1/*
2 * hostapd / WPS integration
3 * Copyright (c) 2008-2012, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "utils/includes.h"
10
11#include "utils/common.h"
12#include "utils/eloop.h"
13#include "utils/uuid.h"
14#include "common/wpa_ctrl.h"
15#include "common/ieee802_11_defs.h"
16#include "common/ieee802_11_common.h"
17#include "eapol_auth/eapol_auth_sm.h"
18#include "eapol_auth/eapol_auth_sm_i.h"
19#include "wps/wps.h"
20#include "wps/wps_defs.h"
21#include "wps/wps_dev_attr.h"
22#include "wps/wps_attr_parse.h"
23#include "hostapd.h"
24#include "ap_config.h"
25#include "ap_drv_ops.h"
26#include "beacon.h"
27#include "sta_info.h"
28#include "wps_hostapd.h"
29
30
31#ifdef CONFIG_WPS_UPNP
32#include "wps/wps_upnp.h"
33static int hostapd_wps_upnp_init(struct hostapd_data *hapd,
34				 struct wps_context *wps);
35static void hostapd_wps_upnp_deinit(struct hostapd_data *hapd);
36#endif /* CONFIG_WPS_UPNP */
37
38static int hostapd_wps_probe_req_rx(void *ctx, const u8 *addr, const u8 *da,
39				    const u8 *bssid,
40				    const u8 *ie, size_t ie_len,
41				    int ssi_signal);
42static void hostapd_wps_ap_pin_timeout(void *eloop_data, void *user_ctx);
43static void hostapd_wps_nfc_clear(struct wps_context *wps);
44
45
46struct wps_for_each_data {
47	int (*func)(struct hostapd_data *h, void *ctx);
48	void *ctx;
49	struct hostapd_data *calling_hapd;
50};
51
52
53static int wps_for_each(struct hostapd_iface *iface, void *ctx)
54{
55	struct wps_for_each_data *data = ctx;
56	size_t j;
57
58	if (iface == NULL)
59		return 0;
60	for (j = 0; j < iface->num_bss; j++) {
61		struct hostapd_data *hapd = iface->bss[j];
62		int ret;
63
64		if (hapd != data->calling_hapd &&
65		    (hapd->conf->wps_independent ||
66		     data->calling_hapd->conf->wps_independent))
67			continue;
68
69		ret = data->func(hapd, data->ctx);
70		if (ret)
71			return ret;
72	}
73
74	return 0;
75}
76
77
78static int hostapd_wps_for_each(struct hostapd_data *hapd,
79				int (*func)(struct hostapd_data *h, void *ctx),
80				void *ctx)
81{
82	struct hostapd_iface *iface = hapd->iface;
83	struct wps_for_each_data data;
84	data.func = func;
85	data.ctx = ctx;
86	data.calling_hapd = hapd;
87	if (iface->interfaces == NULL ||
88	    iface->interfaces->for_each_interface == NULL)
89		return wps_for_each(iface, &data);
90	return iface->interfaces->for_each_interface(iface->interfaces,
91						     wps_for_each, &data);
92}
93
94
95static int hostapd_wps_new_psk_cb(void *ctx, const u8 *mac_addr,
96				  const u8 *p2p_dev_addr, const u8 *psk,
97				  size_t psk_len)
98{
99	struct hostapd_data *hapd = ctx;
100	struct hostapd_wpa_psk *p;
101	struct hostapd_ssid *ssid = &hapd->conf->ssid;
102
103	if (is_zero_ether_addr(p2p_dev_addr)) {
104		wpa_printf(MSG_DEBUG,
105			   "Received new WPA/WPA2-PSK from WPS for STA " MACSTR,
106			   MAC2STR(mac_addr));
107	} else {
108		wpa_printf(MSG_DEBUG,
109			   "Received new WPA/WPA2-PSK from WPS for STA " MACSTR
110			   " P2P Device Addr " MACSTR,
111			   MAC2STR(mac_addr), MAC2STR(p2p_dev_addr));
112	}
113	wpa_hexdump_key(MSG_DEBUG, "Per-device PSK", psk, psk_len);
114
115	if (psk_len != PMK_LEN) {
116		wpa_printf(MSG_DEBUG, "Unexpected PSK length %lu",
117			   (unsigned long) psk_len);
118		return -1;
119	}
120
121	/* Add the new PSK to runtime PSK list */
122	p = os_zalloc(sizeof(*p));
123	if (p == NULL)
124		return -1;
125	os_memcpy(p->addr, mac_addr, ETH_ALEN);
126	os_memcpy(p->p2p_dev_addr, p2p_dev_addr, ETH_ALEN);
127	os_memcpy(p->psk, psk, PMK_LEN);
128
129	if (hapd->new_psk_cb) {
130		hapd->new_psk_cb(hapd->new_psk_cb_ctx, mac_addr, p2p_dev_addr,
131				 psk, psk_len);
132	}
133
134	p->next = ssid->wpa_psk;
135	ssid->wpa_psk = p;
136
137	if (ssid->wpa_psk_file) {
138		FILE *f;
139		char hex[PMK_LEN * 2 + 1];
140		/* Add the new PSK to PSK list file */
141		f = fopen(ssid->wpa_psk_file, "a");
142		if (f == NULL) {
143			wpa_printf(MSG_DEBUG, "Failed to add the PSK to "
144				   "'%s'", ssid->wpa_psk_file);
145			return -1;
146		}
147
148		wpa_snprintf_hex(hex, sizeof(hex), psk, psk_len);
149		fprintf(f, MACSTR " %s\n", MAC2STR(mac_addr), hex);
150		fclose(f);
151	}
152
153	return 0;
154}
155
156
157static int hostapd_wps_set_ie_cb(void *ctx, struct wpabuf *beacon_ie,
158				 struct wpabuf *probe_resp_ie)
159{
160	struct hostapd_data *hapd = ctx;
161	wpabuf_free(hapd->wps_beacon_ie);
162	hapd->wps_beacon_ie = beacon_ie;
163	wpabuf_free(hapd->wps_probe_resp_ie);
164	hapd->wps_probe_resp_ie = probe_resp_ie;
165	if (hapd->beacon_set_done)
166		ieee802_11_set_beacon(hapd);
167	return hostapd_set_ap_wps_ie(hapd);
168}
169
170
171static void hostapd_wps_pin_needed_cb(void *ctx, const u8 *uuid_e,
172				      const struct wps_device_data *dev)
173{
174	struct hostapd_data *hapd = ctx;
175	char uuid[40], txt[400];
176	int len;
177	char devtype[WPS_DEV_TYPE_BUFSIZE];
178	if (uuid_bin2str(uuid_e, uuid, sizeof(uuid)))
179		return;
180	wpa_printf(MSG_DEBUG, "WPS: PIN needed for E-UUID %s", uuid);
181	len = os_snprintf(txt, sizeof(txt), WPS_EVENT_PIN_NEEDED
182			  "%s " MACSTR " [%s|%s|%s|%s|%s|%s]",
183			  uuid, MAC2STR(dev->mac_addr), dev->device_name,
184			  dev->manufacturer, dev->model_name,
185			  dev->model_number, dev->serial_number,
186			  wps_dev_type_bin2str(dev->pri_dev_type, devtype,
187					       sizeof(devtype)));
188	if (len > 0 && len < (int) sizeof(txt))
189		wpa_msg(hapd->msg_ctx, MSG_INFO, "%s", txt);
190
191	if (hapd->conf->wps_pin_requests) {
192		FILE *f;
193		struct os_time t;
194		f = fopen(hapd->conf->wps_pin_requests, "a");
195		if (f == NULL)
196			return;
197		os_get_time(&t);
198		fprintf(f, "%ld\t%s\t" MACSTR "\t%s\t%s\t%s\t%s\t%s"
199			"\t%s\n",
200			t.sec, uuid, MAC2STR(dev->mac_addr), dev->device_name,
201			dev->manufacturer, dev->model_name, dev->model_number,
202			dev->serial_number,
203			wps_dev_type_bin2str(dev->pri_dev_type, devtype,
204					     sizeof(devtype)));
205		fclose(f);
206	}
207}
208
209
210struct wps_stop_reg_data {
211	struct hostapd_data *current_hapd;
212	const u8 *uuid_e;
213	const u8 *dev_pw;
214	size_t dev_pw_len;
215};
216
217static int wps_stop_registrar(struct hostapd_data *hapd, void *ctx)
218{
219	struct wps_stop_reg_data *data = ctx;
220	if (hapd != data->current_hapd && hapd->wps != NULL)
221		wps_registrar_complete(hapd->wps->registrar, data->uuid_e,
222				       data->dev_pw, data->dev_pw_len);
223	return 0;
224}
225
226
227static void hostapd_wps_reg_success_cb(void *ctx, const u8 *mac_addr,
228				       const u8 *uuid_e, const u8 *dev_pw,
229				       size_t dev_pw_len)
230{
231	struct hostapd_data *hapd = ctx;
232	char uuid[40];
233	struct wps_stop_reg_data data;
234	if (uuid_bin2str(uuid_e, uuid, sizeof(uuid)))
235		return;
236	wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_REG_SUCCESS MACSTR " %s",
237		MAC2STR(mac_addr), uuid);
238	if (hapd->wps_reg_success_cb)
239		hapd->wps_reg_success_cb(hapd->wps_reg_success_cb_ctx,
240					 mac_addr, uuid_e);
241	data.current_hapd = hapd;
242	data.uuid_e = uuid_e;
243	data.dev_pw = dev_pw;
244	data.dev_pw_len = dev_pw_len;
245	hostapd_wps_for_each(hapd, wps_stop_registrar, &data);
246}
247
248
249static void hostapd_wps_enrollee_seen_cb(void *ctx, const u8 *addr,
250					 const u8 *uuid_e,
251					 const u8 *pri_dev_type,
252					 u16 config_methods,
253					 u16 dev_password_id, u8 request_type,
254					 const char *dev_name)
255{
256	struct hostapd_data *hapd = ctx;
257	char uuid[40];
258	char devtype[WPS_DEV_TYPE_BUFSIZE];
259	if (uuid_bin2str(uuid_e, uuid, sizeof(uuid)))
260		return;
261	if (dev_name == NULL)
262		dev_name = "";
263	wpa_msg_ctrl(hapd->msg_ctx, MSG_INFO, WPS_EVENT_ENROLLEE_SEEN MACSTR
264		     " %s %s 0x%x %u %u [%s]",
265		     MAC2STR(addr), uuid,
266		     wps_dev_type_bin2str(pri_dev_type, devtype,
267					  sizeof(devtype)),
268		     config_methods, dev_password_id, request_type, dev_name);
269}
270
271
272static int str_starts(const char *str, const char *start)
273{
274	return os_strncmp(str, start, os_strlen(start)) == 0;
275}
276
277
278static void wps_reload_config(void *eloop_data, void *user_ctx)
279{
280	struct hostapd_iface *iface = eloop_data;
281
282	wpa_printf(MSG_DEBUG, "WPS: Reload configuration data");
283	if (iface->interfaces == NULL ||
284	    iface->interfaces->reload_config(iface) < 0) {
285		wpa_printf(MSG_WARNING, "WPS: Failed to reload the updated "
286			   "configuration");
287	}
288}
289
290
291void hostapd_wps_eap_completed(struct hostapd_data *hapd)
292{
293	/*
294	 * Reduce race condition of the station trying to reconnect immediately
295	 * after AP reconfiguration through WPS by rescheduling the reload
296	 * timeout to happen after EAP completion rather than the originally
297	 * scheduled 100 ms after new configuration became known.
298	 */
299	if (eloop_deplete_timeout(0, 0, wps_reload_config, hapd->iface, NULL) ==
300	    1)
301		wpa_printf(MSG_DEBUG, "WPS: Reschedule immediate configuration reload");
302}
303
304
305static void hapd_new_ap_event(struct hostapd_data *hapd, const u8 *attr,
306			      size_t attr_len)
307{
308	size_t blen = attr_len * 2 + 1;
309	char *buf = os_malloc(blen);
310	if (buf) {
311		wpa_snprintf_hex(buf, blen, attr, attr_len);
312		wpa_msg(hapd->msg_ctx, MSG_INFO,
313			WPS_EVENT_NEW_AP_SETTINGS "%s", buf);
314		os_free(buf);
315	}
316}
317
318
319static int hapd_wps_reconfig_in_memory(struct hostapd_data *hapd,
320				       const struct wps_credential *cred)
321{
322	struct hostapd_bss_config *bss = hapd->conf;
323
324	wpa_printf(MSG_DEBUG, "WPS: Updating in-memory configuration");
325
326	bss->wps_state = 2;
327	if (cred->ssid_len <= HOSTAPD_MAX_SSID_LEN) {
328		os_memcpy(bss->ssid.ssid, cred->ssid, cred->ssid_len);
329		bss->ssid.ssid_len = cred->ssid_len;
330		bss->ssid.ssid_set = 1;
331	}
332
333	if ((cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK)) &&
334	    (cred->auth_type & (WPS_AUTH_WPA | WPS_AUTH_WPAPSK)))
335		bss->wpa = 3;
336	else if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK))
337		bss->wpa = 2;
338	else if (cred->auth_type & (WPS_AUTH_WPA | WPS_AUTH_WPAPSK))
339		bss->wpa = 1;
340	else
341		bss->wpa = 0;
342
343	if (bss->wpa) {
344		if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA))
345			bss->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
346		if (cred->auth_type & (WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK))
347			bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
348
349		bss->wpa_pairwise = 0;
350		if (cred->encr_type & WPS_ENCR_AES)
351			bss->wpa_pairwise |= WPA_CIPHER_CCMP;
352		if (cred->encr_type & WPS_ENCR_TKIP)
353			bss->wpa_pairwise |= WPA_CIPHER_TKIP;
354		bss->rsn_pairwise = bss->wpa_pairwise;
355		bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,
356							    bss->wpa_pairwise,
357							    bss->rsn_pairwise);
358
359		if (cred->key_len >= 8 && cred->key_len < 64) {
360			os_free(bss->ssid.wpa_passphrase);
361			bss->ssid.wpa_passphrase = os_zalloc(cred->key_len + 1);
362			if (bss->ssid.wpa_passphrase)
363				os_memcpy(bss->ssid.wpa_passphrase, cred->key,
364					  cred->key_len);
365			os_free(bss->ssid.wpa_psk);
366			bss->ssid.wpa_psk = NULL;
367		} else if (cred->key_len == 64) {
368			os_free(bss->ssid.wpa_psk);
369			bss->ssid.wpa_psk =
370				os_zalloc(sizeof(struct hostapd_wpa_psk));
371			if (bss->ssid.wpa_psk &&
372			    hexstr2bin((const char *) cred->key,
373				       bss->ssid.wpa_psk->psk, PMK_LEN) == 0) {
374				bss->ssid.wpa_psk->group = 1;
375				os_free(bss->ssid.wpa_passphrase);
376				bss->ssid.wpa_passphrase = NULL;
377			}
378		}
379		bss->auth_algs = 1;
380	} else {
381		/*
382		 * WPS 2.0 does not allow WEP to be configured, so no need to
383		 * process that option here either.
384		 */
385		bss->auth_algs = 1;
386	}
387
388	/* Schedule configuration reload after short period of time to allow
389	 * EAP-WSC to be finished.
390	 */
391	eloop_register_timeout(0, 100000, wps_reload_config, hapd->iface,
392			       NULL);
393
394	return 0;
395}
396
397
398static int hapd_wps_cred_cb(struct hostapd_data *hapd, void *ctx)
399{
400	const struct wps_credential *cred = ctx;
401	FILE *oconf, *nconf;
402	size_t len, i;
403	char *tmp_fname;
404	char buf[1024];
405	int multi_bss;
406	int wpa;
407
408	if (hapd->wps == NULL)
409		return 0;
410
411	wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute",
412			cred->cred_attr, cred->cred_attr_len);
413
414	wpa_printf(MSG_DEBUG, "WPS: Received new AP Settings");
415	wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", cred->ssid, cred->ssid_len);
416	wpa_printf(MSG_DEBUG, "WPS: Authentication Type 0x%x",
417		   cred->auth_type);
418	wpa_printf(MSG_DEBUG, "WPS: Encryption Type 0x%x", cred->encr_type);
419	wpa_printf(MSG_DEBUG, "WPS: Network Key Index %d", cred->key_idx);
420	wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key",
421			cred->key, cred->key_len);
422	wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR,
423		   MAC2STR(cred->mac_addr));
424
425	if ((hapd->conf->wps_cred_processing == 1 ||
426	     hapd->conf->wps_cred_processing == 2) && cred->cred_attr) {
427		hapd_new_ap_event(hapd, cred->cred_attr, cred->cred_attr_len);
428	} else if (hapd->conf->wps_cred_processing == 1 ||
429		   hapd->conf->wps_cred_processing == 2) {
430		struct wpabuf *attr;
431		attr = wpabuf_alloc(200);
432		if (attr && wps_build_credential_wrap(attr, cred) == 0)
433			hapd_new_ap_event(hapd, wpabuf_head_u8(attr),
434					  wpabuf_len(attr));
435		wpabuf_free(attr);
436	} else
437		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_NEW_AP_SETTINGS);
438
439	if (hapd->conf->wps_cred_processing == 1)
440		return 0;
441
442	os_memcpy(hapd->wps->ssid, cred->ssid, cred->ssid_len);
443	hapd->wps->ssid_len = cred->ssid_len;
444	hapd->wps->encr_types = cred->encr_type;
445	hapd->wps->auth_types = cred->auth_type;
446	hapd->wps->ap_encr_type = cred->encr_type;
447	hapd->wps->ap_auth_type = cred->auth_type;
448	if (cred->key_len == 0) {
449		os_free(hapd->wps->network_key);
450		hapd->wps->network_key = NULL;
451		hapd->wps->network_key_len = 0;
452	} else {
453		if (hapd->wps->network_key == NULL ||
454		    hapd->wps->network_key_len < cred->key_len) {
455			hapd->wps->network_key_len = 0;
456			os_free(hapd->wps->network_key);
457			hapd->wps->network_key = os_malloc(cred->key_len);
458			if (hapd->wps->network_key == NULL)
459				return -1;
460		}
461		hapd->wps->network_key_len = cred->key_len;
462		os_memcpy(hapd->wps->network_key, cred->key, cred->key_len);
463	}
464	hapd->wps->wps_state = WPS_STATE_CONFIGURED;
465
466	if (hapd->iface->config_fname == NULL)
467		return hapd_wps_reconfig_in_memory(hapd, cred);
468	len = os_strlen(hapd->iface->config_fname) + 5;
469	tmp_fname = os_malloc(len);
470	if (tmp_fname == NULL)
471		return -1;
472	os_snprintf(tmp_fname, len, "%s-new", hapd->iface->config_fname);
473
474	oconf = fopen(hapd->iface->config_fname, "r");
475	if (oconf == NULL) {
476		wpa_printf(MSG_WARNING, "WPS: Could not open current "
477			   "configuration file");
478		os_free(tmp_fname);
479		return -1;
480	}
481
482	nconf = fopen(tmp_fname, "w");
483	if (nconf == NULL) {
484		wpa_printf(MSG_WARNING, "WPS: Could not write updated "
485			   "configuration file");
486		os_free(tmp_fname);
487		fclose(oconf);
488		return -1;
489	}
490
491	fprintf(nconf, "# WPS configuration - START\n");
492
493	fprintf(nconf, "wps_state=2\n");
494
495	if (is_hex(cred->ssid, cred->ssid_len)) {
496		fprintf(nconf, "ssid2=");
497		for (i = 0; i < cred->ssid_len; i++)
498			fprintf(nconf, "%02x", cred->ssid[i]);
499		fprintf(nconf, "\n");
500	} else {
501		fprintf(nconf, "ssid=");
502		for (i = 0; i < cred->ssid_len; i++)
503			fputc(cred->ssid[i], nconf);
504		fprintf(nconf, "\n");
505	}
506
507	if ((cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK)) &&
508	    (cred->auth_type & (WPS_AUTH_WPA | WPS_AUTH_WPAPSK)))
509		wpa = 3;
510	else if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK))
511		wpa = 2;
512	else if (cred->auth_type & (WPS_AUTH_WPA | WPS_AUTH_WPAPSK))
513		wpa = 1;
514	else
515		wpa = 0;
516
517	if (wpa) {
518		char *prefix;
519		fprintf(nconf, "wpa=%d\n", wpa);
520
521		fprintf(nconf, "wpa_key_mgmt=");
522		prefix = "";
523		if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA)) {
524			fprintf(nconf, "WPA-EAP");
525			prefix = " ";
526		}
527		if (cred->auth_type & (WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK))
528			fprintf(nconf, "%sWPA-PSK", prefix);
529		fprintf(nconf, "\n");
530
531		fprintf(nconf, "wpa_pairwise=");
532		prefix = "";
533		if (cred->encr_type & WPS_ENCR_AES) {
534			fprintf(nconf, "CCMP");
535			prefix = " ";
536		}
537		if (cred->encr_type & WPS_ENCR_TKIP) {
538			fprintf(nconf, "%sTKIP", prefix);
539		}
540		fprintf(nconf, "\n");
541
542		if (cred->key_len >= 8 && cred->key_len < 64) {
543			fprintf(nconf, "wpa_passphrase=");
544			for (i = 0; i < cred->key_len; i++)
545				fputc(cred->key[i], nconf);
546			fprintf(nconf, "\n");
547		} else if (cred->key_len == 64) {
548			fprintf(nconf, "wpa_psk=");
549			for (i = 0; i < cred->key_len; i++)
550				fputc(cred->key[i], nconf);
551			fprintf(nconf, "\n");
552		} else {
553			wpa_printf(MSG_WARNING, "WPS: Invalid key length %lu "
554				   "for WPA/WPA2",
555				   (unsigned long) cred->key_len);
556		}
557
558		fprintf(nconf, "auth_algs=1\n");
559	} else {
560		/*
561		 * WPS 2.0 does not allow WEP to be configured, so no need to
562		 * process that option here either.
563		 */
564		fprintf(nconf, "auth_algs=1\n");
565	}
566
567	fprintf(nconf, "# WPS configuration - END\n");
568
569	multi_bss = 0;
570	while (fgets(buf, sizeof(buf), oconf)) {
571		if (os_strncmp(buf, "bss=", 4) == 0)
572			multi_bss = 1;
573		if (!multi_bss &&
574		    (str_starts(buf, "ssid=") ||
575		     str_starts(buf, "ssid2=") ||
576		     str_starts(buf, "auth_algs=") ||
577		     str_starts(buf, "wep_default_key=") ||
578		     str_starts(buf, "wep_key") ||
579		     str_starts(buf, "wps_state=") ||
580		     str_starts(buf, "wpa=") ||
581		     str_starts(buf, "wpa_psk=") ||
582		     str_starts(buf, "wpa_pairwise=") ||
583		     str_starts(buf, "rsn_pairwise=") ||
584		     str_starts(buf, "wpa_key_mgmt=") ||
585		     str_starts(buf, "wpa_passphrase="))) {
586			fprintf(nconf, "#WPS# %s", buf);
587		} else
588			fprintf(nconf, "%s", buf);
589	}
590
591	fclose(nconf);
592	fclose(oconf);
593
594	if (rename(tmp_fname, hapd->iface->config_fname) < 0) {
595		wpa_printf(MSG_WARNING, "WPS: Failed to rename the updated "
596			   "configuration file: %s", strerror(errno));
597		os_free(tmp_fname);
598		return -1;
599	}
600
601	os_free(tmp_fname);
602
603	/* Schedule configuration reload after short period of time to allow
604	 * EAP-WSC to be finished.
605	 */
606	eloop_register_timeout(0, 100000, wps_reload_config, hapd->iface,
607			       NULL);
608
609	wpa_printf(MSG_DEBUG, "WPS: AP configuration updated");
610
611	return 0;
612}
613
614
615static int hostapd_wps_cred_cb(void *ctx, const struct wps_credential *cred)
616{
617	struct hostapd_data *hapd = ctx;
618	return hostapd_wps_for_each(hapd, hapd_wps_cred_cb, (void *) cred);
619}
620
621
622static void hostapd_wps_reenable_ap_pin(void *eloop_data, void *user_ctx)
623{
624	struct hostapd_data *hapd = eloop_data;
625
626	if (hapd->conf->ap_setup_locked)
627		return;
628	if (hapd->ap_pin_failures_consecutive >= 10)
629		return;
630
631	wpa_printf(MSG_DEBUG, "WPS: Re-enable AP PIN");
632	wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_AP_SETUP_UNLOCKED);
633	hapd->wps->ap_setup_locked = 0;
634	wps_registrar_update_ie(hapd->wps->registrar);
635}
636
637
638static int wps_pwd_auth_fail(struct hostapd_data *hapd, void *ctx)
639{
640	struct wps_event_pwd_auth_fail *data = ctx;
641
642	if (!data->enrollee || hapd->conf->ap_pin == NULL || hapd->wps == NULL)
643		return 0;
644
645	/*
646	 * Registrar failed to prove its knowledge of the AP PIN. Lock AP setup
647	 * for some time if this happens multiple times to slow down brute
648	 * force attacks.
649	 */
650	hapd->ap_pin_failures++;
651	hapd->ap_pin_failures_consecutive++;
652	wpa_printf(MSG_DEBUG, "WPS: AP PIN authentication failure number %u "
653		   "(%u consecutive)",
654		   hapd->ap_pin_failures, hapd->ap_pin_failures_consecutive);
655	if (hapd->ap_pin_failures < 3)
656		return 0;
657
658	wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_AP_SETUP_LOCKED);
659	hapd->wps->ap_setup_locked = 1;
660
661	wps_registrar_update_ie(hapd->wps->registrar);
662
663	if (!hapd->conf->ap_setup_locked &&
664	    hapd->ap_pin_failures_consecutive >= 10) {
665		/*
666		 * In indefinite lockdown - disable automatic AP PIN
667		 * reenablement.
668		 */
669		eloop_cancel_timeout(hostapd_wps_reenable_ap_pin, hapd, NULL);
670		wpa_printf(MSG_DEBUG, "WPS: AP PIN disabled indefinitely");
671	} else if (!hapd->conf->ap_setup_locked) {
672		if (hapd->ap_pin_lockout_time == 0)
673			hapd->ap_pin_lockout_time = 60;
674		else if (hapd->ap_pin_lockout_time < 365 * 24 * 60 * 60 &&
675			 (hapd->ap_pin_failures % 3) == 0)
676			hapd->ap_pin_lockout_time *= 2;
677
678		wpa_printf(MSG_DEBUG, "WPS: Disable AP PIN for %u seconds",
679			   hapd->ap_pin_lockout_time);
680		eloop_cancel_timeout(hostapd_wps_reenable_ap_pin, hapd, NULL);
681		eloop_register_timeout(hapd->ap_pin_lockout_time, 0,
682				       hostapd_wps_reenable_ap_pin, hapd,
683				       NULL);
684	}
685
686	return 0;
687}
688
689
690static void hostapd_pwd_auth_fail(struct hostapd_data *hapd,
691				  struct wps_event_pwd_auth_fail *data)
692{
693	/* Update WPS Status - Authentication Failure */
694	wpa_printf(MSG_DEBUG, "WPS: Authentication failure update");
695	hapd->wps_stats.status = WPS_STATUS_FAILURE;
696	hapd->wps_stats.failure_reason = WPS_EI_AUTH_FAILURE;
697	os_memcpy(hapd->wps_stats.peer_addr, data->peer_macaddr, ETH_ALEN);
698
699	hostapd_wps_for_each(hapd, wps_pwd_auth_fail, data);
700}
701
702
703static int wps_ap_pin_success(struct hostapd_data *hapd, void *ctx)
704{
705	if (hapd->conf->ap_pin == NULL || hapd->wps == NULL)
706		return 0;
707
708	if (hapd->ap_pin_failures_consecutive == 0)
709		return 0;
710
711	wpa_printf(MSG_DEBUG, "WPS: Clear consecutive AP PIN failure counter "
712		   "- total validation failures %u (%u consecutive)",
713		   hapd->ap_pin_failures, hapd->ap_pin_failures_consecutive);
714	hapd->ap_pin_failures_consecutive = 0;
715
716	return 0;
717}
718
719
720static void hostapd_wps_ap_pin_success(struct hostapd_data *hapd)
721{
722	hostapd_wps_for_each(hapd, wps_ap_pin_success, NULL);
723}
724
725
726static void hostapd_wps_event_pbc_overlap(struct hostapd_data *hapd)
727{
728	/* Update WPS Status - PBC Overlap */
729	hapd->wps_stats.pbc_status = WPS_PBC_STATUS_OVERLAP;
730}
731
732
733static void hostapd_wps_event_pbc_timeout(struct hostapd_data *hapd)
734{
735	/* Update WPS PBC Status:PBC Timeout */
736	hapd->wps_stats.pbc_status = WPS_PBC_STATUS_TIMEOUT;
737}
738
739
740static void hostapd_wps_event_pbc_active(struct hostapd_data *hapd)
741{
742	/* Update WPS PBC status - Active */
743	hapd->wps_stats.pbc_status = WPS_PBC_STATUS_ACTIVE;
744}
745
746
747static void hostapd_wps_event_pbc_disable(struct hostapd_data *hapd)
748{
749	/* Update WPS PBC status - Active */
750	hapd->wps_stats.pbc_status = WPS_PBC_STATUS_DISABLE;
751}
752
753
754static void hostapd_wps_event_success(struct hostapd_data *hapd,
755				      struct wps_event_success *success)
756{
757	/* Update WPS status - Success */
758	hapd->wps_stats.pbc_status = WPS_PBC_STATUS_DISABLE;
759	hapd->wps_stats.status = WPS_STATUS_SUCCESS;
760	os_memcpy(hapd->wps_stats.peer_addr, success->peer_macaddr, ETH_ALEN);
761}
762
763
764static void hostapd_wps_event_fail(struct hostapd_data *hapd,
765				   struct wps_event_fail *fail)
766{
767	/* Update WPS status - Failure */
768	hapd->wps_stats.status = WPS_STATUS_FAILURE;
769	os_memcpy(hapd->wps_stats.peer_addr, fail->peer_macaddr, ETH_ALEN);
770
771	hapd->wps_stats.failure_reason = fail->error_indication;
772
773	if (fail->error_indication > 0 &&
774	    fail->error_indication < NUM_WPS_EI_VALUES) {
775		wpa_msg(hapd->msg_ctx, MSG_INFO,
776			WPS_EVENT_FAIL "msg=%d config_error=%d reason=%d (%s)",
777			fail->msg, fail->config_error, fail->error_indication,
778			wps_ei_str(fail->error_indication));
779	} else {
780		wpa_msg(hapd->msg_ctx, MSG_INFO,
781			WPS_EVENT_FAIL "msg=%d config_error=%d",
782			fail->msg, fail->config_error);
783	}
784}
785
786
787static void hostapd_wps_event_cb(void *ctx, enum wps_event event,
788				 union wps_event_data *data)
789{
790	struct hostapd_data *hapd = ctx;
791
792	switch (event) {
793	case WPS_EV_M2D:
794		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_M2D);
795		break;
796	case WPS_EV_FAIL:
797		hostapd_wps_event_fail(hapd, &data->fail);
798		break;
799	case WPS_EV_SUCCESS:
800		hostapd_wps_event_success(hapd, &data->success);
801		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_SUCCESS);
802		break;
803	case WPS_EV_PWD_AUTH_FAIL:
804		hostapd_pwd_auth_fail(hapd, &data->pwd_auth_fail);
805		break;
806	case WPS_EV_PBC_OVERLAP:
807		hostapd_wps_event_pbc_overlap(hapd);
808		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_OVERLAP);
809		break;
810	case WPS_EV_PBC_TIMEOUT:
811		hostapd_wps_event_pbc_timeout(hapd);
812		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_TIMEOUT);
813		break;
814	case WPS_EV_PBC_ACTIVE:
815		hostapd_wps_event_pbc_active(hapd);
816		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_ACTIVE);
817		break;
818	case WPS_EV_PBC_DISABLE:
819		hostapd_wps_event_pbc_disable(hapd);
820		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_DISABLE);
821		break;
822	case WPS_EV_ER_AP_ADD:
823		break;
824	case WPS_EV_ER_AP_REMOVE:
825		break;
826	case WPS_EV_ER_ENROLLEE_ADD:
827		break;
828	case WPS_EV_ER_ENROLLEE_REMOVE:
829		break;
830	case WPS_EV_ER_AP_SETTINGS:
831		break;
832	case WPS_EV_ER_SET_SELECTED_REGISTRAR:
833		break;
834	case WPS_EV_AP_PIN_SUCCESS:
835		hostapd_wps_ap_pin_success(hapd);
836		break;
837	}
838	if (hapd->wps_event_cb)
839		hapd->wps_event_cb(hapd->wps_event_cb_ctx, event, data);
840}
841
842
843static int hostapd_wps_rf_band_cb(void *ctx)
844{
845	struct hostapd_data *hapd = ctx;
846
847	return hapd->iconf->hw_mode == HOSTAPD_MODE_IEEE80211A ?
848		WPS_RF_50GHZ : WPS_RF_24GHZ; /* FIX: dualband AP */
849}
850
851
852static void hostapd_wps_clear_ies(struct hostapd_data *hapd, int deinit_only)
853{
854	wpabuf_free(hapd->wps_beacon_ie);
855	hapd->wps_beacon_ie = NULL;
856
857	wpabuf_free(hapd->wps_probe_resp_ie);
858	hapd->wps_probe_resp_ie = NULL;
859
860	if (deinit_only)
861		return;
862
863	hostapd_set_ap_wps_ie(hapd);
864}
865
866
867static int get_uuid_cb(struct hostapd_iface *iface, void *ctx)
868{
869	const u8 **uuid = ctx;
870	size_t j;
871
872	if (iface == NULL)
873		return 0;
874	for (j = 0; j < iface->num_bss; j++) {
875		struct hostapd_data *hapd = iface->bss[j];
876		if (hapd->wps && !hapd->conf->wps_independent &&
877		    !is_nil_uuid(hapd->wps->uuid)) {
878			*uuid = hapd->wps->uuid;
879			return 1;
880		}
881	}
882
883	return 0;
884}
885
886
887static const u8 * get_own_uuid(struct hostapd_iface *iface)
888{
889	const u8 *uuid;
890	if (iface->interfaces == NULL ||
891	    iface->interfaces->for_each_interface == NULL)
892		return NULL;
893	uuid = NULL;
894	iface->interfaces->for_each_interface(iface->interfaces, get_uuid_cb,
895					      &uuid);
896	return uuid;
897}
898
899
900static int count_interface_cb(struct hostapd_iface *iface, void *ctx)
901{
902	int *count= ctx;
903	(*count)++;
904	return 0;
905}
906
907
908static int interface_count(struct hostapd_iface *iface)
909{
910	int count = 0;
911	if (iface->interfaces == NULL ||
912	    iface->interfaces->for_each_interface == NULL)
913		return 0;
914	iface->interfaces->for_each_interface(iface->interfaces,
915					      count_interface_cb, &count);
916	return count;
917}
918
919
920static int hostapd_wps_set_vendor_ext(struct hostapd_data *hapd,
921				      struct wps_context *wps)
922{
923	int i;
924
925	for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++) {
926		wpabuf_free(wps->dev.vendor_ext[i]);
927		wps->dev.vendor_ext[i] = NULL;
928
929		if (hapd->conf->wps_vendor_ext[i] == NULL)
930			continue;
931
932		wps->dev.vendor_ext[i] =
933			wpabuf_dup(hapd->conf->wps_vendor_ext[i]);
934		if (wps->dev.vendor_ext[i] == NULL) {
935			while (--i >= 0)
936				wpabuf_free(wps->dev.vendor_ext[i]);
937			return -1;
938		}
939	}
940
941	return 0;
942}
943
944
945static void hostapd_free_wps(struct wps_context *wps)
946{
947	int i;
948
949	for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++)
950		wpabuf_free(wps->dev.vendor_ext[i]);
951	wps_device_data_free(&wps->dev);
952	os_free(wps->network_key);
953	hostapd_wps_nfc_clear(wps);
954	wpabuf_free(wps->dh_pubkey);
955	wpabuf_free(wps->dh_privkey);
956	os_free(wps);
957}
958
959
960int hostapd_init_wps(struct hostapd_data *hapd,
961		     struct hostapd_bss_config *conf)
962{
963	struct wps_context *wps;
964	struct wps_registrar_config cfg;
965
966	if (conf->wps_state == 0) {
967		hostapd_wps_clear_ies(hapd, 0);
968		return 0;
969	}
970
971	wps = os_zalloc(sizeof(*wps));
972	if (wps == NULL)
973		return -1;
974
975	wps->cred_cb = hostapd_wps_cred_cb;
976	wps->event_cb = hostapd_wps_event_cb;
977	wps->rf_band_cb = hostapd_wps_rf_band_cb;
978	wps->cb_ctx = hapd;
979
980	os_memset(&cfg, 0, sizeof(cfg));
981	wps->wps_state = hapd->conf->wps_state;
982	wps->ap_setup_locked = hapd->conf->ap_setup_locked;
983	if (is_nil_uuid(hapd->conf->uuid)) {
984		const u8 *uuid;
985		uuid = get_own_uuid(hapd->iface);
986		if (uuid && !conf->wps_independent) {
987			os_memcpy(wps->uuid, uuid, UUID_LEN);
988			wpa_hexdump(MSG_DEBUG, "WPS: Clone UUID from another "
989				    "interface", wps->uuid, UUID_LEN);
990		} else {
991			uuid_gen_mac_addr(hapd->own_addr, wps->uuid);
992			wpa_hexdump(MSG_DEBUG, "WPS: UUID based on MAC "
993				    "address", wps->uuid, UUID_LEN);
994		}
995	} else {
996		os_memcpy(wps->uuid, hapd->conf->uuid, UUID_LEN);
997		wpa_hexdump(MSG_DEBUG, "WPS: Use configured UUID",
998			    wps->uuid, UUID_LEN);
999	}
1000	wps->ssid_len = hapd->conf->ssid.ssid_len;
1001	os_memcpy(wps->ssid, hapd->conf->ssid.ssid, wps->ssid_len);
1002	wps->ap = 1;
1003	os_memcpy(wps->dev.mac_addr, hapd->own_addr, ETH_ALEN);
1004	wps->dev.device_name = hapd->conf->device_name ?
1005		os_strdup(hapd->conf->device_name) : NULL;
1006	wps->dev.manufacturer = hapd->conf->manufacturer ?
1007		os_strdup(hapd->conf->manufacturer) : NULL;
1008	wps->dev.model_name = hapd->conf->model_name ?
1009		os_strdup(hapd->conf->model_name) : NULL;
1010	wps->dev.model_number = hapd->conf->model_number ?
1011		os_strdup(hapd->conf->model_number) : NULL;
1012	wps->dev.serial_number = hapd->conf->serial_number ?
1013		os_strdup(hapd->conf->serial_number) : NULL;
1014	wps->config_methods =
1015		wps_config_methods_str2bin(hapd->conf->config_methods);
1016	if ((wps->config_methods &
1017	     (WPS_CONFIG_DISPLAY | WPS_CONFIG_VIRT_DISPLAY |
1018	      WPS_CONFIG_PHY_DISPLAY)) == WPS_CONFIG_DISPLAY) {
1019		wpa_printf(MSG_INFO, "WPS: Converting display to "
1020			   "virtual_display for WPS 2.0 compliance");
1021		wps->config_methods |= WPS_CONFIG_VIRT_DISPLAY;
1022	}
1023	if ((wps->config_methods &
1024	     (WPS_CONFIG_PUSHBUTTON | WPS_CONFIG_VIRT_PUSHBUTTON |
1025	      WPS_CONFIG_PHY_PUSHBUTTON)) == WPS_CONFIG_PUSHBUTTON) {
1026		wpa_printf(MSG_INFO, "WPS: Converting push_button to "
1027			   "virtual_push_button for WPS 2.0 compliance");
1028		wps->config_methods |= WPS_CONFIG_VIRT_PUSHBUTTON;
1029	}
1030	os_memcpy(wps->dev.pri_dev_type, hapd->conf->device_type,
1031		  WPS_DEV_TYPE_LEN);
1032
1033	if (hostapd_wps_set_vendor_ext(hapd, wps) < 0)
1034		goto fail;
1035
1036	wps->dev.os_version = WPA_GET_BE32(hapd->conf->os_version);
1037
1038	if (conf->wps_rf_bands) {
1039		wps->dev.rf_bands = conf->wps_rf_bands;
1040	} else {
1041		wps->dev.rf_bands =
1042			hapd->iconf->hw_mode == HOSTAPD_MODE_IEEE80211A ?
1043			WPS_RF_50GHZ : WPS_RF_24GHZ; /* FIX: dualband AP */
1044	}
1045
1046	if (conf->wpa & WPA_PROTO_RSN) {
1047		if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK)
1048			wps->auth_types |= WPS_AUTH_WPA2PSK;
1049		if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X)
1050			wps->auth_types |= WPS_AUTH_WPA2;
1051
1052		if (conf->rsn_pairwise & WPA_CIPHER_CCMP)
1053			wps->encr_types |= WPS_ENCR_AES;
1054		if (conf->rsn_pairwise & WPA_CIPHER_TKIP)
1055			wps->encr_types |= WPS_ENCR_TKIP;
1056	}
1057
1058	if (conf->wpa & WPA_PROTO_WPA) {
1059		if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK)
1060			wps->auth_types |= WPS_AUTH_WPAPSK;
1061		if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X)
1062			wps->auth_types |= WPS_AUTH_WPA;
1063
1064		if (conf->wpa_pairwise & WPA_CIPHER_CCMP)
1065			wps->encr_types |= WPS_ENCR_AES;
1066		if (conf->wpa_pairwise & WPA_CIPHER_TKIP)
1067			wps->encr_types |= WPS_ENCR_TKIP;
1068	}
1069
1070	if (conf->ssid.security_policy == SECURITY_PLAINTEXT) {
1071		wps->encr_types |= WPS_ENCR_NONE;
1072		wps->auth_types |= WPS_AUTH_OPEN;
1073	}
1074
1075	if (conf->ssid.wpa_psk_file) {
1076		/* Use per-device PSKs */
1077	} else if (conf->ssid.wpa_passphrase) {
1078		wps->network_key = (u8 *) os_strdup(conf->ssid.wpa_passphrase);
1079		wps->network_key_len = os_strlen(conf->ssid.wpa_passphrase);
1080	} else if (conf->ssid.wpa_psk) {
1081		wps->network_key = os_malloc(2 * PMK_LEN + 1);
1082		if (wps->network_key == NULL)
1083			goto fail;
1084		wpa_snprintf_hex((char *) wps->network_key, 2 * PMK_LEN + 1,
1085				 conf->ssid.wpa_psk->psk, PMK_LEN);
1086		wps->network_key_len = 2 * PMK_LEN;
1087	} else if (conf->ssid.wep.keys_set && conf->ssid.wep.key[0]) {
1088		wps->network_key = os_malloc(conf->ssid.wep.len[0]);
1089		if (wps->network_key == NULL)
1090			goto fail;
1091		os_memcpy(wps->network_key, conf->ssid.wep.key[0],
1092			  conf->ssid.wep.len[0]);
1093		wps->network_key_len = conf->ssid.wep.len[0];
1094	}
1095
1096	if (conf->ssid.wpa_psk) {
1097		os_memcpy(wps->psk, conf->ssid.wpa_psk->psk, PMK_LEN);
1098		wps->psk_set = 1;
1099	}
1100
1101	wps->ap_auth_type = wps->auth_types;
1102	wps->ap_encr_type = wps->encr_types;
1103	if (conf->wps_state == WPS_STATE_NOT_CONFIGURED) {
1104		/* Override parameters to enable security by default */
1105		wps->auth_types = WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK;
1106		wps->encr_types = WPS_ENCR_AES | WPS_ENCR_TKIP;
1107	}
1108
1109	wps->ap_settings = conf->ap_settings;
1110	wps->ap_settings_len = conf->ap_settings_len;
1111
1112	cfg.new_psk_cb = hostapd_wps_new_psk_cb;
1113	cfg.set_ie_cb = hostapd_wps_set_ie_cb;
1114	cfg.pin_needed_cb = hostapd_wps_pin_needed_cb;
1115	cfg.reg_success_cb = hostapd_wps_reg_success_cb;
1116	cfg.enrollee_seen_cb = hostapd_wps_enrollee_seen_cb;
1117	cfg.cb_ctx = hapd;
1118	cfg.skip_cred_build = conf->skip_cred_build;
1119	cfg.extra_cred = conf->extra_cred;
1120	cfg.extra_cred_len = conf->extra_cred_len;
1121	cfg.disable_auto_conf = (hapd->conf->wps_cred_processing == 1) &&
1122		conf->skip_cred_build;
1123	if (conf->ssid.security_policy == SECURITY_STATIC_WEP)
1124		cfg.static_wep_only = 1;
1125	cfg.dualband = interface_count(hapd->iface) > 1;
1126	if ((wps->dev.rf_bands & (WPS_RF_50GHZ | WPS_RF_24GHZ)) ==
1127	    (WPS_RF_50GHZ | WPS_RF_24GHZ))
1128		cfg.dualband = 1;
1129	if (cfg.dualband)
1130		wpa_printf(MSG_DEBUG, "WPS: Dualband AP");
1131	cfg.force_per_enrollee_psk = conf->force_per_enrollee_psk;
1132
1133	wps->registrar = wps_registrar_init(wps, &cfg);
1134	if (wps->registrar == NULL) {
1135		wpa_printf(MSG_ERROR, "Failed to initialize WPS Registrar");
1136		goto fail;
1137	}
1138
1139#ifdef CONFIG_WPS_UPNP
1140	wps->friendly_name = hapd->conf->friendly_name;
1141	wps->manufacturer_url = hapd->conf->manufacturer_url;
1142	wps->model_description = hapd->conf->model_description;
1143	wps->model_url = hapd->conf->model_url;
1144	wps->upc = hapd->conf->upc;
1145#endif /* CONFIG_WPS_UPNP */
1146
1147	hostapd_register_probereq_cb(hapd, hostapd_wps_probe_req_rx, hapd);
1148
1149	hapd->wps = wps;
1150
1151	return 0;
1152
1153fail:
1154	hostapd_free_wps(wps);
1155	return -1;
1156}
1157
1158
1159int hostapd_init_wps_complete(struct hostapd_data *hapd)
1160{
1161	struct wps_context *wps = hapd->wps;
1162
1163	if (wps == NULL)
1164		return 0;
1165
1166#ifdef CONFIG_WPS_UPNP
1167	if (hostapd_wps_upnp_init(hapd, wps) < 0) {
1168		wpa_printf(MSG_ERROR, "Failed to initialize WPS UPnP");
1169		wps_registrar_deinit(wps->registrar);
1170		hostapd_free_wps(wps);
1171		hapd->wps = NULL;
1172		return -1;
1173	}
1174#endif /* CONFIG_WPS_UPNP */
1175
1176	return 0;
1177}
1178
1179
1180static void hostapd_wps_nfc_clear(struct wps_context *wps)
1181{
1182#ifdef CONFIG_WPS_NFC
1183	wpa_printf(MSG_DEBUG, "WPS: Clear NFC Tag context %p", wps);
1184	wps->ap_nfc_dev_pw_id = 0;
1185	wpabuf_free(wps->ap_nfc_dh_pubkey);
1186	wps->ap_nfc_dh_pubkey = NULL;
1187	wpabuf_free(wps->ap_nfc_dh_privkey);
1188	wps->ap_nfc_dh_privkey = NULL;
1189	wpabuf_free(wps->ap_nfc_dev_pw);
1190	wps->ap_nfc_dev_pw = NULL;
1191#endif /* CONFIG_WPS_NFC */
1192}
1193
1194
1195void hostapd_deinit_wps(struct hostapd_data *hapd)
1196{
1197	eloop_cancel_timeout(hostapd_wps_reenable_ap_pin, hapd, NULL);
1198	eloop_cancel_timeout(hostapd_wps_ap_pin_timeout, hapd, NULL);
1199	eloop_cancel_timeout(wps_reload_config, hapd->iface, NULL);
1200	if (hapd->wps == NULL) {
1201		hostapd_wps_clear_ies(hapd, 1);
1202		return;
1203	}
1204#ifdef CONFIG_WPS_UPNP
1205	hostapd_wps_upnp_deinit(hapd);
1206#endif /* CONFIG_WPS_UPNP */
1207	wps_registrar_deinit(hapd->wps->registrar);
1208	wps_free_pending_msgs(hapd->wps->upnp_msgs);
1209	hostapd_free_wps(hapd->wps);
1210	hapd->wps = NULL;
1211	hostapd_wps_clear_ies(hapd, 1);
1212}
1213
1214
1215void hostapd_update_wps(struct hostapd_data *hapd)
1216{
1217	if (hapd->wps == NULL)
1218		return;
1219
1220#ifdef CONFIG_WPS_UPNP
1221	hapd->wps->friendly_name = hapd->conf->friendly_name;
1222	hapd->wps->manufacturer_url = hapd->conf->manufacturer_url;
1223	hapd->wps->model_description = hapd->conf->model_description;
1224	hapd->wps->model_url = hapd->conf->model_url;
1225	hapd->wps->upc = hapd->conf->upc;
1226#endif /* CONFIG_WPS_UPNP */
1227
1228	hostapd_wps_set_vendor_ext(hapd, hapd->wps);
1229
1230	if (hapd->conf->wps_state)
1231		wps_registrar_update_ie(hapd->wps->registrar);
1232	else
1233		hostapd_deinit_wps(hapd);
1234}
1235
1236
1237struct wps_add_pin_data {
1238	const u8 *addr;
1239	const u8 *uuid;
1240	const u8 *pin;
1241	size_t pin_len;
1242	int timeout;
1243	int added;
1244};
1245
1246
1247static int wps_add_pin(struct hostapd_data *hapd, void *ctx)
1248{
1249	struct wps_add_pin_data *data = ctx;
1250	int ret;
1251
1252	if (hapd->wps == NULL)
1253		return 0;
1254	ret = wps_registrar_add_pin(hapd->wps->registrar, data->addr,
1255				    data->uuid, data->pin, data->pin_len,
1256				    data->timeout);
1257	if (ret == 0)
1258		data->added++;
1259	return ret;
1260}
1261
1262
1263int hostapd_wps_add_pin(struct hostapd_data *hapd, const u8 *addr,
1264			const char *uuid, const char *pin, int timeout)
1265{
1266	u8 u[UUID_LEN];
1267	struct wps_add_pin_data data;
1268
1269	data.addr = addr;
1270	data.uuid = u;
1271	data.pin = (const u8 *) pin;
1272	data.pin_len = os_strlen(pin);
1273	data.timeout = timeout;
1274	data.added = 0;
1275
1276	if (os_strcmp(uuid, "any") == 0)
1277		data.uuid = NULL;
1278	else {
1279		if (uuid_str2bin(uuid, u))
1280			return -1;
1281		data.uuid = u;
1282	}
1283	if (hostapd_wps_for_each(hapd, wps_add_pin, &data) < 0)
1284		return -1;
1285	return data.added ? 0 : -1;
1286}
1287
1288
1289static int wps_button_pushed(struct hostapd_data *hapd, void *ctx)
1290{
1291	const u8 *p2p_dev_addr = ctx;
1292	if (hapd->wps == NULL)
1293		return -1;
1294	return wps_registrar_button_pushed(hapd->wps->registrar, p2p_dev_addr);
1295}
1296
1297
1298int hostapd_wps_button_pushed(struct hostapd_data *hapd,
1299			      const u8 *p2p_dev_addr)
1300{
1301	return hostapd_wps_for_each(hapd, wps_button_pushed,
1302				    (void *) p2p_dev_addr);
1303}
1304
1305
1306static int wps_cancel(struct hostapd_data *hapd, void *ctx)
1307{
1308	if (hapd->wps == NULL)
1309		return -1;
1310
1311	wps_registrar_wps_cancel(hapd->wps->registrar);
1312	ap_for_each_sta(hapd, ap_sta_wps_cancel, NULL);
1313
1314	return 0;
1315}
1316
1317
1318int hostapd_wps_cancel(struct hostapd_data *hapd)
1319{
1320	return hostapd_wps_for_each(hapd, wps_cancel, NULL);
1321}
1322
1323
1324static int hostapd_wps_probe_req_rx(void *ctx, const u8 *addr, const u8 *da,
1325				    const u8 *bssid,
1326				    const u8 *ie, size_t ie_len,
1327				    int ssi_signal)
1328{
1329	struct hostapd_data *hapd = ctx;
1330	struct wpabuf *wps_ie;
1331	struct ieee802_11_elems elems;
1332
1333	if (hapd->wps == NULL)
1334		return 0;
1335
1336	if (ieee802_11_parse_elems(ie, ie_len, &elems, 0) == ParseFailed) {
1337		wpa_printf(MSG_DEBUG, "WPS: Could not parse ProbeReq from "
1338			   MACSTR, MAC2STR(addr));
1339		return 0;
1340	}
1341
1342	if (elems.ssid && elems.ssid_len > 0 &&
1343	    (elems.ssid_len != hapd->conf->ssid.ssid_len ||
1344	     os_memcmp(elems.ssid, hapd->conf->ssid.ssid, elems.ssid_len) !=
1345	     0))
1346		return 0; /* Not for us */
1347
1348	wps_ie = ieee802_11_vendor_ie_concat(ie, ie_len, WPS_DEV_OUI_WFA);
1349	if (wps_ie == NULL)
1350		return 0;
1351	if (wps_validate_probe_req(wps_ie, addr) < 0) {
1352		wpabuf_free(wps_ie);
1353		return 0;
1354	}
1355
1356	if (wpabuf_len(wps_ie) > 0) {
1357		int p2p_wildcard = 0;
1358#ifdef CONFIG_P2P
1359		if (elems.ssid && elems.ssid_len == P2P_WILDCARD_SSID_LEN &&
1360		    os_memcmp(elems.ssid, P2P_WILDCARD_SSID,
1361			      P2P_WILDCARD_SSID_LEN) == 0)
1362			p2p_wildcard = 1;
1363#endif /* CONFIG_P2P */
1364		wps_registrar_probe_req_rx(hapd->wps->registrar, addr, wps_ie,
1365					   p2p_wildcard);
1366#ifdef CONFIG_WPS_UPNP
1367		/* FIX: what exactly should be included in the WLANEvent?
1368		 * WPS attributes? Full ProbeReq frame? */
1369		if (!p2p_wildcard)
1370			upnp_wps_device_send_wlan_event(
1371				hapd->wps_upnp, addr,
1372				UPNP_WPS_WLANEVENT_TYPE_PROBE, wps_ie);
1373#endif /* CONFIG_WPS_UPNP */
1374	}
1375
1376	wpabuf_free(wps_ie);
1377
1378	return 0;
1379}
1380
1381
1382#ifdef CONFIG_WPS_UPNP
1383
1384static int hostapd_rx_req_put_wlan_response(
1385	void *priv, enum upnp_wps_wlanevent_type ev_type,
1386	const u8 *mac_addr, const struct wpabuf *msg,
1387	enum wps_msg_type msg_type)
1388{
1389	struct hostapd_data *hapd = priv;
1390	struct sta_info *sta;
1391	struct upnp_pending_message *p;
1392
1393	wpa_printf(MSG_DEBUG, "WPS UPnP: PutWLANResponse ev_type=%d mac_addr="
1394		   MACSTR, ev_type, MAC2STR(mac_addr));
1395	wpa_hexdump(MSG_MSGDUMP, "WPS UPnP: PutWLANResponse NewMessage",
1396		    wpabuf_head(msg), wpabuf_len(msg));
1397	if (ev_type != UPNP_WPS_WLANEVENT_TYPE_EAP) {
1398		wpa_printf(MSG_DEBUG, "WPS UPnP: Ignored unexpected "
1399			   "PutWLANResponse WLANEventType %d", ev_type);
1400		return -1;
1401	}
1402
1403	/*
1404	 * EAP response to ongoing to WPS Registration. Send it to EAP-WSC
1405	 * server implementation for delivery to the peer.
1406	 */
1407
1408	sta = ap_get_sta(hapd, mac_addr);
1409#ifndef CONFIG_WPS_STRICT
1410	if (!sta) {
1411		/*
1412		 * Workaround - Intel wsccmd uses bogus NewWLANEventMAC:
1413		 * Pick STA that is in an ongoing WPS registration without
1414		 * checking the MAC address.
1415		 */
1416		wpa_printf(MSG_DEBUG, "WPS UPnP: No matching STA found based "
1417			   "on NewWLANEventMAC; try wildcard match");
1418		for (sta = hapd->sta_list; sta; sta = sta->next) {
1419			if (sta->eapol_sm && (sta->flags & WLAN_STA_WPS))
1420				break;
1421		}
1422	}
1423#endif /* CONFIG_WPS_STRICT */
1424
1425	if (!sta || !(sta->flags & WLAN_STA_WPS)) {
1426		wpa_printf(MSG_DEBUG, "WPS UPnP: No matching STA found");
1427		return 0;
1428	}
1429
1430	if (!sta->eapol_sm) {
1431		/*
1432		 * This can happen, e.g., if an ER sends an extra message after
1433		 * the station has disassociated (but not fully
1434		 * deauthenticated).
1435		 */
1436		wpa_printf(MSG_DEBUG, "WPS UPnP: Matching STA did not have EAPOL state machine initialized");
1437		return 0;
1438	}
1439
1440	p = os_zalloc(sizeof(*p));
1441	if (p == NULL)
1442		return -1;
1443	os_memcpy(p->addr, sta->addr, ETH_ALEN);
1444	p->msg = wpabuf_dup(msg);
1445	p->type = msg_type;
1446	p->next = hapd->wps->upnp_msgs;
1447	hapd->wps->upnp_msgs = p;
1448
1449	return eapol_auth_eap_pending_cb(sta->eapol_sm, sta->eapol_sm->eap);
1450}
1451
1452
1453static int hostapd_wps_upnp_init(struct hostapd_data *hapd,
1454				 struct wps_context *wps)
1455{
1456	struct upnp_wps_device_ctx *ctx;
1457
1458	if (!hapd->conf->upnp_iface)
1459		return 0;
1460	ctx = os_zalloc(sizeof(*ctx));
1461	if (ctx == NULL)
1462		return -1;
1463
1464	ctx->rx_req_put_wlan_response = hostapd_rx_req_put_wlan_response;
1465	if (hapd->conf->ap_pin)
1466		ctx->ap_pin = os_strdup(hapd->conf->ap_pin);
1467
1468	hapd->wps_upnp = upnp_wps_device_init(ctx, wps, hapd,
1469					      hapd->conf->upnp_iface);
1470	if (hapd->wps_upnp == NULL)
1471		return -1;
1472	wps->wps_upnp = hapd->wps_upnp;
1473
1474	return 0;
1475}
1476
1477
1478static void hostapd_wps_upnp_deinit(struct hostapd_data *hapd)
1479{
1480	upnp_wps_device_deinit(hapd->wps_upnp, hapd);
1481}
1482
1483#endif /* CONFIG_WPS_UPNP */
1484
1485
1486int hostapd_wps_get_mib_sta(struct hostapd_data *hapd, const u8 *addr,
1487			    char *buf, size_t buflen)
1488{
1489	if (hapd->wps == NULL)
1490		return 0;
1491	return wps_registrar_get_info(hapd->wps->registrar, addr, buf, buflen);
1492}
1493
1494
1495static void hostapd_wps_ap_pin_timeout(void *eloop_data, void *user_ctx)
1496{
1497	struct hostapd_data *hapd = eloop_data;
1498	wpa_printf(MSG_DEBUG, "WPS: AP PIN timed out");
1499	hostapd_wps_ap_pin_disable(hapd);
1500	wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_AP_PIN_DISABLED);
1501}
1502
1503
1504static void hostapd_wps_ap_pin_enable(struct hostapd_data *hapd, int timeout)
1505{
1506	wpa_printf(MSG_DEBUG, "WPS: Enabling AP PIN (timeout=%d)", timeout);
1507	hapd->ap_pin_failures = 0;
1508	hapd->ap_pin_failures_consecutive = 0;
1509	hapd->conf->ap_setup_locked = 0;
1510	if (hapd->wps->ap_setup_locked) {
1511		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_AP_SETUP_UNLOCKED);
1512		hapd->wps->ap_setup_locked = 0;
1513		wps_registrar_update_ie(hapd->wps->registrar);
1514	}
1515	eloop_cancel_timeout(hostapd_wps_ap_pin_timeout, hapd, NULL);
1516	if (timeout > 0)
1517		eloop_register_timeout(timeout, 0,
1518				       hostapd_wps_ap_pin_timeout, hapd, NULL);
1519}
1520
1521
1522static int wps_ap_pin_disable(struct hostapd_data *hapd, void *ctx)
1523{
1524	os_free(hapd->conf->ap_pin);
1525	hapd->conf->ap_pin = NULL;
1526#ifdef CONFIG_WPS_UPNP
1527	upnp_wps_set_ap_pin(hapd->wps_upnp, NULL);
1528#endif /* CONFIG_WPS_UPNP */
1529	eloop_cancel_timeout(hostapd_wps_ap_pin_timeout, hapd, NULL);
1530	return 0;
1531}
1532
1533
1534void hostapd_wps_ap_pin_disable(struct hostapd_data *hapd)
1535{
1536	wpa_printf(MSG_DEBUG, "WPS: Disabling AP PIN");
1537	hostapd_wps_for_each(hapd, wps_ap_pin_disable, NULL);
1538}
1539
1540
1541struct wps_ap_pin_data {
1542	char pin_txt[9];
1543	int timeout;
1544};
1545
1546
1547static int wps_ap_pin_set(struct hostapd_data *hapd, void *ctx)
1548{
1549	struct wps_ap_pin_data *data = ctx;
1550	os_free(hapd->conf->ap_pin);
1551	hapd->conf->ap_pin = os_strdup(data->pin_txt);
1552#ifdef CONFIG_WPS_UPNP
1553	upnp_wps_set_ap_pin(hapd->wps_upnp, data->pin_txt);
1554#endif /* CONFIG_WPS_UPNP */
1555	hostapd_wps_ap_pin_enable(hapd, data->timeout);
1556	return 0;
1557}
1558
1559
1560const char * hostapd_wps_ap_pin_random(struct hostapd_data *hapd, int timeout)
1561{
1562	unsigned int pin;
1563	struct wps_ap_pin_data data;
1564
1565	pin = wps_generate_pin();
1566	os_snprintf(data.pin_txt, sizeof(data.pin_txt), "%08u", pin);
1567	data.timeout = timeout;
1568	hostapd_wps_for_each(hapd, wps_ap_pin_set, &data);
1569	return hapd->conf->ap_pin;
1570}
1571
1572
1573const char * hostapd_wps_ap_pin_get(struct hostapd_data *hapd)
1574{
1575	return hapd->conf->ap_pin;
1576}
1577
1578
1579int hostapd_wps_ap_pin_set(struct hostapd_data *hapd, const char *pin,
1580			   int timeout)
1581{
1582	struct wps_ap_pin_data data;
1583	int ret;
1584
1585	ret = os_snprintf(data.pin_txt, sizeof(data.pin_txt), "%s", pin);
1586	if (ret < 0 || ret >= (int) sizeof(data.pin_txt))
1587		return -1;
1588	data.timeout = timeout;
1589	return hostapd_wps_for_each(hapd, wps_ap_pin_set, &data);
1590}
1591
1592
1593static int wps_update_ie(struct hostapd_data *hapd, void *ctx)
1594{
1595	if (hapd->wps)
1596		wps_registrar_update_ie(hapd->wps->registrar);
1597	return 0;
1598}
1599
1600
1601void hostapd_wps_update_ie(struct hostapd_data *hapd)
1602{
1603	hostapd_wps_for_each(hapd, wps_update_ie, NULL);
1604}
1605
1606
1607int hostapd_wps_config_ap(struct hostapd_data *hapd, const char *ssid,
1608			  const char *auth, const char *encr, const char *key)
1609{
1610	struct wps_credential cred;
1611	size_t len;
1612
1613	os_memset(&cred, 0, sizeof(cred));
1614
1615	len = os_strlen(ssid);
1616	if ((len & 1) || len > 2 * sizeof(cred.ssid) ||
1617	    hexstr2bin(ssid, cred.ssid, len / 2))
1618		return -1;
1619	cred.ssid_len = len / 2;
1620
1621	if (os_strncmp(auth, "OPEN", 4) == 0)
1622		cred.auth_type = WPS_AUTH_OPEN;
1623	else if (os_strncmp(auth, "WPAPSK", 6) == 0)
1624		cred.auth_type = WPS_AUTH_WPAPSK;
1625	else if (os_strncmp(auth, "WPA2PSK", 7) == 0)
1626		cred.auth_type = WPS_AUTH_WPA2PSK;
1627	else
1628		return -1;
1629
1630	if (encr) {
1631		if (os_strncmp(encr, "NONE", 4) == 0)
1632			cred.encr_type = WPS_ENCR_NONE;
1633		else if (os_strncmp(encr, "TKIP", 4) == 0)
1634			cred.encr_type = WPS_ENCR_TKIP;
1635		else if (os_strncmp(encr, "CCMP", 4) == 0)
1636			cred.encr_type = WPS_ENCR_AES;
1637		else
1638			return -1;
1639	} else
1640		cred.encr_type = WPS_ENCR_NONE;
1641
1642	if (key) {
1643		len = os_strlen(key);
1644		if ((len & 1) || len > 2 * sizeof(cred.key) ||
1645		    hexstr2bin(key, cred.key, len / 2))
1646			return -1;
1647		cred.key_len = len / 2;
1648	}
1649
1650	return wps_registrar_config_ap(hapd->wps->registrar, &cred);
1651}
1652
1653
1654#ifdef CONFIG_WPS_NFC
1655
1656struct wps_nfc_password_token_data {
1657	const u8 *oob_dev_pw;
1658	size_t oob_dev_pw_len;
1659	int added;
1660};
1661
1662
1663static int wps_add_nfc_password_token(struct hostapd_data *hapd, void *ctx)
1664{
1665	struct wps_nfc_password_token_data *data = ctx;
1666	int ret;
1667
1668	if (hapd->wps == NULL)
1669		return 0;
1670	ret = wps_registrar_add_nfc_password_token(hapd->wps->registrar,
1671						   data->oob_dev_pw,
1672						   data->oob_dev_pw_len);
1673	if (ret == 0)
1674		data->added++;
1675	return ret;
1676}
1677
1678
1679static int hostapd_wps_add_nfc_password_token(struct hostapd_data *hapd,
1680					      struct wps_parse_attr *attr)
1681{
1682	struct wps_nfc_password_token_data data;
1683
1684	data.oob_dev_pw = attr->oob_dev_password;
1685	data.oob_dev_pw_len = attr->oob_dev_password_len;
1686	data.added = 0;
1687	if (hostapd_wps_for_each(hapd, wps_add_nfc_password_token, &data) < 0)
1688		return -1;
1689	return data.added ? 0 : -1;
1690}
1691
1692
1693static int hostapd_wps_nfc_tag_process(struct hostapd_data *hapd,
1694				       const struct wpabuf *wps)
1695{
1696	struct wps_parse_attr attr;
1697
1698	wpa_hexdump_buf(MSG_DEBUG, "WPS: Received NFC tag payload", wps);
1699
1700	if (wps_parse_msg(wps, &attr)) {
1701		wpa_printf(MSG_DEBUG, "WPS: Ignore invalid data from NFC tag");
1702		return -1;
1703	}
1704
1705	if (attr.oob_dev_password)
1706		return hostapd_wps_add_nfc_password_token(hapd, &attr);
1707
1708	wpa_printf(MSG_DEBUG, "WPS: Ignore unrecognized NFC tag");
1709	return -1;
1710}
1711
1712
1713int hostapd_wps_nfc_tag_read(struct hostapd_data *hapd,
1714			     const struct wpabuf *data)
1715{
1716	const struct wpabuf *wps = data;
1717	struct wpabuf *tmp = NULL;
1718	int ret;
1719
1720	if (wpabuf_len(data) < 4)
1721		return -1;
1722
1723	if (*wpabuf_head_u8(data) != 0x10) {
1724		/* Assume this contains full NDEF record */
1725		tmp = ndef_parse_wifi(data);
1726		if (tmp == NULL) {
1727			wpa_printf(MSG_DEBUG, "WPS: Could not parse NDEF");
1728			return -1;
1729		}
1730		wps = tmp;
1731	}
1732
1733	ret = hostapd_wps_nfc_tag_process(hapd, wps);
1734	wpabuf_free(tmp);
1735	return ret;
1736}
1737
1738
1739struct wpabuf * hostapd_wps_nfc_config_token(struct hostapd_data *hapd,
1740					     int ndef)
1741{
1742	struct wpabuf *ret;
1743
1744	if (hapd->wps == NULL)
1745		return NULL;
1746
1747	ret = wps_get_oob_cred(hapd->wps, hostapd_wps_rf_band_cb(hapd),
1748			       hapd->iconf->channel);
1749	if (ndef && ret) {
1750		struct wpabuf *tmp;
1751		tmp = ndef_build_wifi(ret);
1752		wpabuf_free(ret);
1753		if (tmp == NULL)
1754			return NULL;
1755		ret = tmp;
1756	}
1757
1758	return ret;
1759}
1760
1761
1762struct wpabuf * hostapd_wps_nfc_hs_cr(struct hostapd_data *hapd, int ndef)
1763{
1764	struct wpabuf *ret;
1765
1766	if (hapd->wps == NULL)
1767		return NULL;
1768
1769	if (hapd->conf->wps_nfc_dh_pubkey == NULL) {
1770		struct wps_context *wps = hapd->wps;
1771		if (wps_nfc_gen_dh(&hapd->conf->wps_nfc_dh_pubkey,
1772				   &hapd->conf->wps_nfc_dh_privkey) < 0)
1773			return NULL;
1774		hostapd_wps_nfc_clear(wps);
1775		wps->ap_nfc_dev_pw_id = DEV_PW_NFC_CONNECTION_HANDOVER;
1776		wps->ap_nfc_dh_pubkey =
1777			wpabuf_dup(hapd->conf->wps_nfc_dh_pubkey);
1778		wps->ap_nfc_dh_privkey =
1779			wpabuf_dup(hapd->conf->wps_nfc_dh_privkey);
1780		if (!wps->ap_nfc_dh_pubkey || !wps->ap_nfc_dh_privkey) {
1781			hostapd_wps_nfc_clear(wps);
1782			return NULL;
1783		}
1784	}
1785
1786	ret = wps_build_nfc_handover_sel(hapd->wps,
1787					 hapd->conf->wps_nfc_dh_pubkey,
1788					 hapd->own_addr, hapd->iface->freq);
1789
1790	if (ndef && ret) {
1791		struct wpabuf *tmp;
1792		tmp = ndef_build_wifi(ret);
1793		wpabuf_free(ret);
1794		if (tmp == NULL)
1795			return NULL;
1796		ret = tmp;
1797	}
1798
1799	return ret;
1800}
1801
1802
1803int hostapd_wps_nfc_report_handover(struct hostapd_data *hapd,
1804				    const struct wpabuf *req,
1805				    const struct wpabuf *sel)
1806{
1807	struct wpabuf *wps;
1808	int ret = -1;
1809	u16 wsc_len;
1810	const u8 *pos;
1811	struct wpabuf msg;
1812	struct wps_parse_attr attr;
1813	u16 dev_pw_id;
1814
1815	/*
1816	 * Enrollee/station is always initiator of the NFC connection handover,
1817	 * so use the request message here to find Enrollee public key hash.
1818	 */
1819	wps = ndef_parse_wifi(req);
1820	if (wps == NULL)
1821		return -1;
1822	wpa_printf(MSG_DEBUG, "WPS: Received application/vnd.wfa.wsc "
1823		   "payload from NFC connection handover");
1824	wpa_hexdump_buf(MSG_DEBUG, "WPS: NFC payload", wps);
1825	if (wpabuf_len(wps) < 2) {
1826		wpa_printf(MSG_DEBUG, "WPS: Too short Wi-Fi Handover Request "
1827			   "Message");
1828		goto out;
1829	}
1830	pos = wpabuf_head(wps);
1831	wsc_len = WPA_GET_BE16(pos);
1832	if (wsc_len > wpabuf_len(wps) - 2) {
1833		wpa_printf(MSG_DEBUG, "WPS: Invalid WSC attribute length (%u) "
1834			   "in rt Wi-Fi Handover Request Message", wsc_len);
1835		goto out;
1836	}
1837	pos += 2;
1838
1839	wpa_hexdump(MSG_DEBUG,
1840		    "WPS: WSC attributes in Wi-Fi Handover Request Message",
1841		    pos, wsc_len);
1842	if (wsc_len < wpabuf_len(wps) - 2) {
1843		wpa_hexdump(MSG_DEBUG,
1844			    "WPS: Ignore extra data after WSC attributes",
1845			    pos + wsc_len, wpabuf_len(wps) - 2 - wsc_len);
1846	}
1847
1848	wpabuf_set(&msg, pos, wsc_len);
1849	ret = wps_parse_msg(&msg, &attr);
1850	if (ret < 0) {
1851		wpa_printf(MSG_DEBUG, "WPS: Could not parse WSC attributes in "
1852			   "Wi-Fi Handover Request Message");
1853		goto out;
1854	}
1855
1856	if (attr.oob_dev_password == NULL ||
1857	    attr.oob_dev_password_len < WPS_OOB_PUBKEY_HASH_LEN + 2) {
1858		wpa_printf(MSG_DEBUG, "WPS: No Out-of-Band Device Password "
1859			   "included in Wi-Fi Handover Request Message");
1860		ret = -1;
1861		goto out;
1862	}
1863
1864	if (attr.uuid_e == NULL) {
1865		wpa_printf(MSG_DEBUG, "WPS: No UUID-E included in Wi-Fi "
1866			   "Handover Request Message");
1867		ret = -1;
1868		goto out;
1869	}
1870
1871	wpa_hexdump(MSG_DEBUG, "WPS: UUID-E", attr.uuid_e, WPS_UUID_LEN);
1872
1873	wpa_hexdump(MSG_DEBUG, "WPS: Out-of-Band Device Password",
1874		    attr.oob_dev_password, attr.oob_dev_password_len);
1875	dev_pw_id = WPA_GET_BE16(attr.oob_dev_password +
1876				 WPS_OOB_PUBKEY_HASH_LEN);
1877	if (dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER) {
1878		wpa_printf(MSG_DEBUG, "WPS: Unexpected OOB Device Password ID "
1879			   "%u in Wi-Fi Handover Request Message", dev_pw_id);
1880		ret = -1;
1881		goto out;
1882	}
1883	wpa_hexdump(MSG_DEBUG, "WPS: Enrollee Public Key hash",
1884		    attr.oob_dev_password, WPS_OOB_PUBKEY_HASH_LEN);
1885
1886	ret = wps_registrar_add_nfc_pw_token(hapd->wps->registrar,
1887					     attr.oob_dev_password,
1888					     DEV_PW_NFC_CONNECTION_HANDOVER,
1889					     NULL, 0, 1);
1890
1891out:
1892	wpabuf_free(wps);
1893	return ret;
1894}
1895
1896
1897struct wpabuf * hostapd_wps_nfc_token_gen(struct hostapd_data *hapd, int ndef)
1898{
1899	if (hapd->conf->wps_nfc_pw_from_config) {
1900		return wps_nfc_token_build(ndef,
1901					   hapd->conf->wps_nfc_dev_pw_id,
1902					   hapd->conf->wps_nfc_dh_pubkey,
1903					   hapd->conf->wps_nfc_dev_pw);
1904	}
1905
1906	return wps_nfc_token_gen(ndef, &hapd->conf->wps_nfc_dev_pw_id,
1907				 &hapd->conf->wps_nfc_dh_pubkey,
1908				 &hapd->conf->wps_nfc_dh_privkey,
1909				 &hapd->conf->wps_nfc_dev_pw);
1910}
1911
1912
1913int hostapd_wps_nfc_token_enable(struct hostapd_data *hapd)
1914{
1915	struct wps_context *wps = hapd->wps;
1916	struct wpabuf *pw;
1917
1918	if (wps == NULL)
1919		return -1;
1920
1921	if (!hapd->conf->wps_nfc_dh_pubkey ||
1922	    !hapd->conf->wps_nfc_dh_privkey ||
1923	    !hapd->conf->wps_nfc_dev_pw ||
1924	    !hapd->conf->wps_nfc_dev_pw_id)
1925		return -1;
1926
1927	hostapd_wps_nfc_clear(wps);
1928	wpa_printf(MSG_DEBUG,
1929		   "WPS: Enable NFC Tag (Dev Pw Id %u) for AP interface %s (context %p)",
1930		   hapd->conf->wps_nfc_dev_pw_id, hapd->conf->iface, wps);
1931	wps->ap_nfc_dev_pw_id = hapd->conf->wps_nfc_dev_pw_id;
1932	wps->ap_nfc_dh_pubkey = wpabuf_dup(hapd->conf->wps_nfc_dh_pubkey);
1933	wps->ap_nfc_dh_privkey = wpabuf_dup(hapd->conf->wps_nfc_dh_privkey);
1934	pw = hapd->conf->wps_nfc_dev_pw;
1935	wps->ap_nfc_dev_pw = wpabuf_alloc(
1936		wpabuf_len(pw) * 2 + 1);
1937	if (wps->ap_nfc_dev_pw) {
1938		wpa_snprintf_hex_uppercase(
1939			(char *) wpabuf_put(wps->ap_nfc_dev_pw,
1940					    wpabuf_len(pw) * 2),
1941			wpabuf_len(pw) * 2 + 1,
1942			wpabuf_head(pw), wpabuf_len(pw));
1943	}
1944
1945	if (!wps->ap_nfc_dh_pubkey || !wps->ap_nfc_dh_privkey ||
1946	    !wps->ap_nfc_dev_pw) {
1947		hostapd_wps_nfc_clear(wps);
1948		return -1;
1949	}
1950
1951	return 0;
1952}
1953
1954
1955void hostapd_wps_nfc_token_disable(struct hostapd_data *hapd)
1956{
1957	wpa_printf(MSG_DEBUG, "WPS: Disable NFC token for AP interface %s",
1958		   hapd->conf->iface);
1959	hostapd_wps_nfc_clear(hapd->wps);
1960}
1961
1962#endif /* CONFIG_WPS_NFC */
1963