wps_hostapd.c revision 444d567b27731d8572ef37697dd12fd1c37c2f24
12cfd52c507bd5790457a171eb9bcb39019cc6860Chris Lattner/*
2c140c4803dc3e10e08138670829bc0494986abe9David Goodwin * hostapd / WPS integration
3c140c4803dc3e10e08138670829bc0494986abe9David Goodwin * Copyright (c) 2008-2012, Jouni Malinen <j@w1.fi>
4c140c4803dc3e10e08138670829bc0494986abe9David Goodwin *
5c140c4803dc3e10e08138670829bc0494986abe9David Goodwin * This software may be distributed under the terms of the BSD license.
6c140c4803dc3e10e08138670829bc0494986abe9David Goodwin * See README for more details.
7c140c4803dc3e10e08138670829bc0494986abe9David Goodwin */
8c140c4803dc3e10e08138670829bc0494986abe9David Goodwin
9c140c4803dc3e10e08138670829bc0494986abe9David Goodwin#include "utils/includes.h"
10c140c4803dc3e10e08138670829bc0494986abe9David Goodwin
11c140c4803dc3e10e08138670829bc0494986abe9David Goodwin#include "utils/common.h"
12c140c4803dc3e10e08138670829bc0494986abe9David Goodwin#include "utils/eloop.h"
13c140c4803dc3e10e08138670829bc0494986abe9David Goodwin#include "utils/uuid.h"
14c140c4803dc3e10e08138670829bc0494986abe9David Goodwin#include "common/wpa_ctrl.h"
15c140c4803dc3e10e08138670829bc0494986abe9David Goodwin#include "common/ieee802_11_defs.h"
16c140c4803dc3e10e08138670829bc0494986abe9David Goodwin#include "common/ieee802_11_common.h"
17c140c4803dc3e10e08138670829bc0494986abe9David Goodwin#include "eapol_auth/eapol_auth_sm.h"
18c140c4803dc3e10e08138670829bc0494986abe9David Goodwin#include "eapol_auth/eapol_auth_sm_i.h"
19c140c4803dc3e10e08138670829bc0494986abe9David Goodwin#include "wps/wps.h"
20c140c4803dc3e10e08138670829bc0494986abe9David Goodwin#include "wps/wps_defs.h"
21c140c4803dc3e10e08138670829bc0494986abe9David Goodwin#include "wps/wps_dev_attr.h"
22c140c4803dc3e10e08138670829bc0494986abe9David Goodwin#include "wps/wps_attr_parse.h"
23db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin#include "hostapd.h"
24c140c4803dc3e10e08138670829bc0494986abe9David Goodwin#include "ap_config.h"
25c140c4803dc3e10e08138670829bc0494986abe9David Goodwin#include "ap_drv_ops.h"
26c140c4803dc3e10e08138670829bc0494986abe9David Goodwin#include "beacon.h"
27c140c4803dc3e10e08138670829bc0494986abe9David Goodwin#include "sta_info.h"
28c140c4803dc3e10e08138670829bc0494986abe9David Goodwin#include "wps_hostapd.h"
29c140c4803dc3e10e08138670829bc0494986abe9David Goodwin
30c140c4803dc3e10e08138670829bc0494986abe9David Goodwin
31c140c4803dc3e10e08138670829bc0494986abe9David Goodwin#ifdef CONFIG_WPS_UPNP
32c140c4803dc3e10e08138670829bc0494986abe9David Goodwin#include "wps/wps_upnp.h"
33c140c4803dc3e10e08138670829bc0494986abe9David Goodwinstatic int hostapd_wps_upnp_init(struct hostapd_data *hapd,
34c140c4803dc3e10e08138670829bc0494986abe9David Goodwin				 struct wps_context *wps);
35c140c4803dc3e10e08138670829bc0494986abe9David Goodwinstatic void hostapd_wps_upnp_deinit(struct hostapd_data *hapd);
36c140c4803dc3e10e08138670829bc0494986abe9David Goodwin#endif /* CONFIG_WPS_UPNP */
37c140c4803dc3e10e08138670829bc0494986abe9David Goodwin
38c140c4803dc3e10e08138670829bc0494986abe9David Goodwinstatic int hostapd_wps_probe_req_rx(void *ctx, const u8 *addr, const u8 *da,
39c140c4803dc3e10e08138670829bc0494986abe9David Goodwin				    const u8 *bssid,
40c140c4803dc3e10e08138670829bc0494986abe9David Goodwin				    const u8 *ie, size_t ie_len,
41c140c4803dc3e10e08138670829bc0494986abe9David Goodwin				    int ssi_signal);
42c140c4803dc3e10e08138670829bc0494986abe9David Goodwinstatic void hostapd_wps_ap_pin_timeout(void *eloop_data, void *user_ctx);
43c140c4803dc3e10e08138670829bc0494986abe9David Goodwin
44c140c4803dc3e10e08138670829bc0494986abe9David Goodwin
45c140c4803dc3e10e08138670829bc0494986abe9David Goodwinstruct wps_for_each_data {
46c140c4803dc3e10e08138670829bc0494986abe9David Goodwin	int (*func)(struct hostapd_data *h, void *ctx);
474dbbe3433f7339ed277af55037ff6847f484e5abChris Lattner	void *ctx;
48c140c4803dc3e10e08138670829bc0494986abe9David Goodwin	struct hostapd_data *calling_hapd;
49db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin};
50c140c4803dc3e10e08138670829bc0494986abe9David Goodwin
51c140c4803dc3e10e08138670829bc0494986abe9David Goodwin
52c140c4803dc3e10e08138670829bc0494986abe9David Goodwinstatic int wps_for_each(struct hostapd_iface *iface, void *ctx)
53c140c4803dc3e10e08138670829bc0494986abe9David Goodwin{
54c140c4803dc3e10e08138670829bc0494986abe9David Goodwin	struct wps_for_each_data *data = ctx;
5565482b1bb873dd820f54a24a2f34bd65f2669e5cJim Grosbach	size_t j;
5665482b1bb873dd820f54a24a2f34bd65f2669e5cJim Grosbach
5765482b1bb873dd820f54a24a2f34bd65f2669e5cJim Grosbach	if (iface == NULL)
5865482b1bb873dd820f54a24a2f34bd65f2669e5cJim Grosbach		return 0;
5965482b1bb873dd820f54a24a2f34bd65f2669e5cJim Grosbach	for (j = 0; j < iface->num_bss; j++) {
60db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin		struct hostapd_data *hapd = iface->bss[j];
61b5619f42f4fdf347380d28357549df09b9ca3946Evan Cheng		int ret;
62b5619f42f4fdf347380d28357549df09b9ca3946Evan Cheng
63db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin		if (hapd != data->calling_hapd &&
6477521f5232e679aa3de10aaaed2464aa91d7ff55David Goodwin		    (hapd->conf->wps_independent ||
6577521f5232e679aa3de10aaaed2464aa91d7ff55David Goodwin		     data->calling_hapd->conf->wps_independent))
6677521f5232e679aa3de10aaaed2464aa91d7ff55David Goodwin			continue;
67db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin
68c140c4803dc3e10e08138670829bc0494986abe9David Goodwin		ret = data->func(hapd, data->ctx);
698295d99bff6f8e3dfdfdaf1871cb72adab423f20Evan Cheng		if (ret)
708295d99bff6f8e3dfdfdaf1871cb72adab423f20Evan Cheng			return ret;
718295d99bff6f8e3dfdfdaf1871cb72adab423f20Evan Cheng	}
728295d99bff6f8e3dfdfdaf1871cb72adab423f20Evan Cheng
73c140c4803dc3e10e08138670829bc0494986abe9David Goodwin	return 0;
74c140c4803dc3e10e08138670829bc0494986abe9David Goodwin}
75c140c4803dc3e10e08138670829bc0494986abe9David Goodwin
76c140c4803dc3e10e08138670829bc0494986abe9David Goodwin
77c140c4803dc3e10e08138670829bc0494986abe9David Goodwinstatic int hostapd_wps_for_each(struct hostapd_data *hapd,
78c140c4803dc3e10e08138670829bc0494986abe9David Goodwin				int (*func)(struct hostapd_data *h, void *ctx),
794f54c1293af174a8002db20faf7b4f82ba4e8514Evan Cheng				void *ctx)
804f54c1293af174a8002db20faf7b4f82ba4e8514Evan Cheng{
814f54c1293af174a8002db20faf7b4f82ba4e8514Evan Cheng	struct hostapd_iface *iface = hapd->iface;
824f54c1293af174a8002db20faf7b4f82ba4e8514Evan Cheng	struct wps_for_each_data data;
834f54c1293af174a8002db20faf7b4f82ba4e8514Evan Cheng	data.func = func;
844f54c1293af174a8002db20faf7b4f82ba4e8514Evan Cheng	data.ctx = ctx;
854f54c1293af174a8002db20faf7b4f82ba4e8514Evan Cheng	data.calling_hapd = hapd;
8691a74da036d3a9442953ae1de3e797a50da4ccf0Bob Wilson	if (iface->interfaces == NULL ||
8791a74da036d3a9442953ae1de3e797a50da4ccf0Bob Wilson	    iface->interfaces->for_each_interface == NULL)
8891a74da036d3a9442953ae1de3e797a50da4ccf0Bob Wilson		return wps_for_each(iface, &data);
8991a74da036d3a9442953ae1de3e797a50da4ccf0Bob Wilson	return iface->interfaces->for_each_interface(iface->interfaces,
9091a74da036d3a9442953ae1de3e797a50da4ccf0Bob Wilson						     wps_for_each, &data);
9191a74da036d3a9442953ae1de3e797a50da4ccf0Bob Wilson}
9291a74da036d3a9442953ae1de3e797a50da4ccf0Bob Wilson
9391a74da036d3a9442953ae1de3e797a50da4ccf0Bob Wilson
9491a74da036d3a9442953ae1de3e797a50da4ccf0Bob Wilsonstatic int hostapd_wps_new_psk_cb(void *ctx, const u8 *mac_addr, const u8 *psk,
95b990a2f249196ad3e0cc451d40a45fc2f9278eafEvan Cheng				  size_t psk_len)
962cfd52c507bd5790457a171eb9bcb39019cc6860Chris Lattner{
97c140c4803dc3e10e08138670829bc0494986abe9David Goodwin	struct hostapd_data *hapd = ctx;
98c140c4803dc3e10e08138670829bc0494986abe9David Goodwin	struct hostapd_wpa_psk *p;
99c140c4803dc3e10e08138670829bc0494986abe9David Goodwin	struct hostapd_ssid *ssid = &hapd->conf->ssid;
100c140c4803dc3e10e08138670829bc0494986abe9David Goodwin
101c140c4803dc3e10e08138670829bc0494986abe9David Goodwin	wpa_printf(MSG_DEBUG, "Received new WPA/WPA2-PSK from WPS for STA "
102c140c4803dc3e10e08138670829bc0494986abe9David Goodwin		   MACSTR, MAC2STR(mac_addr));
103c140c4803dc3e10e08138670829bc0494986abe9David Goodwin	wpa_hexdump_key(MSG_DEBUG, "Per-device PSK", psk, psk_len);
104c140c4803dc3e10e08138670829bc0494986abe9David Goodwin
105c140c4803dc3e10e08138670829bc0494986abe9David Goodwin	if (psk_len != PMK_LEN) {
106c140c4803dc3e10e08138670829bc0494986abe9David Goodwin		wpa_printf(MSG_DEBUG, "Unexpected PSK length %lu",
107c140c4803dc3e10e08138670829bc0494986abe9David Goodwin			   (unsigned long) psk_len);
108c140c4803dc3e10e08138670829bc0494986abe9David Goodwin		return -1;
109c140c4803dc3e10e08138670829bc0494986abe9David Goodwin	}
11065482b1bb873dd820f54a24a2f34bd65f2669e5cJim Grosbach
11198a0104014e9bb6ed89c2572f615351fd526674aEvan Cheng	/* Add the new PSK to runtime PSK list */
112e45ab8a0a90e4f3a59d8c38038ae3e495ee1fef3Jim Grosbach	p = os_zalloc(sizeof(*p));
1133dab2778571b5bb00b35a0adcb7011dc85158bebJim Grosbach	if (p == NULL)
1141ab3f16f06698596716593a30545799688acccd7Jim Grosbach		return -1;
1153197380143cdc18837722129ac888528b9fbfc2bJim Grosbach	os_memcpy(p->addr, mac_addr, ETH_ALEN);
116dc140c6e7b8350ca51aa1d408c10e25a27826e2cJim Grosbach	os_memcpy(p->psk, psk, PMK_LEN);
117e2f556933e1a19cddf6d4f370e2770c0f763b025Jim Grosbach
118e2f556933e1a19cddf6d4f370e2770c0f763b025Jim Grosbach	p->next = ssid->wpa_psk;
119dc140c6e7b8350ca51aa1d408c10e25a27826e2cJim Grosbach	ssid->wpa_psk = p;
120dc140c6e7b8350ca51aa1d408c10e25a27826e2cJim Grosbach
121e2f556933e1a19cddf6d4f370e2770c0f763b025Jim Grosbach	if (ssid->wpa_psk_file) {
1223dab2778571b5bb00b35a0adcb7011dc85158bebJim Grosbach		FILE *f;
123010b1b9e7b11bced0b277a4d808226ba2af3044aEvan Cheng		char hex[PMK_LEN * 2 + 1];
124c140c4803dc3e10e08138670829bc0494986abe9David Goodwin		/* Add the new PSK to PSK list file */
125c140c4803dc3e10e08138670829bc0494986abe9David Goodwin		f = fopen(ssid->wpa_psk_file, "a");
126c140c4803dc3e10e08138670829bc0494986abe9David Goodwin		if (f == NULL) {
127c140c4803dc3e10e08138670829bc0494986abe9David Goodwin			wpa_printf(MSG_DEBUG, "Failed to add the PSK to "
128c140c4803dc3e10e08138670829bc0494986abe9David Goodwin				   "'%s'", ssid->wpa_psk_file);
129c140c4803dc3e10e08138670829bc0494986abe9David Goodwin			return -1;
130b9c2fd964ee7dd7823ac71db8443055e4d0f1c15David Greene		}
13130c6b75ac2eef548c18110a38c9798ea5314cabaChris Lattner
13250f8516d2dd87e6c02a46fa349b75101f9db8619Jim Grosbach		wpa_snprintf_hex(hex, sizeof(hex), psk, psk_len);
133e3ede5e2e4de6d028956c0b75c6bfa17ec50cc09Jim Grosbach		fprintf(f, MACSTR " %s\n", MAC2STR(mac_addr), hex);
134e3ede5e2e4de6d028956c0b75c6bfa17ec50cc09Jim Grosbach		fclose(f);
13530c6b75ac2eef548c18110a38c9798ea5314cabaChris Lattner	}
136c140c4803dc3e10e08138670829bc0494986abe9David Goodwin
137c140c4803dc3e10e08138670829bc0494986abe9David Goodwin	return 0;
138c140c4803dc3e10e08138670829bc0494986abe9David Goodwin}
139c140c4803dc3e10e08138670829bc0494986abe9David Goodwin
140c140c4803dc3e10e08138670829bc0494986abe9David Goodwin
141c140c4803dc3e10e08138670829bc0494986abe9David Goodwinstatic int hostapd_wps_set_ie_cb(void *ctx, struct wpabuf *beacon_ie,
142c140c4803dc3e10e08138670829bc0494986abe9David Goodwin				 struct wpabuf *probe_resp_ie)
143c140c4803dc3e10e08138670829bc0494986abe9David Goodwin{
144c140c4803dc3e10e08138670829bc0494986abe9David Goodwin	struct hostapd_data *hapd = ctx;
145db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin	wpabuf_free(hapd->wps_beacon_ie);
146db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin	hapd->wps_beacon_ie = beacon_ie;
147db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin	wpabuf_free(hapd->wps_probe_resp_ie);
148db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin	hapd->wps_probe_resp_ie = probe_resp_ie;
149db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin	if (hapd->beacon_set_done)
15077521f5232e679aa3de10aaaed2464aa91d7ff55David Goodwin		ieee802_11_set_beacon(hapd);
151378445303b10b092a898a75131141a8259cff50bEvan Cheng	return hostapd_set_ap_wps_ie(hapd);
152378445303b10b092a898a75131141a8259cff50bEvan Cheng}
153db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin
154db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin
155db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwinstatic void hostapd_wps_pin_needed_cb(void *ctx, const u8 *uuid_e,
156db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin				      const struct wps_device_data *dev)
157db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin{
158db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin	struct hostapd_data *hapd = ctx;
159db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin	char uuid[40], txt[400];
160db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin	int len;
1617e831db1d4f5dc51ca6526739cf41e59895c5c20Jim Grosbach	char devtype[WPS_DEV_TYPE_BUFSIZE];
162a273442891ae20fd8192526132e3819ea9e5eda9Jim Grosbach	if (uuid_bin2str(uuid_e, uuid, sizeof(uuid)))
163a273442891ae20fd8192526132e3819ea9e5eda9Jim Grosbach		return;
1647e831db1d4f5dc51ca6526739cf41e59895c5c20Jim Grosbach	wpa_printf(MSG_DEBUG, "WPS: PIN needed for E-UUID %s", uuid);
16572852a8cfb605056d87b644d2e36b1346051413dEric Christopher	len = os_snprintf(txt, sizeof(txt), WPS_EVENT_PIN_NEEDED
16672852a8cfb605056d87b644d2e36b1346051413dEric Christopher			  "%s " MACSTR " [%s|%s|%s|%s|%s|%s]",
167db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin			  uuid, MAC2STR(dev->mac_addr), dev->device_name,
168db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin			  dev->manufacturer, dev->model_name,
16918f30e6f5e80787808fe1455742452a5210afe07Jim Grosbach			  dev->model_number, dev->serial_number,
17018f30e6f5e80787808fe1455742452a5210afe07Jim Grosbach			  wps_dev_type_bin2str(dev->pri_dev_type, devtype,
171db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin					       sizeof(devtype)));
172fcb4a8ead3cd8d9540d5eaa448af5d14a0ee341aJim Grosbach	if (len > 0 && len < (int) sizeof(txt))
173fcb4a8ead3cd8d9540d5eaa448af5d14a0ee341aJim Grosbach		wpa_msg(hapd->msg_ctx, MSG_INFO, "%s", txt);
174db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin
175db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin	if (hapd->conf->wps_pin_requests) {
176db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin		FILE *f;
177db5a71a8e01ed9a0d93a19176df6ea0aea510d7bDavid Goodwin		struct os_time t;
178c140c4803dc3e10e08138670829bc0494986abe9David Goodwin		f = fopen(hapd->conf->wps_pin_requests, "a");
179ee42fd309ee6a8febfafb97c2f3b6f2069758c5eEvan Cheng		if (f == NULL)
180ee42fd309ee6a8febfafb97c2f3b6f2069758c5eEvan Cheng			return;
181c140c4803dc3e10e08138670829bc0494986abe9David Goodwin		os_get_time(&t);
182c140c4803dc3e10e08138670829bc0494986abe9David Goodwin		fprintf(f, "%ld\t%s\t" MACSTR "\t%s\t%s\t%s\t%s\t%s"
183c140c4803dc3e10e08138670829bc0494986abe9David Goodwin			"\t%s\n",
184c140c4803dc3e10e08138670829bc0494986abe9David Goodwin			t.sec, uuid, MAC2STR(dev->mac_addr), dev->device_name,
185c140c4803dc3e10e08138670829bc0494986abe9David Goodwin			dev->manufacturer, dev->model_name, dev->model_number,
186c140c4803dc3e10e08138670829bc0494986abe9David Goodwin			dev->serial_number,
187c140c4803dc3e10e08138670829bc0494986abe9David Goodwin			wps_dev_type_bin2str(dev->pri_dev_type, devtype,
188c140c4803dc3e10e08138670829bc0494986abe9David Goodwin					     sizeof(devtype)));
189		fclose(f);
190	}
191}
192
193
194struct wps_stop_reg_data {
195	struct hostapd_data *current_hapd;
196	const u8 *uuid_e;
197	const u8 *dev_pw;
198	size_t dev_pw_len;
199};
200
201static int wps_stop_registrar(struct hostapd_data *hapd, void *ctx)
202{
203	struct wps_stop_reg_data *data = ctx;
204	if (hapd != data->current_hapd && hapd->wps != NULL)
205		wps_registrar_complete(hapd->wps->registrar, data->uuid_e,
206				       data->dev_pw, data->dev_pw_len);
207	return 0;
208}
209
210
211static void hostapd_wps_reg_success_cb(void *ctx, const u8 *mac_addr,
212				       const u8 *uuid_e, const u8 *dev_pw,
213				       size_t dev_pw_len)
214{
215	struct hostapd_data *hapd = ctx;
216	char uuid[40];
217	struct wps_stop_reg_data data;
218	if (uuid_bin2str(uuid_e, uuid, sizeof(uuid)))
219		return;
220	wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_REG_SUCCESS MACSTR " %s",
221		MAC2STR(mac_addr), uuid);
222	if (hapd->wps_reg_success_cb)
223		hapd->wps_reg_success_cb(hapd->wps_reg_success_cb_ctx,
224					 mac_addr, uuid_e);
225	data.current_hapd = hapd;
226	data.uuid_e = uuid_e;
227	data.dev_pw = dev_pw;
228	data.dev_pw_len = dev_pw_len;
229	hostapd_wps_for_each(hapd, wps_stop_registrar, &data);
230}
231
232
233static void hostapd_wps_enrollee_seen_cb(void *ctx, const u8 *addr,
234					 const u8 *uuid_e,
235					 const u8 *pri_dev_type,
236					 u16 config_methods,
237					 u16 dev_password_id, u8 request_type,
238					 const char *dev_name)
239{
240	struct hostapd_data *hapd = ctx;
241	char uuid[40];
242	char devtype[WPS_DEV_TYPE_BUFSIZE];
243	if (uuid_bin2str(uuid_e, uuid, sizeof(uuid)))
244		return;
245	if (dev_name == NULL)
246		dev_name = "";
247	wpa_msg_ctrl(hapd->msg_ctx, MSG_INFO, WPS_EVENT_ENROLLEE_SEEN MACSTR
248		     " %s %s 0x%x %u %u [%s]",
249		     MAC2STR(addr), uuid,
250		     wps_dev_type_bin2str(pri_dev_type, devtype,
251					  sizeof(devtype)),
252		     config_methods, dev_password_id, request_type, dev_name);
253}
254
255
256static int str_starts(const char *str, const char *start)
257{
258	return os_strncmp(str, start, os_strlen(start)) == 0;
259}
260
261
262static void wps_reload_config(void *eloop_data, void *user_ctx)
263{
264	struct hostapd_iface *iface = eloop_data;
265
266	wpa_printf(MSG_DEBUG, "WPS: Reload configuration data");
267	if (iface->interfaces == NULL ||
268	    iface->interfaces->reload_config(iface) < 0) {
269		wpa_printf(MSG_WARNING, "WPS: Failed to reload the updated "
270			   "configuration");
271	}
272}
273
274
275static void hapd_new_ap_event(struct hostapd_data *hapd, const u8 *attr,
276			      size_t attr_len)
277{
278	size_t blen = attr_len * 2 + 1;
279	char *buf = os_malloc(blen);
280	if (buf) {
281		wpa_snprintf_hex(buf, blen, attr, attr_len);
282		wpa_msg(hapd->msg_ctx, MSG_INFO,
283			WPS_EVENT_NEW_AP_SETTINGS "%s", buf);
284		os_free(buf);
285	}
286}
287
288
289static int hapd_wps_reconfig_in_memory(struct hostapd_data *hapd,
290				       const struct wps_credential *cred)
291{
292	struct hostapd_bss_config *bss = hapd->conf;
293
294	wpa_printf(MSG_DEBUG, "WPS: Updating in-memory configuration");
295
296	bss->wps_state = 2;
297	if (cred->ssid_len <= HOSTAPD_MAX_SSID_LEN) {
298		os_memcpy(bss->ssid.ssid, cred->ssid, cred->ssid_len);
299		bss->ssid.ssid_len = cred->ssid_len;
300		bss->ssid.ssid_set = 1;
301	}
302
303	if ((cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK)) &&
304	    (cred->auth_type & (WPS_AUTH_WPA | WPS_AUTH_WPAPSK)))
305		bss->wpa = 3;
306	else if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK))
307		bss->wpa = 2;
308	else if (cred->auth_type & (WPS_AUTH_WPA | WPS_AUTH_WPAPSK))
309		bss->wpa = 1;
310	else
311		bss->wpa = 0;
312
313	if (bss->wpa) {
314		if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA))
315			bss->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
316		if (cred->auth_type & (WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK))
317			bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
318
319		bss->wpa_pairwise = 0;
320		if (cred->encr_type & WPS_ENCR_AES)
321			bss->wpa_pairwise |= WPA_CIPHER_CCMP;
322		if (cred->encr_type & WPS_ENCR_TKIP)
323			bss->wpa_pairwise |= WPA_CIPHER_TKIP;
324		bss->rsn_pairwise = bss->wpa_pairwise;
325		bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,
326							    bss->wpa_pairwise,
327							    bss->rsn_pairwise);
328
329		if (cred->key_len >= 8 && cred->key_len < 64) {
330			os_free(bss->ssid.wpa_passphrase);
331			bss->ssid.wpa_passphrase = os_zalloc(cred->key_len + 1);
332			if (bss->ssid.wpa_passphrase)
333				os_memcpy(bss->ssid.wpa_passphrase, cred->key,
334					  cred->key_len);
335			os_free(bss->ssid.wpa_psk);
336			bss->ssid.wpa_psk = NULL;
337		} else if (cred->key_len == 64) {
338			os_free(bss->ssid.wpa_psk);
339			bss->ssid.wpa_psk =
340				os_zalloc(sizeof(struct hostapd_wpa_psk));
341			if (bss->ssid.wpa_psk &&
342			    hexstr2bin((const char *) cred->key,
343				       bss->ssid.wpa_psk->psk, PMK_LEN) == 0) {
344				bss->ssid.wpa_psk->group = 1;
345				os_free(bss->ssid.wpa_passphrase);
346				bss->ssid.wpa_passphrase = NULL;
347			}
348		}
349		bss->auth_algs = 1;
350	} else {
351		if ((cred->auth_type & WPS_AUTH_OPEN) &&
352		    (cred->auth_type & WPS_AUTH_SHARED))
353			bss->auth_algs = 3;
354		else if (cred->auth_type & WPS_AUTH_SHARED)
355			bss->auth_algs = 2;
356		else
357			bss->auth_algs = 1;
358		if (cred->encr_type & WPS_ENCR_WEP && cred->key_idx > 0 &&
359		    cred->key_idx <= 4) {
360			struct hostapd_wep_keys *wep = &bss->ssid.wep;
361			int idx = cred->key_idx;
362			if (idx)
363				idx--;
364			wep->idx = idx;
365			if (cred->key_len == 10 || cred->key_len == 26) {
366				os_free(wep->key[idx]);
367				wep->key[idx] = os_malloc(cred->key_len / 2);
368				if (wep->key[idx] == NULL ||
369				    hexstr2bin((const char *) cred->key,
370					       wep->key[idx],
371					       cred->key_len / 2))
372					return -1;
373				wep->len[idx] = cred->key_len / 2;
374			} else {
375				os_free(wep->key[idx]);
376				wep->key[idx] = os_malloc(cred->key_len);
377				if (wep->key[idx] == NULL)
378					return -1;
379				os_memcpy(wep->key[idx], cred->key,
380					  cred->key_len);
381				wep->len[idx] = cred->key_len;
382			}
383			wep->keys_set = 1;
384		}
385	}
386
387	/* Schedule configuration reload after short period of time to allow
388	 * EAP-WSC to be finished.
389	 */
390	eloop_register_timeout(0, 100000, wps_reload_config, hapd->iface,
391			       NULL);
392
393	return 0;
394}
395
396
397static int hapd_wps_cred_cb(struct hostapd_data *hapd, void *ctx)
398{
399	const struct wps_credential *cred = ctx;
400	FILE *oconf, *nconf;
401	size_t len, i;
402	char *tmp_fname;
403	char buf[1024];
404	int multi_bss;
405	int wpa;
406
407	if (hapd->wps == NULL)
408		return 0;
409
410	wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute",
411			cred->cred_attr, cred->cred_attr_len);
412
413	wpa_printf(MSG_DEBUG, "WPS: Received new AP Settings");
414	wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", cred->ssid, cred->ssid_len);
415	wpa_printf(MSG_DEBUG, "WPS: Authentication Type 0x%x",
416		   cred->auth_type);
417	wpa_printf(MSG_DEBUG, "WPS: Encryption Type 0x%x", cred->encr_type);
418	wpa_printf(MSG_DEBUG, "WPS: Network Key Index %d", cred->key_idx);
419	wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key",
420			cred->key, cred->key_len);
421	wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR,
422		   MAC2STR(cred->mac_addr));
423
424	if ((hapd->conf->wps_cred_processing == 1 ||
425	     hapd->conf->wps_cred_processing == 2) && cred->cred_attr) {
426		hapd_new_ap_event(hapd, cred->cred_attr, cred->cred_attr_len);
427	} else if (hapd->conf->wps_cred_processing == 1 ||
428		   hapd->conf->wps_cred_processing == 2) {
429		struct wpabuf *attr;
430		attr = wpabuf_alloc(200);
431		if (attr && wps_build_credential_wrap(attr, cred) == 0)
432			hapd_new_ap_event(hapd, wpabuf_head_u8(attr),
433					  wpabuf_len(attr));
434		wpabuf_free(attr);
435	} else
436		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_NEW_AP_SETTINGS);
437
438	if (hapd->conf->wps_cred_processing == 1)
439		return 0;
440
441	os_memcpy(hapd->wps->ssid, cred->ssid, cred->ssid_len);
442	hapd->wps->ssid_len = cred->ssid_len;
443	hapd->wps->encr_types = cred->encr_type;
444	hapd->wps->auth_types = cred->auth_type;
445	if (cred->key_len == 0) {
446		os_free(hapd->wps->network_key);
447		hapd->wps->network_key = NULL;
448		hapd->wps->network_key_len = 0;
449	} else {
450		if (hapd->wps->network_key == NULL ||
451		    hapd->wps->network_key_len < cred->key_len) {
452			hapd->wps->network_key_len = 0;
453			os_free(hapd->wps->network_key);
454			hapd->wps->network_key = os_malloc(cred->key_len);
455			if (hapd->wps->network_key == NULL)
456				return -1;
457		}
458		hapd->wps->network_key_len = cred->key_len;
459		os_memcpy(hapd->wps->network_key, cred->key, cred->key_len);
460	}
461	hapd->wps->wps_state = WPS_STATE_CONFIGURED;
462
463	if (hapd->iface->config_fname == NULL)
464		return hapd_wps_reconfig_in_memory(hapd, cred);
465	len = os_strlen(hapd->iface->config_fname) + 5;
466	tmp_fname = os_malloc(len);
467	if (tmp_fname == NULL)
468		return -1;
469	os_snprintf(tmp_fname, len, "%s-new", hapd->iface->config_fname);
470
471	oconf = fopen(hapd->iface->config_fname, "r");
472	if (oconf == NULL) {
473		wpa_printf(MSG_WARNING, "WPS: Could not open current "
474			   "configuration file");
475		os_free(tmp_fname);
476		return -1;
477	}
478
479	nconf = fopen(tmp_fname, "w");
480	if (nconf == NULL) {
481		wpa_printf(MSG_WARNING, "WPS: Could not write updated "
482			   "configuration file");
483		os_free(tmp_fname);
484		fclose(oconf);
485		return -1;
486	}
487
488	fprintf(nconf, "# WPS configuration - START\n");
489
490	fprintf(nconf, "wps_state=2\n");
491
492	if (is_hex(cred->ssid, cred->ssid_len)) {
493		fprintf(nconf, "ssid2=");
494		for (i = 0; i < cred->ssid_len; i++)
495			fprintf(nconf, "%02x", cred->ssid[i]);
496		fprintf(nconf, "\n");
497	} else {
498		fprintf(nconf, "ssid=");
499		for (i = 0; i < cred->ssid_len; i++)
500			fputc(cred->ssid[i], nconf);
501		fprintf(nconf, "\n");
502	}
503
504	if ((cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK)) &&
505	    (cred->auth_type & (WPS_AUTH_WPA | WPS_AUTH_WPAPSK)))
506		wpa = 3;
507	else if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK))
508		wpa = 2;
509	else if (cred->auth_type & (WPS_AUTH_WPA | WPS_AUTH_WPAPSK))
510		wpa = 1;
511	else
512		wpa = 0;
513
514	if (wpa) {
515		char *prefix;
516		fprintf(nconf, "wpa=%d\n", wpa);
517
518		fprintf(nconf, "wpa_key_mgmt=");
519		prefix = "";
520		if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA)) {
521			fprintf(nconf, "WPA-EAP");
522			prefix = " ";
523		}
524		if (cred->auth_type & (WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK))
525			fprintf(nconf, "%sWPA-PSK", prefix);
526		fprintf(nconf, "\n");
527
528		fprintf(nconf, "wpa_pairwise=");
529		prefix = "";
530		if (cred->encr_type & WPS_ENCR_AES) {
531			fprintf(nconf, "CCMP");
532			prefix = " ";
533		}
534		if (cred->encr_type & WPS_ENCR_TKIP) {
535			fprintf(nconf, "%sTKIP", prefix);
536		}
537		fprintf(nconf, "\n");
538
539		if (cred->key_len >= 8 && cred->key_len < 64) {
540			fprintf(nconf, "wpa_passphrase=");
541			for (i = 0; i < cred->key_len; i++)
542				fputc(cred->key[i], nconf);
543			fprintf(nconf, "\n");
544		} else if (cred->key_len == 64) {
545			fprintf(nconf, "wpa_psk=");
546			for (i = 0; i < cred->key_len; i++)
547				fputc(cred->key[i], nconf);
548			fprintf(nconf, "\n");
549		} else {
550			wpa_printf(MSG_WARNING, "WPS: Invalid key length %lu "
551				   "for WPA/WPA2",
552				   (unsigned long) cred->key_len);
553		}
554
555		fprintf(nconf, "auth_algs=1\n");
556	} else {
557		if ((cred->auth_type & WPS_AUTH_OPEN) &&
558		    (cred->auth_type & WPS_AUTH_SHARED))
559			fprintf(nconf, "auth_algs=3\n");
560		else if (cred->auth_type & WPS_AUTH_SHARED)
561			fprintf(nconf, "auth_algs=2\n");
562		else
563			fprintf(nconf, "auth_algs=1\n");
564
565		if (cred->encr_type & WPS_ENCR_WEP && cred->key_idx <= 4) {
566			int key_idx = cred->key_idx;
567			if (key_idx)
568				key_idx--;
569			fprintf(nconf, "wep_default_key=%d\n", key_idx);
570			fprintf(nconf, "wep_key%d=", key_idx);
571			if (cred->key_len == 10 || cred->key_len == 26) {
572				/* WEP key as a hex string */
573				for (i = 0; i < cred->key_len; i++)
574					fputc(cred->key[i], nconf);
575			} else {
576				/* Raw WEP key; convert to hex */
577				for (i = 0; i < cred->key_len; i++)
578					fprintf(nconf, "%02x", cred->key[i]);
579			}
580			fprintf(nconf, "\n");
581		}
582	}
583
584	fprintf(nconf, "# WPS configuration - END\n");
585
586	multi_bss = 0;
587	while (fgets(buf, sizeof(buf), oconf)) {
588		if (os_strncmp(buf, "bss=", 4) == 0)
589			multi_bss = 1;
590		if (!multi_bss &&
591		    (str_starts(buf, "ssid=") ||
592		     str_starts(buf, "ssid2=") ||
593		     str_starts(buf, "auth_algs=") ||
594		     str_starts(buf, "wep_default_key=") ||
595		     str_starts(buf, "wep_key") ||
596		     str_starts(buf, "wps_state=") ||
597		     str_starts(buf, "wpa=") ||
598		     str_starts(buf, "wpa_psk=") ||
599		     str_starts(buf, "wpa_pairwise=") ||
600		     str_starts(buf, "rsn_pairwise=") ||
601		     str_starts(buf, "wpa_key_mgmt=") ||
602		     str_starts(buf, "wpa_passphrase="))) {
603			fprintf(nconf, "#WPS# %s", buf);
604		} else
605			fprintf(nconf, "%s", buf);
606	}
607
608	fclose(nconf);
609	fclose(oconf);
610
611	if (rename(tmp_fname, hapd->iface->config_fname) < 0) {
612		wpa_printf(MSG_WARNING, "WPS: Failed to rename the updated "
613			   "configuration file: %s", strerror(errno));
614		os_free(tmp_fname);
615		return -1;
616	}
617
618	os_free(tmp_fname);
619
620	/* Schedule configuration reload after short period of time to allow
621	 * EAP-WSC to be finished.
622	 */
623	eloop_register_timeout(0, 100000, wps_reload_config, hapd->iface,
624			       NULL);
625
626	wpa_printf(MSG_DEBUG, "WPS: AP configuration updated");
627
628	return 0;
629}
630
631
632static int hostapd_wps_cred_cb(void *ctx, const struct wps_credential *cred)
633{
634	struct hostapd_data *hapd = ctx;
635	return hostapd_wps_for_each(hapd, hapd_wps_cred_cb, (void *) cred);
636}
637
638
639static void hostapd_wps_reenable_ap_pin(void *eloop_data, void *user_ctx)
640{
641	struct hostapd_data *hapd = eloop_data;
642
643	if (hapd->conf->ap_setup_locked)
644		return;
645	if (hapd->ap_pin_failures_consecutive >= 10)
646		return;
647
648	wpa_printf(MSG_DEBUG, "WPS: Re-enable AP PIN");
649	wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_AP_SETUP_UNLOCKED);
650	hapd->wps->ap_setup_locked = 0;
651	wps_registrar_update_ie(hapd->wps->registrar);
652}
653
654
655static int wps_pwd_auth_fail(struct hostapd_data *hapd, void *ctx)
656{
657	struct wps_event_pwd_auth_fail *data = ctx;
658
659	if (!data->enrollee || hapd->conf->ap_pin == NULL || hapd->wps == NULL)
660		return 0;
661
662	/*
663	 * Registrar failed to prove its knowledge of the AP PIN. Lock AP setup
664	 * for some time if this happens multiple times to slow down brute
665	 * force attacks.
666	 */
667	hapd->ap_pin_failures++;
668	hapd->ap_pin_failures_consecutive++;
669	wpa_printf(MSG_DEBUG, "WPS: AP PIN authentication failure number %u "
670		   "(%u consecutive)",
671		   hapd->ap_pin_failures, hapd->ap_pin_failures_consecutive);
672	if (hapd->ap_pin_failures < 3)
673		return 0;
674
675	wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_AP_SETUP_LOCKED);
676	hapd->wps->ap_setup_locked = 1;
677
678	wps_registrar_update_ie(hapd->wps->registrar);
679
680	if (!hapd->conf->ap_setup_locked &&
681	    hapd->ap_pin_failures_consecutive >= 10) {
682		/*
683		 * In indefinite lockdown - disable automatic AP PIN
684		 * reenablement.
685		 */
686		eloop_cancel_timeout(hostapd_wps_reenable_ap_pin, hapd, NULL);
687		wpa_printf(MSG_DEBUG, "WPS: AP PIN disabled indefinitely");
688	} else if (!hapd->conf->ap_setup_locked) {
689		if (hapd->ap_pin_lockout_time == 0)
690			hapd->ap_pin_lockout_time = 60;
691		else if (hapd->ap_pin_lockout_time < 365 * 24 * 60 * 60 &&
692			 (hapd->ap_pin_failures % 3) == 0)
693			hapd->ap_pin_lockout_time *= 2;
694
695		wpa_printf(MSG_DEBUG, "WPS: Disable AP PIN for %u seconds",
696			   hapd->ap_pin_lockout_time);
697		eloop_cancel_timeout(hostapd_wps_reenable_ap_pin, hapd, NULL);
698		eloop_register_timeout(hapd->ap_pin_lockout_time, 0,
699				       hostapd_wps_reenable_ap_pin, hapd,
700				       NULL);
701	}
702
703	return 0;
704}
705
706
707static void hostapd_pwd_auth_fail(struct hostapd_data *hapd,
708				  struct wps_event_pwd_auth_fail *data)
709{
710	hostapd_wps_for_each(hapd, wps_pwd_auth_fail, data);
711}
712
713
714static int wps_ap_pin_success(struct hostapd_data *hapd, void *ctx)
715{
716	if (hapd->conf->ap_pin == NULL || hapd->wps == NULL)
717		return 0;
718
719	if (hapd->ap_pin_failures_consecutive == 0)
720		return 0;
721
722	wpa_printf(MSG_DEBUG, "WPS: Clear consecutive AP PIN failure counter "
723		   "- total validation failures %u (%u consecutive)",
724		   hapd->ap_pin_failures, hapd->ap_pin_failures_consecutive);
725	hapd->ap_pin_failures_consecutive = 0;
726
727	return 0;
728}
729
730
731static void hostapd_wps_ap_pin_success(struct hostapd_data *hapd)
732{
733	hostapd_wps_for_each(hapd, wps_ap_pin_success, NULL);
734}
735
736
737static const char * wps_event_fail_reason[NUM_WPS_EI_VALUES] = {
738	"No Error", /* WPS_EI_NO_ERROR */
739	"TKIP Only Prohibited", /* WPS_EI_SECURITY_TKIP_ONLY_PROHIBITED */
740	"WEP Prohibited" /* WPS_EI_SECURITY_WEP_PROHIBITED */
741};
742
743static void hostapd_wps_event_fail(struct hostapd_data *hapd,
744				   struct wps_event_fail *fail)
745{
746	if (fail->error_indication > 0 &&
747	    fail->error_indication < NUM_WPS_EI_VALUES) {
748		wpa_msg(hapd->msg_ctx, MSG_INFO,
749			WPS_EVENT_FAIL "msg=%d config_error=%d reason=%d (%s)",
750			fail->msg, fail->config_error, fail->error_indication,
751			wps_event_fail_reason[fail->error_indication]);
752	} else {
753		wpa_msg(hapd->msg_ctx, MSG_INFO,
754			WPS_EVENT_FAIL "msg=%d config_error=%d",
755			fail->msg, fail->config_error);
756	}
757}
758
759
760static void hostapd_wps_event_cb(void *ctx, enum wps_event event,
761				 union wps_event_data *data)
762{
763	struct hostapd_data *hapd = ctx;
764
765	switch (event) {
766	case WPS_EV_M2D:
767		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_M2D);
768		break;
769	case WPS_EV_FAIL:
770		hostapd_wps_event_fail(hapd, &data->fail);
771		break;
772	case WPS_EV_SUCCESS:
773		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_SUCCESS);
774		break;
775	case WPS_EV_PWD_AUTH_FAIL:
776		hostapd_pwd_auth_fail(hapd, &data->pwd_auth_fail);
777		break;
778	case WPS_EV_PBC_OVERLAP:
779		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_OVERLAP);
780		break;
781	case WPS_EV_PBC_TIMEOUT:
782		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_TIMEOUT);
783		break;
784	case WPS_EV_ER_AP_ADD:
785		break;
786	case WPS_EV_ER_AP_REMOVE:
787		break;
788	case WPS_EV_ER_ENROLLEE_ADD:
789		break;
790	case WPS_EV_ER_ENROLLEE_REMOVE:
791		break;
792	case WPS_EV_ER_AP_SETTINGS:
793		break;
794	case WPS_EV_ER_SET_SELECTED_REGISTRAR:
795		break;
796	case WPS_EV_AP_PIN_SUCCESS:
797		hostapd_wps_ap_pin_success(hapd);
798		break;
799	}
800	if (hapd->wps_event_cb)
801		hapd->wps_event_cb(hapd->wps_event_cb_ctx, event, data);
802}
803
804
805static void hostapd_wps_clear_ies(struct hostapd_data *hapd)
806{
807	wpabuf_free(hapd->wps_beacon_ie);
808	hapd->wps_beacon_ie = NULL;
809
810	wpabuf_free(hapd->wps_probe_resp_ie);
811	hapd->wps_probe_resp_ie = NULL;
812
813	hostapd_set_ap_wps_ie(hapd);
814}
815
816
817static int get_uuid_cb(struct hostapd_iface *iface, void *ctx)
818{
819	const u8 **uuid = ctx;
820	size_t j;
821
822	if (iface == NULL)
823		return 0;
824	for (j = 0; j < iface->num_bss; j++) {
825		struct hostapd_data *hapd = iface->bss[j];
826		if (hapd->wps && !hapd->conf->wps_independent &&
827		    !is_nil_uuid(hapd->wps->uuid)) {
828			*uuid = hapd->wps->uuid;
829			return 1;
830		}
831	}
832
833	return 0;
834}
835
836
837static const u8 * get_own_uuid(struct hostapd_iface *iface)
838{
839	const u8 *uuid;
840	if (iface->interfaces == NULL ||
841	    iface->interfaces->for_each_interface == NULL)
842		return NULL;
843	uuid = NULL;
844	iface->interfaces->for_each_interface(iface->interfaces, get_uuid_cb,
845					      &uuid);
846	return uuid;
847}
848
849
850static int count_interface_cb(struct hostapd_iface *iface, void *ctx)
851{
852	int *count= ctx;
853	(*count)++;
854	return 0;
855}
856
857
858static int interface_count(struct hostapd_iface *iface)
859{
860	int count = 0;
861	if (iface->interfaces == NULL ||
862	    iface->interfaces->for_each_interface == NULL)
863		return 0;
864	iface->interfaces->for_each_interface(iface->interfaces,
865					      count_interface_cb, &count);
866	return count;
867}
868
869
870static int hostapd_wps_set_vendor_ext(struct hostapd_data *hapd,
871				      struct wps_context *wps)
872{
873	int i;
874
875	for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++) {
876		wpabuf_free(wps->dev.vendor_ext[i]);
877		wps->dev.vendor_ext[i] = NULL;
878
879		if (hapd->conf->wps_vendor_ext[i] == NULL)
880			continue;
881
882		wps->dev.vendor_ext[i] =
883			wpabuf_dup(hapd->conf->wps_vendor_ext[i]);
884		if (wps->dev.vendor_ext[i] == NULL) {
885			while (--i >= 0)
886				wpabuf_free(wps->dev.vendor_ext[i]);
887			return -1;
888		}
889	}
890
891	return 0;
892}
893
894
895int hostapd_init_wps(struct hostapd_data *hapd,
896		     struct hostapd_bss_config *conf)
897{
898	struct wps_context *wps;
899	struct wps_registrar_config cfg;
900
901	if (conf->wps_state == 0) {
902		hostapd_wps_clear_ies(hapd);
903		return 0;
904	}
905
906	wps = os_zalloc(sizeof(*wps));
907	if (wps == NULL)
908		return -1;
909
910	wps->cred_cb = hostapd_wps_cred_cb;
911	wps->event_cb = hostapd_wps_event_cb;
912	wps->cb_ctx = hapd;
913
914	os_memset(&cfg, 0, sizeof(cfg));
915	wps->wps_state = hapd->conf->wps_state;
916	wps->ap_setup_locked = hapd->conf->ap_setup_locked;
917	if (is_nil_uuid(hapd->conf->uuid)) {
918		const u8 *uuid;
919		uuid = get_own_uuid(hapd->iface);
920		if (uuid && !conf->wps_independent) {
921			os_memcpy(wps->uuid, uuid, UUID_LEN);
922			wpa_hexdump(MSG_DEBUG, "WPS: Clone UUID from another "
923				    "interface", wps->uuid, UUID_LEN);
924		} else {
925			uuid_gen_mac_addr(hapd->own_addr, wps->uuid);
926			wpa_hexdump(MSG_DEBUG, "WPS: UUID based on MAC "
927				    "address", wps->uuid, UUID_LEN);
928		}
929	} else {
930		os_memcpy(wps->uuid, hapd->conf->uuid, UUID_LEN);
931		wpa_hexdump(MSG_DEBUG, "WPS: Use configured UUID",
932			    wps->uuid, UUID_LEN);
933	}
934	wps->ssid_len = hapd->conf->ssid.ssid_len;
935	os_memcpy(wps->ssid, hapd->conf->ssid.ssid, wps->ssid_len);
936	wps->ap = 1;
937	os_memcpy(wps->dev.mac_addr, hapd->own_addr, ETH_ALEN);
938	wps->dev.device_name = hapd->conf->device_name ?
939		os_strdup(hapd->conf->device_name) : NULL;
940	wps->dev.manufacturer = hapd->conf->manufacturer ?
941		os_strdup(hapd->conf->manufacturer) : NULL;
942	wps->dev.model_name = hapd->conf->model_name ?
943		os_strdup(hapd->conf->model_name) : NULL;
944	wps->dev.model_number = hapd->conf->model_number ?
945		os_strdup(hapd->conf->model_number) : NULL;
946	wps->dev.serial_number = hapd->conf->serial_number ?
947		os_strdup(hapd->conf->serial_number) : NULL;
948	wps->config_methods =
949		wps_config_methods_str2bin(hapd->conf->config_methods);
950#ifdef CONFIG_WPS2
951	if ((wps->config_methods &
952	     (WPS_CONFIG_DISPLAY | WPS_CONFIG_VIRT_DISPLAY |
953	      WPS_CONFIG_PHY_DISPLAY)) == WPS_CONFIG_DISPLAY) {
954		wpa_printf(MSG_INFO, "WPS: Converting display to "
955			   "virtual_display for WPS 2.0 compliance");
956		wps->config_methods |= WPS_CONFIG_VIRT_DISPLAY;
957	}
958	if ((wps->config_methods &
959	     (WPS_CONFIG_PUSHBUTTON | WPS_CONFIG_VIRT_PUSHBUTTON |
960	      WPS_CONFIG_PHY_PUSHBUTTON)) == WPS_CONFIG_PUSHBUTTON) {
961		wpa_printf(MSG_INFO, "WPS: Converting push_button to "
962			   "virtual_push_button for WPS 2.0 compliance");
963		wps->config_methods |= WPS_CONFIG_VIRT_PUSHBUTTON;
964	}
965#endif /* CONFIG_WPS2 */
966	os_memcpy(wps->dev.pri_dev_type, hapd->conf->device_type,
967		  WPS_DEV_TYPE_LEN);
968
969	if (hostapd_wps_set_vendor_ext(hapd, wps) < 0) {
970		os_free(wps);
971		return -1;
972	}
973
974	wps->dev.os_version = WPA_GET_BE32(hapd->conf->os_version);
975
976	if (conf->wps_rf_bands) {
977		wps->dev.rf_bands = conf->wps_rf_bands;
978	} else {
979		wps->dev.rf_bands =
980			hapd->iconf->hw_mode == HOSTAPD_MODE_IEEE80211A ?
981			WPS_RF_50GHZ : WPS_RF_24GHZ; /* FIX: dualband AP */
982	}
983
984	if (conf->wpa & WPA_PROTO_RSN) {
985		if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK)
986			wps->auth_types |= WPS_AUTH_WPA2PSK;
987		if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X)
988			wps->auth_types |= WPS_AUTH_WPA2;
989
990		if (conf->rsn_pairwise & WPA_CIPHER_CCMP)
991			wps->encr_types |= WPS_ENCR_AES;
992		if (conf->rsn_pairwise & WPA_CIPHER_TKIP)
993			wps->encr_types |= WPS_ENCR_TKIP;
994	}
995
996	if (conf->wpa & WPA_PROTO_WPA) {
997		if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK)
998			wps->auth_types |= WPS_AUTH_WPAPSK;
999		if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X)
1000			wps->auth_types |= WPS_AUTH_WPA;
1001
1002		if (conf->wpa_pairwise & WPA_CIPHER_CCMP)
1003			wps->encr_types |= WPS_ENCR_AES;
1004		if (conf->wpa_pairwise & WPA_CIPHER_TKIP)
1005			wps->encr_types |= WPS_ENCR_TKIP;
1006	}
1007
1008	if (conf->ssid.security_policy == SECURITY_PLAINTEXT) {
1009		wps->encr_types |= WPS_ENCR_NONE;
1010		wps->auth_types |= WPS_AUTH_OPEN;
1011	} else if (conf->ssid.security_policy == SECURITY_STATIC_WEP) {
1012		wps->encr_types |= WPS_ENCR_WEP;
1013		if (conf->auth_algs & WPA_AUTH_ALG_OPEN)
1014			wps->auth_types |= WPS_AUTH_OPEN;
1015		if (conf->auth_algs & WPA_AUTH_ALG_SHARED)
1016			wps->auth_types |= WPS_AUTH_SHARED;
1017	} else if (conf->ssid.security_policy == SECURITY_IEEE_802_1X) {
1018		wps->auth_types |= WPS_AUTH_OPEN;
1019		if (conf->default_wep_key_len)
1020			wps->encr_types |= WPS_ENCR_WEP;
1021		else
1022			wps->encr_types |= WPS_ENCR_NONE;
1023	}
1024
1025	if (conf->ssid.wpa_psk_file) {
1026		/* Use per-device PSKs */
1027	} else if (conf->ssid.wpa_passphrase) {
1028		wps->network_key = (u8 *) os_strdup(conf->ssid.wpa_passphrase);
1029		wps->network_key_len = os_strlen(conf->ssid.wpa_passphrase);
1030	} else if (conf->ssid.wpa_psk) {
1031		wps->network_key = os_malloc(2 * PMK_LEN + 1);
1032		if (wps->network_key == NULL) {
1033			os_free(wps);
1034			return -1;
1035		}
1036		wpa_snprintf_hex((char *) wps->network_key, 2 * PMK_LEN + 1,
1037				 conf->ssid.wpa_psk->psk, PMK_LEN);
1038		wps->network_key_len = 2 * PMK_LEN;
1039	} else if (conf->ssid.wep.keys_set && conf->ssid.wep.key[0]) {
1040		wps->network_key = os_malloc(conf->ssid.wep.len[0]);
1041		if (wps->network_key == NULL) {
1042			os_free(wps);
1043			return -1;
1044		}
1045		os_memcpy(wps->network_key, conf->ssid.wep.key[0],
1046			  conf->ssid.wep.len[0]);
1047		wps->network_key_len = conf->ssid.wep.len[0];
1048	}
1049
1050	if (conf->ssid.wpa_psk) {
1051		os_memcpy(wps->psk, conf->ssid.wpa_psk->psk, PMK_LEN);
1052		wps->psk_set = 1;
1053	}
1054
1055	if (conf->wps_state == WPS_STATE_NOT_CONFIGURED) {
1056		/* Override parameters to enable security by default */
1057		wps->auth_types = WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK;
1058		wps->encr_types = WPS_ENCR_AES | WPS_ENCR_TKIP;
1059	}
1060
1061	wps->ap_settings = conf->ap_settings;
1062	wps->ap_settings_len = conf->ap_settings_len;
1063
1064	cfg.new_psk_cb = hostapd_wps_new_psk_cb;
1065	cfg.set_ie_cb = hostapd_wps_set_ie_cb;
1066	cfg.pin_needed_cb = hostapd_wps_pin_needed_cb;
1067	cfg.reg_success_cb = hostapd_wps_reg_success_cb;
1068	cfg.enrollee_seen_cb = hostapd_wps_enrollee_seen_cb;
1069	cfg.cb_ctx = hapd;
1070	cfg.skip_cred_build = conf->skip_cred_build;
1071	cfg.extra_cred = conf->extra_cred;
1072	cfg.extra_cred_len = conf->extra_cred_len;
1073	cfg.disable_auto_conf = (hapd->conf->wps_cred_processing == 1) &&
1074		conf->skip_cred_build;
1075	if (conf->ssid.security_policy == SECURITY_STATIC_WEP)
1076		cfg.static_wep_only = 1;
1077	cfg.dualband = interface_count(hapd->iface) > 1;
1078	if ((wps->dev.rf_bands & (WPS_RF_50GHZ | WPS_RF_24GHZ)) ==
1079	    (WPS_RF_50GHZ | WPS_RF_24GHZ))
1080		cfg.dualband = 1;
1081	if (cfg.dualband)
1082		wpa_printf(MSG_DEBUG, "WPS: Dualband AP");
1083
1084	wps->registrar = wps_registrar_init(wps, &cfg);
1085	if (wps->registrar == NULL) {
1086		wpa_printf(MSG_ERROR, "Failed to initialize WPS Registrar");
1087		os_free(wps->network_key);
1088		os_free(wps);
1089		return -1;
1090	}
1091
1092#ifdef CONFIG_WPS_UPNP
1093	wps->friendly_name = hapd->conf->friendly_name;
1094	wps->manufacturer_url = hapd->conf->manufacturer_url;
1095	wps->model_description = hapd->conf->model_description;
1096	wps->model_url = hapd->conf->model_url;
1097	wps->upc = hapd->conf->upc;
1098#endif /* CONFIG_WPS_UPNP */
1099
1100	hostapd_register_probereq_cb(hapd, hostapd_wps_probe_req_rx, hapd);
1101
1102	hapd->wps = wps;
1103
1104	return 0;
1105}
1106
1107
1108int hostapd_init_wps_complete(struct hostapd_data *hapd)
1109{
1110	struct wps_context *wps = hapd->wps;
1111
1112	if (wps == NULL)
1113		return 0;
1114
1115#ifdef CONFIG_WPS_UPNP
1116	if (hostapd_wps_upnp_init(hapd, wps) < 0) {
1117		wpa_printf(MSG_ERROR, "Failed to initialize WPS UPnP");
1118		wps_registrar_deinit(wps->registrar);
1119		os_free(wps->network_key);
1120		os_free(wps);
1121		hapd->wps = NULL;
1122		return -1;
1123	}
1124#endif /* CONFIG_WPS_UPNP */
1125
1126	return 0;
1127}
1128
1129
1130static void hostapd_wps_nfc_clear(struct wps_context *wps)
1131{
1132#ifdef CONFIG_WPS_NFC
1133	wps->ap_nfc_dev_pw_id = 0;
1134	wpabuf_free(wps->ap_nfc_dh_pubkey);
1135	wps->ap_nfc_dh_pubkey = NULL;
1136	wpabuf_free(wps->ap_nfc_dh_privkey);
1137	wps->ap_nfc_dh_privkey = NULL;
1138	wpabuf_free(wps->ap_nfc_dev_pw);
1139	wps->ap_nfc_dev_pw = NULL;
1140#endif /* CONFIG_WPS_NFC */
1141}
1142
1143
1144void hostapd_deinit_wps(struct hostapd_data *hapd)
1145{
1146	eloop_cancel_timeout(hostapd_wps_reenable_ap_pin, hapd, NULL);
1147	eloop_cancel_timeout(hostapd_wps_ap_pin_timeout, hapd, NULL);
1148	if (hapd->wps == NULL)
1149		return;
1150#ifdef CONFIG_WPS_UPNP
1151	hostapd_wps_upnp_deinit(hapd);
1152#endif /* CONFIG_WPS_UPNP */
1153	wps_registrar_deinit(hapd->wps->registrar);
1154	os_free(hapd->wps->network_key);
1155	wps_device_data_free(&hapd->wps->dev);
1156	wpabuf_free(hapd->wps->dh_pubkey);
1157	wpabuf_free(hapd->wps->dh_privkey);
1158	wps_free_pending_msgs(hapd->wps->upnp_msgs);
1159	hostapd_wps_nfc_clear(hapd->wps);
1160	os_free(hapd->wps);
1161	hapd->wps = NULL;
1162	hostapd_wps_clear_ies(hapd);
1163}
1164
1165
1166void hostapd_update_wps(struct hostapd_data *hapd)
1167{
1168	if (hapd->wps == NULL)
1169		return;
1170
1171#ifdef CONFIG_WPS_UPNP
1172	hapd->wps->friendly_name = hapd->conf->friendly_name;
1173	hapd->wps->manufacturer_url = hapd->conf->manufacturer_url;
1174	hapd->wps->model_description = hapd->conf->model_description;
1175	hapd->wps->model_url = hapd->conf->model_url;
1176	hapd->wps->upc = hapd->conf->upc;
1177#endif /* CONFIG_WPS_UPNP */
1178
1179	hostapd_wps_set_vendor_ext(hapd, hapd->wps);
1180
1181	if (hapd->conf->wps_state)
1182		wps_registrar_update_ie(hapd->wps->registrar);
1183	else
1184		hostapd_deinit_wps(hapd);
1185}
1186
1187
1188struct wps_add_pin_data {
1189	const u8 *addr;
1190	const u8 *uuid;
1191	const u8 *pin;
1192	size_t pin_len;
1193	int timeout;
1194	int added;
1195};
1196
1197
1198static int wps_add_pin(struct hostapd_data *hapd, void *ctx)
1199{
1200	struct wps_add_pin_data *data = ctx;
1201	int ret;
1202
1203	if (hapd->wps == NULL)
1204		return 0;
1205	ret = wps_registrar_add_pin(hapd->wps->registrar, data->addr,
1206				    data->uuid, data->pin, data->pin_len,
1207				    data->timeout);
1208	if (ret == 0)
1209		data->added++;
1210	return ret;
1211}
1212
1213
1214int hostapd_wps_add_pin(struct hostapd_data *hapd, const u8 *addr,
1215			const char *uuid, const char *pin, int timeout)
1216{
1217	u8 u[UUID_LEN];
1218	struct wps_add_pin_data data;
1219
1220	data.addr = addr;
1221	data.uuid = u;
1222	data.pin = (const u8 *) pin;
1223	data.pin_len = os_strlen(pin);
1224	data.timeout = timeout;
1225	data.added = 0;
1226
1227	if (os_strcmp(uuid, "any") == 0)
1228		data.uuid = NULL;
1229	else {
1230		if (uuid_str2bin(uuid, u))
1231			return -1;
1232		data.uuid = u;
1233	}
1234	if (hostapd_wps_for_each(hapd, wps_add_pin, &data) < 0)
1235		return -1;
1236	return data.added ? 0 : -1;
1237}
1238
1239
1240static int wps_button_pushed(struct hostapd_data *hapd, void *ctx)
1241{
1242	const u8 *p2p_dev_addr = ctx;
1243	if (hapd->wps == NULL)
1244		return 0;
1245	return wps_registrar_button_pushed(hapd->wps->registrar, p2p_dev_addr);
1246}
1247
1248
1249int hostapd_wps_button_pushed(struct hostapd_data *hapd,
1250			      const u8 *p2p_dev_addr)
1251{
1252	return hostapd_wps_for_each(hapd, wps_button_pushed,
1253				    (void *) p2p_dev_addr);
1254}
1255
1256
1257static int wps_cancel(struct hostapd_data *hapd, void *ctx)
1258{
1259	if (hapd->wps == NULL)
1260		return 0;
1261
1262	wps_registrar_wps_cancel(hapd->wps->registrar);
1263	ap_for_each_sta(hapd, ap_sta_wps_cancel, NULL);
1264
1265	return 0;
1266}
1267
1268
1269int hostapd_wps_cancel(struct hostapd_data *hapd)
1270{
1271	return hostapd_wps_for_each(hapd, wps_cancel, NULL);
1272}
1273
1274
1275static int hostapd_wps_probe_req_rx(void *ctx, const u8 *addr, const u8 *da,
1276				    const u8 *bssid,
1277				    const u8 *ie, size_t ie_len,
1278				    int ssi_signal)
1279{
1280	struct hostapd_data *hapd = ctx;
1281	struct wpabuf *wps_ie;
1282	struct ieee802_11_elems elems;
1283
1284	if (hapd->wps == NULL)
1285		return 0;
1286
1287	if (ieee802_11_parse_elems(ie, ie_len, &elems, 0) == ParseFailed) {
1288		wpa_printf(MSG_DEBUG, "WPS: Could not parse ProbeReq from "
1289			   MACSTR, MAC2STR(addr));
1290		return 0;
1291	}
1292
1293	if (elems.ssid && elems.ssid_len > 0 &&
1294	    (elems.ssid_len != hapd->conf->ssid.ssid_len ||
1295	     os_memcmp(elems.ssid, hapd->conf->ssid.ssid, elems.ssid_len) !=
1296	     0))
1297		return 0; /* Not for us */
1298
1299	wps_ie = ieee802_11_vendor_ie_concat(ie, ie_len, WPS_DEV_OUI_WFA);
1300	if (wps_ie == NULL)
1301		return 0;
1302	if (wps_validate_probe_req(wps_ie, addr) < 0) {
1303		wpabuf_free(wps_ie);
1304		return 0;
1305	}
1306
1307	if (wpabuf_len(wps_ie) > 0) {
1308		int p2p_wildcard = 0;
1309#ifdef CONFIG_P2P
1310		if (elems.ssid && elems.ssid_len == P2P_WILDCARD_SSID_LEN &&
1311		    os_memcmp(elems.ssid, P2P_WILDCARD_SSID,
1312			      P2P_WILDCARD_SSID_LEN) == 0)
1313			p2p_wildcard = 1;
1314#endif /* CONFIG_P2P */
1315		wps_registrar_probe_req_rx(hapd->wps->registrar, addr, wps_ie,
1316					   p2p_wildcard);
1317#ifdef CONFIG_WPS_UPNP
1318		/* FIX: what exactly should be included in the WLANEvent?
1319		 * WPS attributes? Full ProbeReq frame? */
1320		if (!p2p_wildcard)
1321			upnp_wps_device_send_wlan_event(
1322				hapd->wps_upnp, addr,
1323				UPNP_WPS_WLANEVENT_TYPE_PROBE, wps_ie);
1324#endif /* CONFIG_WPS_UPNP */
1325	}
1326
1327	wpabuf_free(wps_ie);
1328
1329	return 0;
1330}
1331
1332
1333#ifdef CONFIG_WPS_UPNP
1334
1335static int hostapd_rx_req_put_wlan_response(
1336	void *priv, enum upnp_wps_wlanevent_type ev_type,
1337	const u8 *mac_addr, const struct wpabuf *msg,
1338	enum wps_msg_type msg_type)
1339{
1340	struct hostapd_data *hapd = priv;
1341	struct sta_info *sta;
1342	struct upnp_pending_message *p;
1343
1344	wpa_printf(MSG_DEBUG, "WPS UPnP: PutWLANResponse ev_type=%d mac_addr="
1345		   MACSTR, ev_type, MAC2STR(mac_addr));
1346	wpa_hexdump(MSG_MSGDUMP, "WPS UPnP: PutWLANResponse NewMessage",
1347		    wpabuf_head(msg), wpabuf_len(msg));
1348	if (ev_type != UPNP_WPS_WLANEVENT_TYPE_EAP) {
1349		wpa_printf(MSG_DEBUG, "WPS UPnP: Ignored unexpected "
1350			   "PutWLANResponse WLANEventType %d", ev_type);
1351		return -1;
1352	}
1353
1354	/*
1355	 * EAP response to ongoing to WPS Registration. Send it to EAP-WSC
1356	 * server implementation for delivery to the peer.
1357	 */
1358
1359	sta = ap_get_sta(hapd, mac_addr);
1360#ifndef CONFIG_WPS_STRICT
1361	if (!sta) {
1362		/*
1363		 * Workaround - Intel wsccmd uses bogus NewWLANEventMAC:
1364		 * Pick STA that is in an ongoing WPS registration without
1365		 * checking the MAC address.
1366		 */
1367		wpa_printf(MSG_DEBUG, "WPS UPnP: No matching STA found based "
1368			   "on NewWLANEventMAC; try wildcard match");
1369		for (sta = hapd->sta_list; sta; sta = sta->next) {
1370			if (sta->eapol_sm && (sta->flags & WLAN_STA_WPS))
1371				break;
1372		}
1373	}
1374#endif /* CONFIG_WPS_STRICT */
1375
1376	if (!sta || !(sta->flags & WLAN_STA_WPS)) {
1377		wpa_printf(MSG_DEBUG, "WPS UPnP: No matching STA found");
1378		return 0;
1379	}
1380
1381	p = os_zalloc(sizeof(*p));
1382	if (p == NULL)
1383		return -1;
1384	os_memcpy(p->addr, sta->addr, ETH_ALEN);
1385	p->msg = wpabuf_dup(msg);
1386	p->type = msg_type;
1387	p->next = hapd->wps->upnp_msgs;
1388	hapd->wps->upnp_msgs = p;
1389
1390	return eapol_auth_eap_pending_cb(sta->eapol_sm, sta->eapol_sm->eap);
1391}
1392
1393
1394static int hostapd_wps_upnp_init(struct hostapd_data *hapd,
1395				 struct wps_context *wps)
1396{
1397	struct upnp_wps_device_ctx *ctx;
1398
1399	if (!hapd->conf->upnp_iface)
1400		return 0;
1401	ctx = os_zalloc(sizeof(*ctx));
1402	if (ctx == NULL)
1403		return -1;
1404
1405	ctx->rx_req_put_wlan_response = hostapd_rx_req_put_wlan_response;
1406	if (hapd->conf->ap_pin)
1407		ctx->ap_pin = os_strdup(hapd->conf->ap_pin);
1408
1409	hapd->wps_upnp = upnp_wps_device_init(ctx, wps, hapd,
1410					      hapd->conf->upnp_iface);
1411	if (hapd->wps_upnp == NULL)
1412		return -1;
1413	wps->wps_upnp = hapd->wps_upnp;
1414
1415	return 0;
1416}
1417
1418
1419static void hostapd_wps_upnp_deinit(struct hostapd_data *hapd)
1420{
1421	upnp_wps_device_deinit(hapd->wps_upnp, hapd);
1422}
1423
1424#endif /* CONFIG_WPS_UPNP */
1425
1426
1427int hostapd_wps_get_mib_sta(struct hostapd_data *hapd, const u8 *addr,
1428			    char *buf, size_t buflen)
1429{
1430	if (hapd->wps == NULL)
1431		return 0;
1432	return wps_registrar_get_info(hapd->wps->registrar, addr, buf, buflen);
1433}
1434
1435
1436static void hostapd_wps_ap_pin_timeout(void *eloop_data, void *user_ctx)
1437{
1438	struct hostapd_data *hapd = eloop_data;
1439	wpa_printf(MSG_DEBUG, "WPS: AP PIN timed out");
1440	hostapd_wps_ap_pin_disable(hapd);
1441	wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_AP_PIN_DISABLED);
1442}
1443
1444
1445static void hostapd_wps_ap_pin_enable(struct hostapd_data *hapd, int timeout)
1446{
1447	wpa_printf(MSG_DEBUG, "WPS: Enabling AP PIN (timeout=%d)", timeout);
1448	hapd->ap_pin_failures = 0;
1449	hapd->ap_pin_failures_consecutive = 0;
1450	hapd->conf->ap_setup_locked = 0;
1451	if (hapd->wps->ap_setup_locked) {
1452		wpa_msg(hapd->msg_ctx, MSG_INFO, WPS_EVENT_AP_SETUP_UNLOCKED);
1453		hapd->wps->ap_setup_locked = 0;
1454		wps_registrar_update_ie(hapd->wps->registrar);
1455	}
1456	eloop_cancel_timeout(hostapd_wps_ap_pin_timeout, hapd, NULL);
1457	if (timeout > 0)
1458		eloop_register_timeout(timeout, 0,
1459				       hostapd_wps_ap_pin_timeout, hapd, NULL);
1460}
1461
1462
1463static int wps_ap_pin_disable(struct hostapd_data *hapd, void *ctx)
1464{
1465	os_free(hapd->conf->ap_pin);
1466	hapd->conf->ap_pin = NULL;
1467#ifdef CONFIG_WPS_UPNP
1468	upnp_wps_set_ap_pin(hapd->wps_upnp, NULL);
1469#endif /* CONFIG_WPS_UPNP */
1470	eloop_cancel_timeout(hostapd_wps_ap_pin_timeout, hapd, NULL);
1471	return 0;
1472}
1473
1474
1475void hostapd_wps_ap_pin_disable(struct hostapd_data *hapd)
1476{
1477	wpa_printf(MSG_DEBUG, "WPS: Disabling AP PIN");
1478	hostapd_wps_for_each(hapd, wps_ap_pin_disable, NULL);
1479}
1480
1481
1482struct wps_ap_pin_data {
1483	char pin_txt[9];
1484	int timeout;
1485};
1486
1487
1488static int wps_ap_pin_set(struct hostapd_data *hapd, void *ctx)
1489{
1490	struct wps_ap_pin_data *data = ctx;
1491	os_free(hapd->conf->ap_pin);
1492	hapd->conf->ap_pin = os_strdup(data->pin_txt);
1493#ifdef CONFIG_WPS_UPNP
1494	upnp_wps_set_ap_pin(hapd->wps_upnp, data->pin_txt);
1495#endif /* CONFIG_WPS_UPNP */
1496	hostapd_wps_ap_pin_enable(hapd, data->timeout);
1497	return 0;
1498}
1499
1500
1501const char * hostapd_wps_ap_pin_random(struct hostapd_data *hapd, int timeout)
1502{
1503	unsigned int pin;
1504	struct wps_ap_pin_data data;
1505
1506	pin = wps_generate_pin();
1507	os_snprintf(data.pin_txt, sizeof(data.pin_txt), "%08u", pin);
1508	data.timeout = timeout;
1509	hostapd_wps_for_each(hapd, wps_ap_pin_set, &data);
1510	return hapd->conf->ap_pin;
1511}
1512
1513
1514const char * hostapd_wps_ap_pin_get(struct hostapd_data *hapd)
1515{
1516	return hapd->conf->ap_pin;
1517}
1518
1519
1520int hostapd_wps_ap_pin_set(struct hostapd_data *hapd, const char *pin,
1521			   int timeout)
1522{
1523	struct wps_ap_pin_data data;
1524	int ret;
1525
1526	ret = os_snprintf(data.pin_txt, sizeof(data.pin_txt), "%s", pin);
1527	if (ret < 0 || ret >= (int) sizeof(data.pin_txt))
1528		return -1;
1529	data.timeout = timeout;
1530	return hostapd_wps_for_each(hapd, wps_ap_pin_set, &data);
1531}
1532
1533
1534static int wps_update_ie(struct hostapd_data *hapd, void *ctx)
1535{
1536	if (hapd->wps)
1537		wps_registrar_update_ie(hapd->wps->registrar);
1538	return 0;
1539}
1540
1541
1542void hostapd_wps_update_ie(struct hostapd_data *hapd)
1543{
1544	hostapd_wps_for_each(hapd, wps_update_ie, NULL);
1545}
1546
1547
1548int hostapd_wps_config_ap(struct hostapd_data *hapd, const char *ssid,
1549			  const char *auth, const char *encr, const char *key)
1550{
1551	struct wps_credential cred;
1552	size_t len;
1553
1554	os_memset(&cred, 0, sizeof(cred));
1555
1556	len = os_strlen(ssid);
1557	if ((len & 1) || len > 2 * sizeof(cred.ssid) ||
1558	    hexstr2bin(ssid, cred.ssid, len / 2))
1559		return -1;
1560	cred.ssid_len = len / 2;
1561
1562	if (os_strncmp(auth, "OPEN", 4) == 0)
1563		cred.auth_type = WPS_AUTH_OPEN;
1564	else if (os_strncmp(auth, "WPAPSK", 6) == 0)
1565		cred.auth_type = WPS_AUTH_WPAPSK;
1566	else if (os_strncmp(auth, "WPA2PSK", 7) == 0)
1567		cred.auth_type = WPS_AUTH_WPA2PSK;
1568	else
1569		return -1;
1570
1571	if (encr) {
1572		if (os_strncmp(encr, "NONE", 4) == 0)
1573			cred.encr_type = WPS_ENCR_NONE;
1574		else if (os_strncmp(encr, "WEP", 3) == 0)
1575			cred.encr_type = WPS_ENCR_WEP;
1576		else if (os_strncmp(encr, "TKIP", 4) == 0)
1577			cred.encr_type = WPS_ENCR_TKIP;
1578		else if (os_strncmp(encr, "CCMP", 4) == 0)
1579			cred.encr_type = WPS_ENCR_AES;
1580		else
1581			return -1;
1582	} else
1583		cred.encr_type = WPS_ENCR_NONE;
1584
1585	if (key) {
1586		len = os_strlen(key);
1587		if ((len & 1) || len > 2 * sizeof(cred.key) ||
1588		    hexstr2bin(key, cred.key, len / 2))
1589			return -1;
1590		cred.key_len = len / 2;
1591	}
1592
1593	return wps_registrar_config_ap(hapd->wps->registrar, &cred);
1594}
1595
1596
1597#ifdef CONFIG_WPS_NFC
1598
1599struct wps_nfc_password_token_data {
1600	const u8 *oob_dev_pw;
1601	size_t oob_dev_pw_len;
1602	int added;
1603};
1604
1605
1606static int wps_add_nfc_password_token(struct hostapd_data *hapd, void *ctx)
1607{
1608	struct wps_nfc_password_token_data *data = ctx;
1609	int ret;
1610
1611	if (hapd->wps == NULL)
1612		return 0;
1613	ret = wps_registrar_add_nfc_password_token(hapd->wps->registrar,
1614						   data->oob_dev_pw,
1615						   data->oob_dev_pw_len);
1616	if (ret == 0)
1617		data->added++;
1618	return ret;
1619}
1620
1621
1622static int hostapd_wps_add_nfc_password_token(struct hostapd_data *hapd,
1623					      struct wps_parse_attr *attr)
1624{
1625	struct wps_nfc_password_token_data data;
1626
1627	data.oob_dev_pw = attr->oob_dev_password;
1628	data.oob_dev_pw_len = attr->oob_dev_password_len;
1629	data.added = 0;
1630	if (hostapd_wps_for_each(hapd, wps_add_nfc_password_token, &data) < 0)
1631		return -1;
1632	return data.added ? 0 : -1;
1633}
1634
1635
1636static int hostapd_wps_nfc_tag_process(struct hostapd_data *hapd,
1637				       const struct wpabuf *wps)
1638{
1639	struct wps_parse_attr attr;
1640
1641	wpa_hexdump_buf(MSG_DEBUG, "WPS: Received NFC tag payload", wps);
1642
1643	if (wps_parse_msg(wps, &attr)) {
1644		wpa_printf(MSG_DEBUG, "WPS: Ignore invalid data from NFC tag");
1645		return -1;
1646	}
1647
1648	if (attr.oob_dev_password)
1649		return hostapd_wps_add_nfc_password_token(hapd, &attr);
1650
1651	wpa_printf(MSG_DEBUG, "WPS: Ignore unrecognized NFC tag");
1652	return -1;
1653}
1654
1655
1656int hostapd_wps_nfc_tag_read(struct hostapd_data *hapd,
1657			     const struct wpabuf *data)
1658{
1659	const struct wpabuf *wps = data;
1660	struct wpabuf *tmp = NULL;
1661	int ret;
1662
1663	if (wpabuf_len(data) < 4)
1664		return -1;
1665
1666	if (*wpabuf_head_u8(data) != 0x10) {
1667		/* Assume this contains full NDEF record */
1668		tmp = ndef_parse_wifi(data);
1669		if (tmp == NULL) {
1670			wpa_printf(MSG_DEBUG, "WPS: Could not parse NDEF");
1671			return -1;
1672		}
1673		wps = tmp;
1674	}
1675
1676	ret = hostapd_wps_nfc_tag_process(hapd, wps);
1677	wpabuf_free(tmp);
1678	return ret;
1679}
1680
1681
1682struct wpabuf * hostapd_wps_nfc_config_token(struct hostapd_data *hapd,
1683					     int ndef)
1684{
1685	struct wpabuf *ret;
1686
1687	if (hapd->wps == NULL)
1688		return NULL;
1689
1690	ret = wps_get_oob_cred(hapd->wps);
1691	if (ndef && ret) {
1692		struct wpabuf *tmp;
1693		tmp = ndef_build_wifi(ret);
1694		wpabuf_free(ret);
1695		if (tmp == NULL)
1696			return NULL;
1697		ret = tmp;
1698	}
1699
1700	return ret;
1701}
1702
1703
1704struct wpabuf * hostapd_wps_nfc_hs_cr(struct hostapd_data *hapd, int ndef)
1705{
1706	/*
1707	 * Handover Select carrier record for WPS uses the same format as
1708	 * configuration token.
1709	 */
1710	return hostapd_wps_nfc_config_token(hapd, ndef);
1711}
1712
1713
1714struct wpabuf * hostapd_wps_nfc_token_gen(struct hostapd_data *hapd, int ndef)
1715{
1716	if (hapd->conf->wps_nfc_pw_from_config) {
1717		return wps_nfc_token_build(ndef,
1718					   hapd->conf->wps_nfc_dev_pw_id,
1719					   hapd->conf->wps_nfc_dh_pubkey,
1720					   hapd->conf->wps_nfc_dev_pw);
1721	}
1722
1723	return wps_nfc_token_gen(ndef, &hapd->conf->wps_nfc_dev_pw_id,
1724				 &hapd->conf->wps_nfc_dh_pubkey,
1725				 &hapd->conf->wps_nfc_dh_privkey,
1726				 &hapd->conf->wps_nfc_dev_pw);
1727}
1728
1729
1730int hostapd_wps_nfc_token_enable(struct hostapd_data *hapd)
1731{
1732	struct wps_context *wps = hapd->wps;
1733	struct wpabuf *pw;
1734
1735	if (wps == NULL)
1736		return -1;
1737
1738	if (!hapd->conf->wps_nfc_dh_pubkey ||
1739	    !hapd->conf->wps_nfc_dh_privkey ||
1740	    !hapd->conf->wps_nfc_dev_pw ||
1741	    !hapd->conf->wps_nfc_dev_pw_id)
1742		return -1;
1743
1744	hostapd_wps_nfc_clear(wps);
1745	wps->ap_nfc_dev_pw_id = hapd->conf->wps_nfc_dev_pw_id;
1746	wps->ap_nfc_dh_pubkey = wpabuf_dup(hapd->conf->wps_nfc_dh_pubkey);
1747	wps->ap_nfc_dh_privkey = wpabuf_dup(hapd->conf->wps_nfc_dh_privkey);
1748	pw = hapd->conf->wps_nfc_dev_pw;
1749	wps->ap_nfc_dev_pw = wpabuf_alloc(
1750		wpabuf_len(pw) * 2 + 1);
1751	if (wps->ap_nfc_dev_pw) {
1752		wpa_snprintf_hex_uppercase(
1753			(char *) wpabuf_put(wps->ap_nfc_dev_pw,
1754					    wpabuf_len(pw) * 2),
1755			wpabuf_len(pw) * 2 + 1,
1756			wpabuf_head(pw), wpabuf_len(pw));
1757	}
1758
1759	if (!wps->ap_nfc_dh_pubkey || !wps->ap_nfc_dh_privkey ||
1760	    !wps->ap_nfc_dev_pw) {
1761		hostapd_wps_nfc_clear(wps);
1762		return -1;
1763	}
1764
1765	return 0;
1766}
1767
1768
1769void hostapd_wps_nfc_token_disable(struct hostapd_data *hapd)
1770{
1771	hostapd_wps_nfc_clear(hapd->wps);
1772}
1773
1774#endif /* CONFIG_WPS_NFC */
1775