Home | History | Annotate | Download | only in ap
      1 /*
      2  * hostapd / WPS integration
      3  * Copyright (c) 2008-2012, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This software may be distributed under the terms of the BSD license.
      6  * See README for more details.
      7  */
      8 
      9 #include "utils/includes.h"
     10 
     11 #include "utils/common.h"
     12 #include "utils/eloop.h"
     13 #include "utils/uuid.h"
     14 #include "common/wpa_ctrl.h"
     15 #include "common/ieee802_11_defs.h"
     16 #include "common/ieee802_11_common.h"
     17 #include "eapol_auth/eapol_auth_sm.h"
     18 #include "eapol_auth/eapol_auth_sm_i.h"
     19 #include "wps/wps.h"
     20 #include "wps/wps_defs.h"
     21 #include "wps/wps_dev_attr.h"
     22 #include "wps/wps_attr_parse.h"
     23 #include "hostapd.h"
     24 #include "ap_config.h"
     25 #include "ap_drv_ops.h"
     26 #include "beacon.h"
     27 #include "sta_info.h"
     28 #include "wps_hostapd.h"
     29 
     30 
     31 #ifdef CONFIG_WPS_UPNP
     32 #include "wps/wps_upnp.h"
     33 static int hostapd_wps_upnp_init(struct hostapd_data *hapd,
     34 				 struct wps_context *wps);
     35 static void hostapd_wps_upnp_deinit(struct hostapd_data *hapd);
     36 #endif /* CONFIG_WPS_UPNP */
     37 
     38 static int hostapd_wps_probe_req_rx(void *ctx, const u8 *addr, const u8 *da,
     39 				    const u8 *bssid,
     40 				    const u8 *ie, size_t ie_len,
     41 				    int ssi_signal);
     42 static void hostapd_wps_ap_pin_timeout(void *eloop_data, void *user_ctx);
     43 
     44 
     45 struct wps_for_each_data {
     46 	int (*func)(struct hostapd_data *h, void *ctx);
     47 	void *ctx;
     48 	struct hostapd_data *calling_hapd;
     49 };
     50 
     51 
     52 static int wps_for_each(struct hostapd_iface *iface, void *ctx)
     53 {
     54 	struct wps_for_each_data *data = ctx;
     55 	size_t j;
     56 
     57 	if (iface == NULL)
     58 		return 0;
     59 	for (j = 0; j < iface->num_bss; j++) {
     60 		struct hostapd_data *hapd = iface->bss[j];
     61 		int ret;
     62 
     63 		if (hapd != data->calling_hapd &&
     64 		    (hapd->conf->wps_independent ||
     65 		     data->calling_hapd->conf->wps_independent))
     66 			continue;
     67 
     68 		ret = data->func(hapd, data->ctx);
     69 		if (ret)
     70 			return ret;
     71 	}
     72 
     73 	return 0;
     74 }
     75 
     76 
     77 static int hostapd_wps_for_each(struct hostapd_data *hapd,
     78 				int (*func)(struct hostapd_data *h, void *ctx),
     79 				void *ctx)
     80 {
     81 	struct hostapd_iface *iface = hapd->iface;
     82 	struct wps_for_each_data data;
     83 	data.func = func;
     84 	data.ctx = ctx;
     85 	data.calling_hapd = hapd;
     86 	if (iface->interfaces == NULL ||
     87 	    iface->interfaces->for_each_interface == NULL)
     88 		return wps_for_each(iface, &data);
     89 	return iface->interfaces->for_each_interface(iface->interfaces,
     90 						     wps_for_each, &data);
     91 }
     92 
     93 
     94 static int hostapd_wps_new_psk_cb(void *ctx, const u8 *mac_addr, const u8 *psk,
     95 				  size_t psk_len)
     96 {
     97 	struct hostapd_data *hapd = ctx;
     98 	struct hostapd_wpa_psk *p;
     99 	struct hostapd_ssid *ssid = &hapd->conf->ssid;
    100 
    101 	wpa_printf(MSG_DEBUG, "Received new WPA/WPA2-PSK from WPS for STA "
    102 		   MACSTR, MAC2STR(mac_addr));
    103 	wpa_hexdump_key(MSG_DEBUG, "Per-device PSK", psk, psk_len);
    104 
    105 	if (psk_len != PMK_LEN) {
    106 		wpa_printf(MSG_DEBUG, "Unexpected PSK length %lu",
    107 			   (unsigned long) psk_len);
    108 		return -1;
    109 	}
    110 
    111 	/* Add the new PSK to runtime PSK list */
    112 	p = os_zalloc(sizeof(*p));
    113 	if (p == NULL)
    114 		return -1;
    115 	os_memcpy(p->addr, mac_addr, ETH_ALEN);
    116 	os_memcpy(p->psk, psk, PMK_LEN);
    117 
    118 	p->next = ssid->wpa_psk;
    119 	ssid->wpa_psk = p;
    120 
    121 	if (ssid->wpa_psk_file) {
    122 		FILE *f;
    123 		char hex[PMK_LEN * 2 + 1];
    124 		/* Add the new PSK to PSK list file */
    125 		f = fopen(ssid->wpa_psk_file, "a");
    126 		if (f == NULL) {
    127 			wpa_printf(MSG_DEBUG, "Failed to add the PSK to "
    128 				   "'%s'", ssid->wpa_psk_file);
    129 			return -1;
    130 		}
    131 
    132 		wpa_snprintf_hex(hex, sizeof(hex), psk, psk_len);
    133 		fprintf(f, MACSTR " %s\n", MAC2STR(mac_addr), hex);
    134 		fclose(f);
    135 	}
    136 
    137 	return 0;
    138 }
    139 
    140 
    141 static int hostapd_wps_set_ie_cb(void *ctx, struct wpabuf *beacon_ie,
    142 				 struct wpabuf *probe_resp_ie)
    143 {
    144 	struct hostapd_data *hapd = ctx;
    145 	wpabuf_free(hapd->wps_beacon_ie);
    146 	hapd->wps_beacon_ie = beacon_ie;
    147 	wpabuf_free(hapd->wps_probe_resp_ie);
    148 	hapd->wps_probe_resp_ie = probe_resp_ie;
    149 	if (hapd->beacon_set_done)
    150 		ieee802_11_set_beacon(hapd);
    151 	return hostapd_set_ap_wps_ie(hapd);
    152 }
    153 
    154 
    155 static void hostapd_wps_pin_needed_cb(void *ctx, const u8 *uuid_e,
    156 				      const struct wps_device_data *dev)
    157 {
    158 	struct hostapd_data *hapd = ctx;
    159 	char uuid[40], txt[400];
    160 	int len;
    161 	char devtype[WPS_DEV_TYPE_BUFSIZE];
    162 	if (uuid_bin2str(uuid_e, uuid, sizeof(uuid)))
    163 		return;
    164 	wpa_printf(MSG_DEBUG, "WPS: PIN needed for E-UUID %s", uuid);
    165 	len = os_snprintf(txt, sizeof(txt), WPS_EVENT_PIN_NEEDED
    166 			  "%s " MACSTR " [%s|%s|%s|%s|%s|%s]",
    167 			  uuid, MAC2STR(dev->mac_addr), dev->device_name,
    168 			  dev->manufacturer, dev->model_name,
    169 			  dev->model_number, dev->serial_number,
    170 			  wps_dev_type_bin2str(dev->pri_dev_type, devtype,
    171 					       sizeof(devtype)));
    172 	if (len > 0 && len < (int) sizeof(txt))
    173 		wpa_msg(hapd->msg_ctx, MSG_INFO, "%s", txt);
    174 
    175 	if (hapd->conf->wps_pin_requests) {
    176 		FILE *f;
    177 		struct os_time t;
    178 		f = fopen(hapd->conf->wps_pin_requests, "a");
    179 		if (f == NULL)
    180 			return;
    181 		os_get_time(&t);
    182 		fprintf(f, "%ld\t%s\t" MACSTR "\t%s\t%s\t%s\t%s\t%s"
    183 			"\t%s\n",
    184 			t.sec, uuid, MAC2STR(dev->mac_addr), dev->device_name,
    185 			dev->manufacturer, dev->model_name, dev->model_number,
    186 			dev->serial_number,
    187 			wps_dev_type_bin2str(dev->pri_dev_type, devtype,
    188 					     sizeof(devtype)));
    189 		fclose(f);
    190 	}
    191 }
    192 
    193 
    194 struct wps_stop_reg_data {
    195 	struct hostapd_data *current_hapd;
    196 	const u8 *uuid_e;
    197 	const u8 *dev_pw;
    198 	size_t dev_pw_len;
    199 };
    200 
    201 static int wps_stop_registrar(struct hostapd_data *hapd, void *ctx)
    202 {
    203 	struct wps_stop_reg_data *data = ctx;
    204 	if (hapd != data->current_hapd && hapd->wps != NULL)
    205 		wps_registrar_complete(hapd->wps->registrar, data->uuid_e,
    206 				       data->dev_pw, data->dev_pw_len);
    207 	return 0;
    208 }
    209 
    210 
    211 static void hostapd_wps_reg_success_cb(void *ctx, const u8 *mac_addr,
    212 				       const u8 *uuid_e, const u8 *dev_pw,
    213 				       size_t dev_pw_len)
    214 {
    215 	struct hostapd_data *hapd = ctx;
    216 	char uuid[40];
    217 	struct wps_stop_reg_data data;
    218 	if (uuid_bin2str(uuid_e, uuid, sizeof(uuid)))
    219 		return;
    220 	wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_REG_SUCCESS MACSTR " %s",
    221 		MAC2STR(mac_addr), uuid);
    222 	if (hapd->wps_reg_success_cb)
    223 		hapd->wps_reg_success_cb(hapd->wps_reg_success_cb_ctx,
    224 					 mac_addr, uuid_e);
    225 	data.current_hapd = hapd;
    226 	data.uuid_e = uuid_e;
    227 	data.dev_pw = dev_pw;
    228 	data.dev_pw_len = dev_pw_len;
    229 	hostapd_wps_for_each(hapd, wps_stop_registrar, &data);
    230 }
    231 
    232 
    233 static void hostapd_wps_enrollee_seen_cb(void *ctx, const u8 *addr,
    234 					 const u8 *uuid_e,
    235 					 const u8 *pri_dev_type,
    236 					 u16 config_methods,
    237 					 u16 dev_password_id, u8 request_type,
    238 					 const char *dev_name)
    239 {
    240 	struct hostapd_data *hapd = ctx;
    241 	char uuid[40];
    242 	char devtype[WPS_DEV_TYPE_BUFSIZE];
    243 	if (uuid_bin2str(uuid_e, uuid, sizeof(uuid)))
    244 		return;
    245 	if (dev_name == NULL)
    246 		dev_name = "";
    247 	wpa_msg_ctrl(hapd->msg_ctx, MSG_INFO, WPS_EVENT_ENROLLEE_SEEN MACSTR
    248 		     " %s %s 0x%x %u %u [%s]",
    249 		     MAC2STR(addr), uuid,
    250 		     wps_dev_type_bin2str(pri_dev_type, devtype,
    251 					  sizeof(devtype)),
    252 		     config_methods, dev_password_id, request_type, dev_name);
    253 }
    254 
    255 
    256 static int str_starts(const char *str, const char *start)
    257 {
    258 	return os_strncmp(str, start, os_strlen(start)) == 0;
    259 }
    260 
    261 
    262 static void wps_reload_config(void *eloop_data, void *user_ctx)
    263 {
    264 	struct hostapd_iface *iface = eloop_data;
    265 
    266 	wpa_printf(MSG_DEBUG, "WPS: Reload configuration data");
    267 	if (iface->interfaces == NULL ||
    268 	    iface->interfaces->reload_config(iface) < 0) {
    269 		wpa_printf(MSG_WARNING, "WPS: Failed to reload the updated "
    270 			   "configuration");
    271 	}
    272 }
    273 
    274 
    275 static void hapd_new_ap_event(struct hostapd_data *hapd, const u8 *attr,
    276 			      size_t attr_len)
    277 {
    278 	size_t blen = attr_len * 2 + 1;
    279 	char *buf = os_malloc(blen);
    280 	if (buf) {
    281 		wpa_snprintf_hex(buf, blen, attr, attr_len);
    282 		wpa_msg(hapd->msg_ctx, MSG_INFO,
    283 			WPS_EVENT_NEW_AP_SETTINGS "%s", buf);
    284 		os_free(buf);
    285 	}
    286 }
    287 
    288 
    289 static int hapd_wps_reconfig_in_memory(struct hostapd_data *hapd,
    290 				       const struct wps_credential *cred)
    291 {
    292 	struct hostapd_bss_config *bss = hapd->conf;
    293 
    294 	wpa_printf(MSG_DEBUG, "WPS: Updating in-memory configuration");
    295 
    296 	bss->wps_state = 2;
    297 	if (cred->ssid_len <= HOSTAPD_MAX_SSID_LEN) {
    298 		os_memcpy(bss->ssid.ssid, cred->ssid, cred->ssid_len);
    299 		bss->ssid.ssid_len = cred->ssid_len;
    300 		bss->ssid.ssid_set = 1;
    301 	}
    302 
    303 	if ((cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK)) &&
    304 	    (cred->auth_type & (WPS_AUTH_WPA | WPS_AUTH_WPAPSK)))
    305 		bss->wpa = 3;
    306 	else if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK))
    307 		bss->wpa = 2;
    308 	else if (cred->auth_type & (WPS_AUTH_WPA | WPS_AUTH_WPAPSK))
    309 		bss->wpa = 1;
    310 	else
    311 		bss->wpa = 0;
    312 
    313 	if (bss->wpa) {
    314 		if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA))
    315 			bss->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
    316 		if (cred->auth_type & (WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK))
    317 			bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
    318 
    319 		bss->wpa_pairwise = 0;
    320 		if (cred->encr_type & WPS_ENCR_AES)
    321 			bss->wpa_pairwise |= WPA_CIPHER_CCMP;
    322 		if (cred->encr_type & WPS_ENCR_TKIP)
    323 			bss->wpa_pairwise |= WPA_CIPHER_TKIP;
    324 		bss->rsn_pairwise = bss->wpa_pairwise;
    325 		bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,
    326 							    bss->wpa_pairwise,
    327 							    bss->rsn_pairwise);
    328 
    329 		if (cred->key_len >= 8 && cred->key_len < 64) {
    330 			os_free(bss->ssid.wpa_passphrase);
    331 			bss->ssid.wpa_passphrase = os_zalloc(cred->key_len + 1);
    332 			if (bss->ssid.wpa_passphrase)
    333 				os_memcpy(bss->ssid.wpa_passphrase, cred->key,
    334 					  cred->key_len);
    335 			os_free(bss->ssid.wpa_psk);
    336 			bss->ssid.wpa_psk = NULL;
    337 		} else if (cred->key_len == 64) {
    338 			os_free(bss->ssid.wpa_psk);
    339 			bss->ssid.wpa_psk =
    340 				os_zalloc(sizeof(struct hostapd_wpa_psk));
    341 			if (bss->ssid.wpa_psk &&
    342 			    hexstr2bin((const char *) cred->key,
    343 				       bss->ssid.wpa_psk->psk, PMK_LEN) == 0) {
    344 				bss->ssid.wpa_psk->group = 1;
    345 				os_free(bss->ssid.wpa_passphrase);
    346 				bss->ssid.wpa_passphrase = NULL;
    347 			}
    348 		}
    349 		bss->auth_algs = 1;
    350 	} else {
    351 		if ((cred->auth_type & WPS_AUTH_OPEN) &&
    352 		    (cred->auth_type & WPS_AUTH_SHARED))
    353 			bss->auth_algs = 3;
    354 		else if (cred->auth_type & WPS_AUTH_SHARED)
    355 			bss->auth_algs = 2;
    356 		else
    357 			bss->auth_algs = 1;
    358 		if (cred->encr_type & WPS_ENCR_WEP && cred->key_idx > 0 &&
    359 		    cred->key_idx <= 4) {
    360 			struct hostapd_wep_keys *wep = &bss->ssid.wep;
    361 			int idx = cred->key_idx;
    362 			if (idx)
    363 				idx--;
    364 			wep->idx = idx;
    365 			if (cred->key_len == 10 || cred->key_len == 26) {
    366 				os_free(wep->key[idx]);
    367 				wep->key[idx] = os_malloc(cred->key_len / 2);
    368 				if (wep->key[idx] == NULL ||
    369 				    hexstr2bin((const char *) cred->key,
    370 					       wep->key[idx],
    371 					       cred->key_len / 2))
    372 					return -1;
    373 				wep->len[idx] = cred->key_len / 2;
    374 			} else {
    375 				os_free(wep->key[idx]);
    376 				wep->key[idx] = os_malloc(cred->key_len);
    377 				if (wep->key[idx] == NULL)
    378 					return -1;
    379 				os_memcpy(wep->key[idx], cred->key,
    380 					  cred->key_len);
    381 				wep->len[idx] = cred->key_len;
    382 			}
    383 			wep->keys_set = 1;
    384 		}
    385 	}
    386 
    387 	/* Schedule configuration reload after short period of time to allow
    388 	 * EAP-WSC to be finished.
    389 	 */
    390 	eloop_register_timeout(0, 100000, wps_reload_config, hapd->iface,
    391 			       NULL);
    392 
    393 	return 0;
    394 }
    395 
    396 
    397 static int hapd_wps_cred_cb(struct hostapd_data *hapd, void *ctx)
    398 {
    399 	const struct wps_credential *cred = ctx;
    400 	FILE *oconf, *nconf;
    401 	size_t len, i;
    402 	char *tmp_fname;
    403 	char buf[1024];
    404 	int multi_bss;
    405 	int wpa;
    406 
    407 	if (hapd->wps == NULL)
    408 		return 0;
    409 
    410 	wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute",
    411 			cred->cred_attr, cred->cred_attr_len);
    412 
    413 	wpa_printf(MSG_DEBUG, "WPS: Received new AP Settings");
    414 	wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", cred->ssid, cred->ssid_len);
    415 	wpa_printf(MSG_DEBUG, "WPS: Authentication Type 0x%x",
    416 		   cred->auth_type);
    417 	wpa_printf(MSG_DEBUG, "WPS: Encryption Type 0x%x", cred->encr_type);
    418 	wpa_printf(MSG_DEBUG, "WPS: Network Key Index %d", cred->key_idx);
    419 	wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key",
    420 			cred->key, cred->key_len);
    421 	wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR,
    422 		   MAC2STR(cred->mac_addr));
    423 
    424 	if ((hapd->conf->wps_cred_processing == 1 ||
    425 	     hapd->conf->wps_cred_processing == 2) && cred->cred_attr) {
    426 		hapd_new_ap_event(hapd, cred->cred_attr, cred->cred_attr_len);
    427 	} else if (hapd->conf->wps_cred_processing == 1 ||
    428 		   hapd->conf->wps_cred_processing == 2) {
    429 		struct wpabuf *attr;
    430 		attr = wpabuf_alloc(200);
    431 		if (attr && wps_build_credential_wrap(attr, cred) == 0)
    432 			hapd_new_ap_event(hapd, wpabuf_head_u8(attr),
    433 					  wpabuf_len(attr));
    434 		wpabuf_free(attr);
    435 	} else
    436 		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_NEW_AP_SETTINGS);
    437 
    438 	if (hapd->conf->wps_cred_processing == 1)
    439 		return 0;
    440 
    441 	os_memcpy(hapd->wps->ssid, cred->ssid, cred->ssid_len);
    442 	hapd->wps->ssid_len = cred->ssid_len;
    443 	hapd->wps->encr_types = cred->encr_type;
    444 	hapd->wps->auth_types = cred->auth_type;
    445 	if (cred->key_len == 0) {
    446 		os_free(hapd->wps->network_key);
    447 		hapd->wps->network_key = NULL;
    448 		hapd->wps->network_key_len = 0;
    449 	} else {
    450 		if (hapd->wps->network_key == NULL ||
    451 		    hapd->wps->network_key_len < cred->key_len) {
    452 			hapd->wps->network_key_len = 0;
    453 			os_free(hapd->wps->network_key);
    454 			hapd->wps->network_key = os_malloc(cred->key_len);
    455 			if (hapd->wps->network_key == NULL)
    456 				return -1;
    457 		}
    458 		hapd->wps->network_key_len = cred->key_len;
    459 		os_memcpy(hapd->wps->network_key, cred->key, cred->key_len);
    460 	}
    461 	hapd->wps->wps_state = WPS_STATE_CONFIGURED;
    462 
    463 	if (hapd->iface->config_fname == NULL)
    464 		return hapd_wps_reconfig_in_memory(hapd, cred);
    465 	len = os_strlen(hapd->iface->config_fname) + 5;
    466 	tmp_fname = os_malloc(len);
    467 	if (tmp_fname == NULL)
    468 		return -1;
    469 	os_snprintf(tmp_fname, len, "%s-new", hapd->iface->config_fname);
    470 
    471 	oconf = fopen(hapd->iface->config_fname, "r");
    472 	if (oconf == NULL) {
    473 		wpa_printf(MSG_WARNING, "WPS: Could not open current "
    474 			   "configuration file");
    475 		os_free(tmp_fname);
    476 		return -1;
    477 	}
    478 
    479 	nconf = fopen(tmp_fname, "w");
    480 	if (nconf == NULL) {
    481 		wpa_printf(MSG_WARNING, "WPS: Could not write updated "
    482 			   "configuration file");
    483 		os_free(tmp_fname);
    484 		fclose(oconf);
    485 		return -1;
    486 	}
    487 
    488 	fprintf(nconf, "# WPS configuration - START\n");
    489 
    490 	fprintf(nconf, "wps_state=2\n");
    491 
    492 	if (is_hex(cred->ssid, cred->ssid_len)) {
    493 		fprintf(nconf, "ssid2=");
    494 		for (i = 0; i < cred->ssid_len; i++)
    495 			fprintf(nconf, "%02x", cred->ssid[i]);
    496 		fprintf(nconf, "\n");
    497 	} else {
    498 		fprintf(nconf, "ssid=");
    499 		for (i = 0; i < cred->ssid_len; i++)
    500 			fputc(cred->ssid[i], nconf);
    501 		fprintf(nconf, "\n");
    502 	}
    503 
    504 	if ((cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK)) &&
    505 	    (cred->auth_type & (WPS_AUTH_WPA | WPS_AUTH_WPAPSK)))
    506 		wpa = 3;
    507 	else if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK))
    508 		wpa = 2;
    509 	else if (cred->auth_type & (WPS_AUTH_WPA | WPS_AUTH_WPAPSK))
    510 		wpa = 1;
    511 	else
    512 		wpa = 0;
    513 
    514 	if (wpa) {
    515 		char *prefix;
    516 		fprintf(nconf, "wpa=%d\n", wpa);
    517 
    518 		fprintf(nconf, "wpa_key_mgmt=");
    519 		prefix = "";
    520 		if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA)) {
    521 			fprintf(nconf, "WPA-EAP");
    522 			prefix = " ";
    523 		}
    524 		if (cred->auth_type & (WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK))
    525 			fprintf(nconf, "%sWPA-PSK", prefix);
    526 		fprintf(nconf, "\n");
    527 
    528 		fprintf(nconf, "wpa_pairwise=");
    529 		prefix = "";
    530 		if (cred->encr_type & WPS_ENCR_AES) {
    531 			fprintf(nconf, "CCMP");
    532 			prefix = " ";
    533 		}
    534 		if (cred->encr_type & WPS_ENCR_TKIP) {
    535 			fprintf(nconf, "%sTKIP", prefix);
    536 		}
    537 		fprintf(nconf, "\n");
    538 
    539 		if (cred->key_len >= 8 && cred->key_len < 64) {
    540 			fprintf(nconf, "wpa_passphrase=");
    541 			for (i = 0; i < cred->key_len; i++)
    542 				fputc(cred->key[i], nconf);
    543 			fprintf(nconf, "\n");
    544 		} else if (cred->key_len == 64) {
    545 			fprintf(nconf, "wpa_psk=");
    546 			for (i = 0; i < cred->key_len; i++)
    547 				fputc(cred->key[i], nconf);
    548 			fprintf(nconf, "\n");
    549 		} else {
    550 			wpa_printf(MSG_WARNING, "WPS: Invalid key length %lu "
    551 				   "for WPA/WPA2",
    552 				   (unsigned long) cred->key_len);
    553 		}
    554 
    555 		fprintf(nconf, "auth_algs=1\n");
    556 	} else {
    557 		if ((cred->auth_type & WPS_AUTH_OPEN) &&
    558 		    (cred->auth_type & WPS_AUTH_SHARED))
    559 			fprintf(nconf, "auth_algs=3\n");
    560 		else if (cred->auth_type & WPS_AUTH_SHARED)
    561 			fprintf(nconf, "auth_algs=2\n");
    562 		else
    563 			fprintf(nconf, "auth_algs=1\n");
    564 
    565 		if (cred->encr_type & WPS_ENCR_WEP && cred->key_idx <= 4) {
    566 			int key_idx = cred->key_idx;
    567 			if (key_idx)
    568 				key_idx--;
    569 			fprintf(nconf, "wep_default_key=%d\n", key_idx);
    570 			fprintf(nconf, "wep_key%d=", key_idx);
    571 			if (cred->key_len == 10 || cred->key_len == 26) {
    572 				/* WEP key as a hex string */
    573 				for (i = 0; i < cred->key_len; i++)
    574 					fputc(cred->key[i], nconf);
    575 			} else {
    576 				/* Raw WEP key; convert to hex */
    577 				for (i = 0; i < cred->key_len; i++)
    578 					fprintf(nconf, "%02x", cred->key[i]);
    579 			}
    580 			fprintf(nconf, "\n");
    581 		}
    582 	}
    583 
    584 	fprintf(nconf, "# WPS configuration - END\n");
    585 
    586 	multi_bss = 0;
    587 	while (fgets(buf, sizeof(buf), oconf)) {
    588 		if (os_strncmp(buf, "bss=", 4) == 0)
    589 			multi_bss = 1;
    590 		if (!multi_bss &&
    591 		    (str_starts(buf, "ssid=") ||
    592 		     str_starts(buf, "ssid2=") ||
    593 		     str_starts(buf, "auth_algs=") ||
    594 		     str_starts(buf, "wep_default_key=") ||
    595 		     str_starts(buf, "wep_key") ||
    596 		     str_starts(buf, "wps_state=") ||
    597 		     str_starts(buf, "wpa=") ||
    598 		     str_starts(buf, "wpa_psk=") ||
    599 		     str_starts(buf, "wpa_pairwise=") ||
    600 		     str_starts(buf, "rsn_pairwise=") ||
    601 		     str_starts(buf, "wpa_key_mgmt=") ||
    602 		     str_starts(buf, "wpa_passphrase="))) {
    603 			fprintf(nconf, "#WPS# %s", buf);
    604 		} else
    605 			fprintf(nconf, "%s", buf);
    606 	}
    607 
    608 	fclose(nconf);
    609 	fclose(oconf);
    610 
    611 	if (rename(tmp_fname, hapd->iface->config_fname) < 0) {
    612 		wpa_printf(MSG_WARNING, "WPS: Failed to rename the updated "
    613 			   "configuration file: %s", strerror(errno));
    614 		os_free(tmp_fname);
    615 		return -1;
    616 	}
    617 
    618 	os_free(tmp_fname);
    619 
    620 	/* Schedule configuration reload after short period of time to allow
    621 	 * EAP-WSC to be finished.
    622 	 */
    623 	eloop_register_timeout(0, 100000, wps_reload_config, hapd->iface,
    624 			       NULL);
    625 
    626 	wpa_printf(MSG_DEBUG, "WPS: AP configuration updated");
    627 
    628 	return 0;
    629 }
    630 
    631 
    632 static int hostapd_wps_cred_cb(void *ctx, const struct wps_credential *cred)
    633 {
    634 	struct hostapd_data *hapd = ctx;
    635 	return hostapd_wps_for_each(hapd, hapd_wps_cred_cb, (void *) cred);
    636 }
    637 
    638 
    639 static void hostapd_wps_reenable_ap_pin(void *eloop_data, void *user_ctx)
    640 {
    641 	struct hostapd_data *hapd = eloop_data;
    642 
    643 	if (hapd->conf->ap_setup_locked)
    644 		return;
    645 	if (hapd->ap_pin_failures_consecutive >= 10)
    646 		return;
    647 
    648 	wpa_printf(MSG_DEBUG, "WPS: Re-enable AP PIN");
    649 	wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_AP_SETUP_UNLOCKED);
    650 	hapd->wps->ap_setup_locked = 0;
    651 	wps_registrar_update_ie(hapd->wps->registrar);
    652 }
    653 
    654 
    655 static int wps_pwd_auth_fail(struct hostapd_data *hapd, void *ctx)
    656 {
    657 	struct wps_event_pwd_auth_fail *data = ctx;
    658 
    659 	if (!data->enrollee || hapd->conf->ap_pin == NULL || hapd->wps == NULL)
    660 		return 0;
    661 
    662 	/*
    663 	 * Registrar failed to prove its knowledge of the AP PIN. Lock AP setup
    664 	 * for some time if this happens multiple times to slow down brute
    665 	 * force attacks.
    666 	 */
    667 	hapd->ap_pin_failures++;
    668 	hapd->ap_pin_failures_consecutive++;
    669 	wpa_printf(MSG_DEBUG, "WPS: AP PIN authentication failure number %u "
    670 		   "(%u consecutive)",
    671 		   hapd->ap_pin_failures, hapd->ap_pin_failures_consecutive);
    672 	if (hapd->ap_pin_failures < 3)
    673 		return 0;
    674 
    675 	wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_AP_SETUP_LOCKED);
    676 	hapd->wps->ap_setup_locked = 1;
    677 
    678 	wps_registrar_update_ie(hapd->wps->registrar);
    679 
    680 	if (!hapd->conf->ap_setup_locked &&
    681 	    hapd->ap_pin_failures_consecutive >= 10) {
    682 		/*
    683 		 * In indefinite lockdown - disable automatic AP PIN
    684 		 * reenablement.
    685 		 */
    686 		eloop_cancel_timeout(hostapd_wps_reenable_ap_pin, hapd, NULL);
    687 		wpa_printf(MSG_DEBUG, "WPS: AP PIN disabled indefinitely");
    688 	} else if (!hapd->conf->ap_setup_locked) {
    689 		if (hapd->ap_pin_lockout_time == 0)
    690 			hapd->ap_pin_lockout_time = 60;
    691 		else if (hapd->ap_pin_lockout_time < 365 * 24 * 60 * 60 &&
    692 			 (hapd->ap_pin_failures % 3) == 0)
    693 			hapd->ap_pin_lockout_time *= 2;
    694 
    695 		wpa_printf(MSG_DEBUG, "WPS: Disable AP PIN for %u seconds",
    696 			   hapd->ap_pin_lockout_time);
    697 		eloop_cancel_timeout(hostapd_wps_reenable_ap_pin, hapd, NULL);
    698 		eloop_register_timeout(hapd->ap_pin_lockout_time, 0,
    699 				       hostapd_wps_reenable_ap_pin, hapd,
    700 				       NULL);
    701 	}
    702 
    703 	return 0;
    704 }
    705 
    706 
    707 static void hostapd_pwd_auth_fail(struct hostapd_data *hapd,
    708 				  struct wps_event_pwd_auth_fail *data)
    709 {
    710 	hostapd_wps_for_each(hapd, wps_pwd_auth_fail, data);
    711 }
    712 
    713 
    714 static int wps_ap_pin_success(struct hostapd_data *hapd, void *ctx)
    715 {
    716 	if (hapd->conf->ap_pin == NULL || hapd->wps == NULL)
    717 		return 0;
    718 
    719 	if (hapd->ap_pin_failures_consecutive == 0)
    720 		return 0;
    721 
    722 	wpa_printf(MSG_DEBUG, "WPS: Clear consecutive AP PIN failure counter "
    723 		   "- total validation failures %u (%u consecutive)",
    724 		   hapd->ap_pin_failures, hapd->ap_pin_failures_consecutive);
    725 	hapd->ap_pin_failures_consecutive = 0;
    726 
    727 	return 0;
    728 }
    729 
    730 
    731 static void hostapd_wps_ap_pin_success(struct hostapd_data *hapd)
    732 {
    733 	hostapd_wps_for_each(hapd, wps_ap_pin_success, NULL);
    734 }
    735 
    736 
    737 static const char * wps_event_fail_reason[NUM_WPS_EI_VALUES] = {
    738 	"No Error", /* WPS_EI_NO_ERROR */
    739 	"TKIP Only Prohibited", /* WPS_EI_SECURITY_TKIP_ONLY_PROHIBITED */
    740 	"WEP Prohibited" /* WPS_EI_SECURITY_WEP_PROHIBITED */
    741 };
    742 
    743 static void hostapd_wps_event_fail(struct hostapd_data *hapd,
    744 				   struct wps_event_fail *fail)
    745 {
    746 	if (fail->error_indication > 0 &&
    747 	    fail->error_indication < NUM_WPS_EI_VALUES) {
    748 		wpa_msg(hapd->msg_ctx, MSG_INFO,
    749 			WPS_EVENT_FAIL "msg=%d config_error=%d reason=%d (%s)",
    750 			fail->msg, fail->config_error, fail->error_indication,
    751 			wps_event_fail_reason[fail->error_indication]);
    752 	} else {
    753 		wpa_msg(hapd->msg_ctx, MSG_INFO,
    754 			WPS_EVENT_FAIL "msg=%d config_error=%d",
    755 			fail->msg, fail->config_error);
    756 	}
    757 }
    758 
    759 
    760 static void hostapd_wps_event_cb(void *ctx, enum wps_event event,
    761 				 union wps_event_data *data)
    762 {
    763 	struct hostapd_data *hapd = ctx;
    764 
    765 	switch (event) {
    766 	case WPS_EV_M2D:
    767 		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_M2D);
    768 		break;
    769 	case WPS_EV_FAIL:
    770 		hostapd_wps_event_fail(hapd, &data->fail);
    771 		break;
    772 	case WPS_EV_SUCCESS:
    773 		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_SUCCESS);
    774 		break;
    775 	case WPS_EV_PWD_AUTH_FAIL:
    776 		hostapd_pwd_auth_fail(hapd, &data->pwd_auth_fail);
    777 		break;
    778 	case WPS_EV_PBC_OVERLAP:
    779 		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_OVERLAP);
    780 		break;
    781 	case WPS_EV_PBC_TIMEOUT:
    782 		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_TIMEOUT);
    783 		break;
    784 	case WPS_EV_ER_AP_ADD:
    785 		break;
    786 	case WPS_EV_ER_AP_REMOVE:
    787 		break;
    788 	case WPS_EV_ER_ENROLLEE_ADD:
    789 		break;
    790 	case WPS_EV_ER_ENROLLEE_REMOVE:
    791 		break;
    792 	case WPS_EV_ER_AP_SETTINGS:
    793 		break;
    794 	case WPS_EV_ER_SET_SELECTED_REGISTRAR:
    795 		break;
    796 	case WPS_EV_AP_PIN_SUCCESS:
    797 		hostapd_wps_ap_pin_success(hapd);
    798 		break;
    799 	}
    800 	if (hapd->wps_event_cb)
    801 		hapd->wps_event_cb(hapd->wps_event_cb_ctx, event, data);
    802 }
    803 
    804 
    805 static void hostapd_wps_clear_ies(struct hostapd_data *hapd)
    806 {
    807 	wpabuf_free(hapd->wps_beacon_ie);
    808 	hapd->wps_beacon_ie = NULL;
    809 
    810 	wpabuf_free(hapd->wps_probe_resp_ie);
    811 	hapd->wps_probe_resp_ie = NULL;
    812 
    813 	hostapd_set_ap_wps_ie(hapd);
    814 }
    815 
    816 
    817 static int get_uuid_cb(struct hostapd_iface *iface, void *ctx)
    818 {
    819 	const u8 **uuid = ctx;
    820 	size_t j;
    821 
    822 	if (iface == NULL)
    823 		return 0;
    824 	for (j = 0; j < iface->num_bss; j++) {
    825 		struct hostapd_data *hapd = iface->bss[j];
    826 		if (hapd->wps && !hapd->conf->wps_independent &&
    827 		    !is_nil_uuid(hapd->wps->uuid)) {
    828 			*uuid = hapd->wps->uuid;
    829 			return 1;
    830 		}
    831 	}
    832 
    833 	return 0;
    834 }
    835 
    836 
    837 static const u8 * get_own_uuid(struct hostapd_iface *iface)
    838 {
    839 	const u8 *uuid;
    840 	if (iface->interfaces == NULL ||
    841 	    iface->interfaces->for_each_interface == NULL)
    842 		return NULL;
    843 	uuid = NULL;
    844 	iface->interfaces->for_each_interface(iface->interfaces, get_uuid_cb,
    845 					      &uuid);
    846 	return uuid;
    847 }
    848 
    849 
    850 static int count_interface_cb(struct hostapd_iface *iface, void *ctx)
    851 {
    852 	int *count= ctx;
    853 	(*count)++;
    854 	return 0;
    855 }
    856 
    857 
    858 static int interface_count(struct hostapd_iface *iface)
    859 {
    860 	int count = 0;
    861 	if (iface->interfaces == NULL ||
    862 	    iface->interfaces->for_each_interface == NULL)
    863 		return 0;
    864 	iface->interfaces->for_each_interface(iface->interfaces,
    865 					      count_interface_cb, &count);
    866 	return count;
    867 }
    868 
    869 
    870 static int hostapd_wps_set_vendor_ext(struct hostapd_data *hapd,
    871 				      struct wps_context *wps)
    872 {
    873 	int i;
    874 
    875 	for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++) {
    876 		wpabuf_free(wps->dev.vendor_ext[i]);
    877 		wps->dev.vendor_ext[i] = NULL;
    878 
    879 		if (hapd->conf->wps_vendor_ext[i] == NULL)
    880 			continue;
    881 
    882 		wps->dev.vendor_ext[i] =
    883 			wpabuf_dup(hapd->conf->wps_vendor_ext[i]);
    884 		if (wps->dev.vendor_ext[i] == NULL) {
    885 			while (--i >= 0)
    886 				wpabuf_free(wps->dev.vendor_ext[i]);
    887 			return -1;
    888 		}
    889 	}
    890 
    891 	return 0;
    892 }
    893 
    894 
    895 int hostapd_init_wps(struct hostapd_data *hapd,
    896 		     struct hostapd_bss_config *conf)
    897 {
    898 	struct wps_context *wps;
    899 	struct wps_registrar_config cfg;
    900 
    901 	if (conf->wps_state == 0) {
    902 		hostapd_wps_clear_ies(hapd);
    903 		return 0;
    904 	}
    905 
    906 	wps = os_zalloc(sizeof(*wps));
    907 	if (wps == NULL)
    908 		return -1;
    909 
    910 	wps->cred_cb = hostapd_wps_cred_cb;
    911 	wps->event_cb = hostapd_wps_event_cb;
    912 	wps->cb_ctx = hapd;
    913 
    914 	os_memset(&cfg, 0, sizeof(cfg));
    915 	wps->wps_state = hapd->conf->wps_state;
    916 	wps->ap_setup_locked = hapd->conf->ap_setup_locked;
    917 	if (is_nil_uuid(hapd->conf->uuid)) {
    918 		const u8 *uuid;
    919 		uuid = get_own_uuid(hapd->iface);
    920 		if (uuid && !conf->wps_independent) {
    921 			os_memcpy(wps->uuid, uuid, UUID_LEN);
    922 			wpa_hexdump(MSG_DEBUG, "WPS: Clone UUID from another "
    923 				    "interface", wps->uuid, UUID_LEN);
    924 		} else {
    925 			uuid_gen_mac_addr(hapd->own_addr, wps->uuid);
    926 			wpa_hexdump(MSG_DEBUG, "WPS: UUID based on MAC "
    927 				    "address", wps->uuid, UUID_LEN);
    928 		}
    929 	} else {
    930 		os_memcpy(wps->uuid, hapd->conf->uuid, UUID_LEN);
    931 		wpa_hexdump(MSG_DEBUG, "WPS: Use configured UUID",
    932 			    wps->uuid, UUID_LEN);
    933 	}
    934 	wps->ssid_len = hapd->conf->ssid.ssid_len;
    935 	os_memcpy(wps->ssid, hapd->conf->ssid.ssid, wps->ssid_len);
    936 	wps->ap = 1;
    937 	os_memcpy(wps->dev.mac_addr, hapd->own_addr, ETH_ALEN);
    938 	wps->dev.device_name = hapd->conf->device_name ?
    939 		os_strdup(hapd->conf->device_name) : NULL;
    940 	wps->dev.manufacturer = hapd->conf->manufacturer ?
    941 		os_strdup(hapd->conf->manufacturer) : NULL;
    942 	wps->dev.model_name = hapd->conf->model_name ?
    943 		os_strdup(hapd->conf->model_name) : NULL;
    944 	wps->dev.model_number = hapd->conf->model_number ?
    945 		os_strdup(hapd->conf->model_number) : NULL;
    946 	wps->dev.serial_number = hapd->conf->serial_number ?
    947 		os_strdup(hapd->conf->serial_number) : NULL;
    948 	wps->config_methods =
    949 		wps_config_methods_str2bin(hapd->conf->config_methods);
    950 #ifdef CONFIG_WPS2
    951 	if ((wps->config_methods &
    952 	     (WPS_CONFIG_DISPLAY | WPS_CONFIG_VIRT_DISPLAY |
    953 	      WPS_CONFIG_PHY_DISPLAY)) == WPS_CONFIG_DISPLAY) {
    954 		wpa_printf(MSG_INFO, "WPS: Converting display to "
    955 			   "virtual_display for WPS 2.0 compliance");
    956 		wps->config_methods |= WPS_CONFIG_VIRT_DISPLAY;
    957 	}
    958 	if ((wps->config_methods &
    959 	     (WPS_CONFIG_PUSHBUTTON | WPS_CONFIG_VIRT_PUSHBUTTON |
    960 	      WPS_CONFIG_PHY_PUSHBUTTON)) == WPS_CONFIG_PUSHBUTTON) {
    961 		wpa_printf(MSG_INFO, "WPS: Converting push_button to "
    962 			   "virtual_push_button for WPS 2.0 compliance");
    963 		wps->config_methods |= WPS_CONFIG_VIRT_PUSHBUTTON;
    964 	}
    965 #endif /* CONFIG_WPS2 */
    966 	os_memcpy(wps->dev.pri_dev_type, hapd->conf->device_type,
    967 		  WPS_DEV_TYPE_LEN);
    968 
    969 	if (hostapd_wps_set_vendor_ext(hapd, wps) < 0) {
    970 		os_free(wps);
    971 		return -1;
    972 	}
    973 
    974 	wps->dev.os_version = WPA_GET_BE32(hapd->conf->os_version);
    975 
    976 	if (conf->wps_rf_bands) {
    977 		wps->dev.rf_bands = conf->wps_rf_bands;
    978 	} else {
    979 		wps->dev.rf_bands =
    980 			hapd->iconf->hw_mode == HOSTAPD_MODE_IEEE80211A ?
    981 			WPS_RF_50GHZ : WPS_RF_24GHZ; /* FIX: dualband AP */
    982 	}
    983 
    984 	if (conf->wpa & WPA_PROTO_RSN) {
    985 		if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK)
    986 			wps->auth_types |= WPS_AUTH_WPA2PSK;
    987 		if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X)
    988 			wps->auth_types |= WPS_AUTH_WPA2;
    989 
    990 		if (conf->rsn_pairwise & WPA_CIPHER_CCMP)
    991 			wps->encr_types |= WPS_ENCR_AES;
    992 		if (conf->rsn_pairwise & WPA_CIPHER_TKIP)
    993 			wps->encr_types |= WPS_ENCR_TKIP;
    994 	}
    995 
    996 	if (conf->wpa & WPA_PROTO_WPA) {
    997 		if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK)
    998 			wps->auth_types |= WPS_AUTH_WPAPSK;
    999 		if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X)
   1000 			wps->auth_types |= WPS_AUTH_WPA;
   1001 
   1002 		if (conf->wpa_pairwise & WPA_CIPHER_CCMP)
   1003 			wps->encr_types |= WPS_ENCR_AES;
   1004 		if (conf->wpa_pairwise & WPA_CIPHER_TKIP)
   1005 			wps->encr_types |= WPS_ENCR_TKIP;
   1006 	}
   1007 
   1008 	if (conf->ssid.security_policy == SECURITY_PLAINTEXT) {
   1009 		wps->encr_types |= WPS_ENCR_NONE;
   1010 		wps->auth_types |= WPS_AUTH_OPEN;
   1011 	} else if (conf->ssid.security_policy == SECURITY_STATIC_WEP) {
   1012 		wps->encr_types |= WPS_ENCR_WEP;
   1013 		if (conf->auth_algs & WPA_AUTH_ALG_OPEN)
   1014 			wps->auth_types |= WPS_AUTH_OPEN;
   1015 		if (conf->auth_algs & WPA_AUTH_ALG_SHARED)
   1016 			wps->auth_types |= WPS_AUTH_SHARED;
   1017 	} else if (conf->ssid.security_policy == SECURITY_IEEE_802_1X) {
   1018 		wps->auth_types |= WPS_AUTH_OPEN;
   1019 		if (conf->default_wep_key_len)
   1020 			wps->encr_types |= WPS_ENCR_WEP;
   1021 		else
   1022 			wps->encr_types |= WPS_ENCR_NONE;
   1023 	}
   1024 
   1025 	if (conf->ssid.wpa_psk_file) {
   1026 		/* Use per-device PSKs */
   1027 	} else if (conf->ssid.wpa_passphrase) {
   1028 		wps->network_key = (u8 *) os_strdup(conf->ssid.wpa_passphrase);
   1029 		wps->network_key_len = os_strlen(conf->ssid.wpa_passphrase);
   1030 	} else if (conf->ssid.wpa_psk) {
   1031 		wps->network_key = os_malloc(2 * PMK_LEN + 1);
   1032 		if (wps->network_key == NULL) {
   1033 			os_free(wps);
   1034 			return -1;
   1035 		}
   1036 		wpa_snprintf_hex((char *) wps->network_key, 2 * PMK_LEN + 1,
   1037 				 conf->ssid.wpa_psk->psk, PMK_LEN);
   1038 		wps->network_key_len = 2 * PMK_LEN;
   1039 	} else if (conf->ssid.wep.keys_set && conf->ssid.wep.key[0]) {
   1040 		wps->network_key = os_malloc(conf->ssid.wep.len[0]);
   1041 		if (wps->network_key == NULL) {
   1042 			os_free(wps);
   1043 			return -1;
   1044 		}
   1045 		os_memcpy(wps->network_key, conf->ssid.wep.key[0],
   1046 			  conf->ssid.wep.len[0]);
   1047 		wps->network_key_len = conf->ssid.wep.len[0];
   1048 	}
   1049 
   1050 	if (conf->ssid.wpa_psk) {
   1051 		os_memcpy(wps->psk, conf->ssid.wpa_psk->psk, PMK_LEN);
   1052 		wps->psk_set = 1;
   1053 	}
   1054 
   1055 	if (conf->wps_state == WPS_STATE_NOT_CONFIGURED) {
   1056 		/* Override parameters to enable security by default */
   1057 		wps->auth_types = WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK;
   1058 		wps->encr_types = WPS_ENCR_AES | WPS_ENCR_TKIP;
   1059 	}
   1060 
   1061 	wps->ap_settings = conf->ap_settings;
   1062 	wps->ap_settings_len = conf->ap_settings_len;
   1063 
   1064 	cfg.new_psk_cb = hostapd_wps_new_psk_cb;
   1065 	cfg.set_ie_cb = hostapd_wps_set_ie_cb;
   1066 	cfg.pin_needed_cb = hostapd_wps_pin_needed_cb;
   1067 	cfg.reg_success_cb = hostapd_wps_reg_success_cb;
   1068 	cfg.enrollee_seen_cb = hostapd_wps_enrollee_seen_cb;
   1069 	cfg.cb_ctx = hapd;
   1070 	cfg.skip_cred_build = conf->skip_cred_build;
   1071 	cfg.extra_cred = conf->extra_cred;
   1072 	cfg.extra_cred_len = conf->extra_cred_len;
   1073 	cfg.disable_auto_conf = (hapd->conf->wps_cred_processing == 1) &&
   1074 		conf->skip_cred_build;
   1075 	if (conf->ssid.security_policy == SECURITY_STATIC_WEP)
   1076 		cfg.static_wep_only = 1;
   1077 	cfg.dualband = interface_count(hapd->iface) > 1;
   1078 	if ((wps->dev.rf_bands & (WPS_RF_50GHZ | WPS_RF_24GHZ)) ==
   1079 	    (WPS_RF_50GHZ | WPS_RF_24GHZ))
   1080 		cfg.dualband = 1;
   1081 	if (cfg.dualband)
   1082 		wpa_printf(MSG_DEBUG, "WPS: Dualband AP");
   1083 
   1084 	wps->registrar = wps_registrar_init(wps, &cfg);
   1085 	if (wps->registrar == NULL) {
   1086 		wpa_printf(MSG_ERROR, "Failed to initialize WPS Registrar");
   1087 		os_free(wps->network_key);
   1088 		os_free(wps);
   1089 		return -1;
   1090 	}
   1091 
   1092 #ifdef CONFIG_WPS_UPNP
   1093 	wps->friendly_name = hapd->conf->friendly_name;
   1094 	wps->manufacturer_url = hapd->conf->manufacturer_url;
   1095 	wps->model_description = hapd->conf->model_description;
   1096 	wps->model_url = hapd->conf->model_url;
   1097 	wps->upc = hapd->conf->upc;
   1098 #endif /* CONFIG_WPS_UPNP */
   1099 
   1100 	hostapd_register_probereq_cb(hapd, hostapd_wps_probe_req_rx, hapd);
   1101 
   1102 	hapd->wps = wps;
   1103 
   1104 	return 0;
   1105 }
   1106 
   1107 
   1108 int hostapd_init_wps_complete(struct hostapd_data *hapd)
   1109 {
   1110 	struct wps_context *wps = hapd->wps;
   1111 
   1112 	if (wps == NULL)
   1113 		return 0;
   1114 
   1115 #ifdef CONFIG_WPS_UPNP
   1116 	if (hostapd_wps_upnp_init(hapd, wps) < 0) {
   1117 		wpa_printf(MSG_ERROR, "Failed to initialize WPS UPnP");
   1118 		wps_registrar_deinit(wps->registrar);
   1119 		os_free(wps->network_key);
   1120 		os_free(wps);
   1121 		hapd->wps = NULL;
   1122 		return -1;
   1123 	}
   1124 #endif /* CONFIG_WPS_UPNP */
   1125 
   1126 	return 0;
   1127 }
   1128 
   1129 
   1130 static void hostapd_wps_nfc_clear(struct wps_context *wps)
   1131 {
   1132 #ifdef CONFIG_WPS_NFC
   1133 	wps->ap_nfc_dev_pw_id = 0;
   1134 	wpabuf_free(wps->ap_nfc_dh_pubkey);
   1135 	wps->ap_nfc_dh_pubkey = NULL;
   1136 	wpabuf_free(wps->ap_nfc_dh_privkey);
   1137 	wps->ap_nfc_dh_privkey = NULL;
   1138 	wpabuf_free(wps->ap_nfc_dev_pw);
   1139 	wps->ap_nfc_dev_pw = NULL;
   1140 #endif /* CONFIG_WPS_NFC */
   1141 }
   1142 
   1143 
   1144 void hostapd_deinit_wps(struct hostapd_data *hapd)
   1145 {
   1146 	eloop_cancel_timeout(hostapd_wps_reenable_ap_pin, hapd, NULL);
   1147 	eloop_cancel_timeout(hostapd_wps_ap_pin_timeout, hapd, NULL);
   1148 	if (hapd->wps == NULL)
   1149 		return;
   1150 #ifdef CONFIG_WPS_UPNP
   1151 	hostapd_wps_upnp_deinit(hapd);
   1152 #endif /* CONFIG_WPS_UPNP */
   1153 	wps_registrar_deinit(hapd->wps->registrar);
   1154 	os_free(hapd->wps->network_key);
   1155 	wps_device_data_free(&hapd->wps->dev);
   1156 	wpabuf_free(hapd->wps->dh_pubkey);
   1157 	wpabuf_free(hapd->wps->dh_privkey);
   1158 	wps_free_pending_msgs(hapd->wps->upnp_msgs);
   1159 	hostapd_wps_nfc_clear(hapd->wps);
   1160 	os_free(hapd->wps);
   1161 	hapd->wps = NULL;
   1162 	hostapd_wps_clear_ies(hapd);
   1163 }
   1164 
   1165 
   1166 void hostapd_update_wps(struct hostapd_data *hapd)
   1167 {
   1168 	if (hapd->wps == NULL)
   1169 		return;
   1170 
   1171 #ifdef CONFIG_WPS_UPNP
   1172 	hapd->wps->friendly_name = hapd->conf->friendly_name;
   1173 	hapd->wps->manufacturer_url = hapd->conf->manufacturer_url;
   1174 	hapd->wps->model_description = hapd->conf->model_description;
   1175 	hapd->wps->model_url = hapd->conf->model_url;
   1176 	hapd->wps->upc = hapd->conf->upc;
   1177 #endif /* CONFIG_WPS_UPNP */
   1178 
   1179 	hostapd_wps_set_vendor_ext(hapd, hapd->wps);
   1180 
   1181 	if (hapd->conf->wps_state)
   1182 		wps_registrar_update_ie(hapd->wps->registrar);
   1183 	else
   1184 		hostapd_deinit_wps(hapd);
   1185 }
   1186 
   1187 
   1188 struct wps_add_pin_data {
   1189 	const u8 *addr;
   1190 	const u8 *uuid;
   1191 	const u8 *pin;
   1192 	size_t pin_len;
   1193 	int timeout;
   1194 	int added;
   1195 };
   1196 
   1197 
   1198 static int wps_add_pin(struct hostapd_data *hapd, void *ctx)
   1199 {
   1200 	struct wps_add_pin_data *data = ctx;
   1201 	int ret;
   1202 
   1203 	if (hapd->wps == NULL)
   1204 		return 0;
   1205 	ret = wps_registrar_add_pin(hapd->wps->registrar, data->addr,
   1206 				    data->uuid, data->pin, data->pin_len,
   1207 				    data->timeout);
   1208 	if (ret == 0)
   1209 		data->added++;
   1210 	return ret;
   1211 }
   1212 
   1213 
   1214 int hostapd_wps_add_pin(struct hostapd_data *hapd, const u8 *addr,
   1215 			const char *uuid, const char *pin, int timeout)
   1216 {
   1217 	u8 u[UUID_LEN];
   1218 	struct wps_add_pin_data data;
   1219 
   1220 	data.addr = addr;
   1221 	data.uuid = u;
   1222 	data.pin = (const u8 *) pin;
   1223 	data.pin_len = os_strlen(pin);
   1224 	data.timeout = timeout;
   1225 	data.added = 0;
   1226 
   1227 	if (os_strcmp(uuid, "any") == 0)
   1228 		data.uuid = NULL;
   1229 	else {
   1230 		if (uuid_str2bin(uuid, u))
   1231 			return -1;
   1232 		data.uuid = u;
   1233 	}
   1234 	if (hostapd_wps_for_each(hapd, wps_add_pin, &data) < 0)
   1235 		return -1;
   1236 	return data.added ? 0 : -1;
   1237 }
   1238 
   1239 
   1240 static int wps_button_pushed(struct hostapd_data *hapd, void *ctx)
   1241 {
   1242 	const u8 *p2p_dev_addr = ctx;
   1243 	if (hapd->wps == NULL)
   1244 		return 0;
   1245 	return wps_registrar_button_pushed(hapd->wps->registrar, p2p_dev_addr);
   1246 }
   1247 
   1248 
   1249 int hostapd_wps_button_pushed(struct hostapd_data *hapd,
   1250 			      const u8 *p2p_dev_addr)
   1251 {
   1252 	return hostapd_wps_for_each(hapd, wps_button_pushed,
   1253 				    (void *) p2p_dev_addr);
   1254 }
   1255 
   1256 
   1257 static int wps_cancel(struct hostapd_data *hapd, void *ctx)
   1258 {
   1259 	if (hapd->wps == NULL)
   1260 		return 0;
   1261 
   1262 	wps_registrar_wps_cancel(hapd->wps->registrar);
   1263 	ap_for_each_sta(hapd, ap_sta_wps_cancel, NULL);
   1264 
   1265 	return 0;
   1266 }
   1267 
   1268 
   1269 int hostapd_wps_cancel(struct hostapd_data *hapd)
   1270 {
   1271 	return hostapd_wps_for_each(hapd, wps_cancel, NULL);
   1272 }
   1273 
   1274 
   1275 static int hostapd_wps_probe_req_rx(void *ctx, const u8 *addr, const u8 *da,
   1276 				    const u8 *bssid,
   1277 				    const u8 *ie, size_t ie_len,
   1278 				    int ssi_signal)
   1279 {
   1280 	struct hostapd_data *hapd = ctx;
   1281 	struct wpabuf *wps_ie;
   1282 	struct ieee802_11_elems elems;
   1283 
   1284 	if (hapd->wps == NULL)
   1285 		return 0;
   1286 
   1287 	if (ieee802_11_parse_elems(ie, ie_len, &elems, 0) == ParseFailed) {
   1288 		wpa_printf(MSG_DEBUG, "WPS: Could not parse ProbeReq from "
   1289 			   MACSTR, MAC2STR(addr));
   1290 		return 0;
   1291 	}
   1292 
   1293 	if (elems.ssid && elems.ssid_len > 0 &&
   1294 	    (elems.ssid_len != hapd->conf->ssid.ssid_len ||
   1295 	     os_memcmp(elems.ssid, hapd->conf->ssid.ssid, elems.ssid_len) !=
   1296 	     0))
   1297 		return 0; /* Not for us */
   1298 
   1299 	wps_ie = ieee802_11_vendor_ie_concat(ie, ie_len, WPS_DEV_OUI_WFA);
   1300 	if (wps_ie == NULL)
   1301 		return 0;
   1302 	if (wps_validate_probe_req(wps_ie, addr) < 0) {
   1303 		wpabuf_free(wps_ie);
   1304 		return 0;
   1305 	}
   1306 
   1307 	if (wpabuf_len(wps_ie) > 0) {
   1308 		int p2p_wildcard = 0;
   1309 #ifdef CONFIG_P2P
   1310 		if (elems.ssid && elems.ssid_len == P2P_WILDCARD_SSID_LEN &&
   1311 		    os_memcmp(elems.ssid, P2P_WILDCARD_SSID,
   1312 			      P2P_WILDCARD_SSID_LEN) == 0)
   1313 			p2p_wildcard = 1;
   1314 #endif /* CONFIG_P2P */
   1315 		wps_registrar_probe_req_rx(hapd->wps->registrar, addr, wps_ie,
   1316 					   p2p_wildcard);
   1317 #ifdef CONFIG_WPS_UPNP
   1318 		/* FIX: what exactly should be included in the WLANEvent?
   1319 		 * WPS attributes? Full ProbeReq frame? */
   1320 		if (!p2p_wildcard)
   1321 			upnp_wps_device_send_wlan_event(
   1322 				hapd->wps_upnp, addr,
   1323 				UPNP_WPS_WLANEVENT_TYPE_PROBE, wps_ie);
   1324 #endif /* CONFIG_WPS_UPNP */
   1325 	}
   1326 
   1327 	wpabuf_free(wps_ie);
   1328 
   1329 	return 0;
   1330 }
   1331 
   1332 
   1333 #ifdef CONFIG_WPS_UPNP
   1334 
   1335 static int hostapd_rx_req_put_wlan_response(
   1336 	void *priv, enum upnp_wps_wlanevent_type ev_type,
   1337 	const u8 *mac_addr, const struct wpabuf *msg,
   1338 	enum wps_msg_type msg_type)
   1339 {
   1340 	struct hostapd_data *hapd = priv;
   1341 	struct sta_info *sta;
   1342 	struct upnp_pending_message *p;
   1343 
   1344 	wpa_printf(MSG_DEBUG, "WPS UPnP: PutWLANResponse ev_type=%d mac_addr="
   1345 		   MACSTR, ev_type, MAC2STR(mac_addr));
   1346 	wpa_hexdump(MSG_MSGDUMP, "WPS UPnP: PutWLANResponse NewMessage",
   1347 		    wpabuf_head(msg), wpabuf_len(msg));
   1348 	if (ev_type != UPNP_WPS_WLANEVENT_TYPE_EAP) {
   1349 		wpa_printf(MSG_DEBUG, "WPS UPnP: Ignored unexpected "
   1350 			   "PutWLANResponse WLANEventType %d", ev_type);
   1351 		return -1;
   1352 	}
   1353 
   1354 	/*
   1355 	 * EAP response to ongoing to WPS Registration. Send it to EAP-WSC
   1356 	 * server implementation for delivery to the peer.
   1357 	 */
   1358 
   1359 	sta = ap_get_sta(hapd, mac_addr);
   1360 #ifndef CONFIG_WPS_STRICT
   1361 	if (!sta) {
   1362 		/*
   1363 		 * Workaround - Intel wsccmd uses bogus NewWLANEventMAC:
   1364 		 * Pick STA that is in an ongoing WPS registration without
   1365 		 * checking the MAC address.
   1366 		 */
   1367 		wpa_printf(MSG_DEBUG, "WPS UPnP: No matching STA found based "
   1368 			   "on NewWLANEventMAC; try wildcard match");
   1369 		for (sta = hapd->sta_list; sta; sta = sta->next) {
   1370 			if (sta->eapol_sm && (sta->flags & WLAN_STA_WPS))
   1371 				break;
   1372 		}
   1373 	}
   1374 #endif /* CONFIG_WPS_STRICT */
   1375 
   1376 	if (!sta || !(sta->flags & WLAN_STA_WPS)) {
   1377 		wpa_printf(MSG_DEBUG, "WPS UPnP: No matching STA found");
   1378 		return 0;
   1379 	}
   1380 
   1381 	p = os_zalloc(sizeof(*p));
   1382 	if (p == NULL)
   1383 		return -1;
   1384 	os_memcpy(p->addr, sta->addr, ETH_ALEN);
   1385 	p->msg = wpabuf_dup(msg);
   1386 	p->type = msg_type;
   1387 	p->next = hapd->wps->upnp_msgs;
   1388 	hapd->wps->upnp_msgs = p;
   1389 
   1390 	return eapol_auth_eap_pending_cb(sta->eapol_sm, sta->eapol_sm->eap);
   1391 }
   1392 
   1393 
   1394 static int hostapd_wps_upnp_init(struct hostapd_data *hapd,
   1395 				 struct wps_context *wps)
   1396 {
   1397 	struct upnp_wps_device_ctx *ctx;
   1398 
   1399 	if (!hapd->conf->upnp_iface)
   1400 		return 0;
   1401 	ctx = os_zalloc(sizeof(*ctx));
   1402 	if (ctx == NULL)
   1403 		return -1;
   1404 
   1405 	ctx->rx_req_put_wlan_response = hostapd_rx_req_put_wlan_response;
   1406 	if (hapd->conf->ap_pin)
   1407 		ctx->ap_pin = os_strdup(hapd->conf->ap_pin);
   1408 
   1409 	hapd->wps_upnp = upnp_wps_device_init(ctx, wps, hapd,
   1410 					      hapd->conf->upnp_iface);
   1411 	if (hapd->wps_upnp == NULL)
   1412 		return -1;
   1413 	wps->wps_upnp = hapd->wps_upnp;
   1414 
   1415 	return 0;
   1416 }
   1417 
   1418 
   1419 static void hostapd_wps_upnp_deinit(struct hostapd_data *hapd)
   1420 {
   1421 	upnp_wps_device_deinit(hapd->wps_upnp, hapd);
   1422 }
   1423 
   1424 #endif /* CONFIG_WPS_UPNP */
   1425 
   1426 
   1427 int hostapd_wps_get_mib_sta(struct hostapd_data *hapd, const u8 *addr,
   1428 			    char *buf, size_t buflen)
   1429 {
   1430 	if (hapd->wps == NULL)
   1431 		return 0;
   1432 	return wps_registrar_get_info(hapd->wps->registrar, addr, buf, buflen);
   1433 }
   1434 
   1435 
   1436 static void hostapd_wps_ap_pin_timeout(void *eloop_data, void *user_ctx)
   1437 {
   1438 	struct hostapd_data *hapd = eloop_data;
   1439 	wpa_printf(MSG_DEBUG, "WPS: AP PIN timed out");
   1440 	hostapd_wps_ap_pin_disable(hapd);
   1441 	wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_AP_PIN_DISABLED);
   1442 }
   1443 
   1444 
   1445 static void hostapd_wps_ap_pin_enable(struct hostapd_data *hapd, int timeout)
   1446 {
   1447 	wpa_printf(MSG_DEBUG, "WPS: Enabling AP PIN (timeout=%d)", timeout);
   1448 	hapd->ap_pin_failures = 0;
   1449 	hapd->ap_pin_failures_consecutive = 0;
   1450 	hapd->conf->ap_setup_locked = 0;
   1451 	if (hapd->wps->ap_setup_locked) {
   1452 		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_AP_SETUP_UNLOCKED);
   1453 		hapd->wps->ap_setup_locked = 0;
   1454 		wps_registrar_update_ie(hapd->wps->registrar);
   1455 	}
   1456 	eloop_cancel_timeout(hostapd_wps_ap_pin_timeout, hapd, NULL);
   1457 	if (timeout > 0)
   1458 		eloop_register_timeout(timeout, 0,
   1459 				       hostapd_wps_ap_pin_timeout, hapd, NULL);
   1460 }
   1461 
   1462 
   1463 static int wps_ap_pin_disable(struct hostapd_data *hapd, void *ctx)
   1464 {
   1465 	os_free(hapd->conf->ap_pin);
   1466 	hapd->conf->ap_pin = NULL;
   1467 #ifdef CONFIG_WPS_UPNP
   1468 	upnp_wps_set_ap_pin(hapd->wps_upnp, NULL);
   1469 #endif /* CONFIG_WPS_UPNP */
   1470 	eloop_cancel_timeout(hostapd_wps_ap_pin_timeout, hapd, NULL);
   1471 	return 0;
   1472 }
   1473 
   1474 
   1475 void hostapd_wps_ap_pin_disable(struct hostapd_data *hapd)
   1476 {
   1477 	wpa_printf(MSG_DEBUG, "WPS: Disabling AP PIN");
   1478 	hostapd_wps_for_each(hapd, wps_ap_pin_disable, NULL);
   1479 }
   1480 
   1481 
   1482 struct wps_ap_pin_data {
   1483 	char pin_txt[9];
   1484 	int timeout;
   1485 };
   1486 
   1487 
   1488 static int wps_ap_pin_set(struct hostapd_data *hapd, void *ctx)
   1489 {
   1490 	struct wps_ap_pin_data *data = ctx;
   1491 	os_free(hapd->conf->ap_pin);
   1492 	hapd->conf->ap_pin = os_strdup(data->pin_txt);
   1493 #ifdef CONFIG_WPS_UPNP
   1494 	upnp_wps_set_ap_pin(hapd->wps_upnp, data->pin_txt);
   1495 #endif /* CONFIG_WPS_UPNP */
   1496 	hostapd_wps_ap_pin_enable(hapd, data->timeout);
   1497 	return 0;
   1498 }
   1499 
   1500 
   1501 const char * hostapd_wps_ap_pin_random(struct hostapd_data *hapd, int timeout)
   1502 {
   1503 	unsigned int pin;
   1504 	struct wps_ap_pin_data data;
   1505 
   1506 	pin = wps_generate_pin();
   1507 	os_snprintf(data.pin_txt, sizeof(data.pin_txt), "%08u", pin);
   1508 	data.timeout = timeout;
   1509 	hostapd_wps_for_each(hapd, wps_ap_pin_set, &data);
   1510 	return hapd->conf->ap_pin;
   1511 }
   1512 
   1513 
   1514 const char * hostapd_wps_ap_pin_get(struct hostapd_data *hapd)
   1515 {
   1516 	return hapd->conf->ap_pin;
   1517 }
   1518 
   1519 
   1520 int hostapd_wps_ap_pin_set(struct hostapd_data *hapd, const char *pin,
   1521 			   int timeout)
   1522 {
   1523 	struct wps_ap_pin_data data;
   1524 	int ret;
   1525 
   1526 	ret = os_snprintf(data.pin_txt, sizeof(data.pin_txt), "%s", pin);
   1527 	if (ret < 0 || ret >= (int) sizeof(data.pin_txt))
   1528 		return -1;
   1529 	data.timeout = timeout;
   1530 	return hostapd_wps_for_each(hapd, wps_ap_pin_set, &data);
   1531 }
   1532 
   1533 
   1534 static int wps_update_ie(struct hostapd_data *hapd, void *ctx)
   1535 {
   1536 	if (hapd->wps)
   1537 		wps_registrar_update_ie(hapd->wps->registrar);
   1538 	return 0;
   1539 }
   1540 
   1541 
   1542 void hostapd_wps_update_ie(struct hostapd_data *hapd)
   1543 {
   1544 	hostapd_wps_for_each(hapd, wps_update_ie, NULL);
   1545 }
   1546 
   1547 
   1548 int hostapd_wps_config_ap(struct hostapd_data *hapd, const char *ssid,
   1549 			  const char *auth, const char *encr, const char *key)
   1550 {
   1551 	struct wps_credential cred;
   1552 	size_t len;
   1553 
   1554 	os_memset(&cred, 0, sizeof(cred));
   1555 
   1556 	len = os_strlen(ssid);
   1557 	if ((len & 1) || len > 2 * sizeof(cred.ssid) ||
   1558 	    hexstr2bin(ssid, cred.ssid, len / 2))
   1559 		return -1;
   1560 	cred.ssid_len = len / 2;
   1561 
   1562 	if (os_strncmp(auth, "OPEN", 4) == 0)
   1563 		cred.auth_type = WPS_AUTH_OPEN;
   1564 	else if (os_strncmp(auth, "WPAPSK", 6) == 0)
   1565 		cred.auth_type = WPS_AUTH_WPAPSK;
   1566 	else if (os_strncmp(auth, "WPA2PSK", 7) == 0)
   1567 		cred.auth_type = WPS_AUTH_WPA2PSK;
   1568 	else
   1569 		return -1;
   1570 
   1571 	if (encr) {
   1572 		if (os_strncmp(encr, "NONE", 4) == 0)
   1573 			cred.encr_type = WPS_ENCR_NONE;
   1574 		else if (os_strncmp(encr, "WEP", 3) == 0)
   1575 			cred.encr_type = WPS_ENCR_WEP;
   1576 		else if (os_strncmp(encr, "TKIP", 4) == 0)
   1577 			cred.encr_type = WPS_ENCR_TKIP;
   1578 		else if (os_strncmp(encr, "CCMP", 4) == 0)
   1579 			cred.encr_type = WPS_ENCR_AES;
   1580 		else
   1581 			return -1;
   1582 	} else
   1583 		cred.encr_type = WPS_ENCR_NONE;
   1584 
   1585 	if (key) {
   1586 		len = os_strlen(key);
   1587 		if ((len & 1) || len > 2 * sizeof(cred.key) ||
   1588 		    hexstr2bin(key, cred.key, len / 2))
   1589 			return -1;
   1590 		cred.key_len = len / 2;
   1591 	}
   1592 
   1593 	return wps_registrar_config_ap(hapd->wps->registrar, &cred);
   1594 }
   1595 
   1596 
   1597 #ifdef CONFIG_WPS_NFC
   1598 
   1599 struct wps_nfc_password_token_data {
   1600 	const u8 *oob_dev_pw;
   1601 	size_t oob_dev_pw_len;
   1602 	int added;
   1603 };
   1604 
   1605 
   1606 static int wps_add_nfc_password_token(struct hostapd_data *hapd, void *ctx)
   1607 {
   1608 	struct wps_nfc_password_token_data *data = ctx;
   1609 	int ret;
   1610 
   1611 	if (hapd->wps == NULL)
   1612 		return 0;
   1613 	ret = wps_registrar_add_nfc_password_token(hapd->wps->registrar,
   1614 						   data->oob_dev_pw,
   1615 						   data->oob_dev_pw_len);
   1616 	if (ret == 0)
   1617 		data->added++;
   1618 	return ret;
   1619 }
   1620 
   1621 
   1622 static int hostapd_wps_add_nfc_password_token(struct hostapd_data *hapd,
   1623 					      struct wps_parse_attr *attr)
   1624 {
   1625 	struct wps_nfc_password_token_data data;
   1626 
   1627 	data.oob_dev_pw = attr->oob_dev_password;
   1628 	data.oob_dev_pw_len = attr->oob_dev_password_len;
   1629 	data.added = 0;
   1630 	if (hostapd_wps_for_each(hapd, wps_add_nfc_password_token, &data) < 0)
   1631 		return -1;
   1632 	return data.added ? 0 : -1;
   1633 }
   1634 
   1635 
   1636 static int hostapd_wps_nfc_tag_process(struct hostapd_data *hapd,
   1637 				       const struct wpabuf *wps)
   1638 {
   1639 	struct wps_parse_attr attr;
   1640 
   1641 	wpa_hexdump_buf(MSG_DEBUG, "WPS: Received NFC tag payload", wps);
   1642 
   1643 	if (wps_parse_msg(wps, &attr)) {
   1644 		wpa_printf(MSG_DEBUG, "WPS: Ignore invalid data from NFC tag");
   1645 		return -1;
   1646 	}
   1647 
   1648 	if (attr.oob_dev_password)
   1649 		return hostapd_wps_add_nfc_password_token(hapd, &attr);
   1650 
   1651 	wpa_printf(MSG_DEBUG, "WPS: Ignore unrecognized NFC tag");
   1652 	return -1;
   1653 }
   1654 
   1655 
   1656 int hostapd_wps_nfc_tag_read(struct hostapd_data *hapd,
   1657 			     const struct wpabuf *data)
   1658 {
   1659 	const struct wpabuf *wps = data;
   1660 	struct wpabuf *tmp = NULL;
   1661 	int ret;
   1662 
   1663 	if (wpabuf_len(data) < 4)
   1664 		return -1;
   1665 
   1666 	if (*wpabuf_head_u8(data) != 0x10) {
   1667 		/* Assume this contains full NDEF record */
   1668 		tmp = ndef_parse_wifi(data);
   1669 		if (tmp == NULL) {
   1670 			wpa_printf(MSG_DEBUG, "WPS: Could not parse NDEF");
   1671 			return -1;
   1672 		}
   1673 		wps = tmp;
   1674 	}
   1675 
   1676 	ret = hostapd_wps_nfc_tag_process(hapd, wps);
   1677 	wpabuf_free(tmp);
   1678 	return ret;
   1679 }
   1680 
   1681 
   1682 struct wpabuf * hostapd_wps_nfc_config_token(struct hostapd_data *hapd,
   1683 					     int ndef)
   1684 {
   1685 	struct wpabuf *ret;
   1686 
   1687 	if (hapd->wps == NULL)
   1688 		return NULL;
   1689 
   1690 	ret = wps_get_oob_cred(hapd->wps);
   1691 	if (ndef && ret) {
   1692 		struct wpabuf *tmp;
   1693 		tmp = ndef_build_wifi(ret);
   1694 		wpabuf_free(ret);
   1695 		if (tmp == NULL)
   1696 			return NULL;
   1697 		ret = tmp;
   1698 	}
   1699 
   1700 	return ret;
   1701 }
   1702 
   1703 
   1704 struct wpabuf * hostapd_wps_nfc_hs_cr(struct hostapd_data *hapd, int ndef)
   1705 {
   1706 	/*
   1707 	 * Handover Select carrier record for WPS uses the same format as
   1708 	 * configuration token.
   1709 	 */
   1710 	return hostapd_wps_nfc_config_token(hapd, ndef);
   1711 }
   1712 
   1713 
   1714 struct wpabuf * hostapd_wps_nfc_token_gen(struct hostapd_data *hapd, int ndef)
   1715 {
   1716 	if (hapd->conf->wps_nfc_pw_from_config) {
   1717 		return wps_nfc_token_build(ndef,
   1718 					   hapd->conf->wps_nfc_dev_pw_id,
   1719 					   hapd->conf->wps_nfc_dh_pubkey,
   1720 					   hapd->conf->wps_nfc_dev_pw);
   1721 	}
   1722 
   1723 	return wps_nfc_token_gen(ndef, &hapd->conf->wps_nfc_dev_pw_id,
   1724 				 &hapd->conf->wps_nfc_dh_pubkey,
   1725 				 &hapd->conf->wps_nfc_dh_privkey,
   1726 				 &hapd->conf->wps_nfc_dev_pw);
   1727 }
   1728 
   1729 
   1730 int hostapd_wps_nfc_token_enable(struct hostapd_data *hapd)
   1731 {
   1732 	struct wps_context *wps = hapd->wps;
   1733 	struct wpabuf *pw;
   1734 
   1735 	if (wps == NULL)
   1736 		return -1;
   1737 
   1738 	if (!hapd->conf->wps_nfc_dh_pubkey ||
   1739 	    !hapd->conf->wps_nfc_dh_privkey ||
   1740 	    !hapd->conf->wps_nfc_dev_pw ||
   1741 	    !hapd->conf->wps_nfc_dev_pw_id)
   1742 		return -1;
   1743 
   1744 	hostapd_wps_nfc_clear(wps);
   1745 	wps->ap_nfc_dev_pw_id = hapd->conf->wps_nfc_dev_pw_id;
   1746 	wps->ap_nfc_dh_pubkey = wpabuf_dup(hapd->conf->wps_nfc_dh_pubkey);
   1747 	wps->ap_nfc_dh_privkey = wpabuf_dup(hapd->conf->wps_nfc_dh_privkey);
   1748 	pw = hapd->conf->wps_nfc_dev_pw;
   1749 	wps->ap_nfc_dev_pw = wpabuf_alloc(
   1750 		wpabuf_len(pw) * 2 + 1);
   1751 	if (wps->ap_nfc_dev_pw) {
   1752 		wpa_snprintf_hex_uppercase(
   1753 			(char *) wpabuf_put(wps->ap_nfc_dev_pw,
   1754 					    wpabuf_len(pw) * 2),
   1755 			wpabuf_len(pw) * 2 + 1,
   1756 			wpabuf_head(pw), wpabuf_len(pw));
   1757 	}
   1758 
   1759 	if (!wps->ap_nfc_dh_pubkey || !wps->ap_nfc_dh_privkey ||
   1760 	    !wps->ap_nfc_dev_pw) {
   1761 		hostapd_wps_nfc_clear(wps);
   1762 		return -1;
   1763 	}
   1764 
   1765 	return 0;
   1766 }
   1767 
   1768 
   1769 void hostapd_wps_nfc_token_disable(struct hostapd_data *hapd)
   1770 {
   1771 	hostapd_wps_nfc_clear(hapd->wps);
   1772 }
   1773 
   1774 #endif /* CONFIG_WPS_NFC */
   1775