_printf(MSG_DEBUG, "WPS: Failed to update "
    555 				   "configuration");
    556 		}
    557 #endif /* CONFIG_NO_CONFIG_WRITE */
    558 	}
    559 }
    560 
    561 
    562 static void wpas_wps_reenable_networks_cb(void *eloop_ctx, void *timeout_ctx)
    563 {
    564 	struct wpa_supplicant *wpa_s = eloop_ctx;
    565 	/* Enable the networks disabled during wpas_wps_reassoc */
    566 	wpas_wps_reenable_networks(wpa_s);
    567 }
    568 
    569 
    570 static void wpa_supplicant_wps_event_success(struct wpa_supplicant *wpa_s)
    571 {
    572 	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_SUCCESS);
    573 	wpa_s->wps_success = 1;
    574 	wpas_notify_wps_event_success(wpa_s);
    575 
    576 	/*
    577 	 * Enable the networks disabled during wpas_wps_reassoc after 10
    578 	 * seconds. The 10 seconds timer is to allow the data connection to be
    579 	 * formed before allowing other networks to be selected.
    580 	 */
    581 	eloop_register_timeout(10, 0, wpas_wps_reenable_networks_cb, wpa_s,
    582 			       NULL);
    583 
    584 #ifdef CONFIG_P2P
    585 	wpas_p2p_wps_success(wpa_s, wpa_s->bssid, 0);
    586 #endif /* CONFIG_P2P */
    587 }
    588 
    589 
    590 static void wpa_supplicant_wps_event_er_ap_add(struct wpa_supplicant *wpa_s,
    591 					       struct wps_event_er_ap *ap)
    592 {
    593 	char uuid_str[100];
    594 	char dev_type[WPS_DEV_TYPE_BUFSIZE];
    595 
    596 	uuid_bin2str(ap->uuid, uuid_str, sizeof(uuid_str));
    597 	if (ap->pri_dev_type)
    598 		wps_dev_type_bin2str(ap->pri_dev_type, dev_type,
    599 				     sizeof(dev_type));
    600 	else
    601 		dev_type[0] = '\0';
    602 
    603 	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_AP_ADD "%s " MACSTR
    604 		" pri_dev_type=%s wps_state=%d |%s|%s|%s|%s|%s|%s|",
    605 		uuid_str, MAC2STR(ap->mac_addr), dev_type, ap->wps_state,
    606 		ap->friendly_name ? ap->friendly_name : "",
    607 		ap->manufacturer ? ap->manufacturer : "",
    608 		ap->model_description ? ap->model_description : "",
    609 		ap->model_name ? ap->model_name : "",
    610 		ap->manufacturer_url ? ap->manufacturer_url : "",
    611 		ap->model_url ? ap->model_url : "");
    612 }
    613 
    614 
    615 static void wpa_supplicant_wps_event_er_ap_remove(struct wpa_supplicant *wpa_s,
    616 						  struct wps_event_er_ap *ap)
    617 {
    618 	char uuid_str[100];
    619 	uuid_bin2str(ap->uuid, uuid_str, sizeof(uuid_str));
    620 	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_AP_REMOVE "%s", uuid_str);
    621 }
    622 
    623 
    624 static void wpa_supplicant_wps_event_er_enrollee_add(
    625 	struct wpa_supplicant *wpa_s, struct wps_event_er_enrollee *enrollee)
    626 {
    627 	char uuid_str[100];
    628 	char dev_type[WPS_DEV_TYPE_BUFSIZE];
    629 
    630 	uuid_bin2str(enrollee->uuid, uuid_str, sizeof(uuid_str));
    631 	if (enrollee->pri_dev_type)
    632 		wps_dev_type_bin2str(enrollee->pri_dev_type, dev_type,
    633 				     sizeof(dev_type));
    634 	else
    635 		dev_type[0] = '\0';
    636 
    637 	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_ENROLLEE_ADD "%s " MACSTR
    638 		" M1=%d config_methods=0x%x dev_passwd_id=%d pri_dev_type=%s "
    639 		"|%s|%s|%s|%s|%s|",
    640 		uuid_str, MAC2STR(enrollee->mac_addr), enrollee->m1_received,
    641 		enrollee->config_methods, enrollee->dev_passwd_id, dev_type,
    642 		enrollee->dev_name ? enrollee->dev_name : "",
    643 		enrollee->manufacturer ? enrollee->manufacturer : "",
    644 		enrollee->model_name ? enrollee->model_name : "",
    645 		enrollee->model_number ? enrollee->model_number : "",
    646 		enrollee->serial_number ? enrollee->serial_number : "");
    647 }
    648 
    649 
    650 static void wpa_supplicant_wps_event_er_enrollee_remove(
    651 	struct wpa_supplicant *wpa_s, struct wps_event_er_enrollee *enrollee)
    652 {
    653 	char uuid_str[100];
    654 	uuid_bin2str(enrollee->uuid, uuid_str, sizeof(uuid_str));
    655 	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_ENROLLEE_REMOVE "%s " MACSTR,
    656 		uuid_str, MAC2STR(enrollee->mac_addr));
    657 }
    658 
    659 
    660 static void wpa_supplicant_wps_event_er_ap_settings(
    661 	struct wpa_supplicant *wpa_s,
    662 	struct wps_event_er_ap_settings *ap_settings)
    663 {
    664 	char uuid_str[100];
    665 	char key_str[65];
    666 	const struct wps_credential *cred = ap_settings->cred;
    667 
    668 	key_str[0] = '\0';
    669 	if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) {
    670 		if (cred->key_len >= 8 && cred->key_len <= 64) {
    671 			os_memcpy(key_str, cred->key, cred->key_len);
    672 			key_str[cred->key_len] = '\0';
    673 		}
    674 	}
    675 
    676 	uuid_bin2str(ap_settings->uuid, uuid_str, sizeof(uuid_str));
    677 	/* Use wpa_msg_ctrl to avoid showing the key in debug log */
    678 	wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_ER_AP_SETTINGS
    679 		     "uuid=%s ssid=%s auth_type=0x%04x encr_type=0x%04x "
    680 		     "key=%s",
    681 		     uuid_str, wpa_ssid_txt(cred->ssid, cred->ssid_len),
    682 		     cred->auth_type, cred->encr_type, key_str);
    683 }
    684 
    685 
    686 static void wpa_supplicant_wps_event_er_set_sel_reg(
    687 	struct wpa_supplicant *wpa_s,
    688 	struct wps_event_er_set_selected_registrar *ev)
    689 {
    690 	char uuid_str[100];
    691 
    692 	uuid_bin2str(ev->uuid, uuid_str, sizeof(uuid_str));
    693 	switch (ev->state) {
    694 	case WPS_ER_SET_SEL_REG_START:
    695 		wpa_msg(wpa_s, MSG_DEBUG, WPS_EVENT_ER_SET_SEL_REG
    696 			"uuid=%s state=START sel_reg=%d dev_passwd_id=%u "
    697 			"sel_reg_config_methods=0x%x",
    698 			uuid_str, ev->sel_reg, ev->dev_passwd_id,
    699 			ev->sel_reg_config_methods);
    700 		break;
    701 	case WPS_ER_SET_SEL_REG_DONE:
    702 		wpa_msg(wpa_s, MSG_DEBUG, WPS_EVENT_ER_SET_SEL_REG
    703 			"uuid=%s state=DONE", uuid_str);
    704 		break;
    705 	case WPS_ER_SET_SEL_REG_FAILED:
    706 		wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_SET_SEL_REG
    707 			"uuid=%s state=FAILED", uuid_str);
    708 		break;
    709 	}
    710 }
    711 
    712 
    713 static void wpa_supplicant_wps_event(void *ctx, enum wps_event event,
    714 				     union wps_event_data *data)
    715 {
    716 	struct wpa_supplicant *wpa_s = ctx;
    717 	switch (event) {
    718 	case WPS_EV_M2D:
    719 		wpa_supplicant_wps_event_m2d(wpa_s, &data->m2d);
    720 		break;
    721 	case WPS_EV_FAIL:
    722 		wpa_supplicant_wps_event_fail(wpa_s, &data->fail);
    723 		break;
    724 	case WPS_EV_SUCCESS:
    725 		wpa_supplicant_wps_event_success(wpa_s);
    726 		break;
    727 	case WPS_EV_PWD_AUTH_FAIL:
    728 #ifdef CONFIG_AP
    729 		if (wpa_s->ap_iface && data->pwd_auth_fail.enrollee)
    730 			wpa_supplicant_ap_pwd_auth_fail(wpa_s);
    731 #endif /* CONFIG_AP */
    732 		break;
    733 	case WPS_EV_PBC_OVERLAP:
    734 		break;
    735 	case WPS_EV_PBC_TIMEOUT:
    736 		break;
    737 	case WPS_EV_ER_AP_ADD:
    738 		wpa_supplicant_wps_event_er_ap_add(wpa_s, &data->ap);
    739 		break;
    740 	case WPS_EV_ER_AP_REMOVE:
    741 		wpa_supplicant_wps_event_er_ap_remove(wpa_s, &data->ap);
    742 		break;
    743 	case WPS_EV_ER_ENROLLEE_ADD:
    744 		wpa_supplicant_wps_event_er_enrollee_add(wpa_s,
    745 							 &data->enrollee);
    746 		break;
    747 	case WPS_EV_ER_ENROLLEE_REMOVE:
    748 		wpa_supplicant_wps_event_er_enrollee_remove(wpa_s,
    749 							    &data->enrollee);
    750 		break;
    751 	case WPS_EV_ER_AP_SETTINGS:
    752 		wpa_supplicant_wps_event_er_ap_settings(wpa_s,
    753 							&data->ap_settings);
    754 		break;
    755 	case WPS_EV_ER_SET_SELECTED_REGISTRAR:
    756 		wpa_supplicant_wps_event_er_set_sel_reg(wpa_s,
    757 							&data->set_sel_reg);
    758 		break;
    759 	case WPS_EV_AP_PIN_SUCCESS:
    760 		break;
    761 	}
    762 }
    763 
    764 
    765 enum wps_request_type wpas_wps_get_req_type(struct wpa_ssid *ssid)
    766 {
    767 	if (eap_is_wps_pbc_enrollee(&ssid->eap) ||
    768 	    eap_is_wps_pin_enrollee(&ssid->eap))
    769 		return WPS_REQ_ENROLLEE;
    770 	else
    771 		return WPS_REQ_REGISTRAR;
    772 }
    773 
    774 
    775 static void wpas_clear_wps(struct wpa_supplicant *wpa_s)
    776 {
    777 	int id;
    778 	struct wpa_ssid *ssid, *remove_ssid = NULL, *prev_current;
    779 
    780 	prev_current = wpa_s->current_ssid;
    781 
    782 	/* Enable the networks disabled during wpas_wps_reassoc */
    783 	wpas_wps_reenable_networks(wpa_s);
    784 
    785 	eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL);
    786 
    787 	/* Remove any existing WPS network from configuration */
    788 	ssid = wpa_s->conf->ssid;
    789 	while (ssid) {
    790 		if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
    791 			if (ssid == wpa_s->current_ssid) {
    792 				wpa_s->current_ssid = NULL;
    793 				if (ssid != NULL)
    794 					wpas_notify_network_changed(wpa_s);
    795 			}
    796 			id = ssid->id;
    797 			remove_ssid = ssid;
    798 		} else
    799 			id = -1;
    800 		ssid = ssid->next;
    801 		if (id >= 0) {
    802 			if (prev_current == remove_ssid) {
    803 				wpa_sm_set_config(wpa_s->wpa, NULL);
    804 				eapol_sm_notify_config(wpa_s->eapol, NULL,
    805 						       NULL);
    806 			}
    807 			wpas_notify_network_removed(wpa_s, remove_ssid);
    808 			wpa_config_remove_network(wpa_s->conf, id);
    809 		}
    810 	}
    811 
    812 	wpas_wps_clear_ap_info(wpa_s);
    813 }
    814 
    815 
    816 static void wpas_wps_timeout(void *eloop_ctx, void *timeout_ctx)
    817 {
    818 	struct wpa_supplicant *wpa_s = eloop_ctx;
    819 	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_TIMEOUT "Requested operation timed "
    820 		"out");
    821 	wpas_clear_wps(wpa_s);
    822 }
    823 
    824 
    825 static struct wpa_ssid * wpas_wps_add_network(struct wpa_supplicant *wpa_s,
    826 					      int registrar, const u8 *bssid)
    827 {
    828 	struct wpa_ssid *ssid;
    829 
    830 	ssid = wpa_config_add_network(wpa_s->conf);
    831 	if (ssid == NULL)
    832 		return NULL;
    833 	wpas_notify_network_added(wpa_s, ssid);
    834 	wpa_config_set_network_defaults(ssid);
    835 	ssid->temporary = 1;
    836 	if (wpa_config_set(ssid, "key_mgmt", "WPS", 0) < 0 ||
    837 	    wpa_config_set(ssid, "eap", "WSC", 0) < 0 ||
    838 	    wpa_config_set(ssid, "identity", registrar ?
    839 			   "\"" WSC_ID_REGISTRAR "\"" :
    840 			   "\"" WSC_ID_ENROLLEE "\"", 0) < 0) {
    841 		wpas_notify_network_removed(wpa_s, ssid);
    842 		wpa_config_remove_network(wpa_s->conf, ssid->id);
    843 		return NULL;
    844 	}
    845 
    846 	if (bssid) {
    847 #ifndef CONFIG_P2P
    848 		struct wpa_bss *bss;
    849 		int count = 0;
    850 #endif /* CONFIG_P2P */
    851 
    852 		os_memcpy(ssid->bssid, bssid, ETH_ALEN);
    853 		ssid->bssid_set = 1;
    854 
    855 		/*
    856 		 * Note: With P2P, the SSID may change at the time the WPS
    857 		 * provisioning is started, so better not filter the AP based
    858 		 * on the current SSID in the scan results.
    859 		 */
    860 #ifndef CONFIG_P2P
    861 		dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
    862 			if (os_memcmp(bssid, bss->bssid, ETH_ALEN) != 0)
    863 				continue;
    864 
    865 			os_free(ssid->ssid);
    866 			ssid->ssid = os_malloc(bss->ssid_len);
    867 			if (ssid->ssid == NULL)
    868 				break;
    869 			os_memcpy(ssid->ssid, bss->ssid, bss->ssid_len);
    870 			ssid->ssid_len = bss->ssid_len;
    871 			wpa_hexdump_ascii(MSG_DEBUG, "WPS: Picked SSID from "
    872 					  "scan results",
    873 					  ssid->ssid, ssid->ssid_len);
    874 			count++;
    875 		}
    876 
    877 		if (count > 1) {
    878 			wpa_printf(MSG_DEBUG, "WPS: More than one SSID found "
    879 				   "for the AP; use wildcard");
    880 			os_free(ssid->ssid);
    881 			ssid->ssid = NULL;
    882 			ssid->ssid_len = 0;
    883 		}
    884 #endif /* CONFIG_P2P */
    885 	}
    886 
    887 	return ssid;
    888 }
    889 
    890 
    891 static void wpas_wps_reassoc(struct wpa_supplicant *wpa_s,
    892 			     struct wpa_ssid *selected, const u8 *bssid)
    893 {
    894 	struct wpa_ssid *ssid;
    895 	struct wpa_bss *bss;
    896 
    897 	wpa_s->after_wps = 0;
    898 	wpa_s->known_wps_freq = 0;
    899 	if (bssid) {
    900 		bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
    901 		if (bss && bss->freq > 0) {
    902 			wpa_s->known_wps_freq = 1;
    903 			wpa_s->wps_freq = bss->freq;
    904 		}
    905 	}
    906 
    907 	if (wpa_s->current_ssid)
    908 		wpa_supplicant_deauthenticate(
    909 			wpa_s, WLAN_REASON_DEAUTH_LEAVING);
    910 
    911 	/* Mark all other networks disabled and trigger reassociation */
    912 	ssid = wpa_s->conf->ssid;
    913 	while (ssid) {
    914 		int was_disabled = ssid->disabled;
    915 		ssid->disabled_for_connect = 0;
    916 		/*
    917 		 * In case the network object corresponds to a persistent group
    918 		 * then do not send out network disabled signal. In addition,
    919 		 * do not change disabled status of persistent network objects
    920 		 * from 2 to 1 should we connect to another network.
    921 		 */
    922 		if (was_disabled != 2) {
    923 			ssid->disabled = ssid != selected;
    924 			if (was_disabled != ssid->disabled) {
    925 				if (ssid->disabled)
    926 					ssid->disabled_for_connect = 1;
    927 				wpas_notify_network_enabled_changed(wpa_s,
    928 								    ssid);
    929 			}
    930 		}
    931 		ssid = ssid->next;
    932 	}
    933 	wpa_s->disconnected = 0;
    934 	wpa_s->reassociate = 1;
    935 	wpa_s->scan_runs = 0;
    936 	wpa_s->normal_scans = 0;
    937 	wpa_s->wps_success = 0;
    938 	wpa_s->blacklist_cleared = 0;
    939 	wpa_supplicant_req_scan(wpa_s, 0, 0);
    940 }
    941 
    942 
    943 int wpas_wps_start_pbc(struct wpa_supplicant *wpa_s, const u8 *bssid,
    944 		       int p2p_group)
    945 {
    946 	struct wpa_ssid *ssid;
    947 	wpas_clear_wps(wpa_s);
    948 	ssid = wpas_wps_add_network(wpa_s, 0, bssid);
    949 	if (ssid == NULL)
    950 		return -1;
    951 	ssid->temporary = 1;
    952 	ssid->p2p_group = p2p_group;
    953 #ifdef CONFIG_P2P
    954 	if (p2p_group && wpa_s->go_params && wpa_s->go_params->ssid_len) {
    955 		ssid->ssid = os_zalloc(wpa_s->go_params->ssid_len + 1);
    956 		if (ssid->ssid) {
    957 			ssid->ssid_len = wpa_s->go_params->ssid_len;
    958 			os_memcpy(ssid->ssid, wpa_s->go_params->ssid,
    959 				  ssid->ssid_len);
    960 			wpa_hexdump_ascii(MSG_DEBUG, "WPS: Use specific AP "
    961 					  "SSID", ssid->ssid, ssid->ssid_len);
    962 		}
    963 	}
    964 #endif /* CONFIG_P2P */
    965 	if (wpa_config_set(ssid, "phase1", "\"pbc=1\"", 0) < 0)
    966 		return -1;
    967 	if (wpa_s->wps_fragment_size)
    968 		ssid->eap.fragment_size = wpa_s->wps_fragment_size;
    969 	eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout,
    970 			       wpa_s, NULL);
    971 	wpas_wps_reassoc(wpa_s, ssid, bssid);
    972 	return 0;
    973 }
    974 
    975 
    976 int wpas_wps_start_pin(struct wpa_supplicant *wpa_s, const u8 *bssid,
    977 		       const char *pin, int p2p_group, u16 dev_pw_id)
    978 {
    979 	struct wpa_ssid *ssid;
    980 	char val[128];
    981 	unsigned int rpin = 0;
    982 
    983 	wpas_clear_wps(wpa_s);
    984 	ssid = wpas_wps_add_network(wpa_s, 0, bssid);
    985 	if (ssid == NULL)
    986 		return -1;
    987 	ssid->temporary = 1;
    988 	ssid->p2p_group = p2p_group;
    989 #ifdef CONFIG_P2P
    990 	if (p2p_group && wpa_s->go_params && wpa_s->go_params->ssid_len) {
    991 		ssid->ssid = os_zalloc(wpa_s->go_params->ssid_len + 1);
    992 		if (ssid->ssid) {
    993 			ssid->ssid_len = wpa_s->go_params->ssid_len;
    994 			os_memcpy(ssid->ssid, wpa_s->go_params->ssid,
    995 				  ssid->ssid_len);
    996 			wpa_hexdump_ascii(MSG_DEBUG, "WPS: Use specific AP "
    997 					  "SSID", ssid->ssid, ssid->ssid_len);
    998 		}
    999 	}
   1000 #endif /* CONFIG_P2P */
   1001 	if (pin)
   1002 		os_snprintf(val, sizeof(val), "\"pin=%s dev_pw_id=%u\"",
   1003 			    pin, dev_pw_id);
   1004 	else {
   1005 		rpin = wps_generate_pin();
   1006 		os_snprintf(val, sizeof(val), "\"pin=%08d dev_pw_id=%u\"",
   1007 			    rpin, dev_pw_id);
   1008 	}
   1009 	if (wpa_config_set(ssid, "phase1", val, 0) < 0)
   1010 		return -1;
   1011 	if (wpa_s->wps_fragment_size)
   1012 		ssid->eap.fragment_size = wpa_s->wps_fragment_size;
   1013 	eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout,
   1014 			       wpa_s, NULL);
   1015 	wpa_s->wps_ap_iter = 1;
   1016 	wpas_wps_reassoc(wpa_s, ssid, bssid);
   1017 	return rpin;
   1018 }
   1019 
   1020 
   1021 /* Cancel the wps pbc/pin requests */
   1022 int wpas_wps_cancel(struct wpa_supplicant *wpa_s)
   1023 {
   1024 #ifdef CONFIG_AP
   1025 	if (wpa_s->ap_iface) {
   1026 		wpa_printf(MSG_DEBUG, "WPS: Cancelling in AP mode");
   1027 		return wpa_supplicant_ap_wps_cancel(wpa_s);
   1028 	}
   1029 #endif /* CONFIG_AP */
   1030 
   1031 	if (wpa_s->wpa_state == WPA_SCANNING ||
   1032 	    wpa_s->wpa_state == WPA_DISCONNECTED) {
   1033 		wpa_printf(MSG_DEBUG, "WPS: Cancel operation - cancel scan");
   1034 		wpa_supplicant_cancel_scan(wpa_s);
   1035 		wpas_clear_wps(wpa_s);
   1036 	} else if (wpa_s->wpa_state >= WPA_ASSOCIATED) {
   1037 		wpa_printf(MSG_DEBUG, "WPS: Cancel operation - "
   1038 			   "deauthenticate");
   1039 		wpa_supplicant_deauthenticate(wpa_s,
   1040 					      WLAN_REASON_DEAUTH_LEAVING);
   1041 		wpas_clear_wps(wpa_s);
   1042 	} else {
   1043 		wpas_wps_reenable_networks(wpa_s);
   1044 		wpas_wps_clear_ap_info(wpa_s);
   1045 	}
   1046 
   1047 	return 0;
   1048 }
   1049 
   1050 
   1051 int wpas_wps_start_reg(struct wpa_supplicant *wpa_s, const u8 *bssid,
   1052 		       const char *pin, struct wps_new_ap_settings *settings)
   1053 {
   1054 	struct wpa_ssid *ssid;
   1055 	char val[200];
   1056 	char *pos, *end;
   1057 	int res;
   1058 
   1059 	if (!pin)
   1060 		return -1;
   1061 	wpas_clear_wps(wpa_s);
   1062 	ssid = wpas_wps_add_network(wpa_s, 1, bssid);
   1063 	if (ssid == NULL)
   1064 		return -1;
   1065 	ssid->temporary = 1;
   1066 	pos = val;
   1067 	end = pos + sizeof(val);
   1068 	res = os_snprintf(pos, end - pos, "\"pin=%s", pin);
   1069 	if (res < 0 || res >= end - pos)
   1070 		return -1;
   1071 	pos += res;
   1072 	if (settings) {
   1073 		res = os_snprintf(pos, end - pos, " new_ssid=%s new_auth=%s "
   1074 				  "new_encr=%s new_key=%s",
   1075 				  settings->ssid_hex, settings->auth,
   1076 				  settings->encr, settings->key_hex);
   1077 		if (res < 0 || res >= end - pos)
   1078 			return -1;
   1079 		pos += res;
   1080 	}
   1081 	res = os_snprintf(pos, end - pos, "\"");
   1082 	if (res < 0 || res >= end - pos)
   1083 		return -1;
   1084 	if (wpa_config_set(ssid, "phase1", val, 0) < 0)
   1085 		return -1;
   1086 	if (wpa_s->wps_fragment_size)
   1087 		ssid->eap.fragment_size = wpa_s->wps_fragment_size;
   1088 	eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout,
   1089 			       wpa_s, NULL);
   1090 	wpas_wps_reassoc(wpa_s, ssid, bssid);
   1091 	return 0;
   1092 }
   1093 
   1094 
   1095 static int wpas_wps_new_psk_cb(void *ctx, const u8 *mac_addr, const u8 *psk,
   1096 			       size_t psk_len)
   1097 {
   1098 	wpa_printf(MSG_DEBUG, "WPS: Received new WPA/WPA2-PSK from WPS for "
   1099 		   "STA " MACSTR, MAC2STR(mac_addr));
   1100 	wpa_hexdump_key(MSG_DEBUG, "Per-device PSK", psk, psk_len);
   1101 
   1102 	/* TODO */
   1103 
   1104 	return 0;
   1105 }
   1106 
   1107 
   1108 static void wpas_wps_pin_needed_cb(void *ctx, const u8 *uuid_e,
   1109 				   const struct wps_device_data *dev)
   1110 {
   1111 	char uuid[40], txt[400];
   1112 	int len;
   1113 	char devtype[WPS_DEV_TYPE_BUFSIZE];
   1114 	if (uuid_bin2str(uuid_e, uuid, sizeof(uuid)))
   1115 		return;
   1116 	wpa_printf(MSG_DEBUG, "WPS: PIN needed for UUID-E %s", uuid);
   1117 	len = os_snprintf(txt, sizeof(txt), "WPS-EVENT-PIN-NEEDED %s " MACSTR
   1118 			  " [%s|%s|%s|%s|%s|%s]",
   1119 			  uuid, MAC2STR(dev->mac_addr), dev->device_name,
   1120 			  dev->manufacturer, dev->model_name,
   1121 			  dev->model_number, dev->serial_number,
   1122 			  wps_dev_type_bin2str(dev->pri_dev_type, devtype,
   1123 					       sizeof(devtype)));
   1124 	if (len > 0 && len < (int) sizeof(txt))
   1125 		wpa_printf(MSG_INFO, "%s", txt);
   1126 }
   1127 
   1128 
   1129 static void wpas_wps_set_sel_reg_cb(void *ctx, int sel_reg, u16 dev_passwd_id,
   1130 				    u16 sel_reg_config_methods)
   1131 {
   1132 #ifdef CONFIG_WPS_ER
   1133 	struct wpa_supplicant *wpa_s = ctx;
   1134 
   1135 	if (wpa_s->wps_er == NULL)
   1136 		return;
   1137 	wpa_printf(MSG_DEBUG, "WPS ER: SetSelectedRegistrar - sel_reg=%d "
   1138 		   "dev_password_id=%u sel_reg_config_methods=0x%x",
   1139 		   sel_reg, dev_passwd_id, sel_reg_config_methods);
   1140 	wps_er_set_sel_reg(wpa_s->wps_er, sel_reg, dev_passwd_id,
   1141 			   sel_reg_config_methods);
   1142 #endif /* CONFIG_WPS_ER */
   1143 }
   1144 
   1145 
   1146 static u16 wps_fix_config_methods(u16 config_methods)
   1147 {
   1148 #ifdef CONFIG_WPS2
   1149 	if ((config_methods &
   1150 	     (WPS_CONFIG_DISPLAY | WPS_CONFIG_VIRT_DISPLAY |
   1151 	      WPS_CONFIG_PHY_DISPLAY)) == WPS_CONFIG_DISPLAY) {
   1152 		wpa_printf(MSG_INFO, "WPS: Converting display to "
   1153 			   "virtual_display for WPS 2.0 compliance");
   1154 		config_methods |= WPS_CONFIG_VIRT_DISPLAY;
   1155 	}
   1156 	if ((config_methods &
   1157 	     (WPS_CONFIG_PUSHBUTTON | WPS_CONFIG_VIRT_PUSHBUTTON |
   1158 	      WPS_CONFIG_PHY_PUSHBUTTON)) == WPS_CONFIG_PUSHBUTTON) {
   1159 		wpa_printf(MSG_INFO, "WPS: Converting push_button to "
   1160 			   "virtual_push_button for WPS 2.0 compliance");
   1161 		config_methods |= WPS_CONFIG_VIRT_PUSHBUTTON;
   1162 	}
   1163 #endif /* CONFIG_WPS2 */
   1164 
   1165 	return config_methods;
   1166 }
   1167 
   1168 
   1169 static void wpas_wps_set_uuid(struct wpa_supplicant *wpa_s,
   1170 			      struct wps_context *wps)
   1171 {
   1172 	wpa_printf(MSG_DEBUG, "WPS: Set UUID for interface %s", wpa_s->ifname);
   1173 	if (is_nil_uuid(wpa_s->conf->uuid)) {
   1174 		struct wpa_supplicant *first;
   1175 		first = wpa_s->global->ifaces;
   1176 		while (first && first->next)
   1177 			first = first->next;
   1178 		if (first && first != wpa_s) {
   1179 			if (wps != wpa_s->global->ifaces->wps)
   1180 				os_memcpy(wps->uuid,
   1181 					  wpa_s->global->ifaces->wps->uuid,
   1182 					  WPS_UUID_LEN);
   1183 			wpa_hexdump(MSG_DEBUG, "WPS: UUID from the first "
   1184 				    "interface", wps->uuid, WPS_UUID_LEN);
   1185 		} else {
   1186 			uuid_gen_mac_addr(wpa_s->own_addr, wps->uuid);
   1187 			wpa_hexdump(MSG_DEBUG, "WPS: UUID based on MAC "
   1188 				    "address", wps->uuid, WPS_UUID_LEN);
   1189 		}
   1190 	} else {
   1191 		os_memcpy(wps->uuid, wpa_s->conf->uuid, WPS_UUID_LEN);
   1192 		wpa_hexdump(MSG_DEBUG, "WPS: UUID based on configuration",
   1193 			    wps->uuid, WPS_UUID_LEN);
   1194 	}
   1195 }
   1196 
   1197 
   1198 static void wpas_wps_set_vendor_ext_m1(struct wpa_supplicant *wpa_s,
   1199 				       struct wps_context *wps)
   1200 {
   1201 	wpabuf_free(wps->dev.vendor_ext_m1);
   1202 	wps->dev.vendor_ext_m1 = NULL;
   1203 
   1204 	if (wpa_s->conf->wps_vendor_ext_m1) {
   1205 		wps->dev.vendor_ext_m1 =
   1206 			wpabuf_dup(wpa_s->conf->wps_vendor_ext_m1);
   1207 		if (!wps->dev.vendor_ext_m1) {
   1208 			wpa_printf(MSG_ERROR, "WPS: Cannot "
   1209 				   "allocate memory for vendor_ext_m1");
   1210 		}
   1211 	}
   1212 }
   1213 
   1214 
   1215 int wpas_wps_init(struct wpa_supplicant *wpa_s)
   1216 {
   1217 	struct wps_context *wps;
   1218 	struct wps_registrar_config rcfg;
   1219 	struct hostapd_hw_modes *modes;
   1220 	u16 m;
   1221 
   1222 	wps = os_zalloc(sizeof(*wps));
   1223 	if (wps == NULL)
   1224 		return -1;
   1225 
   1226 	wps->cred_cb = wpa_supplicant_wps_cred;
   1227 	wps->event_cb = wpa_supplicant_wps_event;
   1228 	wps->cb_ctx = wpa_s;
   1229 
   1230 	wps->dev.device_name = wpa_s->conf->device_name;
   1231 	wps->dev.manufacturer = wpa_s->conf->manufacturer;
   1232 	wps->dev.model_name = wpa_s->conf->model_name;
   1233 	wps->dev.model_number = wpa_s->conf->model_number;
   1234 	wps->dev.serial_number = wpa_s->conf->serial_number;
   1235 	wps->config_methods =
   1236 		wps_config_methods_str2bin(wpa_s->conf->config_methods);
   1237 	if ((wps->config_methods & (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) ==
   1238 	    (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) {
   1239 		wpa_printf(MSG_ERROR, "WPS: Both Label and Display config "
   1240 			   "methods are not allowed at the same time");
   1241 		os_free(wps);
   1242 		return -1;
   1243 	}
   1244 	wps->config_methods = wps_fix_config_methods(wps->config_methods);
   1245 	wps->dev.config_methods = wps->config_methods;
   1246 	os_memcpy(wps->dev.pri_dev_type, wpa_s->conf->device_type,
   1247 		  WPS_DEV_TYPE_LEN);
   1248 
   1249 	wps->dev.num_sec_dev_types = wpa_s->conf->num_sec_device_types;
   1250 	os_memcpy(wps->dev.sec_dev_type, wpa_s->conf->sec_device_type,
   1251 		  WPS_DEV_TYPE_LEN * wps->dev.num_sec_dev_types);
   1252 
   1253 	wpas_wps_set_vendor_ext_m1(wpa_s, wps);
   1254 
   1255 	wps->dev.os_version = WPA_GET_BE32(wpa_s->conf->os_version);
   1256 	modes = wpa_s->hw.modes;
   1257 	if (modes) {
   1258 		for (m = 0; m < wpa_s->hw.num_modes; m++) {
   1259 			if (modes[m].mode == HOSTAPD_MODE_IEEE80211B ||
   1260 			    modes[m].mode == HOSTAPD_MODE_IEEE80211G)
   1261 				wps->dev.rf_bands |= WPS_RF_24GHZ;
   1262 			else if (modes[m].mode == HOSTAPD_MODE_IEEE80211A)
   1263 				wps->dev.rf_bands |= WPS_RF_50GHZ;
   1264 		}
   1265 	}
   1266 	if (wps->dev.rf_bands == 0) {
   1267 		/*
   1268 		 * Default to claiming support for both bands if the driver
   1269 		 * does not provide support for fetching supported bands.
   1270 		 */
   1271 		wps->dev.rf_bands = WPS_RF_24GHZ | WPS_RF_50GHZ;
   1272 	}
   1273 	os_memcpy(wps->dev.mac_addr, wpa_s->own_addr, ETH_ALEN);
   1274 	wpas_wps_set_uuid(wpa_s, wps);
   1275 
   1276 	wps->auth_types = WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK;
   1277 	wps->encr_types = WPS_ENCR_AES | WPS_ENCR_TKIP;
   1278 
   1279 	os_memset(&rcfg, 0, sizeof(rcfg));
   1280 	rcfg.new_psk_cb = wpas_wps_new_psk_cb;
   1281 	rcfg.pin_needed_cb = wpas_wps_pin_needed_cb;
   1282 	rcfg.set_sel_reg_cb = wpas_wps_set_sel_reg_cb;
   1283 	rcfg.cb_ctx = wpa_s;
   1284 
   1285 	wps->registrar = wps_registrar_init(wps, &rcfg);
   1286 	if (wps->registrar == NULL) {
   1287 		wpa_printf(MSG_DEBUG, "Failed to initialize WPS Registrar");
   1288 		os_free(wps);
   1289 		return -1;
   1290 	}
   1291 
   1292 	wpa_s->wps = wps;
   1293 
   1294 	return 0;
   1295 }
   1296 
   1297 
   1298 void wpas_wps_deinit(struct wpa_supplicant *wpa_s)
   1299 {
   1300 	eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL);
   1301 	eloop_cancel_timeout(wpas_wps_reenable_networks_cb, wpa_s, NULL);
   1302 	wpas_wps_clear_ap_info(wpa_s);
   1303 
   1304 	if (wpa_s->wps == NULL)
   1305 		return;
   1306 
   1307 #ifdef CONFIG_WPS_ER
   1308 	wps_er_deinit(wpa_s->wps_er, NULL, NULL);
   1309 	wpa_s->wps_er = NULL;
   1310 #endif /* CONFIG_WPS_ER */
   1311 
   1312 	wps_registrar_deinit(wpa_s->wps->registrar);
   1313 	wpabuf_free(wpa_s->wps->dh_pubkey);
   1314 	wpabuf_free(wpa_s->wps->dh_privkey);
   1315 	wpabuf_free(wpa_s->wps->dev.vendor_ext_m1);
   1316 	os_free(wpa_s->wps->network_key);
   1317 	os_free(wpa_s->wps);
   1318 	wpa_s->wps = NULL;
   1319 }
   1320 
   1321 
   1322 int wpas_wps_ssid_bss_match(struct wpa_supplicant *wpa_s,
   1323 			    struct wpa_ssid *ssid, struct wpa_bss *bss)
   1324 {
   1325 	struct wpabuf *wps_ie;
   1326 
   1327 	if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS))
   1328 		return -1;
   1329 
   1330 	wps_ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
   1331 	if (eap_is_wps_pbc_enrollee(&ssid->eap)) {
   1332 		if (!wps_ie) {
   1333 			wpa_printf(MSG_DEBUG, "   skip - non-WPS AP");
   1334 			return 0;
   1335 		}
   1336 
   1337 		if (!wps_is_selected_pbc_registrar(wps_ie)) {
   1338 			wpa_printf(MSG_DEBUG, "   skip - WPS AP "
   1339 				   "without active PBC Registrar");
   1340 			wpabuf_free(wps_ie);
   1341 			return 0;
   1342 		}
   1343 
   1344 		/* TODO: overlap detection */
   1345 		wpa_printf(MSG_DEBUG, "   selected based on WPS IE "
   1346 			   "(Active PBC)");
   1347 		wpabuf_free(wps_ie);
   1348 		return 1;
   1349 	}
   1350 
   1351 	if (eap_is_wps_pin_enrollee(&ssid->eap)) {
   1352 		if (!wps_ie) {
   1353 			wpa_printf(MSG_DEBUG, "   skip - non-WPS AP");
   1354 			return 0;
   1355 		}
   1356 
   1357 		/*
   1358 		 * Start with WPS APs that advertise our address as an
   1359 		 * authorized MAC (v2.0) or active PIN Registrar (v1.0) and
   1360 		 * allow any WPS AP after couple of scans since some APs do not
   1361 		 * set Selected Registrar attribute properly when using
   1362 		 * external Registrar.
   1363 		 */
   1364 		if (!wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1)) {
   1365 			if (wpa_s->scan_runs < WPS_PIN_SCAN_IGNORE_SEL_REG) {
   1366 				wpa_printf(MSG_DEBUG, "   skip - WPS AP "
   1367 					   "without active PIN Registrar");
   1368 				wpabuf_free(wps_ie);
   1369 				return 0;
   1370 			}
   1371 			wpa_printf(MSG_DEBUG, "   selected based on WPS IE");
   1372 		} else {
   1373 			wpa_printf(MSG_DEBUG, "   selected based on WPS IE "
   1374 				   "(Authorized MAC or Active PIN)");
   1375 		}
   1376 		wpabuf_free(wps_ie);
   1377 		return 1;
   1378 	}
   1379 
   1380 	if (wps_ie) {
   1381 		wpa_printf(MSG_DEBUG, "   selected based on WPS IE");
   1382 		wpabuf_free(wps_ie);
   1383 		return 1;
   1384 	}
   1385 
   1386 	return -1;
   1387 }
   1388 
   1389 
   1390 int wpas_wps_ssid_wildcard_ok(struct wpa_supplicant *wpa_s,
   1391 			      struct wpa_ssid *ssid,
   1392 			      struct wpa_bss *bss)
   1393 {
   1394 	struct wpabuf *wps_ie = NULL;
   1395 	int ret = 0;
   1396 
   1397 	if (eap_is_wps_pbc_enrollee(&ssid->eap)) {
   1398 		wps_ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
   1399 		if (wps_ie && wps_is_selected_pbc_registrar(wps_ie)) {
   1400 			/* allow wildcard SSID for WPS PBC */
   1401 			ret = 1;
   1402 		}
   1403 	} else if (eap_is_wps_pin_enrollee(&ssid->eap)) {
   1404 		wps_ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
   1405 		if (wps_ie &&
   1406 		    (wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1) ||
   1407 		     wpa_s->scan_runs >= WPS_PIN_SCAN_IGNORE_SEL_REG)) {
   1408 			/* allow wildcard SSID for WPS PIN */
   1409 			ret = 1;
   1410 		}
   1411 	}
   1412 
   1413 	if (!ret && ssid->bssid_set &&
   1414 	    os_memcmp(ssid->bssid, bss->bssid, ETH_ALEN) == 0) {
   1415 		/* allow wildcard SSID due to hardcoded BSSID match */
   1416 		ret = 1;
   1417 	}
   1418 
   1419 #ifdef CONFIG_WPS_STRICT
   1420 	if (wps_ie) {
   1421 		if (wps_validate_beacon_probe_resp(wps_ie, bss->beacon_ie_len >
   1422 						   0, bss->bssid) < 0)
   1423 			ret = 0;
   1424 		if (bss->beacon_ie_len) {
   1425 			struct wpabuf *bcn_wps;
   1426 			bcn_wps = wpa_bss_get_vendor_ie_multi_beacon(
   1427 				bss, WPS_IE_VENDOR_TYPE);
   1428 			if (bcn_wps == NULL) {
   1429 				wpa_printf(MSG_DEBUG, "WPS: Mandatory WPS IE "
   1430 					   "missing from AP Beacon");
   1431 				ret = 0;
   1432 			} else {
   1433 				if (wps_validate_beacon(wps_ie) < 0)
   1434 					ret = 0;
   1435 				wpabuf_free(bcn_wps);
   1436 			}
   1437 		}
   1438 	}
   1439 #endif /* CONFIG_WPS_STRICT */
   1440 
   1441 	wpabuf_free(wps_ie);
   1442 
   1443 	return ret;
   1444 }
   1445 
   1446 
   1447 int wpas_wps_scan_pbc_overlap(struct wpa_supplicant *wpa_s,
   1448 			      struct wpa_bss *selected, struct wpa_ssid *ssid)
   1449 {
   1450 	const u8 *sel_uuid, *uuid;
   1451 	struct wpabuf *wps_ie;
   1452 	int ret = 0;
   1453 	struct wpa_bss *bss;
   1454 
   1455 	if (!eap_is_wps_pbc_enrollee(&ssid->eap))
   1456 		return 0;
   1457 
   1458 	wpa_printf(MSG_DEBUG, "WPS: Check whether PBC session overlap is "
   1459 		   "present in scan results; selected BSSID " MACSTR,
   1460 		   MAC2STR(selected->bssid));
   1461 
   1462 	/* Make sure that only one AP is in active PBC mode */
   1463 	wps_ie = wpa_bss_get_vendor_ie_multi(selected, WPS_IE_VENDOR_TYPE);
   1464 	if (wps_ie) {
   1465 		sel_uuid = wps_get_uuid_e(wps_ie);
   1466 		wpa_hexdump(MSG_DEBUG, "WPS: UUID of the selected BSS",
   1467 			    sel_uuid, UUID_LEN);
   1468 	} else {
   1469 		wpa_printf(MSG_DEBUG, "WPS: Selected BSS does not include "
   1470 			   "WPS IE?!");
   1471 		sel_uuid = NULL;
   1472 	}
   1473 
   1474 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
   1475 		struct wpabuf *ie;
   1476 		if (bss == selected)
   1477 			continue;
   1478 		ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
   1479 		if (!ie)
   1480 			continue;
   1481 		if (!wps_is_selected_pbc_registrar(ie)) {
   1482 			wpabuf_free(ie);
   1483 			continue;
   1484 		}
   1485 		wpa_printf(MSG_DEBUG, "WPS: Another BSS in active PBC mode: "
   1486 			   MACSTR, MAC2STR(bss->bssid));
   1487 		uuid = wps_get_uuid_e(ie);
   1488 		wpa_hexdump(MSG_DEBUG, "WPS: UUID of the other BSS",
   1489 			    uuid, UUID_LEN);
   1490 		if (sel_uuid == NULL || uuid == NULL ||
   1491 		    os_memcmp(sel_uuid, uuid, UUID_LEN) != 0) {
   1492 			ret = 1; /* PBC overlap */
   1493 			wpa_msg(wpa_s, MSG_INFO, "WPS: PBC overlap detected: "
   1494 				MACSTR " and " MACSTR,
   1495 				MAC2STR(selected->bssid),
   1496 				MAC2STR(bss->bssid));
   1497 			wpabuf_free(ie);
   1498 			break;
   1499 		}
   1500 
   1501 		/* TODO: verify that this is reasonable dual-band situation */
   1502 
   1503 		wpabuf_free(ie);
   1504 	}
   1505 
   1506 	wpabuf_free(wps_ie);
   1507 
   1508 	return ret;
   1509 }
   1510 
   1511 
   1512 void wpas_wps_notify_scan_results(struct wpa_supplicant *wpa_s)
   1513 {
   1514 	struct wpa_bss *bss;
   1515 	unsigned int pbc = 0, auth = 0, pin = 0, wps = 0;
   1516 
   1517 	if (wpa_s->disconnected || wpa_s->wpa_state >= WPA_ASSOCIATED)
   1518 		return;
   1519 
   1520 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
   1521 		struct wpabuf *ie;
   1522 		ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
   1523 		if (!ie)
   1524 			continue;
   1525 		if (wps_is_selected_pbc_registrar(ie))
   1526 			pbc++;
   1527 		else if (wps_is_addr_authorized(ie, wpa_s->own_addr, 0))
   1528 			auth++;
   1529 		else if (wps_is_selected_pin_registrar(ie))
   1530 			pin++;
   1531 		else
   1532 			wps++;
   1533 		wpabuf_free(ie);
   1534 	}
   1535 
   1536 	if (pbc)
   1537 		wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE_PBC);
   1538 	else if (auth)
   1539 		wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE_AUTH);
   1540 	else if (pin)
   1541 		wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE_PIN);
   1542 	else if (wps)
   1543 		wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE);
   1544 }
   1545 
   1546 
   1547 int wpas_wps_searching(struct wpa_supplicant *wpa_s)
   1548 {
   1549 	struct wpa_ssid *ssid;
   1550 
   1551 	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
   1552 		if ((ssid->key_mgmt & WPA_KEY_MGMT_WPS) && !ssid->disabled)
   1553 			return 1;
   1554 	}
   1555 
   1556 	return 0;
   1557 }
   1558 
   1559 
   1560 int wpas_wps_scan_result_text(const u8 *ies, size_t ies_len, char *buf,
   1561 			      char *end)
   1562 {
   1563 	struct wpabuf *wps_ie;
   1564 	int ret;
   1565 
   1566 	wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len, WPS_DEV_OUI_WFA);
   1567 	if (wps_ie == NULL)
   1568 		return 0;
   1569 
   1570 	ret = wps_attr_text(wps_ie, buf, end);
   1571 	wpabuf_free(wps_ie);
   1572 	return ret;
   1573 }
   1574 
   1575 
   1576 int wpas_wps_er_start(struct wpa_supplicant *wpa_s, const char *filter)
   1577 {
   1578 #ifdef CONFIG_WPS_ER
   1579 	if (wpa_s->wps_er) {
   1580 		wps_er_refresh(wpa_s->wps_er);
   1581 		return 0;
   1582 	}
   1583 	wpa_s->wps_er = wps_er_init(wpa_s->wps, wpa_s->ifname, filter);
   1584 	if (wpa_s->wps_er == NULL)
   1585 		return -1;
   1586 	return 0;
   1587 #else /* CONFIG_WPS_ER */
   1588 	return 0;
   1589 #endif /* CONFIG_WPS_ER */
   1590 }
   1591 
   1592 
   1593 int wpas_wps_er_stop(struct wpa_supplicant *wpa_s)
   1594 {
   1595 #ifdef CONFIG_WPS_ER
   1596 	wps_er_deinit(wpa_s->wps_er, NULL, NULL);
   1597 	wpa_s->wps_er = NULL;
   1598 #endif /* CONFIG_WPS_ER */
   1599 	return 0;
   1600 }
   1601 
   1602 
   1603 #ifdef CONFIG_WPS_ER
   1604 int wpas_wps_er_add_pin(struct wpa_supplicant *wpa_s, const u8 *addr,
   1605 			const char *uuid, const char *pin)
   1606 {
   1607 	u8 u[UUID_LEN];
   1608 	const u8 *use_uuid = NULL;
   1609 	u8 addr_buf[ETH_ALEN];
   1610 
   1611 	if (os_strcmp(uuid, "any") == 0) {
   1612 	} else if (uuid_str2bin(uuid, u) == 0) {
   1613 		use_uuid = u;
   1614 	} else if (hwaddr_aton(uuid, addr_buf) == 0) {
   1615 		use_uuid = wps_er_get_sta_uuid(wpa_s->wps_er, addr_buf);
   1616 		if (use_uuid == NULL)
   1617 			return -1;
   1618 	} else
   1619 		return -1;
   1620 	return wps_registrar_add_pin(wpa_s->wps->registrar, addr,
   1621 				     use_uuid,
   1622 				     (const u8 *) pin, os_strlen(pin), 300);
   1623 }
   1624 
   1625 
   1626 int wpas_wps_er_pbc(struct wpa_supplicant *wpa_s, const char *uuid)
   1627 {
   1628 	u8 u[UUID_LEN], *use_uuid = NULL;
   1629 	u8 addr[ETH_ALEN], *use_addr = NULL;
   1630 
   1631 	if (uuid_str2bin(uuid, u) == 0)
   1632 		use_uuid = u;
   1633 	else if (hwaddr_aton(uuid, addr) == 0)
   1634 		use_addr = addr;
   1635 	else
   1636 		return -1;
   1637 	return wps_er_pbc(wpa_s->wps_er, use_uuid, use_addr);
   1638 }
   1639 
   1640 
   1641 int wpas_wps_er_learn(struct wpa_supplicant *wpa_s, const char *uuid,
   1642 		      const char *pin)
   1643 {
   1644 	u8 u[UUID_LEN], *use_uuid = NULL;
   1645 	u8 addr[ETH_ALEN], *use_addr = NULL;
   1646 
   1647 	if (uuid_str2bin(uuid, u) == 0)
   1648 		use_uuid = u;
   1649 	else if (hwaddr_aton(uuid, addr) == 0)
   1650 		use_addr = addr;
   1651 	else
   1652 		return -1;
   1653 
   1654 	return wps_er_learn(wpa_s->wps_er, use_uuid, use_addr, (const u8 *) pin,
   1655 			    os_strlen(pin));
   1656 }
   1657 
   1658 
   1659 static int wpas_wps_network_to_cred(struct wpa_ssid *ssid,
   1660 				    struct wps_credential *cred)
   1661 {
   1662 	os_memset(cred, 0, sizeof(*cred));
   1663 	if (ssid->ssid_len > 32)
   1664 		return -1;
   1665 	os_memcpy(cred->ssid, ssid->ssid, ssid->ssid_len);
   1666 	cred->ssid_len = ssid->ssid_len;
   1667 	if (ssid->key_mgmt & WPA_KEY_MGMT_PSK) {
   1668 		cred->auth_type = (ssid->proto & WPA_PROTO_RSN) ?
   1669 			WPS_AUTH_WPA2PSK : WPS_AUTH_WPAPSK;
   1670 		if (ssid->pairwise_cipher & WPA_CIPHER_CCMP)
   1671 			cred->encr_type = WPS_ENCR_AES;
   1672 		else
   1673 			cred->encr_type = WPS_ENCR_TKIP;
   1674 		if (ssid->passphrase) {
   1675 			cred->key_len = os_strlen(ssid->passphrase);
   1676 			if (cred->key_len >= 64)
   1677 				return -1;
   1678 			os_memcpy(cred->key, ssid->passphrase, cred->key_len);
   1679 		} else if (ssid->psk_set) {
   1680 			cred->key_len = 32;
   1681 			os_memcpy(cred->key, ssid->psk, 32);
   1682 		} else
   1683 			return -1;
   1684 	} else {
   1685 		cred->auth_type = WPS_AUTH_OPEN;
   1686 		cred->encr_type = WPS_ENCR_NONE;
   1687 	}
   1688 
   1689 	return 0;
   1690 }
   1691 
   1692 
   1693 int wpas_wps_er_set_config(struct wpa_supplicant *wpa_s, const char *uuid,
   1694 			   int id)
   1695 {
   1696 	u8 u[UUID_LEN], *use_uuid = NULL;
   1697 	u8 addr[ETH_ALEN], *use_addr = NULL;
   1698 	struct wpa_ssid *ssid;
   1699 	struct wps_credential cred;
   1700 
   1701 	if (uuid_str2bin(uuid, u) == 0)
   1702 		use_uuid = u;
   1703 	else if (hwaddr_aton(uuid, addr) == 0)
   1704 		use_addr = addr;
   1705 	else
   1706 		return -1;
   1707 	ssid = wpa_config_get_network(wpa_s->conf, id);
   1708 	if (ssid == NULL || ssid->ssid == NULL)
   1709 		return -1;
   1710 
   1711 	if (wpas_wps_network_to_cred(ssid, &cred) < 0)
   1712 		return -1;
   1713 	return wps_er_set_config(wpa_s->wps_er, use_uuid, use_addr, &cred);
   1714 }
   1715 
   1716 
   1717 int wpas_wps_er_config(struct wpa_supplicant *wpa_s, const char *uuid,
   1718 		       const char *pin, struct wps_new_ap_settings *settings)
   1719 {
   1720 	u8 u[UUID_LEN], *use_uuid = NULL;
   1721 	u8 addr[ETH_ALEN], *use_addr = NULL;
   1722 	struct wps_credential cred;
   1723 	size_t len;
   1724 
   1725 	if (uuid_str2bin(uuid, u) == 0)
   1726 		use_uuid = u;
   1727 	else if (hwaddr_aton(uuid, addr) == 0)
   1728 		use_addr = addr;
   1729 	else
   1730 		return -1;
   1731 	if (settings->ssid_hex == NULL || settings->auth == NULL ||
   1732 	    settings->encr == NULL || settings->key_hex == NULL)
   1733 		return -1;
   1734 
   1735 	os_memset(&cred, 0, sizeof(cred));
   1736 	len = os_strlen(settings->ssid_hex);
   1737 	if ((len & 1) || len > 2 * sizeof(cred.ssid) ||
   1738 	    hexstr2bin(settings->ssid_hex, cred.ssid, len / 2))
   1739 		return -1;
   1740 	cred.ssid_len = len / 2;
   1741 
   1742 	len = os_strlen(settings->key_hex);
   1743 	if ((len & 1) || len > 2 * sizeof(cred.key) ||
   1744 	    hexstr2bin(settings->key_hex, cred.key, len / 2))
   1745 		return -1;
   1746 	cred.key_len = len / 2;
   1747 
   1748 	if (os_strcmp(settings->auth, "OPEN") == 0)
   1749 		cred.auth_type = WPS_AUTH_OPEN;
   1750 	else if (os_strcmp(settings->auth, "WPAPSK") == 0)
   1751 		cred.auth_type = WPS_AUTH_WPAPSK;
   1752 	else if (os_strcmp(settings->auth, "WPA2PSK") == 0)
   1753 		cred.auth_type = WPS_AUTH_WPA2PSK;
   1754 	else
   1755 		return -1;
   1756 
   1757 	if (os_strcmp(settings->encr, "NONE") == 0)
   1758 		cred.encr_type = WPS_ENCR_NONE;
   1759 	else if (os_strcmp(settings->encr, "WEP") == 0)
   1760 		cred.encr_type = WPS_ENCR_WEP;
   1761 	else if (os_strcmp(settings->encr, "TKIP") == 0)
   1762 		cred.encr_type = WPS_ENCR_TKIP;
   1763 	else if (os_strcmp(settings->encr, "CCMP") == 0)
   1764 		cred.encr_type = WPS_ENCR_AES;
   1765 	else
   1766 		return -1;
   1767 
   1768 	return wps_er_config(wpa_s->wps_er, use_uuid, use_addr,
   1769 			     (const u8 *) pin, os_strlen(pin), &cred);
   1770 }
   1771 
   1772 
   1773 #ifdef CONFIG_WPS_NFC
   1774 struct wpabuf * wpas_wps_er_nfc_config_token(struct wpa_supplicant *wpa_s,
   1775 					     int ndef, const char *uuid)
   1776 {
   1777 	struct wpabuf *ret;
   1778 	u8 u[UUID_LEN], *use_uuid = NULL;
   1779 	u8 addr[ETH_ALEN], *use_addr = NULL;
   1780 
   1781 	if (!wpa_s->wps_er)
   1782 		return NULL;
   1783 
   1784 	if (uuid_str2bin(uuid, u) == 0)
   1785 		use_uuid = u;
   1786 	else if (hwaddr_aton(uuid, addr) == 0)
   1787 		use_addr = addr;
   1788 	else
   1789 		return NULL;
   1790 
   1791 	ret = wps_er_nfc_config_token(wpa_s->wps_er, use_uuid, use_addr);
   1792 	if (ndef && ret) {
   1793 		struct wpabuf *tmp;
   1794 		tmp = ndef_build_wifi(ret);
   1795 		wpabuf_free(ret);
   1796 		if (tmp == NULL)
   1797 			return NULL;
   1798 		ret = tmp;
   1799 	}
   1800 
   1801 	return ret;
   1802 }
   1803 #endif /* CONFIG_WPS_NFC */
   1804 
   1805 
   1806 static int callbacks_pending = 0;
   1807 
   1808 static void wpas_wps_terminate_cb(void *ctx)
   1809 {
   1810 	wpa_printf(MSG_DEBUG, "WPS ER: Terminated");
   1811 	if (--callbacks_pending <= 0)
   1812 		eloop_terminate();
   1813 }
   1814 #endif /* CONFIG_WPS_ER */
   1815 
   1816 
   1817 int wpas_wps_terminate_pending(struct wpa_supplicant *wpa_s)
   1818 {
   1819 #ifdef CONFIG_WPS_ER
   1820 	if (wpa_s->wps_er) {
   1821 		callbacks_pending++;
   1822 		wps_er_deinit(wpa_s->wps_er, wpas_wps_terminate_cb, wpa_s);
   1823 		wpa_s->wps_er = NULL;
   1824 		return 1;
   1825 	}
   1826 #endif /* CONFIG_WPS_ER */
   1827 	return 0;
   1828 }
   1829 
   1830 
   1831 int wpas_wps_in_progress(struct wpa_supplicant *wpa_s)
   1832 {
   1833 	struct wpa_ssid *ssid;
   1834 
   1835 	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
   1836 		if (!ssid->disabled && ssid->key_mgmt == WPA_KEY_MGMT_WPS)
   1837 			return 1;
   1838 	}
   1839 
   1840 	return 0;
   1841 }
   1842 
   1843 
   1844 void wpas_wps_update_config(struct wpa_supplicant *wpa_s)
   1845 {
   1846 	struct wps_context *wps = wpa_s->wps;
   1847 
   1848 	if (wps == NULL)
   1849 		return;
   1850 
   1851 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_CONFIG_METHODS) {
   1852 		wps->config_methods = wps_config_methods_str2bin(
   1853 			wpa_s->conf->config_methods);
   1854 		if ((wps->config_methods &
   1855 		     (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) ==
   1856 		    (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) {
   1857 			wpa_printf(MSG_ERROR, "WPS: Both Label and Display "
   1858 				   "config methods are not allowed at the "
   1859 				   "same time");
   1860 			wps->config_methods &= ~WPS_CONFIG_LABEL;
   1861 		}
   1862 	}
   1863 	wps->config_methods = wps_fix_config_methods(wps->config_methods);
   1864 	wps->dev.config_methods = wps->config_methods;
   1865 
   1866 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_DEVICE_TYPE)
   1867 		os_memcpy(wps->dev.pri_dev_type, wpa_s->conf->device_type,
   1868 			  WPS_DEV_TYPE_LEN);
   1869 
   1870 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_SEC_DEVICE_TYPE) {
   1871 		wps->dev.num_sec_dev_types = wpa_s->conf->num_sec_device_types;
   1872 		os_memcpy(wps->dev.sec_dev_type, wpa_s->conf->sec_device_type,
   1873 			  wps->dev.num_sec_dev_types * WPS_DEV_TYPE_LEN);
   1874 	}
   1875 
   1876 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_VENDOR_EXTENSION)
   1877 		wpas_wps_set_vendor_ext_m1(wpa_s, wps);
   1878 
   1879 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_OS_VERSION)
   1880 		wps->dev.os_version = WPA_GET_BE32(wpa_s->conf->os_version);
   1881 
   1882 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_UUID)
   1883 		wpas_wps_set_uuid(wpa_s, wps);
   1884 
   1885 	if (wpa_s->conf->changed_parameters &
   1886 	    (CFG_CHANGED_DEVICE_NAME | CFG_CHANGED_WPS_STRING)) {
   1887 		/* Update pointers to make sure they refer current values */
   1888 		wps->dev.device_name = wpa_s->conf->device_name;
   1889 		wps->dev.manufacturer = wpa_s->conf->manufacturer;
   1890 		wps->dev.model_name = wpa_s->conf->model_name;
   1891 		wps->dev.model_number = wpa_s->conf->model_number;
   1892 		wps->dev.serial_number = wpa_s->conf->serial_number;
   1893 	}
   1894 }
   1895 
   1896 
   1897 #ifdef CONFIG_WPS_NFC
   1898 
   1899 #ifdef CONFIG_WPS_ER
   1900 static struct wpabuf *
   1901 wpas_wps_network_config_token(struct wpa_supplicant *wpa_s, int ndef,
   1902 			      struct wpa_ssid *ssid)
   1903 {
   1904 	struct wpabuf *ret;
   1905 	struct wps_credential cred;
   1906 
   1907 	if (wpas_wps_network_to_cred(ssid, &cred) < 0)
   1908 		return NULL;
   1909 
   1910 	ret = wps_er_config_token_from_cred(wpa_s->wps, &cred);
   1911 
   1912 	if (ndef && ret) {
   1913 		struct wpabuf *tmp;
   1914 		tmp = ndef_build_wifi(ret);
   1915 		wpabuf_free(ret);
   1916 		if (tmp == NULL)
   1917 			return NULL;
   1918 		ret = tmp;
   1919 	}
   1920 
   1921 	return ret;
   1922 }
   1923 #endif /* CONFIG_WPS_ER */
   1924 
   1925 
   1926 struct wpabuf * wpas_wps_nfc_config_token(struct wpa_supplicant *wpa_s,
   1927 					  int ndef, const char *id_str)
   1928 {
   1929 #ifdef CONFIG_WPS_ER
   1930 	if (id_str) {
   1931 		int id;
   1932 		char *end = NULL;
   1933 		struct wpa_ssid *ssid;
   1934 
   1935 		id = strtol(id_str, &end, 10);
   1936 		if (end && *end)
   1937 			return NULL;
   1938 
   1939 		ssid = wpa_config_get_network(wpa_s->conf, id);
   1940 		if (ssid == NULL)
   1941 			return NULL;
   1942 		return wpas_wps_network_config_token(wpa_s, ndef, ssid);
   1943 	}
   1944 #endif /* CONFIG_WPS_ER */
   1945 #ifdef CONFIG_AP
   1946 	if (wpa_s->ap_iface)
   1947 		return wpas_ap_wps_nfc_config_token(wpa_s, ndef);
   1948 #endif /* CONFIG_AP */
   1949 	return NULL;
   1950 }
   1951 
   1952 
   1953 struct wpabuf * wpas_wps_nfc_token(struct wpa_supplicant *wpa_s, int ndef)
   1954 {
   1955 	if (wpa_s->conf->wps_nfc_pw_from_config) {
   1956 		return wps_nfc_token_build(ndef,
   1957 					   wpa_s->conf->wps_nfc_dev_pw_id,
   1958 					   wpa_s->conf->wps_nfc_dh_pubkey,
   1959 					   wpa_s->conf->wps_nfc_dev_pw);
   1960 	}
   1961 
   1962 	return wps_nfc_token_gen(ndef, &wpa_s->conf->wps_nfc_dev_pw_id,
   1963 				 &wpa_s->conf->wps_nfc_dh_pubkey,
   1964 				 &wpa_s->conf->wps_nfc_dh_privkey,
   1965 				 &wpa_s->conf->wps_nfc_dev_pw);
   1966 }
   1967 
   1968 
   1969 int wpas_wps_start_nfc(struct wpa_supplicant *wpa_s, const u8 *bssid)
   1970 {
   1971 	struct wps_context *wps = wpa_s->wps;
   1972 	char pw[32 * 2 + 1];
   1973 
   1974 	if (wpa_s->conf->wps_nfc_dh_pubkey == NULL ||
   1975 	    wpa_s->conf->wps_nfc_dh_privkey == NULL ||
   1976 	    wpa_s->conf->wps_nfc_dev_pw == NULL)
   1977 		return -1;
   1978 
   1979 	dh5_free(wps->dh_ctx);
   1980 	wpabuf_free(wps->dh_pubkey);
   1981 	wpabuf_free(wps->dh_privkey);
   1982 	wps->dh_privkey = wpabuf_dup(wpa_s->conf->wps_nfc_dh_privkey);
   1983 	wps->dh_pubkey = wpabuf_dup(wpa_s->conf->wps_nfc_dh_pubkey);
   1984 	if (wps->dh_privkey == NULL || wps->dh_pubkey == NULL) {
   1985 		wps->dh_ctx = NULL;
   1986 		wpabuf_free(wps->dh_pubkey);
   1987 		wps->dh_pubkey = NULL;
   1988 		wpabuf_free(wps->dh_privkey);
   1989 		wps->dh_privkey = NULL;
   1990 		return -1;
   1991 	}
   1992 	wps->dh_ctx = dh5_init_fixed(wps->dh_privkey, wps->dh_pubkey);
   1993 	if (wps->dh_ctx == NULL) {
   1994 		wpabuf_free(wps->dh_pubkey);
   1995 		wps->dh_pubkey = NULL;
   1996 		wpabuf_free(wps->dh_privkey);
   1997 		wps->dh_privkey = NULL;
   1998 		return -1;
   1999 	}
   2000 
   2001 	wpa_snprintf_hex_uppercase(pw, sizeof(pw),
   2002 				   wpabuf_head(wpa_s->conf->wps_nfc_dev_pw),
   2003 				   wpabuf_len(wpa_s->conf->wps_nfc_dev_pw));
   2004 	return wpas_wps_start_pin(wpa_s, bssid, pw, 0,
   2005 				  wpa_s->conf->wps_nfc_dev_pw_id);
   2006 }
   2007 
   2008 
   2009 static int wpas_wps_use_cred(struct wpa_supplicant *wpa_s,
   2010 			     struct wps_parse_attr *attr)
   2011 {
   2012 	wpa_s->wps_ap_channel = 0;
   2013 
   2014 	if (wps_oob_use_cred(wpa_s->wps, attr) < 0)
   2015 		return -1;
   2016 
   2017 	if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED)
   2018 		return 0;
   2019 
   2020 	wpa_printf(MSG_DEBUG, "WPS: Request reconnection with new network "
   2021 		   "based on the received credential added");
   2022 	wpa_s->normal_scans = 0;
   2023 	wpa_supplicant_reinit_autoscan(wpa_s);
   2024 	if (wpa_s->wps_ap_channel) {
   2025 		u16 chan = wpa_s->wps_ap_channel;
   2026 		int freq = 0;
   2027 
   2028 		if (chan >= 1 && chan <= 13)
   2029 			freq = 2407 + 5 * chan;
   2030 		else if (chan == 14)
   2031 			freq = 2484;
   2032 		else if (chan >= 30)
   2033 			freq = 5000 + 5 * chan;
   2034 
   2035 		if (freq) {
   2036 			wpa_printf(MSG_DEBUG, "WPS: Credential indicated "
   2037 				   "AP channel %u -> %u MHz", chan, freq);
   2038 			wpa_s->after_wps = 5;
   2039 			wpa_s->wps_freq = freq;
   2040 		}
   2041 	}
   2042 	wpa_s->disconnected = 0;
   2043 	wpa_s->reassociate = 1;
   2044 	wpa_supplicant_req_scan(wpa_s, 0, 0);
   2045 
   2046 	return 0;
   2047 }
   2048 
   2049 
   2050 #ifdef CONFIG_WPS_ER
   2051 static int wpas_wps_add_nfc_password_token(struct wpa_supplicant *wpa_s,
   2052 					   struct wps_parse_attr *attr)
   2053 {
   2054 	return wps_registrar_add_nfc_password_token(
   2055 		wpa_s->wps->registrar, attr->oob_dev_password,
   2056 		attr->oob_dev_password_len);
   2057 }
   2058 #endif /* CONFIG_WPS_ER */
   2059 
   2060 
   2061 static int wpas_wps_nfc_tag_process(struct wpa_supplicant *wpa_s,
   2062 				    const struct wpabuf *wps)
   2063 {
   2064 	struct wps_parse_attr attr;
   2065 
   2066 	wpa_hexdump_buf(MSG_DEBUG, "WPS: Received NFC tag payload", wps);
   2067 
   2068 	if (wps_parse_msg(wps, &attr)) {
   2069 		wpa_printf(MSG_DEBUG, "WPS: Ignore invalid data from NFC tag");
   2070 		return -1;
   2071 	}
   2072 
   2073 	if (attr.num_cred)
   2074 		return wpas_wps_use_cred(wpa_s, &attr);
   2075 
   2076 #ifdef CONFIG_WPS_ER
   2077 	if (attr.oob_dev_password)
   2078 		return wpas_wps_add_nfc_password_token(wpa_s, &attr);
   2079 #endif /* CONFIG_WPS_ER */
   2080 
   2081 	wpa_printf(MSG_DEBUG, "WPS: Ignore unrecognized NFC tag");
   2082 	return -1;
   2083 }
   2084 
   2085 
   2086 int wpas_wps_nfc_tag_read(struct wpa_supplicant *wpa_s,
   2087 			  const struct wpabuf *data)
   2088 {
   2089 	const struct wpabuf *wps = data;
   2090 	struct wpabuf *tmp = NULL;
   2091 	int ret;
   2092 
   2093 	if (wpabuf_len(data) < 4)
   2094 		return -1;
   2095 
   2096 	if (*wpabuf_head_u8(data) != 0x10) {
   2097 		/* Assume this contains full NDEF record */
   2098 		tmp = ndef_parse_wifi(data);
   2099 		if (tmp == NULL) {
   2100 			wpa_printf(MSG_DEBUG, "WPS: Could not parse NDEF");
   2101 			return -1;
   2102 		}
   2103 		wps = tmp;
   2104 	}
   2105 
   2106 	ret = wpas_wps_nfc_tag_process(wpa_s, wps);
   2107 	wpabuf_free(tmp);
   2108 	return ret;
   2109 }
   2110 
   2111 
   2112 struct wpabuf * wpas_wps_nfc_handover_req(struct wpa_supplicant *wpa_s, int cr)
   2113 {
   2114 	if (cr)
   2115 		return ndef_build_wifi_hc(1);
   2116 	return ndef_build_wifi_hr();
   2117 }
   2118 
   2119 
   2120 #ifdef CONFIG_WPS_NFC
   2121 struct wpabuf * wpas_wps_er_nfc_handover_sel(struct wpa_supplicant *wpa_s,
   2122 					     int ndef, const char *uuid)
   2123 {
   2124 #ifdef CONFIG_WPS_ER
   2125 	struct wpabuf *ret;
   2126 	u8 u[UUID_LEN], *use_uuid = NULL;
   2127 	u8 addr[ETH_ALEN], *use_addr = NULL;
   2128 
   2129 	if (!wpa_s->wps_er)
   2130 		return NULL;
   2131 
   2132 	if (uuid == NULL)
   2133 		return NULL;
   2134 	if (uuid_str2bin(uuid, u) == 0)
   2135 		use_uuid = u;
   2136 	else if (hwaddr_aton(uuid, addr) == 0)
   2137 		use_addr = addr;
   2138 	else
   2139 		return NULL;
   2140 
   2141 	/*
   2142 	 * Handover Select carrier record for WPS uses the same format as
   2143 	 * configuration token.
   2144 	 */
   2145 	ret = wps_er_nfc_config_token(wpa_s->wps_er, use_uuid, use_addr);
   2146 	if (ndef && ret) {
   2147 		struct wpabuf *tmp;
   2148 		tmp = ndef_build_wifi(ret);
   2149 		wpabuf_free(ret);
   2150 		if (tmp == NULL)
   2151 			return NULL;
   2152 		ret = tmp;
   2153 	}
   2154 
   2155 	return ret;
   2156 #else /* CONFIG_WPS_ER */
   2157 	return NULL;
   2158 #endif /* CONFIG_WPS_ER */
   2159 }
   2160 #endif /* CONFIG_WPS_NFC */
   2161 
   2162 
   2163 struct wpabuf * wpas_wps_nfc_handover_sel(struct wpa_supplicant *wpa_s,
   2164 					  int ndef, int cr, const char *uuid)
   2165 {
   2166 	struct wpabuf *ret;
   2167 	if (!cr)
   2168 		return NULL;
   2169 	ret = wpas_ap_wps_nfc_handover_sel(wpa_s, ndef);
   2170 	if (ret)
   2171 		return ret;
   2172 	return wpas_wps_er_nfc_handover_sel(wpa_s, ndef, uuid);
   2173 }
   2174 
   2175 
   2176 int wpas_wps_nfc_rx_handover_req(struct wpa_supplicant *wpa_s,
   2177 				 const struct wpabuf *data)
   2178 {
   2179 	/* TODO */
   2180 	return -1;
   2181 }
   2182 
   2183 
   2184 int wpas_wps_nfc_rx_handover_sel(struct wpa_supplicant *wpa_s,
   2185 				 const struct wpabuf *data)
   2186 {
   2187 	struct wpabuf *wps;
   2188 	int ret;
   2189 
   2190 	wps = ndef_parse_wifi(data);
   2191 	if (wps == NULL)
   2192 		return -1;
   2193 	wpa_printf(MSG_DEBUG, "WPS: Received application/vnd.wfa.wsc "
   2194 		   "payload from NFC connection handover");
   2195 	wpa_hexdump_buf_key(MSG_DEBUG, "WPS: NFC payload", wps);
   2196 	ret = wpas_wps_nfc_tag_process(wpa_s, wps);
   2197 	wpabuf_free(wps);
   2198 
   2199 	return ret;
   2200 }
   2201 
   2202 
   2203 int wpas_wps_nfc_report_handover(struct wpa_supplicant *wpa_s,
   2204 				 const struct wpabuf *req,
   2205 				 const struct wpabuf *sel)
   2206 {
   2207 	wpa_printf(MSG_DEBUG, "NFC: WPS connection handover reported");
   2208 	wpa_hexdump_buf_key(MSG_DEBUG, "WPS: Carrier record in request", req);
   2209 	wpa_hexdump_buf_key(MSG_DEBUG, "WPS: Carrier record in select", sel);
   2210 	return wpas_wps_nfc_rx_handover_sel(wpa_s, sel);
   2211 }
   2212 
   2213 #endif /* CONFIG_WPS_NFC */
   2214 
   2215 
   2216 extern int wpa_debug_level;
   2217 
   2218 static void wpas_wps_dump_ap_info(struct wpa_supplicant *wpa_s)
   2219 {
   2220 	size_t i;
   2221 	struct os_time now;
   2222 
   2223 	if (wpa_debug_level > MSG_DEBUG)
   2224 		return;
   2225 
   2226 	if (wpa_s->wps_ap == NULL)
   2227 		return;
   2228 
   2229 	os_get_time(&now);
   2230 
   2231 	for (i = 0; i < wpa_s->num_wps_ap; i++) {
   2232 		struct wps_ap_info *ap = &wpa_s->wps_ap[i];
   2233 		struct wpa_blacklist *e = wpa_blacklist_get(wpa_s, ap->bssid);
   2234 
   2235 		wpa_printf(MSG_DEBUG, "WPS: AP[%d] " MACSTR " type=%d "
   2236 			   "tries=%d last_attempt=%d sec ago blacklist=%d",
   2237 			   (int) i, MAC2STR(ap->bssid), ap->type, ap->tries,
   2238 			   ap->last_attempt.sec > 0 ?
   2239 			   (int) now.sec - (int) ap->last_attempt.sec : -1,
   2240 			   e ? e->count : 0);
   2241 	}
   2242 }
   2243 
   2244 
   2245 static struct wps_ap_info * wpas_wps_get_ap_info(struct wpa_supplicant *wpa_s,
   2246 						 const u8 *bssid)
   2247 {
   2248 	size_t i;
   2249 
   2250 	if (wpa_s->wps_ap == NULL)
   2251 		return NULL;
   2252 
   2253 	for (i = 0; i < wpa_s->num_wps_ap; i++) {
   2254 		struct wps_ap_info *ap = &wpa_s->wps_ap[i];
   2255 		if (os_memcmp(ap->bssid, bssid, ETH_ALEN) == 0)
   2256 			return ap;
   2257 	}
   2258 
   2259 	return NULL;
   2260 }
   2261 
   2262 
   2263 static void wpas_wps_update_ap_info_bss(struct wpa_supplicant *wpa_s,
   2264 					struct wpa_scan_res *res)
   2265 {
   2266 	struct wpabuf *wps;
   2267 	enum wps_ap_info_type type;
   2268 	struct wps_ap_info *ap;
   2269 	int r;
   2270 
   2271 	if (wpa_scan_get_vendor_ie(res, WPS_IE_VENDOR_TYPE) == NULL)
   2272 		return;
   2273 
   2274 	wps = wpa_scan_get_vendor_ie_multi(res, WPS_IE_VENDOR_TYPE);
   2275 	if (wps == NULL)
   2276 		return;
   2277 
   2278 	r = wps_is_addr_authorized(wps, wpa_s->own_addr, 1);
   2279 	if (r == 2)
   2280 		type = WPS_AP_SEL_REG_OUR;
   2281 	else if (r == 1)
   2282 		type = WPS_AP_SEL_REG;
   2283 	else
   2284 		type = WPS_AP_NOT_SEL_REG;
   2285 
   2286 	wpabuf_free(wps);
   2287 
   2288 	ap = wpas_wps_get_ap_info(wpa_s, res->bssid);
   2289 	if (ap) {
   2290 		if (ap->type != type) {
   2291 			wpa_printf(MSG_DEBUG, "WPS: AP " MACSTR
   2292 				   " changed type %d -> %d",
   2293 				   MAC2STR(res->bssid), ap->type, type);
   2294 			ap->type = type;
   2295 			if (type != WPS_AP_NOT_SEL_REG)
   2296 				wpa_blacklist_del(wpa_s, ap->bssid);
   2297 		}
   2298 		return;
   2299 	}
   2300 
   2301 	ap = os_realloc_array(wpa_s->wps_ap, wpa_s->num_wps_ap + 1,
   2302 			      sizeof(struct wps_ap_info));
   2303 	if (ap == NULL)
   2304 		return;
   2305 
   2306 	wpa_s->wps_ap = ap;
   2307 	ap = &wpa_s->wps_ap[wpa_s->num_wps_ap];
   2308 	wpa_s->num_wps_ap++;
   2309 
   2310 	os_memset(ap, 0, sizeof(*ap));
   2311 	os_memcpy(ap->bssid, res->bssid, ETH_ALEN);
   2312 	ap->type = type;
   2313 	wpa_printf(MSG_DEBUG, "WPS: AP " MACSTR " type %d added",
   2314 		   MAC2STR(ap->bssid), ap->type);
   2315 }
   2316 
   2317 
   2318 void wpas_wps_update_ap_info(struct wpa_supplicant *wpa_s,
   2319 			     struct wpa_scan_results *scan_res)
   2320 {
   2321 	size_t i;
   2322 
   2323 	for (i = 0; i < scan_res->num; i++)
   2324 		wpas_wps_update_ap_info_bss(wpa_s, scan_res->res[i]);
   2325 
   2326 	wpas_wps_dump_ap_info(wpa_s);
   2327 }
   2328 
   2329 
   2330 void wpas_wps_notify_assoc(struct wpa_supplicant *wpa_s, const u8 *bssid)
   2331 {
   2332 	struct wps_ap_info *ap;
   2333 	if (!wpa_s->wps_ap_iter)
   2334 		return;
   2335 	ap = wpas_wps_get_ap_info(wpa_s, bssid);
   2336 	if (ap == NULL)
   2337 		return;
   2338 	ap->tries++;
   2339 	os_get_time(&ap->last_attempt);
   2340 }
   2341