Home | History | Annotate | Download | only in wps
      1 /*
      2  * Wi-Fi Protected Setup - Enrollee
      3  * Copyright (c) 2008, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This software may be distributed under the terms of the BSD license.
      6  * See README for more details.
      7  */
      8 
      9 #include "includes.h"
     10 
     11 #include "common.h"
     12 #include "crypto/crypto.h"
     13 #include "crypto/sha256.h"
     14 #include "crypto/random.h"
     15 #include "wps_i.h"
     16 #include "wps_dev_attr.h"
     17 
     18 
     19 static int wps_build_wps_state(struct wps_data *wps, struct wpabuf *msg)
     20 {
     21 	u8 state;
     22 	if (wps->wps->ap)
     23 		state = wps->wps->wps_state;
     24 	else
     25 		state = WPS_STATE_NOT_CONFIGURED;
     26 	wpa_printf(MSG_DEBUG, "WPS:  * Wi-Fi Protected Setup State (%d)",
     27 		   state);
     28 	wpabuf_put_be16(msg, ATTR_WPS_STATE);
     29 	wpabuf_put_be16(msg, 1);
     30 	wpabuf_put_u8(msg, state);
     31 	return 0;
     32 }
     33 
     34 
     35 static int wps_build_e_hash(struct wps_data *wps, struct wpabuf *msg)
     36 {
     37 	u8 *hash;
     38 	const u8 *addr[4];
     39 	size_t len[4];
     40 
     41 	if (random_get_bytes(wps->snonce, 2 * WPS_SECRET_NONCE_LEN) < 0)
     42 		return -1;
     43 	wpa_hexdump(MSG_DEBUG, "WPS: E-S1", wps->snonce, WPS_SECRET_NONCE_LEN);
     44 	wpa_hexdump(MSG_DEBUG, "WPS: E-S2",
     45 		    wps->snonce + WPS_SECRET_NONCE_LEN, WPS_SECRET_NONCE_LEN);
     46 
     47 	if (wps->dh_pubkey_e == NULL || wps->dh_pubkey_r == NULL) {
     48 		wpa_printf(MSG_DEBUG, "WPS: DH public keys not available for "
     49 			   "E-Hash derivation");
     50 		return -1;
     51 	}
     52 
     53 	wpa_printf(MSG_DEBUG, "WPS:  * E-Hash1");
     54 	wpabuf_put_be16(msg, ATTR_E_HASH1);
     55 	wpabuf_put_be16(msg, SHA256_MAC_LEN);
     56 	hash = wpabuf_put(msg, SHA256_MAC_LEN);
     57 	/* E-Hash1 = HMAC_AuthKey(E-S1 || PSK1 || PK_E || PK_R) */
     58 	addr[0] = wps->snonce;
     59 	len[0] = WPS_SECRET_NONCE_LEN;
     60 	addr[1] = wps->psk1;
     61 	len[1] = WPS_PSK_LEN;
     62 	addr[2] = wpabuf_head(wps->dh_pubkey_e);
     63 	len[2] = wpabuf_len(wps->dh_pubkey_e);
     64 	addr[3] = wpabuf_head(wps->dh_pubkey_r);
     65 	len[3] = wpabuf_len(wps->dh_pubkey_r);
     66 	hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
     67 	wpa_hexdump(MSG_DEBUG, "WPS: E-Hash1", hash, SHA256_MAC_LEN);
     68 
     69 	wpa_printf(MSG_DEBUG, "WPS:  * E-Hash2");
     70 	wpabuf_put_be16(msg, ATTR_E_HASH2);
     71 	wpabuf_put_be16(msg, SHA256_MAC_LEN);
     72 	hash = wpabuf_put(msg, SHA256_MAC_LEN);
     73 	/* E-Hash2 = HMAC_AuthKey(E-S2 || PSK2 || PK_E || PK_R) */
     74 	addr[0] = wps->snonce + WPS_SECRET_NONCE_LEN;
     75 	addr[1] = wps->psk2;
     76 	hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
     77 	wpa_hexdump(MSG_DEBUG, "WPS: E-Hash2", hash, SHA256_MAC_LEN);
     78 
     79 	return 0;
     80 }
     81 
     82 
     83 static int wps_build_e_snonce1(struct wps_data *wps, struct wpabuf *msg)
     84 {
     85 	wpa_printf(MSG_DEBUG, "WPS:  * E-SNonce1");
     86 	wpabuf_put_be16(msg, ATTR_E_SNONCE1);
     87 	wpabuf_put_be16(msg, WPS_SECRET_NONCE_LEN);
     88 	wpabuf_put_data(msg, wps->snonce, WPS_SECRET_NONCE_LEN);
     89 	return 0;
     90 }
     91 
     92 
     93 static int wps_build_e_snonce2(struct wps_data *wps, struct wpabuf *msg)
     94 {
     95 	wpa_printf(MSG_DEBUG, "WPS:  * E-SNonce2");
     96 	wpabuf_put_be16(msg, ATTR_E_SNONCE2);
     97 	wpabuf_put_be16(msg, WPS_SECRET_NONCE_LEN);
     98 	wpabuf_put_data(msg, wps->snonce + WPS_SECRET_NONCE_LEN,
     99 			WPS_SECRET_NONCE_LEN);
    100 	return 0;
    101 }
    102 
    103 
    104 static struct wpabuf * wps_build_m1(struct wps_data *wps)
    105 {
    106 	struct wpabuf *msg;
    107 	u16 config_methods;
    108 
    109 	if (random_get_bytes(wps->nonce_e, WPS_NONCE_LEN) < 0)
    110 		return NULL;
    111 	wpa_hexdump(MSG_DEBUG, "WPS: Enrollee Nonce",
    112 		    wps->nonce_e, WPS_NONCE_LEN);
    113 
    114 	wpa_printf(MSG_DEBUG, "WPS: Building Message M1");
    115 	msg = wpabuf_alloc(1000);
    116 	if (msg == NULL)
    117 		return NULL;
    118 
    119 	config_methods = wps->wps->config_methods;
    120 	if (wps->wps->ap && !wps->pbc_in_m1 &&
    121 	    (wps->dev_password_len != 0 ||
    122 	     (config_methods & WPS_CONFIG_DISPLAY))) {
    123 		/*
    124 		 * These are the methods that the AP supports as an Enrollee
    125 		 * for adding external Registrars, so remove PushButton.
    126 		 *
    127 		 * As a workaround for Windows 7 mechanism for probing WPS
    128 		 * capabilities from M1, leave PushButton option if no PIN
    129 		 * method is available or if WPS configuration enables PBC
    130 		 * workaround.
    131 		 */
    132 		config_methods &= ~WPS_CONFIG_PUSHBUTTON;
    133 #ifdef CONFIG_WPS2
    134 		config_methods &= ~(WPS_CONFIG_VIRT_PUSHBUTTON |
    135 				    WPS_CONFIG_PHY_PUSHBUTTON);
    136 #endif /* CONFIG_WPS2 */
    137 	}
    138 
    139 	if (wps_build_version(msg) ||
    140 	    wps_build_msg_type(msg, WPS_M1) ||
    141 	    wps_build_uuid_e(msg, wps->uuid_e) ||
    142 	    wps_build_mac_addr(msg, wps->mac_addr_e) ||
    143 	    wps_build_enrollee_nonce(wps, msg) ||
    144 	    wps_build_public_key(wps, msg) ||
    145 	    wps_build_auth_type_flags(wps, msg) ||
    146 	    wps_build_encr_type_flags(wps, msg) ||
    147 	    wps_build_conn_type_flags(wps, msg) ||
    148 	    wps_build_config_methods(msg, config_methods) ||
    149 	    wps_build_wps_state(wps, msg) ||
    150 	    wps_build_device_attrs(&wps->wps->dev, msg) ||
    151 	    wps_build_rf_bands(&wps->wps->dev, msg,
    152 			       wps->wps->rf_band_cb(wps->wps->cb_ctx)) ||
    153 	    wps_build_assoc_state(wps, msg) ||
    154 	    wps_build_dev_password_id(msg, wps->dev_pw_id) ||
    155 	    wps_build_config_error(msg, WPS_CFG_NO_ERROR) ||
    156 	    wps_build_os_version(&wps->wps->dev, msg) ||
    157 	    wps_build_wfa_ext(msg, 0, NULL, 0) ||
    158 	    wps_build_vendor_ext_m1(&wps->wps->dev, msg)) {
    159 		wpabuf_free(msg);
    160 		return NULL;
    161 	}
    162 
    163 	wps->state = RECV_M2;
    164 	return msg;
    165 }
    166 
    167 
    168 static struct wpabuf * wps_build_m3(struct wps_data *wps)
    169 {
    170 	struct wpabuf *msg;
    171 
    172 	wpa_printf(MSG_DEBUG, "WPS: Building Message M3");
    173 
    174 	if (wps->dev_password == NULL) {
    175 		wpa_printf(MSG_DEBUG, "WPS: No Device Password available");
    176 		return NULL;
    177 	}
    178 	wps_derive_psk(wps, wps->dev_password, wps->dev_password_len);
    179 
    180 	msg = wpabuf_alloc(1000);
    181 	if (msg == NULL)
    182 		return NULL;
    183 
    184 	if (wps_build_version(msg) ||
    185 	    wps_build_msg_type(msg, WPS_M3) ||
    186 	    wps_build_registrar_nonce(wps, msg) ||
    187 	    wps_build_e_hash(wps, msg) ||
    188 	    wps_build_wfa_ext(msg, 0, NULL, 0) ||
    189 	    wps_build_authenticator(wps, msg)) {
    190 		wpabuf_free(msg);
    191 		return NULL;
    192 	}
    193 
    194 	wps->state = RECV_M4;
    195 	return msg;
    196 }
    197 
    198 
    199 static struct wpabuf * wps_build_m5(struct wps_data *wps)
    200 {
    201 	struct wpabuf *msg, *plain;
    202 
    203 	wpa_printf(MSG_DEBUG, "WPS: Building Message M5");
    204 
    205 	plain = wpabuf_alloc(200);
    206 	if (plain == NULL)
    207 		return NULL;
    208 
    209 	msg = wpabuf_alloc(1000);
    210 	if (msg == NULL) {
    211 		wpabuf_free(plain);
    212 		return NULL;
    213 	}
    214 
    215 	if (wps_build_version(msg) ||
    216 	    wps_build_msg_type(msg, WPS_M5) ||
    217 	    wps_build_registrar_nonce(wps, msg) ||
    218 	    wps_build_e_snonce1(wps, plain) ||
    219 	    wps_build_key_wrap_auth(wps, plain) ||
    220 	    wps_build_encr_settings(wps, msg, plain) ||
    221 	    wps_build_wfa_ext(msg, 0, NULL, 0) ||
    222 	    wps_build_authenticator(wps, msg)) {
    223 		wpabuf_free(plain);
    224 		wpabuf_free(msg);
    225 		return NULL;
    226 	}
    227 	wpabuf_free(plain);
    228 
    229 	wps->state = RECV_M6;
    230 	return msg;
    231 }
    232 
    233 
    234 static int wps_build_cred_ssid(struct wps_data *wps, struct wpabuf *msg)
    235 {
    236 	wpa_printf(MSG_DEBUG, "WPS:  * SSID");
    237 	wpabuf_put_be16(msg, ATTR_SSID);
    238 	wpabuf_put_be16(msg, wps->wps->ssid_len);
    239 	wpabuf_put_data(msg, wps->wps->ssid, wps->wps->ssid_len);
    240 	return 0;
    241 }
    242 
    243 
    244 static int wps_build_cred_auth_type(struct wps_data *wps, struct wpabuf *msg)
    245 {
    246 	u16 auth_type = wps->wps->auth_types;
    247 
    248 	/* Select the best authentication type */
    249 	if (auth_type & WPS_AUTH_WPA2PSK)
    250 		auth_type = WPS_AUTH_WPA2PSK;
    251 	else if (auth_type & WPS_AUTH_WPAPSK)
    252 		auth_type = WPS_AUTH_WPAPSK;
    253 	else if (auth_type & WPS_AUTH_OPEN)
    254 		auth_type = WPS_AUTH_OPEN;
    255 	else if (auth_type & WPS_AUTH_SHARED)
    256 		auth_type = WPS_AUTH_SHARED;
    257 
    258 	wpa_printf(MSG_DEBUG, "WPS:  * Authentication Type (0x%x)", auth_type);
    259 	wpabuf_put_be16(msg, ATTR_AUTH_TYPE);
    260 	wpabuf_put_be16(msg, 2);
    261 	wpabuf_put_be16(msg, auth_type);
    262 	return 0;
    263 }
    264 
    265 
    266 static int wps_build_cred_encr_type(struct wps_data *wps, struct wpabuf *msg)
    267 {
    268 	u16 encr_type = wps->wps->encr_types;
    269 
    270 	/* Select the best encryption type */
    271 	if (wps->wps->auth_types & (WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK)) {
    272 		if (encr_type & WPS_ENCR_AES)
    273 			encr_type = WPS_ENCR_AES;
    274 		else if (encr_type & WPS_ENCR_TKIP)
    275 			encr_type = WPS_ENCR_TKIP;
    276 	} else {
    277 		if (encr_type & WPS_ENCR_WEP)
    278 			encr_type = WPS_ENCR_WEP;
    279 		else if (encr_type & WPS_ENCR_NONE)
    280 			encr_type = WPS_ENCR_NONE;
    281 	}
    282 
    283 	wpa_printf(MSG_DEBUG, "WPS:  * Encryption Type (0x%x)", encr_type);
    284 	wpabuf_put_be16(msg, ATTR_ENCR_TYPE);
    285 	wpabuf_put_be16(msg, 2);
    286 	wpabuf_put_be16(msg, encr_type);
    287 	return 0;
    288 }
    289 
    290 
    291 static int wps_build_cred_network_key(struct wps_data *wps, struct wpabuf *msg)
    292 {
    293 	wpa_printf(MSG_DEBUG, "WPS:  * Network Key");
    294 	wpabuf_put_be16(msg, ATTR_NETWORK_KEY);
    295 	wpabuf_put_be16(msg, wps->wps->network_key_len);
    296 	wpabuf_put_data(msg, wps->wps->network_key, wps->wps->network_key_len);
    297 	return 0;
    298 }
    299 
    300 
    301 static int wps_build_cred_mac_addr(struct wps_data *wps, struct wpabuf *msg)
    302 {
    303 	wpa_printf(MSG_DEBUG, "WPS:  * MAC Address (AP BSSID)");
    304 	wpabuf_put_be16(msg, ATTR_MAC_ADDR);
    305 	wpabuf_put_be16(msg, ETH_ALEN);
    306 	wpabuf_put_data(msg, wps->wps->dev.mac_addr, ETH_ALEN);
    307 	return 0;
    308 }
    309 
    310 
    311 static int wps_build_ap_settings(struct wps_data *wps, struct wpabuf *plain)
    312 {
    313 	if (wps->wps->ap_settings) {
    314 		wpa_printf(MSG_DEBUG, "WPS:  * AP Settings (pre-configured)");
    315 		wpabuf_put_data(plain, wps->wps->ap_settings,
    316 				wps->wps->ap_settings_len);
    317 		return 0;
    318 	}
    319 
    320 	return wps_build_cred_ssid(wps, plain) ||
    321 		wps_build_cred_mac_addr(wps, plain) ||
    322 		wps_build_cred_auth_type(wps, plain) ||
    323 		wps_build_cred_encr_type(wps, plain) ||
    324 		wps_build_cred_network_key(wps, plain);
    325 }
    326 
    327 
    328 static struct wpabuf * wps_build_m7(struct wps_data *wps)
    329 {
    330 	struct wpabuf *msg, *plain;
    331 
    332 	wpa_printf(MSG_DEBUG, "WPS: Building Message M7");
    333 
    334 	plain = wpabuf_alloc(500 + wps->wps->ap_settings_len);
    335 	if (plain == NULL)
    336 		return NULL;
    337 
    338 	msg = wpabuf_alloc(1000 + wps->wps->ap_settings_len);
    339 	if (msg == NULL) {
    340 		wpabuf_free(plain);
    341 		return NULL;
    342 	}
    343 
    344 	if (wps_build_version(msg) ||
    345 	    wps_build_msg_type(msg, WPS_M7) ||
    346 	    wps_build_registrar_nonce(wps, msg) ||
    347 	    wps_build_e_snonce2(wps, plain) ||
    348 	    (wps->wps->ap && wps_build_ap_settings(wps, plain)) ||
    349 	    wps_build_key_wrap_auth(wps, plain) ||
    350 	    wps_build_encr_settings(wps, msg, plain) ||
    351 	    wps_build_wfa_ext(msg, 0, NULL, 0) ||
    352 	    wps_build_authenticator(wps, msg)) {
    353 		wpabuf_free(plain);
    354 		wpabuf_free(msg);
    355 		return NULL;
    356 	}
    357 	wpabuf_free(plain);
    358 
    359 	if (wps->wps->ap && wps->wps->registrar) {
    360 		/*
    361 		 * If the Registrar is only learning our current configuration,
    362 		 * it may not continue protocol run to successful completion.
    363 		 * Store information here to make sure it remains available.
    364 		 */
    365 		wps_device_store(wps->wps->registrar, &wps->peer_dev,
    366 				 wps->uuid_r);
    367 	}
    368 
    369 	wps->state = RECV_M8;
    370 	return msg;
    371 }
    372 
    373 
    374 static struct wpabuf * wps_build_wsc_done(struct wps_data *wps)
    375 {
    376 	struct wpabuf *msg;
    377 
    378 	wpa_printf(MSG_DEBUG, "WPS: Building Message WSC_Done");
    379 
    380 	msg = wpabuf_alloc(1000);
    381 	if (msg == NULL)
    382 		return NULL;
    383 
    384 	if (wps_build_version(msg) ||
    385 	    wps_build_msg_type(msg, WPS_WSC_DONE) ||
    386 	    wps_build_enrollee_nonce(wps, msg) ||
    387 	    wps_build_registrar_nonce(wps, msg) ||
    388 	    wps_build_wfa_ext(msg, 0, NULL, 0)) {
    389 		wpabuf_free(msg);
    390 		return NULL;
    391 	}
    392 
    393 	if (wps->wps->ap)
    394 		wps->state = RECV_ACK;
    395 	else {
    396 		wps_success_event(wps->wps, wps->peer_dev.mac_addr);
    397 		wps->state = WPS_FINISHED;
    398 	}
    399 	return msg;
    400 }
    401 
    402 
    403 struct wpabuf * wps_enrollee_get_msg(struct wps_data *wps,
    404 				     enum wsc_op_code *op_code)
    405 {
    406 	struct wpabuf *msg;
    407 
    408 	switch (wps->state) {
    409 	case SEND_M1:
    410 		msg = wps_build_m1(wps);
    411 		*op_code = WSC_MSG;
    412 		break;
    413 	case SEND_M3:
    414 		msg = wps_build_m3(wps);
    415 		*op_code = WSC_MSG;
    416 		break;
    417 	case SEND_M5:
    418 		msg = wps_build_m5(wps);
    419 		*op_code = WSC_MSG;
    420 		break;
    421 	case SEND_M7:
    422 		msg = wps_build_m7(wps);
    423 		*op_code = WSC_MSG;
    424 		break;
    425 	case RECEIVED_M2D:
    426 		if (wps->wps->ap) {
    427 			msg = wps_build_wsc_nack(wps);
    428 			*op_code = WSC_NACK;
    429 			break;
    430 		}
    431 		msg = wps_build_wsc_ack(wps);
    432 		*op_code = WSC_ACK;
    433 		if (msg) {
    434 			/* Another M2/M2D may be received */
    435 			wps->state = RECV_M2;
    436 		}
    437 		break;
    438 	case SEND_WSC_NACK:
    439 		msg = wps_build_wsc_nack(wps);
    440 		*op_code = WSC_NACK;
    441 		break;
    442 	case WPS_MSG_DONE:
    443 		msg = wps_build_wsc_done(wps);
    444 		*op_code = WSC_Done;
    445 		break;
    446 	default:
    447 		wpa_printf(MSG_DEBUG, "WPS: Unsupported state %d for building "
    448 			   "a message", wps->state);
    449 		msg = NULL;
    450 		break;
    451 	}
    452 
    453 	if (*op_code == WSC_MSG && msg) {
    454 		/* Save a copy of the last message for Authenticator derivation
    455 		 */
    456 		wpabuf_free(wps->last_msg);
    457 		wps->last_msg = wpabuf_dup(msg);
    458 	}
    459 
    460 	return msg;
    461 }
    462 
    463 
    464 static int wps_process_registrar_nonce(struct wps_data *wps, const u8 *r_nonce)
    465 {
    466 	if (r_nonce == NULL) {
    467 		wpa_printf(MSG_DEBUG, "WPS: No Registrar Nonce received");
    468 		return -1;
    469 	}
    470 
    471 	os_memcpy(wps->nonce_r, r_nonce, WPS_NONCE_LEN);
    472 	wpa_hexdump(MSG_DEBUG, "WPS: Registrar Nonce",
    473 		    wps->nonce_r, WPS_NONCE_LEN);
    474 
    475 	return 0;
    476 }
    477 
    478 
    479 static int wps_process_enrollee_nonce(struct wps_data *wps, const u8 *e_nonce)
    480 {
    481 	if (e_nonce == NULL) {
    482 		wpa_printf(MSG_DEBUG, "WPS: No Enrollee Nonce received");
    483 		return -1;
    484 	}
    485 
    486 	if (os_memcmp(wps->nonce_e, e_nonce, WPS_NONCE_LEN) != 0) {
    487 		wpa_printf(MSG_DEBUG, "WPS: Invalid Enrollee Nonce received");
    488 		return -1;
    489 	}
    490 
    491 	return 0;
    492 }
    493 
    494 
    495 static int wps_process_uuid_r(struct wps_data *wps, const u8 *uuid_r)
    496 {
    497 	if (uuid_r == NULL) {
    498 		wpa_printf(MSG_DEBUG, "WPS: No UUID-R received");
    499 		return -1;
    500 	}
    501 
    502 	os_memcpy(wps->uuid_r, uuid_r, WPS_UUID_LEN);
    503 	wpa_hexdump(MSG_DEBUG, "WPS: UUID-R", wps->uuid_r, WPS_UUID_LEN);
    504 
    505 	return 0;
    506 }
    507 
    508 
    509 static int wps_process_pubkey(struct wps_data *wps, const u8 *pk,
    510 			      size_t pk_len)
    511 {
    512 	if (pk == NULL || pk_len == 0) {
    513 		wpa_printf(MSG_DEBUG, "WPS: No Public Key received");
    514 		return -1;
    515 	}
    516 
    517 	wpabuf_free(wps->dh_pubkey_r);
    518 	wps->dh_pubkey_r = wpabuf_alloc_copy(pk, pk_len);
    519 	if (wps->dh_pubkey_r == NULL)
    520 		return -1;
    521 
    522 	if (wps_derive_keys(wps) < 0)
    523 		return -1;
    524 
    525 	return 0;
    526 }
    527 
    528 
    529 static int wps_process_r_hash1(struct wps_data *wps, const u8 *r_hash1)
    530 {
    531 	if (r_hash1 == NULL) {
    532 		wpa_printf(MSG_DEBUG, "WPS: No R-Hash1 received");
    533 		return -1;
    534 	}
    535 
    536 	os_memcpy(wps->peer_hash1, r_hash1, WPS_HASH_LEN);
    537 	wpa_hexdump(MSG_DEBUG, "WPS: R-Hash1", wps->peer_hash1, WPS_HASH_LEN);
    538 
    539 	return 0;
    540 }
    541 
    542 
    543 static int wps_process_r_hash2(struct wps_data *wps, const u8 *r_hash2)
    544 {
    545 	if (r_hash2 == NULL) {
    546 		wpa_printf(MSG_DEBUG, "WPS: No R-Hash2 received");
    547 		return -1;
    548 	}
    549 
    550 	os_memcpy(wps->peer_hash2, r_hash2, WPS_HASH_LEN);
    551 	wpa_hexdump(MSG_DEBUG, "WPS: R-Hash2", wps->peer_hash2, WPS_HASH_LEN);
    552 
    553 	return 0;
    554 }
    555 
    556 
    557 static int wps_process_r_snonce1(struct wps_data *wps, const u8 *r_snonce1)
    558 {
    559 	u8 hash[SHA256_MAC_LEN];
    560 	const u8 *addr[4];
    561 	size_t len[4];
    562 
    563 	if (r_snonce1 == NULL) {
    564 		wpa_printf(MSG_DEBUG, "WPS: No R-SNonce1 received");
    565 		return -1;
    566 	}
    567 
    568 	wpa_hexdump_key(MSG_DEBUG, "WPS: R-SNonce1", r_snonce1,
    569 			WPS_SECRET_NONCE_LEN);
    570 
    571 	/* R-Hash1 = HMAC_AuthKey(R-S1 || PSK1 || PK_E || PK_R) */
    572 	addr[0] = r_snonce1;
    573 	len[0] = WPS_SECRET_NONCE_LEN;
    574 	addr[1] = wps->psk1;
    575 	len[1] = WPS_PSK_LEN;
    576 	addr[2] = wpabuf_head(wps->dh_pubkey_e);
    577 	len[2] = wpabuf_len(wps->dh_pubkey_e);
    578 	addr[3] = wpabuf_head(wps->dh_pubkey_r);
    579 	len[3] = wpabuf_len(wps->dh_pubkey_r);
    580 	hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
    581 
    582 	if (os_memcmp(wps->peer_hash1, hash, WPS_HASH_LEN) != 0) {
    583 		wpa_printf(MSG_DEBUG, "WPS: R-Hash1 derived from R-S1 does "
    584 			   "not match with the pre-committed value");
    585 		wps->config_error = WPS_CFG_DEV_PASSWORD_AUTH_FAILURE;
    586 		wps_pwd_auth_fail_event(wps->wps, 1, 1, wps->peer_dev.mac_addr);
    587 		return -1;
    588 	}
    589 
    590 	wpa_printf(MSG_DEBUG, "WPS: Registrar proved knowledge of the first "
    591 		   "half of the device password");
    592 
    593 	return 0;
    594 }
    595 
    596 
    597 static int wps_process_r_snonce2(struct wps_data *wps, const u8 *r_snonce2)
    598 {
    599 	u8 hash[SHA256_MAC_LEN];
    600 	const u8 *addr[4];
    601 	size_t len[4];
    602 
    603 	if (r_snonce2 == NULL) {
    604 		wpa_printf(MSG_DEBUG, "WPS: No R-SNonce2 received");
    605 		return -1;
    606 	}
    607 
    608 	wpa_hexdump_key(MSG_DEBUG, "WPS: R-SNonce2", r_snonce2,
    609 			WPS_SECRET_NONCE_LEN);
    610 
    611 	/* R-Hash2 = HMAC_AuthKey(R-S2 || PSK2 || PK_E || PK_R) */
    612 	addr[0] = r_snonce2;
    613 	len[0] = WPS_SECRET_NONCE_LEN;
    614 	addr[1] = wps->psk2;
    615 	len[1] = WPS_PSK_LEN;
    616 	addr[2] = wpabuf_head(wps->dh_pubkey_e);
    617 	len[2] = wpabuf_len(wps->dh_pubkey_e);
    618 	addr[3] = wpabuf_head(wps->dh_pubkey_r);
    619 	len[3] = wpabuf_len(wps->dh_pubkey_r);
    620 	hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
    621 
    622 	if (os_memcmp(wps->peer_hash2, hash, WPS_HASH_LEN) != 0) {
    623 		wpa_printf(MSG_DEBUG, "WPS: R-Hash2 derived from R-S2 does "
    624 			   "not match with the pre-committed value");
    625 		wps->config_error = WPS_CFG_DEV_PASSWORD_AUTH_FAILURE;
    626 		wps_pwd_auth_fail_event(wps->wps, 1, 2, wps->peer_dev.mac_addr);
    627 		return -1;
    628 	}
    629 
    630 	wpa_printf(MSG_DEBUG, "WPS: Registrar proved knowledge of the second "
    631 		   "half of the device password");
    632 
    633 	return 0;
    634 }
    635 
    636 
    637 static int wps_process_cred_e(struct wps_data *wps, const u8 *cred,
    638 			      size_t cred_len, int wps2)
    639 {
    640 	struct wps_parse_attr attr;
    641 	struct wpabuf msg;
    642 	int ret = 0;
    643 
    644 	wpa_printf(MSG_DEBUG, "WPS: Received Credential");
    645 	os_memset(&wps->cred, 0, sizeof(wps->cred));
    646 	wpabuf_set(&msg, cred, cred_len);
    647 	if (wps_parse_msg(&msg, &attr) < 0 ||
    648 	    wps_process_cred(&attr, &wps->cred))
    649 		return -1;
    650 
    651 	if (os_memcmp(wps->cred.mac_addr, wps->wps->dev.mac_addr, ETH_ALEN) !=
    652 	    0) {
    653 		wpa_printf(MSG_DEBUG, "WPS: MAC Address in the Credential ("
    654 			   MACSTR ") does not match with own address (" MACSTR
    655 			   ")", MAC2STR(wps->cred.mac_addr),
    656 			   MAC2STR(wps->wps->dev.mac_addr));
    657 		/*
    658 		 * In theory, this could be consider fatal error, but there are
    659 		 * number of deployed implementations using other address here
    660 		 * due to unclarity in the specification. For interoperability
    661 		 * reasons, allow this to be processed since we do not really
    662 		 * use the MAC Address information for anything.
    663 		 */
    664 #ifdef CONFIG_WPS_STRICT
    665 		if (wps2) {
    666 			wpa_printf(MSG_INFO, "WPS: Do not accept incorrect "
    667 				   "MAC Address in AP Settings");
    668 			return -1;
    669 		}
    670 #endif /* CONFIG_WPS_STRICT */
    671 	}
    672 
    673 #ifdef CONFIG_WPS2
    674 	if (!(wps->cred.encr_type &
    675 	      (WPS_ENCR_NONE | WPS_ENCR_TKIP | WPS_ENCR_AES))) {
    676 		if (wps->cred.encr_type & WPS_ENCR_WEP) {
    677 			wpa_printf(MSG_INFO, "WPS: Reject Credential "
    678 				   "due to WEP configuration");
    679 			wps->error_indication = WPS_EI_SECURITY_WEP_PROHIBITED;
    680 			return -2;
    681 		}
    682 
    683 		wpa_printf(MSG_INFO, "WPS: Reject Credential due to "
    684 			   "invalid encr_type 0x%x", wps->cred.encr_type);
    685 		return -1;
    686 	}
    687 #endif /* CONFIG_WPS2 */
    688 
    689 	if (wps->wps->cred_cb) {
    690 		wps->cred.cred_attr = cred - 4;
    691 		wps->cred.cred_attr_len = cred_len + 4;
    692 		ret = wps->wps->cred_cb(wps->wps->cb_ctx, &wps->cred);
    693 		wps->cred.cred_attr = NULL;
    694 		wps->cred.cred_attr_len = 0;
    695 	}
    696 
    697 	return ret;
    698 }
    699 
    700 
    701 static int wps_process_creds(struct wps_data *wps, const u8 *cred[],
    702 			     size_t cred_len[], size_t num_cred, int wps2)
    703 {
    704 	size_t i;
    705 	int ok = 0;
    706 
    707 	if (wps->wps->ap)
    708 		return 0;
    709 
    710 	if (num_cred == 0) {
    711 		wpa_printf(MSG_DEBUG, "WPS: No Credential attributes "
    712 			   "received");
    713 		return -1;
    714 	}
    715 
    716 	for (i = 0; i < num_cred; i++) {
    717 		int res;
    718 		res = wps_process_cred_e(wps, cred[i], cred_len[i], wps2);
    719 		if (res == 0)
    720 			ok++;
    721 		else if (res == -2)
    722 			wpa_printf(MSG_DEBUG, "WPS: WEP credential skipped");
    723 		else
    724 			return -1;
    725 	}
    726 
    727 	if (ok == 0) {
    728 		wpa_printf(MSG_DEBUG, "WPS: No valid Credential attribute "
    729 			   "received");
    730 		return -1;
    731 	}
    732 
    733 	return 0;
    734 }
    735 
    736 
    737 static int wps_process_ap_settings_e(struct wps_data *wps,
    738 				     struct wps_parse_attr *attr,
    739 				     struct wpabuf *attrs, int wps2)
    740 {
    741 	struct wps_credential cred;
    742 
    743 	if (!wps->wps->ap)
    744 		return 0;
    745 
    746 	if (wps_process_ap_settings(attr, &cred) < 0)
    747 		return -1;
    748 
    749 	wpa_printf(MSG_INFO, "WPS: Received new AP configuration from "
    750 		   "Registrar");
    751 
    752 	if (os_memcmp(cred.mac_addr, wps->wps->dev.mac_addr, ETH_ALEN) !=
    753 	    0) {
    754 		wpa_printf(MSG_DEBUG, "WPS: MAC Address in the AP Settings ("
    755 			   MACSTR ") does not match with own address (" MACSTR
    756 			   ")", MAC2STR(cred.mac_addr),
    757 			   MAC2STR(wps->wps->dev.mac_addr));
    758 		/*
    759 		 * In theory, this could be consider fatal error, but there are
    760 		 * number of deployed implementations using other address here
    761 		 * due to unclarity in the specification. For interoperability
    762 		 * reasons, allow this to be processed since we do not really
    763 		 * use the MAC Address information for anything.
    764 		 */
    765 #ifdef CONFIG_WPS_STRICT
    766 		if (wps2) {
    767 			wpa_printf(MSG_INFO, "WPS: Do not accept incorrect "
    768 				   "MAC Address in AP Settings");
    769 			return -1;
    770 		}
    771 #endif /* CONFIG_WPS_STRICT */
    772 	}
    773 
    774 #ifdef CONFIG_WPS2
    775 	if (!(cred.encr_type & (WPS_ENCR_NONE | WPS_ENCR_TKIP | WPS_ENCR_AES)))
    776 	{
    777 		if (cred.encr_type & WPS_ENCR_WEP) {
    778 			wpa_printf(MSG_INFO, "WPS: Reject new AP settings "
    779 				   "due to WEP configuration");
    780 			wps->error_indication = WPS_EI_SECURITY_WEP_PROHIBITED;
    781 			return -1;
    782 		}
    783 
    784 		wpa_printf(MSG_INFO, "WPS: Reject new AP settings due to "
    785 			   "invalid encr_type 0x%x", cred.encr_type);
    786 		return -1;
    787 	}
    788 #endif /* CONFIG_WPS2 */
    789 
    790 #ifdef CONFIG_WPS_STRICT
    791 	if (wps2) {
    792 		if ((cred.encr_type & (WPS_ENCR_TKIP | WPS_ENCR_AES)) ==
    793 		    WPS_ENCR_TKIP ||
    794 		    (cred.auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) ==
    795 		    WPS_AUTH_WPAPSK) {
    796 			wpa_printf(MSG_INFO, "WPS-STRICT: Invalid WSC 2.0 "
    797 				   "AP Settings: WPA-Personal/TKIP only");
    798 			wps->error_indication =
    799 				WPS_EI_SECURITY_TKIP_ONLY_PROHIBITED;
    800 			return -1;
    801 		}
    802 	}
    803 #endif /* CONFIG_WPS_STRICT */
    804 
    805 #ifdef CONFIG_WPS2
    806 	if ((cred.encr_type & (WPS_ENCR_TKIP | WPS_ENCR_AES)) == WPS_ENCR_TKIP)
    807 	{
    808 		wpa_printf(MSG_DEBUG, "WPS: Upgrade encr_type TKIP -> "
    809 			   "TKIP+AES");
    810 		cred.encr_type |= WPS_ENCR_AES;
    811 	}
    812 
    813 	if ((cred.auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) ==
    814 	    WPS_AUTH_WPAPSK) {
    815 		wpa_printf(MSG_DEBUG, "WPS: Upgrade auth_type WPAPSK -> "
    816 			   "WPAPSK+WPA2PSK");
    817 		cred.auth_type |= WPS_AUTH_WPA2PSK;
    818 	}
    819 #endif /* CONFIG_WPS2 */
    820 
    821 	if (wps->wps->cred_cb) {
    822 		cred.cred_attr = wpabuf_head(attrs);
    823 		cred.cred_attr_len = wpabuf_len(attrs);
    824 		wps->wps->cred_cb(wps->wps->cb_ctx, &cred);
    825 	}
    826 
    827 	return 0;
    828 }
    829 
    830 
    831 static int wps_process_dev_pw_id(struct wps_data *wps, const u8 *dev_pw_id)
    832 {
    833 	u16 id;
    834 
    835 	if (dev_pw_id == NULL) {
    836 		wpa_printf(MSG_DEBUG, "WPS: Device Password ID");
    837 		return -1;
    838 	}
    839 
    840 	id = WPA_GET_BE16(dev_pw_id);
    841 	if (wps->dev_pw_id == id) {
    842 		wpa_printf(MSG_DEBUG, "WPS: Device Password ID %u", id);
    843 		return 0;
    844 	}
    845 
    846 #ifdef CONFIG_P2P
    847 	if ((id == DEV_PW_DEFAULT &&
    848 	     wps->dev_pw_id == DEV_PW_REGISTRAR_SPECIFIED) ||
    849 	    (id == DEV_PW_REGISTRAR_SPECIFIED &&
    850 	     wps->dev_pw_id == DEV_PW_DEFAULT)) {
    851 		/*
    852 		 * Common P2P use cases indicate whether the PIN is from the
    853 		 * client or GO using Device Password Id in M1/M2 in a way that
    854 		 * does not look fully compliant with WSC specification. Anyway,
    855 		 * this is deployed and needs to be allowed, so ignore changes
    856 		 * between Registrar-Specified and Default PIN.
    857 		 */
    858 		wpa_printf(MSG_DEBUG, "WPS: Allow PIN Device Password ID "
    859 			   "change");
    860 		return 0;
    861 	}
    862 #endif /* CONFIG_P2P */
    863 
    864 	wpa_printf(MSG_DEBUG, "WPS: Registrar trying to change Device Password "
    865 		   "ID from %u to %u", wps->dev_pw_id, id);
    866 
    867 	if (wps->alt_dev_password && wps->alt_dev_pw_id == id) {
    868 		wpa_printf(MSG_DEBUG, "WPS: Found a matching Device Password");
    869 		os_free(wps->dev_password);
    870 		wps->dev_pw_id = wps->alt_dev_pw_id;
    871 		wps->dev_password = wps->alt_dev_password;
    872 		wps->dev_password_len = wps->alt_dev_password_len;
    873 		wps->alt_dev_password = NULL;
    874 		wps->alt_dev_password_len = 0;
    875 		return 0;
    876 	}
    877 
    878 	return -1;
    879 }
    880 
    881 
    882 static enum wps_process_res wps_process_m2(struct wps_data *wps,
    883 					   const struct wpabuf *msg,
    884 					   struct wps_parse_attr *attr)
    885 {
    886 	wpa_printf(MSG_DEBUG, "WPS: Received M2");
    887 
    888 	if (wps->state != RECV_M2) {
    889 		wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
    890 			   "receiving M2", wps->state);
    891 		wps->state = SEND_WSC_NACK;
    892 		return WPS_CONTINUE;
    893 	}
    894 
    895 	if (wps_process_registrar_nonce(wps, attr->registrar_nonce) ||
    896 	    wps_process_enrollee_nonce(wps, attr->enrollee_nonce) ||
    897 	    wps_process_uuid_r(wps, attr->uuid_r) ||
    898 	    wps_process_dev_pw_id(wps, attr->dev_password_id)) {
    899 		wps->state = SEND_WSC_NACK;
    900 		return WPS_CONTINUE;
    901 	}
    902 
    903 	/*
    904 	 * Stop here on an AP as an Enrollee if AP Setup is locked unless the
    905 	 * special locked mode is used to allow protocol run up to M7 in order
    906 	 * to support external Registrars that only learn the current AP
    907 	 * configuration without changing it.
    908 	 */
    909 	if (wps->wps->ap &&
    910 	    ((wps->wps->ap_setup_locked && wps->wps->ap_setup_locked != 2) ||
    911 	     wps->dev_password == NULL)) {
    912 		wpa_printf(MSG_DEBUG, "WPS: AP Setup is locked - refuse "
    913 			   "registration of a new Registrar");
    914 		wps->config_error = WPS_CFG_SETUP_LOCKED;
    915 		wps->state = SEND_WSC_NACK;
    916 		return WPS_CONTINUE;
    917 	}
    918 
    919 	if (wps_process_pubkey(wps, attr->public_key, attr->public_key_len) ||
    920 	    wps_process_authenticator(wps, attr->authenticator, msg) ||
    921 	    wps_process_device_attrs(&wps->peer_dev, attr)) {
    922 		wps->state = SEND_WSC_NACK;
    923 		return WPS_CONTINUE;
    924 	}
    925 
    926 	wps->state = SEND_M3;
    927 	return WPS_CONTINUE;
    928 }
    929 
    930 
    931 static enum wps_process_res wps_process_m2d(struct wps_data *wps,
    932 					    struct wps_parse_attr *attr)
    933 {
    934 	wpa_printf(MSG_DEBUG, "WPS: Received M2D");
    935 
    936 	if (wps->state != RECV_M2) {
    937 		wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
    938 			   "receiving M2D", wps->state);
    939 		wps->state = SEND_WSC_NACK;
    940 		return WPS_CONTINUE;
    941 	}
    942 
    943 	wpa_hexdump_ascii(MSG_DEBUG, "WPS: Manufacturer",
    944 			  attr->manufacturer, attr->manufacturer_len);
    945 	wpa_hexdump_ascii(MSG_DEBUG, "WPS: Model Name",
    946 			  attr->model_name, attr->model_name_len);
    947 	wpa_hexdump_ascii(MSG_DEBUG, "WPS: Model Number",
    948 			  attr->model_number, attr->model_number_len);
    949 	wpa_hexdump_ascii(MSG_DEBUG, "WPS: Serial Number",
    950 			  attr->serial_number, attr->serial_number_len);
    951 	wpa_hexdump_ascii(MSG_DEBUG, "WPS: Device Name",
    952 			  attr->dev_name, attr->dev_name_len);
    953 
    954 	if (wps->wps->event_cb) {
    955 		union wps_event_data data;
    956 		struct wps_event_m2d *m2d = &data.m2d;
    957 		os_memset(&data, 0, sizeof(data));
    958 		if (attr->config_methods)
    959 			m2d->config_methods =
    960 				WPA_GET_BE16(attr->config_methods);
    961 		m2d->manufacturer = attr->manufacturer;
    962 		m2d->manufacturer_len = attr->manufacturer_len;
    963 		m2d->model_name = attr->model_name;
    964 		m2d->model_name_len = attr->model_name_len;
    965 		m2d->model_number = attr->model_number;
    966 		m2d->model_number_len = attr->model_number_len;
    967 		m2d->serial_number = attr->serial_number;
    968 		m2d->serial_number_len = attr->serial_number_len;
    969 		m2d->dev_name = attr->dev_name;
    970 		m2d->dev_name_len = attr->dev_name_len;
    971 		m2d->primary_dev_type = attr->primary_dev_type;
    972 		if (attr->config_error)
    973 			m2d->config_error =
    974 				WPA_GET_BE16(attr->config_error);
    975 		if (attr->dev_password_id)
    976 			m2d->dev_password_id =
    977 				WPA_GET_BE16(attr->dev_password_id);
    978 		wps->wps->event_cb(wps->wps->cb_ctx, WPS_EV_M2D, &data);
    979 	}
    980 
    981 	wps->state = RECEIVED_M2D;
    982 	return WPS_CONTINUE;
    983 }
    984 
    985 
    986 static enum wps_process_res wps_process_m4(struct wps_data *wps,
    987 					   const struct wpabuf *msg,
    988 					   struct wps_parse_attr *attr)
    989 {
    990 	struct wpabuf *decrypted;
    991 	struct wps_parse_attr eattr;
    992 
    993 	wpa_printf(MSG_DEBUG, "WPS: Received M4");
    994 
    995 	if (wps->state != RECV_M4) {
    996 		wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
    997 			   "receiving M4", wps->state);
    998 		wps->state = SEND_WSC_NACK;
    999 		return WPS_CONTINUE;
   1000 	}
   1001 
   1002 	if (wps_process_enrollee_nonce(wps, attr->enrollee_nonce) ||
   1003 	    wps_process_authenticator(wps, attr->authenticator, msg) ||
   1004 	    wps_process_r_hash1(wps, attr->r_hash1) ||
   1005 	    wps_process_r_hash2(wps, attr->r_hash2)) {
   1006 		wps->state = SEND_WSC_NACK;
   1007 		return WPS_CONTINUE;
   1008 	}
   1009 
   1010 	decrypted = wps_decrypt_encr_settings(wps, attr->encr_settings,
   1011 					      attr->encr_settings_len);
   1012 	if (decrypted == NULL) {
   1013 		wpa_printf(MSG_DEBUG, "WPS: Failed to decrypted Encrypted "
   1014 			   "Settings attribute");
   1015 		wps->state = SEND_WSC_NACK;
   1016 		return WPS_CONTINUE;
   1017 	}
   1018 
   1019 	if (wps_validate_m4_encr(decrypted, attr->version2 != NULL) < 0) {
   1020 		wpabuf_free(decrypted);
   1021 		wps->state = SEND_WSC_NACK;
   1022 		return WPS_CONTINUE;
   1023 	}
   1024 
   1025 	wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted Settings "
   1026 		   "attribute");
   1027 	if (wps_parse_msg(decrypted, &eattr) < 0 ||
   1028 	    wps_process_key_wrap_auth(wps, decrypted, eattr.key_wrap_auth) ||
   1029 	    wps_process_r_snonce1(wps, eattr.r_snonce1)) {
   1030 		wpabuf_free(decrypted);
   1031 		wps->state = SEND_WSC_NACK;
   1032 		return WPS_CONTINUE;
   1033 	}
   1034 	wpabuf_free(decrypted);
   1035 
   1036 	wps->state = SEND_M5;
   1037 	return WPS_CONTINUE;
   1038 }
   1039 
   1040 
   1041 static enum wps_process_res wps_process_m6(struct wps_data *wps,
   1042 					   const struct wpabuf *msg,
   1043 					   struct wps_parse_attr *attr)
   1044 {
   1045 	struct wpabuf *decrypted;
   1046 	struct wps_parse_attr eattr;
   1047 
   1048 	wpa_printf(MSG_DEBUG, "WPS: Received M6");
   1049 
   1050 	if (wps->state != RECV_M6) {
   1051 		wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
   1052 			   "receiving M6", wps->state);
   1053 		wps->state = SEND_WSC_NACK;
   1054 		return WPS_CONTINUE;
   1055 	}
   1056 
   1057 	if (wps_process_enrollee_nonce(wps, attr->enrollee_nonce) ||
   1058 	    wps_process_authenticator(wps, attr->authenticator, msg)) {
   1059 		wps->state = SEND_WSC_NACK;
   1060 		return WPS_CONTINUE;
   1061 	}
   1062 
   1063 	decrypted = wps_decrypt_encr_settings(wps, attr->encr_settings,
   1064 					      attr->encr_settings_len);
   1065 	if (decrypted == NULL) {
   1066 		wpa_printf(MSG_DEBUG, "WPS: Failed to decrypted Encrypted "
   1067 			   "Settings attribute");
   1068 		wps->state = SEND_WSC_NACK;
   1069 		return WPS_CONTINUE;
   1070 	}
   1071 
   1072 	if (wps_validate_m6_encr(decrypted, attr->version2 != NULL) < 0) {
   1073 		wpabuf_free(decrypted);
   1074 		wps->state = SEND_WSC_NACK;
   1075 		return WPS_CONTINUE;
   1076 	}
   1077 
   1078 	wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted Settings "
   1079 		   "attribute");
   1080 	if (wps_parse_msg(decrypted, &eattr) < 0 ||
   1081 	    wps_process_key_wrap_auth(wps, decrypted, eattr.key_wrap_auth) ||
   1082 	    wps_process_r_snonce2(wps, eattr.r_snonce2)) {
   1083 		wpabuf_free(decrypted);
   1084 		wps->state = SEND_WSC_NACK;
   1085 		return WPS_CONTINUE;
   1086 	}
   1087 	wpabuf_free(decrypted);
   1088 
   1089 	if (wps->wps->ap)
   1090 		wps->wps->event_cb(wps->wps->cb_ctx, WPS_EV_AP_PIN_SUCCESS,
   1091 				   NULL);
   1092 
   1093 	wps->state = SEND_M7;
   1094 	return WPS_CONTINUE;
   1095 }
   1096 
   1097 
   1098 static enum wps_process_res wps_process_m8(struct wps_data *wps,
   1099 					   const struct wpabuf *msg,
   1100 					   struct wps_parse_attr *attr)
   1101 {
   1102 	struct wpabuf *decrypted;
   1103 	struct wps_parse_attr eattr;
   1104 
   1105 	wpa_printf(MSG_DEBUG, "WPS: Received M8");
   1106 
   1107 	if (wps->state != RECV_M8) {
   1108 		wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
   1109 			   "receiving M8", wps->state);
   1110 		wps->state = SEND_WSC_NACK;
   1111 		return WPS_CONTINUE;
   1112 	}
   1113 
   1114 	if (wps_process_enrollee_nonce(wps, attr->enrollee_nonce) ||
   1115 	    wps_process_authenticator(wps, attr->authenticator, msg)) {
   1116 		wps->state = SEND_WSC_NACK;
   1117 		return WPS_CONTINUE;
   1118 	}
   1119 
   1120 	if (wps->wps->ap && wps->wps->ap_setup_locked) {
   1121 		/*
   1122 		 * Stop here if special ap_setup_locked == 2 mode allowed the
   1123 		 * protocol to continue beyond M2. This allows ER to learn the
   1124 		 * current AP settings without changing them.
   1125 		 */
   1126 		wpa_printf(MSG_DEBUG, "WPS: AP Setup is locked - refuse "
   1127 			   "registration of a new Registrar");
   1128 		wps->config_error = WPS_CFG_SETUP_LOCKED;
   1129 		wps->state = SEND_WSC_NACK;
   1130 		return WPS_CONTINUE;
   1131 	}
   1132 
   1133 	decrypted = wps_decrypt_encr_settings(wps, attr->encr_settings,
   1134 					      attr->encr_settings_len);
   1135 	if (decrypted == NULL) {
   1136 		wpa_printf(MSG_DEBUG, "WPS: Failed to decrypted Encrypted "
   1137 			   "Settings attribute");
   1138 		wps->state = SEND_WSC_NACK;
   1139 		return WPS_CONTINUE;
   1140 	}
   1141 
   1142 	if (wps_validate_m8_encr(decrypted, wps->wps->ap,
   1143 				 attr->version2 != NULL) < 0) {
   1144 		wpabuf_free(decrypted);
   1145 		wps->state = SEND_WSC_NACK;
   1146 		return WPS_CONTINUE;
   1147 	}
   1148 
   1149 	wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted Settings "
   1150 		   "attribute");
   1151 	if (wps_parse_msg(decrypted, &eattr) < 0 ||
   1152 	    wps_process_key_wrap_auth(wps, decrypted, eattr.key_wrap_auth) ||
   1153 	    wps_process_creds(wps, eattr.cred, eattr.cred_len,
   1154 			      eattr.num_cred, attr->version2 != NULL) ||
   1155 	    wps_process_ap_settings_e(wps, &eattr, decrypted,
   1156 				      attr->version2 != NULL)) {
   1157 		wpabuf_free(decrypted);
   1158 		wps->state = SEND_WSC_NACK;
   1159 		return WPS_CONTINUE;
   1160 	}
   1161 	wpabuf_free(decrypted);
   1162 
   1163 	wps->state = WPS_MSG_DONE;
   1164 	return WPS_CONTINUE;
   1165 }
   1166 
   1167 
   1168 static enum wps_process_res wps_process_wsc_msg(struct wps_data *wps,
   1169 						const struct wpabuf *msg)
   1170 {
   1171 	struct wps_parse_attr attr;
   1172 	enum wps_process_res ret = WPS_CONTINUE;
   1173 
   1174 	wpa_printf(MSG_DEBUG, "WPS: Received WSC_MSG");
   1175 
   1176 	if (wps_parse_msg(msg, &attr) < 0)
   1177 		return WPS_FAILURE;
   1178 
   1179 	if (attr.enrollee_nonce == NULL ||
   1180 	    os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
   1181 		wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
   1182 		return WPS_FAILURE;
   1183 	}
   1184 
   1185 	if (attr.msg_type == NULL) {
   1186 		wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute");
   1187 		wps->state = SEND_WSC_NACK;
   1188 		return WPS_CONTINUE;
   1189 	}
   1190 
   1191 	switch (*attr.msg_type) {
   1192 	case WPS_M2:
   1193 		if (wps_validate_m2(msg) < 0)
   1194 			return WPS_FAILURE;
   1195 		ret = wps_process_m2(wps, msg, &attr);
   1196 		break;
   1197 	case WPS_M2D:
   1198 		if (wps_validate_m2d(msg) < 0)
   1199 			return WPS_FAILURE;
   1200 		ret = wps_process_m2d(wps, &attr);
   1201 		break;
   1202 	case WPS_M4:
   1203 		if (wps_validate_m4(msg) < 0)
   1204 			return WPS_FAILURE;
   1205 		ret = wps_process_m4(wps, msg, &attr);
   1206 		if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK)
   1207 			wps_fail_event(wps->wps, WPS_M4, wps->config_error,
   1208 				       wps->error_indication,
   1209 				       wps->peer_dev.mac_addr);
   1210 		break;
   1211 	case WPS_M6:
   1212 		if (wps_validate_m6(msg) < 0)
   1213 			return WPS_FAILURE;
   1214 		ret = wps_process_m6(wps, msg, &attr);
   1215 		if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK)
   1216 			wps_fail_event(wps->wps, WPS_M6, wps->config_error,
   1217 				       wps->error_indication,
   1218 				       wps->peer_dev.mac_addr);
   1219 		break;
   1220 	case WPS_M8:
   1221 		if (wps_validate_m8(msg) < 0)
   1222 			return WPS_FAILURE;
   1223 		ret = wps_process_m8(wps, msg, &attr);
   1224 		if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK)
   1225 			wps_fail_event(wps->wps, WPS_M8, wps->config_error,
   1226 				       wps->error_indication,
   1227 				       wps->peer_dev.mac_addr);
   1228 		break;
   1229 	default:
   1230 		wpa_printf(MSG_DEBUG, "WPS: Unsupported Message Type %d",
   1231 			   *attr.msg_type);
   1232 		return WPS_FAILURE;
   1233 	}
   1234 
   1235 	/*
   1236 	 * Save a copy of the last message for Authenticator derivation if we
   1237 	 * are continuing. However, skip M2D since it is not authenticated and
   1238 	 * neither is the ACK/NACK response frame. This allows the possibly
   1239 	 * following M2 to be processed correctly by using the previously sent
   1240 	 * M1 in Authenticator derivation.
   1241 	 */
   1242 	if (ret == WPS_CONTINUE && *attr.msg_type != WPS_M2D) {
   1243 		/* Save a copy of the last message for Authenticator derivation
   1244 		 */
   1245 		wpabuf_free(wps->last_msg);
   1246 		wps->last_msg = wpabuf_dup(msg);
   1247 	}
   1248 
   1249 	return ret;
   1250 }
   1251 
   1252 
   1253 static enum wps_process_res wps_process_wsc_ack(struct wps_data *wps,
   1254 						const struct wpabuf *msg)
   1255 {
   1256 	struct wps_parse_attr attr;
   1257 
   1258 	wpa_printf(MSG_DEBUG, "WPS: Received WSC_ACK");
   1259 
   1260 	if (wps_parse_msg(msg, &attr) < 0)
   1261 		return WPS_FAILURE;
   1262 
   1263 	if (attr.msg_type == NULL) {
   1264 		wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute");
   1265 		return WPS_FAILURE;
   1266 	}
   1267 
   1268 	if (*attr.msg_type != WPS_WSC_ACK) {
   1269 		wpa_printf(MSG_DEBUG, "WPS: Invalid Message Type %d",
   1270 			   *attr.msg_type);
   1271 		return WPS_FAILURE;
   1272 	}
   1273 
   1274 	if (attr.registrar_nonce == NULL ||
   1275 	    os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN) != 0)
   1276 	{
   1277 		wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
   1278 		return WPS_FAILURE;
   1279 	}
   1280 
   1281 	if (attr.enrollee_nonce == NULL ||
   1282 	    os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
   1283 		wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
   1284 		return WPS_FAILURE;
   1285 	}
   1286 
   1287 	if (wps->state == RECV_ACK && wps->wps->ap) {
   1288 		wpa_printf(MSG_DEBUG, "WPS: External Registrar registration "
   1289 			   "completed successfully");
   1290 		wps_success_event(wps->wps, wps->peer_dev.mac_addr);
   1291 		wps->state = WPS_FINISHED;
   1292 		return WPS_DONE;
   1293 	}
   1294 
   1295 	return WPS_FAILURE;
   1296 }
   1297 
   1298 
   1299 static enum wps_process_res wps_process_wsc_nack(struct wps_data *wps,
   1300 						 const struct wpabuf *msg)
   1301 {
   1302 	struct wps_parse_attr attr;
   1303 	u16 config_error;
   1304 
   1305 	wpa_printf(MSG_DEBUG, "WPS: Received WSC_NACK");
   1306 
   1307 	if (wps_parse_msg(msg, &attr) < 0)
   1308 		return WPS_FAILURE;
   1309 
   1310 	if (attr.msg_type == NULL) {
   1311 		wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute");
   1312 		return WPS_FAILURE;
   1313 	}
   1314 
   1315 	if (*attr.msg_type != WPS_WSC_NACK) {
   1316 		wpa_printf(MSG_DEBUG, "WPS: Invalid Message Type %d",
   1317 			   *attr.msg_type);
   1318 		return WPS_FAILURE;
   1319 	}
   1320 
   1321 	if (attr.registrar_nonce == NULL ||
   1322 	    os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN) != 0)
   1323 	{
   1324 		wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
   1325 		wpa_hexdump(MSG_DEBUG, "WPS: Received Registrar Nonce",
   1326 			    attr.registrar_nonce, WPS_NONCE_LEN);
   1327 		wpa_hexdump(MSG_DEBUG, "WPS: Expected Registrar Nonce",
   1328 			    wps->nonce_r, WPS_NONCE_LEN);
   1329 		return WPS_FAILURE;
   1330 	}
   1331 
   1332 	if (attr.enrollee_nonce == NULL ||
   1333 	    os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
   1334 		wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
   1335 		wpa_hexdump(MSG_DEBUG, "WPS: Received Enrollee Nonce",
   1336 			    attr.enrollee_nonce, WPS_NONCE_LEN);
   1337 		wpa_hexdump(MSG_DEBUG, "WPS: Expected Enrollee Nonce",
   1338 			    wps->nonce_e, WPS_NONCE_LEN);
   1339 		return WPS_FAILURE;
   1340 	}
   1341 
   1342 	if (attr.config_error == NULL) {
   1343 		wpa_printf(MSG_DEBUG, "WPS: No Configuration Error attribute "
   1344 			   "in WSC_NACK");
   1345 		return WPS_FAILURE;
   1346 	}
   1347 
   1348 	config_error = WPA_GET_BE16(attr.config_error);
   1349 	wpa_printf(MSG_DEBUG, "WPS: Registrar terminated negotiation with "
   1350 		   "Configuration Error %d", config_error);
   1351 
   1352 	switch (wps->state) {
   1353 	case RECV_M4:
   1354 		wps_fail_event(wps->wps, WPS_M3, config_error,
   1355 			       wps->error_indication, wps->peer_dev.mac_addr);
   1356 		break;
   1357 	case RECV_M6:
   1358 		wps_fail_event(wps->wps, WPS_M5, config_error,
   1359 			       wps->error_indication, wps->peer_dev.mac_addr);
   1360 		break;
   1361 	case RECV_M8:
   1362 		wps_fail_event(wps->wps, WPS_M7, config_error,
   1363 			       wps->error_indication, wps->peer_dev.mac_addr);
   1364 		break;
   1365 	default:
   1366 		break;
   1367 	}
   1368 
   1369 	/* Followed by NACK if Enrollee is Supplicant or EAP-Failure if
   1370 	 * Enrollee is Authenticator */
   1371 	wps->state = SEND_WSC_NACK;
   1372 
   1373 	return WPS_FAILURE;
   1374 }
   1375 
   1376 
   1377 enum wps_process_res wps_enrollee_process_msg(struct wps_data *wps,
   1378 					      enum wsc_op_code op_code,
   1379 					      const struct wpabuf *msg)
   1380 {
   1381 
   1382 	wpa_printf(MSG_DEBUG, "WPS: Processing received message (len=%lu "
   1383 		   "op_code=%d)",
   1384 		   (unsigned long) wpabuf_len(msg), op_code);
   1385 
   1386 	if (op_code == WSC_UPnP) {
   1387 		/* Determine the OpCode based on message type attribute */
   1388 		struct wps_parse_attr attr;
   1389 		if (wps_parse_msg(msg, &attr) == 0 && attr.msg_type) {
   1390 			if (*attr.msg_type == WPS_WSC_ACK)
   1391 				op_code = WSC_ACK;
   1392 			else if (*attr.msg_type == WPS_WSC_NACK)
   1393 				op_code = WSC_NACK;
   1394 		}
   1395 	}
   1396 
   1397 	switch (op_code) {
   1398 	case WSC_MSG:
   1399 	case WSC_UPnP:
   1400 		return wps_process_wsc_msg(wps, msg);
   1401 	case WSC_ACK:
   1402 		if (wps_validate_wsc_ack(msg) < 0)
   1403 			return WPS_FAILURE;
   1404 		return wps_process_wsc_ack(wps, msg);
   1405 	case WSC_NACK:
   1406 		if (wps_validate_wsc_nack(msg) < 0)
   1407 			return WPS_FAILURE;
   1408 		return wps_process_wsc_nack(wps, msg);
   1409 	default:
   1410 		wpa_printf(MSG_DEBUG, "WPS: Unsupported op_code %d", op_code);
   1411 		return WPS_FAILURE;
   1412 	}
   1413 }
   1414