1/*
2 * wpa_supplicant / WPS integration
3 * Copyright (c) 2008-2014, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "includes.h"
10
11#include "common.h"
12#include "eloop.h"
13#include "uuid.h"
14#include "crypto/random.h"
15#include "crypto/dh_group5.h"
16#include "common/ieee802_11_defs.h"
17#include "common/ieee802_11_common.h"
18#include "common/wpa_common.h"
19#include "common/wpa_ctrl.h"
20#include "eap_common/eap_wsc_common.h"
21#include "eap_peer/eap.h"
22#include "eapol_supp/eapol_supp_sm.h"
23#include "rsn_supp/wpa.h"
24#include "wps/wps_attr_parse.h"
25#include "config.h"
26#include "wpa_supplicant_i.h"
27#include "driver_i.h"
28#include "notify.h"
29#include "blacklist.h"
30#include "bss.h"
31#include "scan.h"
32#include "ap.h"
33#include "p2p/p2p.h"
34#include "p2p_supplicant.h"
35#include "wps_supplicant.h"
36
37
38#ifndef WPS_PIN_SCAN_IGNORE_SEL_REG
39#define WPS_PIN_SCAN_IGNORE_SEL_REG 3
40#endif /* WPS_PIN_SCAN_IGNORE_SEL_REG */
41
42/*
43 * The minimum time in seconds before trying to associate to a WPS PIN AP that
44 * does not have Selected Registrar TRUE.
45 */
46#ifndef WPS_PIN_TIME_IGNORE_SEL_REG
47#define WPS_PIN_TIME_IGNORE_SEL_REG 5
48#endif /* WPS_PIN_TIME_IGNORE_SEL_REG */
49
50static void wpas_wps_timeout(void *eloop_ctx, void *timeout_ctx);
51static void wpas_clear_wps(struct wpa_supplicant *wpa_s);
52
53
54static void wpas_wps_clear_ap_info(struct wpa_supplicant *wpa_s)
55{
56	os_free(wpa_s->wps_ap);
57	wpa_s->wps_ap = NULL;
58	wpa_s->num_wps_ap = 0;
59	wpa_s->wps_ap_iter = 0;
60}
61
62
63static void wpas_wps_assoc_with_cred(void *eloop_ctx, void *timeout_ctx)
64{
65	struct wpa_supplicant *wpa_s = eloop_ctx;
66	int use_fast_assoc = timeout_ctx != NULL;
67
68	wpa_printf(MSG_DEBUG, "WPS: Continuing association after eapol_cb");
69	if (!use_fast_assoc ||
70	    wpa_supplicant_fast_associate(wpa_s) != 1)
71		wpa_supplicant_req_scan(wpa_s, 0, 0);
72}
73
74
75static void wpas_wps_assoc_with_cred_cancel(struct wpa_supplicant *wpa_s)
76{
77	eloop_cancel_timeout(wpas_wps_assoc_with_cred, wpa_s, (void *) 0);
78	eloop_cancel_timeout(wpas_wps_assoc_with_cred, wpa_s, (void *) 1);
79}
80
81
82int wpas_wps_eapol_cb(struct wpa_supplicant *wpa_s)
83{
84	if (wpas_p2p_wps_eapol_cb(wpa_s) > 0)
85		return 1;
86
87	if (!wpa_s->wps_success &&
88	    wpa_s->current_ssid &&
89	    eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
90		const u8 *bssid = wpa_s->bssid;
91		if (is_zero_ether_addr(bssid))
92			bssid = wpa_s->pending_bssid;
93
94		wpa_printf(MSG_DEBUG, "WPS: PIN registration with " MACSTR
95			   " did not succeed - continue trying to find "
96			   "suitable AP", MAC2STR(bssid));
97		wpa_blacklist_add(wpa_s, bssid);
98
99		wpa_supplicant_deauthenticate(wpa_s,
100					      WLAN_REASON_DEAUTH_LEAVING);
101		wpa_s->reassociate = 1;
102		wpa_supplicant_req_scan(wpa_s,
103					wpa_s->blacklist_cleared ? 5 : 0, 0);
104		wpa_s->blacklist_cleared = 0;
105		return 1;
106	}
107
108	wpas_wps_clear_ap_info(wpa_s);
109	eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL);
110	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && !wpa_s->wps_success)
111		wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_FAIL);
112
113	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && wpa_s->current_ssid &&
114	    !(wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
115		int disabled = wpa_s->current_ssid->disabled;
116		unsigned int freq = wpa_s->assoc_freq;
117		struct wpa_bss *bss;
118		struct wpa_ssid *ssid = NULL;
119		int use_fast_assoc = 0;
120
121		wpa_printf(MSG_DEBUG, "WPS: Network configuration replaced - "
122			   "try to associate with the received credential "
123			   "(freq=%u)", freq);
124		wpa_s->own_disconnect_req = 1;
125		wpa_supplicant_deauthenticate(wpa_s,
126					      WLAN_REASON_DEAUTH_LEAVING);
127		if (disabled) {
128			wpa_printf(MSG_DEBUG, "WPS: Current network is "
129				   "disabled - wait for user to enable");
130			return 1;
131		}
132		wpa_s->after_wps = 5;
133		wpa_s->wps_freq = freq;
134		wpa_s->normal_scans = 0;
135		wpa_s->reassociate = 1;
136
137		wpa_printf(MSG_DEBUG, "WPS: Checking whether fast association "
138			   "without a new scan can be used");
139		bss = wpa_supplicant_pick_network(wpa_s, &ssid);
140		if (bss) {
141			struct wpabuf *wps;
142			struct wps_parse_attr attr;
143
144			wps = wpa_bss_get_vendor_ie_multi(bss,
145							  WPS_IE_VENDOR_TYPE);
146			if (wps && wps_parse_msg(wps, &attr) == 0 &&
147			    attr.wps_state &&
148			    *attr.wps_state == WPS_STATE_CONFIGURED)
149				use_fast_assoc = 1;
150			wpabuf_free(wps);
151		}
152
153		/*
154		 * Complete the next step from an eloop timeout to allow pending
155		 * driver events related to the disconnection to be processed
156		 * first. This makes it less likely for disconnection event to
157		 * cause problems with the following connection.
158		 */
159		wpa_printf(MSG_DEBUG, "WPS: Continue association from timeout");
160		wpas_wps_assoc_with_cred_cancel(wpa_s);
161		eloop_register_timeout(0, 10000,
162				       wpas_wps_assoc_with_cred, wpa_s,
163				       use_fast_assoc ? (void *) 1 :
164				       (void *) 0);
165		return 1;
166	}
167
168	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS && wpa_s->current_ssid) {
169		wpa_printf(MSG_DEBUG, "WPS: Registration completed - waiting "
170			   "for external credential processing");
171		wpas_clear_wps(wpa_s);
172		wpa_s->own_disconnect_req = 1;
173		wpa_supplicant_deauthenticate(wpa_s,
174					      WLAN_REASON_DEAUTH_LEAVING);
175		return 1;
176	}
177
178	return 0;
179}
180
181
182static void wpas_wps_security_workaround(struct wpa_supplicant *wpa_s,
183					 struct wpa_ssid *ssid,
184					 const struct wps_credential *cred)
185{
186	struct wpa_driver_capa capa;
187	struct wpa_bss *bss;
188	const u8 *ie;
189	struct wpa_ie_data adv;
190	int wpa2 = 0, ccmp = 0;
191
192	/*
193	 * Many existing WPS APs do not know how to negotiate WPA2 or CCMP in
194	 * case they are configured for mixed mode operation (WPA+WPA2 and
195	 * TKIP+CCMP). Try to use scan results to figure out whether the AP
196	 * actually supports stronger security and select that if the client
197	 * has support for it, too.
198	 */
199
200	if (wpa_drv_get_capa(wpa_s, &capa))
201		return; /* Unknown what driver supports */
202
203	if (ssid->ssid == NULL)
204		return;
205	bss = wpa_bss_get(wpa_s, cred->mac_addr, ssid->ssid, ssid->ssid_len);
206	if (bss == NULL) {
207		wpa_printf(MSG_DEBUG, "WPS: The AP was not found from BSS "
208			   "table - use credential as-is");
209		return;
210	}
211
212	wpa_printf(MSG_DEBUG, "WPS: AP found from BSS table");
213
214	ie = wpa_bss_get_ie(bss, WLAN_EID_RSN);
215	if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &adv) == 0) {
216		wpa2 = 1;
217		if (adv.pairwise_cipher & WPA_CIPHER_CCMP)
218			ccmp = 1;
219	} else {
220		ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
221		if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &adv) == 0 &&
222		    adv.pairwise_cipher & WPA_CIPHER_CCMP)
223			ccmp = 1;
224	}
225
226	if (ie == NULL && (ssid->proto & WPA_PROTO_WPA) &&
227	    (ssid->pairwise_cipher & WPA_CIPHER_TKIP)) {
228		/*
229		 * TODO: This could be the initial AP configuration and the
230		 * Beacon contents could change shortly. Should request a new
231		 * scan and delay addition of the network until the updated
232		 * scan results are available.
233		 */
234		wpa_printf(MSG_DEBUG, "WPS: The AP did not yet advertise WPA "
235			   "support - use credential as-is");
236		return;
237	}
238
239	if (ccmp && !(ssid->pairwise_cipher & WPA_CIPHER_CCMP) &&
240	    (ssid->pairwise_cipher & WPA_CIPHER_TKIP) &&
241	    (capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK)) {
242		wpa_printf(MSG_DEBUG, "WPS: Add CCMP into the credential "
243			   "based on scan results");
244		if (wpa_s->conf->ap_scan == 1)
245			ssid->pairwise_cipher |= WPA_CIPHER_CCMP;
246		else
247			ssid->pairwise_cipher = WPA_CIPHER_CCMP;
248	}
249
250	if (wpa2 && !(ssid->proto & WPA_PROTO_RSN) &&
251	    (ssid->proto & WPA_PROTO_WPA) &&
252	    (capa.enc & WPA_DRIVER_CAPA_ENC_CCMP)) {
253		wpa_printf(MSG_DEBUG, "WPS: Add WPA2 into the credential "
254			   "based on scan results");
255		if (wpa_s->conf->ap_scan == 1)
256			ssid->proto |= WPA_PROTO_RSN;
257		else
258			ssid->proto = WPA_PROTO_RSN;
259	}
260}
261
262
263static void wpas_wps_remove_dup_network(struct wpa_supplicant *wpa_s,
264					struct wpa_ssid *new_ssid)
265{
266	struct wpa_ssid *ssid, *next;
267
268	for (ssid = wpa_s->conf->ssid, next = ssid ? ssid->next : NULL; ssid;
269	     ssid = next, next = ssid ? ssid->next : NULL) {
270		/*
271		 * new_ssid has already been added to the list in
272		 * wpas_wps_add_network(), so skip it.
273		 */
274		if (ssid == new_ssid)
275			continue;
276
277		if (ssid->bssid_set || new_ssid->bssid_set) {
278			if (ssid->bssid_set != new_ssid->bssid_set)
279				continue;
280			if (os_memcmp(ssid->bssid, new_ssid->bssid, ETH_ALEN) !=
281			    0)
282				continue;
283		}
284
285		/* compare SSID */
286		if (ssid->ssid_len == 0 || ssid->ssid_len != new_ssid->ssid_len)
287			continue;
288
289		if (ssid->ssid && new_ssid->ssid) {
290			if (os_memcmp(ssid->ssid, new_ssid->ssid,
291				      ssid->ssid_len) != 0)
292				continue;
293		} else if (ssid->ssid || new_ssid->ssid)
294			continue;
295
296		/* compare security parameters */
297		if (ssid->auth_alg != new_ssid->auth_alg ||
298		    ssid->key_mgmt != new_ssid->key_mgmt ||
299		    (ssid->group_cipher != new_ssid->group_cipher &&
300		     !(ssid->group_cipher & new_ssid->group_cipher &
301		       WPA_CIPHER_CCMP)))
302			continue;
303
304		/*
305		 * Some existing WPS APs will send two creds in case they are
306		 * configured for mixed mode operation (WPA+WPA2 and TKIP+CCMP).
307		 * Try to merge these two creds if they are received in the same
308		 * M8 message.
309		 */
310		if (ssid->wps_run && ssid->wps_run == new_ssid->wps_run &&
311		    wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
312			if (new_ssid->passphrase && ssid->passphrase &&
313			    os_strcmp(new_ssid->passphrase, ssid->passphrase) !=
314			    0) {
315				wpa_printf(MSG_DEBUG,
316					   "WPS: M8 Creds with different passphrase - do not merge");
317				continue;
318			}
319
320			if (new_ssid->psk_set &&
321			    (!ssid->psk_set ||
322			     os_memcmp(new_ssid->psk, ssid->psk, 32) != 0)) {
323				wpa_printf(MSG_DEBUG,
324					   "WPS: M8 Creds with different PSK - do not merge");
325				continue;
326			}
327
328			if ((new_ssid->passphrase && !ssid->passphrase) ||
329			    (!new_ssid->passphrase && ssid->passphrase)) {
330				wpa_printf(MSG_DEBUG,
331					   "WPS: M8 Creds with different passphrase/PSK type - do not merge");
332				continue;
333			}
334
335			wpa_printf(MSG_DEBUG,
336				   "WPS: Workaround - merge likely WPA/WPA2-mixed mode creds in same M8 message");
337			new_ssid->proto |= ssid->proto;
338			new_ssid->pairwise_cipher |= ssid->pairwise_cipher;
339		} else {
340			/*
341			 * proto and pairwise_cipher difference matter for
342			 * non-mixed-mode creds.
343			 */
344			if (ssid->proto != new_ssid->proto ||
345			    ssid->pairwise_cipher != new_ssid->pairwise_cipher)
346				continue;
347		}
348
349		/* Remove the duplicated older network entry. */
350		wpa_printf(MSG_DEBUG, "Remove duplicate network %d", ssid->id);
351		wpas_notify_network_removed(wpa_s, ssid);
352		if (wpa_s->current_ssid == ssid)
353			wpa_s->current_ssid = NULL;
354		wpa_config_remove_network(wpa_s->conf, ssid->id);
355	}
356}
357
358
359static int wpa_supplicant_wps_cred(void *ctx,
360				   const struct wps_credential *cred)
361{
362	struct wpa_supplicant *wpa_s = ctx;
363	struct wpa_ssid *ssid = wpa_s->current_ssid;
364	u16 auth_type;
365#ifdef CONFIG_WPS_REG_DISABLE_OPEN
366	int registrar = 0;
367#endif /* CONFIG_WPS_REG_DISABLE_OPEN */
368
369	if ((wpa_s->conf->wps_cred_processing == 1 ||
370	     wpa_s->conf->wps_cred_processing == 2) && cred->cred_attr) {
371		size_t blen = cred->cred_attr_len * 2 + 1;
372		char *buf = os_malloc(blen);
373		if (buf) {
374			wpa_snprintf_hex(buf, blen,
375					 cred->cred_attr, cred->cred_attr_len);
376			wpa_msg(wpa_s, MSG_INFO, "%s%s",
377				WPS_EVENT_CRED_RECEIVED, buf);
378			os_free(buf);
379		}
380
381		wpas_notify_wps_credential(wpa_s, cred);
382	} else
383		wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_CRED_RECEIVED);
384
385	wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute",
386			cred->cred_attr, cred->cred_attr_len);
387
388	if (wpa_s->conf->wps_cred_processing == 1)
389		return 0;
390
391	wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", cred->ssid, cred->ssid_len);
392	wpa_printf(MSG_DEBUG, "WPS: Authentication Type 0x%x",
393		   cred->auth_type);
394	wpa_printf(MSG_DEBUG, "WPS: Encryption Type 0x%x", cred->encr_type);
395	wpa_printf(MSG_DEBUG, "WPS: Network Key Index %d", cred->key_idx);
396	wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key",
397			cred->key, cred->key_len);
398	wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR,
399		   MAC2STR(cred->mac_addr));
400
401	auth_type = cred->auth_type;
402	if (auth_type == (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) {
403		wpa_printf(MSG_DEBUG, "WPS: Workaround - convert mixed-mode "
404			   "auth_type into WPA2PSK");
405		auth_type = WPS_AUTH_WPA2PSK;
406	}
407
408	if (auth_type != WPS_AUTH_OPEN &&
409	    auth_type != WPS_AUTH_WPAPSK &&
410	    auth_type != WPS_AUTH_WPA2PSK) {
411		wpa_printf(MSG_DEBUG, "WPS: Ignored credentials for "
412			   "unsupported authentication type 0x%x",
413			   auth_type);
414		return 0;
415	}
416
417	if (auth_type == WPS_AUTH_WPAPSK || auth_type == WPS_AUTH_WPA2PSK) {
418		if (cred->key_len < 8 || cred->key_len > 2 * PMK_LEN) {
419			wpa_printf(MSG_ERROR, "WPS: Reject PSK credential with "
420				   "invalid Network Key length %lu",
421				   (unsigned long) cred->key_len);
422			return -1;
423		}
424	}
425
426	if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
427		wpa_printf(MSG_DEBUG, "WPS: Replace WPS network block based "
428			   "on the received credential");
429#ifdef CONFIG_WPS_REG_DISABLE_OPEN
430		if (ssid->eap.identity &&
431		    ssid->eap.identity_len == WSC_ID_REGISTRAR_LEN &&
432		    os_memcmp(ssid->eap.identity, WSC_ID_REGISTRAR,
433			      WSC_ID_REGISTRAR_LEN) == 0)
434			registrar = 1;
435#endif /* CONFIG_WPS_REG_DISABLE_OPEN */
436		os_free(ssid->eap.identity);
437		ssid->eap.identity = NULL;
438		ssid->eap.identity_len = 0;
439		os_free(ssid->eap.phase1);
440		ssid->eap.phase1 = NULL;
441		os_free(ssid->eap.eap_methods);
442		ssid->eap.eap_methods = NULL;
443		if (!ssid->p2p_group) {
444			ssid->temporary = 0;
445			ssid->bssid_set = 0;
446		}
447		ssid->disabled_until.sec = 0;
448		ssid->disabled_until.usec = 0;
449		ssid->auth_failures = 0;
450	} else {
451		wpa_printf(MSG_DEBUG, "WPS: Create a new network based on the "
452			   "received credential");
453		ssid = wpa_config_add_network(wpa_s->conf);
454		if (ssid == NULL)
455			return -1;
456		if (wpa_s->current_ssid) {
457			/*
458			 * Should the GO issue multiple credentials for some
459			 * reason, each credential should be marked as a
460			 * temporary P2P group similarly to the one that gets
461			 * marked as such based on the pre-configured values
462			 * used for the WPS network block.
463			 */
464			ssid->p2p_group = wpa_s->current_ssid->p2p_group;
465			ssid->temporary = wpa_s->current_ssid->temporary;
466		}
467		wpas_notify_network_added(wpa_s, ssid);
468	}
469
470	wpa_config_set_network_defaults(ssid);
471	ssid->wps_run = wpa_s->wps_run;
472
473	os_free(ssid->ssid);
474	ssid->ssid = os_malloc(cred->ssid_len);
475	if (ssid->ssid) {
476		os_memcpy(ssid->ssid, cred->ssid, cred->ssid_len);
477		ssid->ssid_len = cred->ssid_len;
478	}
479
480	switch (cred->encr_type) {
481	case WPS_ENCR_NONE:
482		break;
483	case WPS_ENCR_TKIP:
484		ssid->pairwise_cipher = WPA_CIPHER_TKIP;
485		break;
486	case WPS_ENCR_AES:
487		ssid->pairwise_cipher = WPA_CIPHER_CCMP;
488		if (wpa_s->drv_capa_known &&
489		    (wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_GCMP)) {
490			ssid->pairwise_cipher |= WPA_CIPHER_GCMP;
491			ssid->group_cipher |= WPA_CIPHER_GCMP;
492		}
493		break;
494	}
495
496	switch (auth_type) {
497	case WPS_AUTH_OPEN:
498		ssid->auth_alg = WPA_AUTH_ALG_OPEN;
499		ssid->key_mgmt = WPA_KEY_MGMT_NONE;
500		ssid->proto = 0;
501#ifdef CONFIG_WPS_REG_DISABLE_OPEN
502		if (registrar) {
503			wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_OPEN_NETWORK
504				"id=%d - Credentials for an open "
505				"network disabled by default - use "
506				"'select_network %d' to enable",
507				ssid->id, ssid->id);
508			ssid->disabled = 1;
509		}
510#endif /* CONFIG_WPS_REG_DISABLE_OPEN */
511		break;
512	case WPS_AUTH_WPAPSK:
513		ssid->auth_alg = WPA_AUTH_ALG_OPEN;
514		ssid->key_mgmt = WPA_KEY_MGMT_PSK;
515		ssid->proto = WPA_PROTO_WPA;
516		break;
517	case WPS_AUTH_WPA2PSK:
518		ssid->auth_alg = WPA_AUTH_ALG_OPEN;
519		ssid->key_mgmt = WPA_KEY_MGMT_PSK;
520		ssid->proto = WPA_PROTO_RSN;
521		break;
522	}
523
524	if (ssid->key_mgmt == WPA_KEY_MGMT_PSK) {
525		if (cred->key_len == 2 * PMK_LEN) {
526			if (hexstr2bin((const char *) cred->key, ssid->psk,
527				       PMK_LEN)) {
528				wpa_printf(MSG_ERROR, "WPS: Invalid Network "
529					   "Key");
530				return -1;
531			}
532			ssid->psk_set = 1;
533			ssid->export_keys = 1;
534		} else if (cred->key_len >= 8 && cred->key_len < 2 * PMK_LEN) {
535			os_free(ssid->passphrase);
536			ssid->passphrase = os_malloc(cred->key_len + 1);
537			if (ssid->passphrase == NULL)
538				return -1;
539			os_memcpy(ssid->passphrase, cred->key, cred->key_len);
540			ssid->passphrase[cred->key_len] = '\0';
541			wpa_config_update_psk(ssid);
542			ssid->export_keys = 1;
543		} else {
544			wpa_printf(MSG_ERROR, "WPS: Invalid Network Key "
545				   "length %lu",
546				   (unsigned long) cred->key_len);
547			return -1;
548		}
549	}
550	ssid->priority = wpa_s->conf->wps_priority;
551
552	wpas_wps_security_workaround(wpa_s, ssid, cred);
553
554	wpas_wps_remove_dup_network(wpa_s, ssid);
555
556#ifndef CONFIG_NO_CONFIG_WRITE
557	if (wpa_s->conf->update_config &&
558	    wpa_config_write(wpa_s->confname, wpa_s->conf)) {
559		wpa_printf(MSG_DEBUG, "WPS: Failed to update configuration");
560		return -1;
561	}
562#endif /* CONFIG_NO_CONFIG_WRITE */
563
564	if (ssid->priority)
565		wpa_config_update_prio_list(wpa_s->conf);
566
567	/*
568	 * Optimize the post-WPS scan based on the channel used during
569	 * the provisioning in case EAP-Failure is not received.
570	 */
571	wpa_s->after_wps = 5;
572	wpa_s->wps_freq = wpa_s->assoc_freq;
573
574	return 0;
575}
576
577
578static void wpa_supplicant_wps_event_m2d(struct wpa_supplicant *wpa_s,
579					 struct wps_event_m2d *m2d)
580{
581	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_M2D
582		"dev_password_id=%d config_error=%d",
583		m2d->dev_password_id, m2d->config_error);
584	wpas_notify_wps_event_m2d(wpa_s, m2d);
585#ifdef CONFIG_P2P
586	if (wpa_s->p2pdev && wpa_s->p2pdev != wpa_s) {
587		wpa_msg(wpa_s->p2pdev, MSG_INFO, WPS_EVENT_M2D
588			"dev_password_id=%d config_error=%d",
589			m2d->dev_password_id, m2d->config_error);
590	}
591	if (m2d->config_error == WPS_CFG_MULTIPLE_PBC_DETECTED) {
592		/*
593		 * Notify P2P from eloop timeout to avoid issues with the
594		 * interface getting removed while processing a message.
595		 */
596		eloop_register_timeout(0, 0, wpas_p2p_pbc_overlap_cb, wpa_s,
597				       NULL);
598	}
599#endif /* CONFIG_P2P */
600}
601
602
603static void wpas_wps_clear_timeout(void *eloop_ctx, void *timeout_ctx)
604{
605	struct wpa_supplicant *wpa_s = eloop_ctx;
606	wpa_printf(MSG_DEBUG, "WPS: Clear WPS network from timeout");
607	wpas_clear_wps(wpa_s);
608}
609
610
611static void wpa_supplicant_wps_event_fail(struct wpa_supplicant *wpa_s,
612					  struct wps_event_fail *fail)
613{
614	if (fail->error_indication > 0 &&
615	    fail->error_indication < NUM_WPS_EI_VALUES) {
616		wpa_msg(wpa_s, MSG_INFO,
617			WPS_EVENT_FAIL "msg=%d config_error=%d reason=%d (%s)",
618			fail->msg, fail->config_error, fail->error_indication,
619			wps_ei_str(fail->error_indication));
620		if (wpa_s->p2pdev && wpa_s->p2pdev != wpa_s)
621			wpa_msg(wpa_s->p2pdev, MSG_INFO, WPS_EVENT_FAIL
622				"msg=%d config_error=%d reason=%d (%s)",
623				fail->msg, fail->config_error,
624				fail->error_indication,
625				wps_ei_str(fail->error_indication));
626	} else {
627		wpa_msg(wpa_s, MSG_INFO,
628			WPS_EVENT_FAIL "msg=%d config_error=%d",
629			fail->msg, fail->config_error);
630		if (wpa_s->p2pdev && wpa_s->p2pdev != wpa_s)
631			wpa_msg(wpa_s->p2pdev, MSG_INFO, WPS_EVENT_FAIL
632				"msg=%d config_error=%d",
633				fail->msg, fail->config_error);
634	}
635
636	/*
637	 * Need to allow WPS processing to complete, e.g., by sending WSC_NACK.
638	 */
639	wpa_printf(MSG_DEBUG, "WPS: Register timeout to clear WPS network");
640	eloop_cancel_timeout(wpas_wps_clear_timeout, wpa_s, NULL);
641	eloop_register_timeout(0, 100000, wpas_wps_clear_timeout, wpa_s, NULL);
642
643	wpas_notify_wps_event_fail(wpa_s, fail);
644	wpas_p2p_wps_failed(wpa_s, fail);
645}
646
647
648static void wpas_wps_reenable_networks_cb(void *eloop_ctx, void *timeout_ctx);
649
650static void wpas_wps_reenable_networks(struct wpa_supplicant *wpa_s)
651{
652	struct wpa_ssid *ssid;
653	int changed = 0;
654
655	eloop_cancel_timeout(wpas_wps_reenable_networks_cb, wpa_s, NULL);
656
657	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
658		if (ssid->disabled_for_connect && ssid->disabled) {
659			ssid->disabled_for_connect = 0;
660			ssid->disabled = 0;
661			wpas_notify_network_enabled_changed(wpa_s, ssid);
662			changed++;
663		}
664	}
665
666	if (changed) {
667#ifndef CONFIG_NO_CONFIG_WRITE
668		if (wpa_s->conf->update_config &&
669		    wpa_config_write(wpa_s->confname, wpa_s->conf)) {
670			wpa_printf(MSG_DEBUG, "WPS: Failed to update "
671				   "configuration");
672		}
673#endif /* CONFIG_NO_CONFIG_WRITE */
674	}
675}
676
677
678static void wpas_wps_reenable_networks_cb(void *eloop_ctx, void *timeout_ctx)
679{
680	struct wpa_supplicant *wpa_s = eloop_ctx;
681	/* Enable the networks disabled during wpas_wps_reassoc */
682	wpas_wps_reenable_networks(wpa_s);
683}
684
685
686int wpas_wps_reenable_networks_pending(struct wpa_supplicant *wpa_s)
687{
688	return eloop_is_timeout_registered(wpas_wps_reenable_networks_cb,
689					   wpa_s, NULL);
690}
691
692
693static void wpa_supplicant_wps_event_success(struct wpa_supplicant *wpa_s)
694{
695	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_SUCCESS);
696	wpa_s->wps_success = 1;
697	wpas_notify_wps_event_success(wpa_s);
698	if (wpa_s->current_ssid)
699		wpas_clear_temp_disabled(wpa_s, wpa_s->current_ssid, 1);
700	wpa_s->extra_blacklist_count = 0;
701
702	/*
703	 * Enable the networks disabled during wpas_wps_reassoc after 10
704	 * seconds. The 10 seconds timer is to allow the data connection to be
705	 * formed before allowing other networks to be selected.
706	 */
707	eloop_register_timeout(10, 0, wpas_wps_reenable_networks_cb, wpa_s,
708			       NULL);
709
710	wpas_p2p_wps_success(wpa_s, wpa_s->bssid, 0);
711}
712
713
714static void wpa_supplicant_wps_event_er_ap_add(struct wpa_supplicant *wpa_s,
715					       struct wps_event_er_ap *ap)
716{
717	char uuid_str[100];
718	char dev_type[WPS_DEV_TYPE_BUFSIZE];
719
720	uuid_bin2str(ap->uuid, uuid_str, sizeof(uuid_str));
721	if (ap->pri_dev_type)
722		wps_dev_type_bin2str(ap->pri_dev_type, dev_type,
723				     sizeof(dev_type));
724	else
725		dev_type[0] = '\0';
726
727	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_AP_ADD "%s " MACSTR
728		" pri_dev_type=%s wps_state=%d |%s|%s|%s|%s|%s|%s|",
729		uuid_str, MAC2STR(ap->mac_addr), dev_type, ap->wps_state,
730		ap->friendly_name ? ap->friendly_name : "",
731		ap->manufacturer ? ap->manufacturer : "",
732		ap->model_description ? ap->model_description : "",
733		ap->model_name ? ap->model_name : "",
734		ap->manufacturer_url ? ap->manufacturer_url : "",
735		ap->model_url ? ap->model_url : "");
736}
737
738
739static void wpa_supplicant_wps_event_er_ap_remove(struct wpa_supplicant *wpa_s,
740						  struct wps_event_er_ap *ap)
741{
742	char uuid_str[100];
743	uuid_bin2str(ap->uuid, uuid_str, sizeof(uuid_str));
744	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_AP_REMOVE "%s", uuid_str);
745}
746
747
748static void wpa_supplicant_wps_event_er_enrollee_add(
749	struct wpa_supplicant *wpa_s, struct wps_event_er_enrollee *enrollee)
750{
751	char uuid_str[100];
752	char dev_type[WPS_DEV_TYPE_BUFSIZE];
753
754	uuid_bin2str(enrollee->uuid, uuid_str, sizeof(uuid_str));
755	if (enrollee->pri_dev_type)
756		wps_dev_type_bin2str(enrollee->pri_dev_type, dev_type,
757				     sizeof(dev_type));
758	else
759		dev_type[0] = '\0';
760
761	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_ENROLLEE_ADD "%s " MACSTR
762		" M1=%d config_methods=0x%x dev_passwd_id=%d pri_dev_type=%s "
763		"|%s|%s|%s|%s|%s|",
764		uuid_str, MAC2STR(enrollee->mac_addr), enrollee->m1_received,
765		enrollee->config_methods, enrollee->dev_passwd_id, dev_type,
766		enrollee->dev_name ? enrollee->dev_name : "",
767		enrollee->manufacturer ? enrollee->manufacturer : "",
768		enrollee->model_name ? enrollee->model_name : "",
769		enrollee->model_number ? enrollee->model_number : "",
770		enrollee->serial_number ? enrollee->serial_number : "");
771}
772
773
774static void wpa_supplicant_wps_event_er_enrollee_remove(
775	struct wpa_supplicant *wpa_s, struct wps_event_er_enrollee *enrollee)
776{
777	char uuid_str[100];
778	uuid_bin2str(enrollee->uuid, uuid_str, sizeof(uuid_str));
779	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_ENROLLEE_REMOVE "%s " MACSTR,
780		uuid_str, MAC2STR(enrollee->mac_addr));
781}
782
783
784static void wpa_supplicant_wps_event_er_ap_settings(
785	struct wpa_supplicant *wpa_s,
786	struct wps_event_er_ap_settings *ap_settings)
787{
788	char uuid_str[100];
789	char key_str[65];
790	const struct wps_credential *cred = ap_settings->cred;
791
792	key_str[0] = '\0';
793	if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) {
794		if (cred->key_len >= 8 && cred->key_len <= 64) {
795			os_memcpy(key_str, cred->key, cred->key_len);
796			key_str[cred->key_len] = '\0';
797		}
798	}
799
800	uuid_bin2str(ap_settings->uuid, uuid_str, sizeof(uuid_str));
801	/* Use wpa_msg_ctrl to avoid showing the key in debug log */
802	wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_ER_AP_SETTINGS
803		     "uuid=%s ssid=%s auth_type=0x%04x encr_type=0x%04x "
804		     "key=%s",
805		     uuid_str, wpa_ssid_txt(cred->ssid, cred->ssid_len),
806		     cred->auth_type, cred->encr_type, key_str);
807}
808
809
810static void wpa_supplicant_wps_event_er_set_sel_reg(
811	struct wpa_supplicant *wpa_s,
812	struct wps_event_er_set_selected_registrar *ev)
813{
814	char uuid_str[100];
815
816	uuid_bin2str(ev->uuid, uuid_str, sizeof(uuid_str));
817	switch (ev->state) {
818	case WPS_ER_SET_SEL_REG_START:
819		wpa_msg(wpa_s, MSG_DEBUG, WPS_EVENT_ER_SET_SEL_REG
820			"uuid=%s state=START sel_reg=%d dev_passwd_id=%u "
821			"sel_reg_config_methods=0x%x",
822			uuid_str, ev->sel_reg, ev->dev_passwd_id,
823			ev->sel_reg_config_methods);
824		break;
825	case WPS_ER_SET_SEL_REG_DONE:
826		wpa_msg(wpa_s, MSG_DEBUG, WPS_EVENT_ER_SET_SEL_REG
827			"uuid=%s state=DONE", uuid_str);
828		break;
829	case WPS_ER_SET_SEL_REG_FAILED:
830		wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ER_SET_SEL_REG
831			"uuid=%s state=FAILED", uuid_str);
832		break;
833	}
834}
835
836
837static void wpa_supplicant_wps_event(void *ctx, enum wps_event event,
838				     union wps_event_data *data)
839{
840	struct wpa_supplicant *wpa_s = ctx;
841	switch (event) {
842	case WPS_EV_M2D:
843		wpa_supplicant_wps_event_m2d(wpa_s, &data->m2d);
844		break;
845	case WPS_EV_FAIL:
846		wpa_supplicant_wps_event_fail(wpa_s, &data->fail);
847		break;
848	case WPS_EV_SUCCESS:
849		wpa_supplicant_wps_event_success(wpa_s);
850		break;
851	case WPS_EV_PWD_AUTH_FAIL:
852#ifdef CONFIG_AP
853		if (wpa_s->ap_iface && data->pwd_auth_fail.enrollee)
854			wpa_supplicant_ap_pwd_auth_fail(wpa_s);
855#endif /* CONFIG_AP */
856		break;
857	case WPS_EV_PBC_OVERLAP:
858		break;
859	case WPS_EV_PBC_TIMEOUT:
860		break;
861	case WPS_EV_PBC_ACTIVE:
862		wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_ACTIVE);
863		break;
864	case WPS_EV_PBC_DISABLE:
865		wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_DISABLE);
866		break;
867	case WPS_EV_ER_AP_ADD:
868		wpa_supplicant_wps_event_er_ap_add(wpa_s, &data->ap);
869		break;
870	case WPS_EV_ER_AP_REMOVE:
871		wpa_supplicant_wps_event_er_ap_remove(wpa_s, &data->ap);
872		break;
873	case WPS_EV_ER_ENROLLEE_ADD:
874		wpa_supplicant_wps_event_er_enrollee_add(wpa_s,
875							 &data->enrollee);
876		break;
877	case WPS_EV_ER_ENROLLEE_REMOVE:
878		wpa_supplicant_wps_event_er_enrollee_remove(wpa_s,
879							    &data->enrollee);
880		break;
881	case WPS_EV_ER_AP_SETTINGS:
882		wpa_supplicant_wps_event_er_ap_settings(wpa_s,
883							&data->ap_settings);
884		break;
885	case WPS_EV_ER_SET_SELECTED_REGISTRAR:
886		wpa_supplicant_wps_event_er_set_sel_reg(wpa_s,
887							&data->set_sel_reg);
888		break;
889	case WPS_EV_AP_PIN_SUCCESS:
890		break;
891	}
892}
893
894
895static int wpa_supplicant_wps_rf_band(void *ctx)
896{
897	struct wpa_supplicant *wpa_s = ctx;
898
899	if (!wpa_s->current_ssid || !wpa_s->assoc_freq)
900		return 0;
901
902	return (wpa_s->assoc_freq > 50000) ? WPS_RF_60GHZ :
903		(wpa_s->assoc_freq > 2484) ? WPS_RF_50GHZ : WPS_RF_24GHZ;
904}
905
906
907enum wps_request_type wpas_wps_get_req_type(struct wpa_ssid *ssid)
908{
909	if (eap_is_wps_pbc_enrollee(&ssid->eap) ||
910	    eap_is_wps_pin_enrollee(&ssid->eap))
911		return WPS_REQ_ENROLLEE;
912	else
913		return WPS_REQ_REGISTRAR;
914}
915
916
917static void wpas_clear_wps(struct wpa_supplicant *wpa_s)
918{
919	int id;
920	struct wpa_ssid *ssid, *remove_ssid = NULL, *prev_current;
921
922	wpa_s->after_wps = 0;
923	wpa_s->known_wps_freq = 0;
924
925	prev_current = wpa_s->current_ssid;
926
927	/* Enable the networks disabled during wpas_wps_reassoc */
928	wpas_wps_reenable_networks(wpa_s);
929
930	eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL);
931	eloop_cancel_timeout(wpas_wps_clear_timeout, wpa_s, NULL);
932
933	/* Remove any existing WPS network from configuration */
934	ssid = wpa_s->conf->ssid;
935	while (ssid) {
936		if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
937			if (ssid == wpa_s->current_ssid) {
938				wpa_s->own_disconnect_req = 1;
939				wpa_supplicant_deauthenticate(
940					wpa_s, WLAN_REASON_DEAUTH_LEAVING);
941			}
942			id = ssid->id;
943			remove_ssid = ssid;
944		} else
945			id = -1;
946		ssid = ssid->next;
947		if (id >= 0) {
948			if (prev_current == remove_ssid) {
949				wpa_sm_set_config(wpa_s->wpa, NULL);
950				eapol_sm_notify_config(wpa_s->eapol, NULL,
951						       NULL);
952			}
953			wpas_notify_network_removed(wpa_s, remove_ssid);
954			wpa_config_remove_network(wpa_s->conf, id);
955		}
956	}
957
958	wpas_wps_clear_ap_info(wpa_s);
959}
960
961
962static void wpas_wps_timeout(void *eloop_ctx, void *timeout_ctx)
963{
964	struct wpa_supplicant *wpa_s = eloop_ctx;
965	union wps_event_data data;
966
967	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_TIMEOUT "Requested operation timed "
968		"out");
969	os_memset(&data, 0, sizeof(data));
970	data.fail.config_error = WPS_CFG_MSG_TIMEOUT;
971	data.fail.error_indication = WPS_EI_NO_ERROR;
972	/*
973	 * Call wpas_notify_wps_event_fail() directly instead of through
974	 * wpa_supplicant_wps_event() which would end up registering unnecessary
975	 * timeouts (those are only for the case where the failure happens
976	 * during an EAP-WSC exchange).
977	 */
978	wpas_notify_wps_event_fail(wpa_s, &data.fail);
979	wpas_clear_wps(wpa_s);
980}
981
982
983static struct wpa_ssid * wpas_wps_add_network(struct wpa_supplicant *wpa_s,
984					      int registrar, const u8 *dev_addr,
985					      const u8 *bssid)
986{
987	struct wpa_ssid *ssid;
988
989	ssid = wpa_config_add_network(wpa_s->conf);
990	if (ssid == NULL)
991		return NULL;
992	wpas_notify_network_added(wpa_s, ssid);
993	wpa_config_set_network_defaults(ssid);
994	ssid->temporary = 1;
995	if (wpa_config_set(ssid, "key_mgmt", "WPS", 0) < 0 ||
996	    wpa_config_set(ssid, "eap", "WSC", 0) < 0 ||
997	    wpa_config_set(ssid, "identity", registrar ?
998			   "\"" WSC_ID_REGISTRAR "\"" :
999			   "\"" WSC_ID_ENROLLEE "\"", 0) < 0) {
1000		wpas_notify_network_removed(wpa_s, ssid);
1001		wpa_config_remove_network(wpa_s->conf, ssid->id);
1002		return NULL;
1003	}
1004
1005#ifdef CONFIG_P2P
1006	if (dev_addr)
1007		os_memcpy(ssid->go_p2p_dev_addr, dev_addr, ETH_ALEN);
1008#endif /* CONFIG_P2P */
1009
1010	if (bssid) {
1011#ifndef CONFIG_P2P
1012		struct wpa_bss *bss;
1013		int count = 0;
1014#endif /* CONFIG_P2P */
1015
1016		os_memcpy(ssid->bssid, bssid, ETH_ALEN);
1017		ssid->bssid_set = 1;
1018
1019		/*
1020		 * Note: With P2P, the SSID may change at the time the WPS
1021		 * provisioning is started, so better not filter the AP based
1022		 * on the current SSID in the scan results.
1023		 */
1024#ifndef CONFIG_P2P
1025		dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1026			if (os_memcmp(bssid, bss->bssid, ETH_ALEN) != 0)
1027				continue;
1028
1029			os_free(ssid->ssid);
1030			ssid->ssid = os_malloc(bss->ssid_len);
1031			if (ssid->ssid == NULL)
1032				break;
1033			os_memcpy(ssid->ssid, bss->ssid, bss->ssid_len);
1034			ssid->ssid_len = bss->ssid_len;
1035			wpa_hexdump_ascii(MSG_DEBUG, "WPS: Picked SSID from "
1036					  "scan results",
1037					  ssid->ssid, ssid->ssid_len);
1038			count++;
1039		}
1040
1041		if (count > 1) {
1042			wpa_printf(MSG_DEBUG, "WPS: More than one SSID found "
1043				   "for the AP; use wildcard");
1044			os_free(ssid->ssid);
1045			ssid->ssid = NULL;
1046			ssid->ssid_len = 0;
1047		}
1048#endif /* CONFIG_P2P */
1049	}
1050
1051	return ssid;
1052}
1053
1054
1055static void wpas_wps_temp_disable(struct wpa_supplicant *wpa_s,
1056				  struct wpa_ssid *selected)
1057{
1058	struct wpa_ssid *ssid;
1059
1060	if (wpa_s->current_ssid) {
1061		wpa_s->own_disconnect_req = 1;
1062		wpa_supplicant_deauthenticate(
1063			wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1064	}
1065
1066	/* Mark all other networks disabled and trigger reassociation */
1067	ssid = wpa_s->conf->ssid;
1068	while (ssid) {
1069		int was_disabled = ssid->disabled;
1070		ssid->disabled_for_connect = 0;
1071		/*
1072		 * In case the network object corresponds to a persistent group
1073		 * then do not send out network disabled signal. In addition,
1074		 * do not change disabled status of persistent network objects
1075		 * from 2 to 1 should we connect to another network.
1076		 */
1077		if (was_disabled != 2) {
1078			ssid->disabled = ssid != selected;
1079			if (was_disabled != ssid->disabled) {
1080				if (ssid->disabled)
1081					ssid->disabled_for_connect = 1;
1082				wpas_notify_network_enabled_changed(wpa_s,
1083								    ssid);
1084			}
1085		}
1086		ssid = ssid->next;
1087	}
1088}
1089
1090
1091static void wpas_wps_reassoc(struct wpa_supplicant *wpa_s,
1092			     struct wpa_ssid *selected, const u8 *bssid,
1093			     int freq)
1094{
1095	struct wpa_bss *bss;
1096
1097	wpa_s->wps_run++;
1098	if (wpa_s->wps_run == 0)
1099		wpa_s->wps_run++;
1100	wpa_s->after_wps = 0;
1101	wpa_s->known_wps_freq = 0;
1102	if (freq) {
1103		wpa_s->after_wps = 5;
1104		wpa_s->wps_freq = freq;
1105	} else if (bssid) {
1106		bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
1107		if (bss && bss->freq > 0) {
1108			wpa_s->known_wps_freq = 1;
1109			wpa_s->wps_freq = bss->freq;
1110		}
1111	}
1112
1113	wpas_wps_temp_disable(wpa_s, selected);
1114
1115	wpa_s->disconnected = 0;
1116	wpa_s->reassociate = 1;
1117	wpa_s->scan_runs = 0;
1118	wpa_s->normal_scans = 0;
1119	wpa_s->wps_success = 0;
1120	wpa_s->blacklist_cleared = 0;
1121
1122	wpa_supplicant_cancel_sched_scan(wpa_s);
1123	wpa_supplicant_req_scan(wpa_s, 0, 0);
1124}
1125
1126
1127int wpas_wps_start_pbc(struct wpa_supplicant *wpa_s, const u8 *bssid,
1128		       int p2p_group)
1129{
1130	struct wpa_ssid *ssid;
1131
1132#ifdef CONFIG_AP
1133	if (wpa_s->ap_iface) {
1134		wpa_printf(MSG_DEBUG,
1135			   "WPS: Reject request to start Registrar(as station) operation while AP mode is enabled");
1136		return -1;
1137	}
1138#endif /* CONFIG_AP */
1139	wpas_clear_wps(wpa_s);
1140	ssid = wpas_wps_add_network(wpa_s, 0, NULL, bssid);
1141	if (ssid == NULL)
1142		return -1;
1143	ssid->temporary = 1;
1144	ssid->p2p_group = p2p_group;
1145#ifdef CONFIG_P2P
1146	if (p2p_group && wpa_s->go_params && wpa_s->go_params->ssid_len) {
1147		ssid->ssid = os_zalloc(wpa_s->go_params->ssid_len + 1);
1148		if (ssid->ssid) {
1149			ssid->ssid_len = wpa_s->go_params->ssid_len;
1150			os_memcpy(ssid->ssid, wpa_s->go_params->ssid,
1151				  ssid->ssid_len);
1152			if (wpa_s->go_params->freq > 56160) {
1153				/* P2P in 60 GHz uses PBSS */
1154				ssid->pbss = 1;
1155			}
1156			wpa_hexdump_ascii(MSG_DEBUG, "WPS: Use specific AP "
1157					  "SSID", ssid->ssid, ssid->ssid_len);
1158		}
1159	}
1160#endif /* CONFIG_P2P */
1161	if (wpa_config_set(ssid, "phase1", "\"pbc=1\"", 0) < 0)
1162		return -1;
1163	if (wpa_s->wps_fragment_size)
1164		ssid->eap.fragment_size = wpa_s->wps_fragment_size;
1165	eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout,
1166			       wpa_s, NULL);
1167	wpas_wps_reassoc(wpa_s, ssid, bssid, 0);
1168	return 0;
1169}
1170
1171
1172static int wpas_wps_start_dev_pw(struct wpa_supplicant *wpa_s,
1173				 const u8 *dev_addr, const u8 *bssid,
1174				 const char *pin, int p2p_group, u16 dev_pw_id,
1175				 const u8 *peer_pubkey_hash,
1176				 const u8 *ssid_val, size_t ssid_len, int freq)
1177{
1178	struct wpa_ssid *ssid;
1179	char val[128 + 2 * WPS_OOB_PUBKEY_HASH_LEN];
1180	unsigned int rpin = 0;
1181	char hash[2 * WPS_OOB_PUBKEY_HASH_LEN + 10];
1182
1183#ifdef CONFIG_AP
1184	if (wpa_s->ap_iface) {
1185		wpa_printf(MSG_DEBUG,
1186			   "WPS: Reject request to start Registrar(as station) operation while AP mode is enabled");
1187		return -1;
1188	}
1189#endif /* CONFIG_AP */
1190	wpas_clear_wps(wpa_s);
1191	if (bssid && is_zero_ether_addr(bssid))
1192		bssid = NULL;
1193	ssid = wpas_wps_add_network(wpa_s, 0, dev_addr, bssid);
1194	if (ssid == NULL) {
1195		wpa_printf(MSG_DEBUG, "WPS: Could not add network");
1196		return -1;
1197	}
1198	ssid->temporary = 1;
1199	ssid->p2p_group = p2p_group;
1200	if (ssid_val) {
1201		ssid->ssid = os_malloc(ssid_len);
1202		if (ssid->ssid) {
1203			os_memcpy(ssid->ssid, ssid_val, ssid_len);
1204			ssid->ssid_len = ssid_len;
1205		}
1206	}
1207	if (peer_pubkey_hash) {
1208		os_memcpy(hash, " pkhash=", 8);
1209		wpa_snprintf_hex_uppercase(hash + 8, sizeof(hash) - 8,
1210					   peer_pubkey_hash,
1211					   WPS_OOB_PUBKEY_HASH_LEN);
1212	} else {
1213		hash[0] = '\0';
1214	}
1215#ifdef CONFIG_P2P
1216	if (p2p_group && wpa_s->go_params && wpa_s->go_params->ssid_len) {
1217		os_free(ssid->ssid);
1218		ssid->ssid = os_zalloc(wpa_s->go_params->ssid_len + 1);
1219		if (ssid->ssid) {
1220			ssid->ssid_len = wpa_s->go_params->ssid_len;
1221			os_memcpy(ssid->ssid, wpa_s->go_params->ssid,
1222				  ssid->ssid_len);
1223			if (wpa_s->go_params->freq > 56160) {
1224				/* P2P in 60 GHz uses PBSS */
1225				ssid->pbss = 1;
1226			}
1227			wpa_hexdump_ascii(MSG_DEBUG, "WPS: Use specific AP "
1228					  "SSID", ssid->ssid, ssid->ssid_len);
1229		}
1230	}
1231#endif /* CONFIG_P2P */
1232	if (pin)
1233		os_snprintf(val, sizeof(val), "\"pin=%s dev_pw_id=%u%s\"",
1234			    pin, dev_pw_id, hash);
1235	else if (pin == NULL && dev_pw_id == DEV_PW_NFC_CONNECTION_HANDOVER) {
1236		os_snprintf(val, sizeof(val), "\"dev_pw_id=%u%s\"",
1237			    dev_pw_id, hash);
1238	} else {
1239		if (wps_generate_pin(&rpin) < 0) {
1240			wpa_printf(MSG_DEBUG, "WPS: Could not generate PIN");
1241			return -1;
1242		}
1243		os_snprintf(val, sizeof(val), "\"pin=%08d dev_pw_id=%u%s\"",
1244			    rpin, dev_pw_id, hash);
1245	}
1246	if (wpa_config_set(ssid, "phase1", val, 0) < 0) {
1247		wpa_printf(MSG_DEBUG, "WPS: Failed to set phase1 '%s'", val);
1248		return -1;
1249	}
1250	if (wpa_s->wps_fragment_size)
1251		ssid->eap.fragment_size = wpa_s->wps_fragment_size;
1252	eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout,
1253			       wpa_s, NULL);
1254	wpa_s->wps_ap_iter = 1;
1255	wpas_wps_reassoc(wpa_s, ssid, bssid, freq);
1256	return rpin;
1257}
1258
1259
1260int wpas_wps_start_pin(struct wpa_supplicant *wpa_s, const u8 *bssid,
1261		       const char *pin, int p2p_group, u16 dev_pw_id)
1262{
1263	os_get_reltime(&wpa_s->wps_pin_start_time);
1264	return wpas_wps_start_dev_pw(wpa_s, NULL, bssid, pin, p2p_group,
1265				     dev_pw_id, NULL, NULL, 0, 0);
1266}
1267
1268
1269void wpas_wps_pbc_overlap(struct wpa_supplicant *wpa_s)
1270{
1271	union wps_event_data data;
1272
1273	os_memset(&data, 0, sizeof(data));
1274	data.fail.config_error = WPS_CFG_MULTIPLE_PBC_DETECTED;
1275	data.fail.error_indication = WPS_EI_NO_ERROR;
1276	/*
1277	 * Call wpas_notify_wps_event_fail() directly instead of through
1278	 * wpa_supplicant_wps_event() which would end up registering unnecessary
1279	 * timeouts (those are only for the case where the failure happens
1280	 * during an EAP-WSC exchange).
1281	 */
1282	wpas_notify_wps_event_fail(wpa_s, &data.fail);
1283}
1284
1285/* Cancel the wps pbc/pin requests */
1286int wpas_wps_cancel(struct wpa_supplicant *wpa_s)
1287{
1288#ifdef CONFIG_AP
1289	if (wpa_s->ap_iface) {
1290		wpa_printf(MSG_DEBUG, "WPS: Cancelling in AP mode");
1291		return wpa_supplicant_ap_wps_cancel(wpa_s);
1292	}
1293#endif /* CONFIG_AP */
1294
1295	if (wpa_s->wpa_state == WPA_SCANNING ||
1296	    wpa_s->wpa_state == WPA_DISCONNECTED) {
1297		wpa_printf(MSG_DEBUG, "WPS: Cancel operation - cancel scan");
1298		wpa_supplicant_cancel_scan(wpa_s);
1299		wpas_clear_wps(wpa_s);
1300	} else if (wpa_s->wpa_state >= WPA_ASSOCIATED) {
1301		wpa_printf(MSG_DEBUG, "WPS: Cancel operation - "
1302			   "deauthenticate");
1303		wpa_s->own_disconnect_req = 1;
1304		wpa_supplicant_deauthenticate(wpa_s,
1305					      WLAN_REASON_DEAUTH_LEAVING);
1306		wpas_clear_wps(wpa_s);
1307	} else {
1308		wpas_wps_reenable_networks(wpa_s);
1309		wpas_wps_clear_ap_info(wpa_s);
1310		if (eloop_cancel_timeout(wpas_wps_clear_timeout, wpa_s, NULL) >
1311		    0)
1312			wpas_clear_wps(wpa_s);
1313	}
1314
1315	wpa_s->after_wps = 0;
1316
1317	return 0;
1318}
1319
1320
1321int wpas_wps_start_reg(struct wpa_supplicant *wpa_s, const u8 *bssid,
1322		       const char *pin, struct wps_new_ap_settings *settings)
1323{
1324	struct wpa_ssid *ssid;
1325	char val[200];
1326	char *pos, *end;
1327	int res;
1328
1329#ifdef CONFIG_AP
1330	if (wpa_s->ap_iface) {
1331		wpa_printf(MSG_DEBUG,
1332			   "WPS: Reject request to start Registrar(as station) operation while AP mode is enabled");
1333		return -1;
1334	}
1335#endif /* CONFIG_AP */
1336	if (!pin)
1337		return -1;
1338	wpas_clear_wps(wpa_s);
1339	ssid = wpas_wps_add_network(wpa_s, 1, NULL, bssid);
1340	if (ssid == NULL)
1341		return -1;
1342	ssid->temporary = 1;
1343	pos = val;
1344	end = pos + sizeof(val);
1345	res = os_snprintf(pos, end - pos, "\"pin=%s", pin);
1346	if (os_snprintf_error(end - pos, res))
1347		return -1;
1348	pos += res;
1349	if (settings) {
1350		res = os_snprintf(pos, end - pos, " new_ssid=%s new_auth=%s "
1351				  "new_encr=%s new_key=%s",
1352				  settings->ssid_hex, settings->auth,
1353				  settings->encr, settings->key_hex);
1354		if (os_snprintf_error(end - pos, res))
1355			return -1;
1356		pos += res;
1357	}
1358	res = os_snprintf(pos, end - pos, "\"");
1359	if (os_snprintf_error(end - pos, res))
1360		return -1;
1361	if (wpa_config_set(ssid, "phase1", val, 0) < 0)
1362		return -1;
1363	if (wpa_s->wps_fragment_size)
1364		ssid->eap.fragment_size = wpa_s->wps_fragment_size;
1365	eloop_register_timeout(WPS_PBC_WALK_TIME, 0, wpas_wps_timeout,
1366			       wpa_s, NULL);
1367	wpas_wps_reassoc(wpa_s, ssid, bssid, 0);
1368	return 0;
1369}
1370
1371
1372static int wpas_wps_new_psk_cb(void *ctx, const u8 *mac_addr,
1373			       const u8 *p2p_dev_addr, const u8 *psk,
1374			       size_t psk_len)
1375{
1376	if (is_zero_ether_addr(p2p_dev_addr)) {
1377		wpa_printf(MSG_DEBUG,
1378			   "Received new WPA/WPA2-PSK from WPS for STA " MACSTR,
1379			   MAC2STR(mac_addr));
1380	} else {
1381		wpa_printf(MSG_DEBUG,
1382			   "Received new WPA/WPA2-PSK from WPS for STA " MACSTR
1383			   " P2P Device Addr " MACSTR,
1384			   MAC2STR(mac_addr), MAC2STR(p2p_dev_addr));
1385	}
1386	wpa_hexdump_key(MSG_DEBUG, "Per-device PSK", psk, psk_len);
1387
1388	/* TODO */
1389
1390	return 0;
1391}
1392
1393
1394static void wpas_wps_pin_needed_cb(void *ctx, const u8 *uuid_e,
1395				   const struct wps_device_data *dev)
1396{
1397	char uuid[40], txt[400];
1398	int len;
1399	char devtype[WPS_DEV_TYPE_BUFSIZE];
1400	if (uuid_bin2str(uuid_e, uuid, sizeof(uuid)))
1401		return;
1402	wpa_printf(MSG_DEBUG, "WPS: PIN needed for UUID-E %s", uuid);
1403	len = os_snprintf(txt, sizeof(txt), "WPS-EVENT-PIN-NEEDED %s " MACSTR
1404			  " [%s|%s|%s|%s|%s|%s]",
1405			  uuid, MAC2STR(dev->mac_addr), dev->device_name,
1406			  dev->manufacturer, dev->model_name,
1407			  dev->model_number, dev->serial_number,
1408			  wps_dev_type_bin2str(dev->pri_dev_type, devtype,
1409					       sizeof(devtype)));
1410	if (!os_snprintf_error(sizeof(txt), len))
1411		wpa_printf(MSG_INFO, "%s", txt);
1412}
1413
1414
1415static void wpas_wps_set_sel_reg_cb(void *ctx, int sel_reg, u16 dev_passwd_id,
1416				    u16 sel_reg_config_methods)
1417{
1418#ifdef CONFIG_WPS_ER
1419	struct wpa_supplicant *wpa_s = ctx;
1420
1421	if (wpa_s->wps_er == NULL)
1422		return;
1423	wpa_printf(MSG_DEBUG, "WPS ER: SetSelectedRegistrar - sel_reg=%d "
1424		   "dev_password_id=%u sel_reg_config_methods=0x%x",
1425		   sel_reg, dev_passwd_id, sel_reg_config_methods);
1426	wps_er_set_sel_reg(wpa_s->wps_er, sel_reg, dev_passwd_id,
1427			   sel_reg_config_methods);
1428#endif /* CONFIG_WPS_ER */
1429}
1430
1431
1432static u16 wps_fix_config_methods(u16 config_methods)
1433{
1434	if ((config_methods &
1435	     (WPS_CONFIG_DISPLAY | WPS_CONFIG_VIRT_DISPLAY |
1436	      WPS_CONFIG_PHY_DISPLAY)) == WPS_CONFIG_DISPLAY) {
1437		wpa_printf(MSG_INFO, "WPS: Converting display to "
1438			   "virtual_display for WPS 2.0 compliance");
1439		config_methods |= WPS_CONFIG_VIRT_DISPLAY;
1440	}
1441	if ((config_methods &
1442	     (WPS_CONFIG_PUSHBUTTON | WPS_CONFIG_VIRT_PUSHBUTTON |
1443	      WPS_CONFIG_PHY_PUSHBUTTON)) == WPS_CONFIG_PUSHBUTTON) {
1444		wpa_printf(MSG_INFO, "WPS: Converting push_button to "
1445			   "virtual_push_button for WPS 2.0 compliance");
1446		config_methods |= WPS_CONFIG_VIRT_PUSHBUTTON;
1447	}
1448
1449	return config_methods;
1450}
1451
1452
1453static void wpas_wps_set_uuid(struct wpa_supplicant *wpa_s,
1454			      struct wps_context *wps)
1455{
1456	char buf[50];
1457	const char *src;
1458
1459	if (is_nil_uuid(wpa_s->conf->uuid)) {
1460		struct wpa_supplicant *first;
1461		first = wpa_s->global->ifaces;
1462		while (first && first->next)
1463			first = first->next;
1464		if (first && first != wpa_s) {
1465			if (wps != wpa_s->global->ifaces->wps)
1466				os_memcpy(wps->uuid,
1467					  wpa_s->global->ifaces->wps->uuid,
1468					  WPS_UUID_LEN);
1469			src = "from the first interface";
1470		} else {
1471			uuid_gen_mac_addr(wpa_s->own_addr, wps->uuid);
1472			src = "based on MAC address";
1473		}
1474	} else {
1475		os_memcpy(wps->uuid, wpa_s->conf->uuid, WPS_UUID_LEN);
1476		src = "based on configuration";
1477	}
1478
1479	uuid_bin2str(wps->uuid, buf, sizeof(buf));
1480	wpa_dbg(wpa_s, MSG_DEBUG, "WPS: UUID %s: %s", src, buf);
1481}
1482
1483
1484static void wpas_wps_set_vendor_ext_m1(struct wpa_supplicant *wpa_s,
1485				       struct wps_context *wps)
1486{
1487	wpabuf_free(wps->dev.vendor_ext_m1);
1488	wps->dev.vendor_ext_m1 = NULL;
1489
1490	if (wpa_s->conf->wps_vendor_ext_m1) {
1491		wps->dev.vendor_ext_m1 =
1492			wpabuf_dup(wpa_s->conf->wps_vendor_ext_m1);
1493		if (!wps->dev.vendor_ext_m1) {
1494			wpa_printf(MSG_ERROR, "WPS: Cannot "
1495				   "allocate memory for vendor_ext_m1");
1496		}
1497	}
1498}
1499
1500
1501int wpas_wps_init(struct wpa_supplicant *wpa_s)
1502{
1503	struct wps_context *wps;
1504	struct wps_registrar_config rcfg;
1505	struct hostapd_hw_modes *modes;
1506	u16 m;
1507
1508	wps = os_zalloc(sizeof(*wps));
1509	if (wps == NULL)
1510		return -1;
1511
1512	wps->cred_cb = wpa_supplicant_wps_cred;
1513	wps->event_cb = wpa_supplicant_wps_event;
1514	wps->rf_band_cb = wpa_supplicant_wps_rf_band;
1515	wps->cb_ctx = wpa_s;
1516
1517	wps->dev.device_name = wpa_s->conf->device_name;
1518	wps->dev.manufacturer = wpa_s->conf->manufacturer;
1519	wps->dev.model_name = wpa_s->conf->model_name;
1520	wps->dev.model_number = wpa_s->conf->model_number;
1521	wps->dev.serial_number = wpa_s->conf->serial_number;
1522	wps->config_methods =
1523		wps_config_methods_str2bin(wpa_s->conf->config_methods);
1524	if ((wps->config_methods & (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) ==
1525	    (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) {
1526		wpa_printf(MSG_ERROR, "WPS: Both Label and Display config "
1527			   "methods are not allowed at the same time");
1528		os_free(wps);
1529		return -1;
1530	}
1531	wps->config_methods = wps_fix_config_methods(wps->config_methods);
1532	wps->dev.config_methods = wps->config_methods;
1533	os_memcpy(wps->dev.pri_dev_type, wpa_s->conf->device_type,
1534		  WPS_DEV_TYPE_LEN);
1535
1536	wps->dev.num_sec_dev_types = wpa_s->conf->num_sec_device_types;
1537	os_memcpy(wps->dev.sec_dev_type, wpa_s->conf->sec_device_type,
1538		  WPS_DEV_TYPE_LEN * wps->dev.num_sec_dev_types);
1539
1540	wpas_wps_set_vendor_ext_m1(wpa_s, wps);
1541
1542	wps->dev.os_version = WPA_GET_BE32(wpa_s->conf->os_version);
1543	modes = wpa_s->hw.modes;
1544	if (modes) {
1545		for (m = 0; m < wpa_s->hw.num_modes; m++) {
1546			if (modes[m].mode == HOSTAPD_MODE_IEEE80211B ||
1547			    modes[m].mode == HOSTAPD_MODE_IEEE80211G)
1548				wps->dev.rf_bands |= WPS_RF_24GHZ;
1549			else if (modes[m].mode == HOSTAPD_MODE_IEEE80211A)
1550				wps->dev.rf_bands |= WPS_RF_50GHZ;
1551			else if (modes[m].mode == HOSTAPD_MODE_IEEE80211AD)
1552				wps->dev.rf_bands |= WPS_RF_60GHZ;
1553		}
1554	}
1555	if (wps->dev.rf_bands == 0) {
1556		/*
1557		 * Default to claiming support for both bands if the driver
1558		 * does not provide support for fetching supported bands.
1559		 */
1560		wps->dev.rf_bands = WPS_RF_24GHZ | WPS_RF_50GHZ;
1561	}
1562	os_memcpy(wps->dev.mac_addr, wpa_s->own_addr, ETH_ALEN);
1563	wpas_wps_set_uuid(wpa_s, wps);
1564
1565	wps->auth_types = WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK;
1566	wps->encr_types = WPS_ENCR_AES | WPS_ENCR_TKIP;
1567
1568	os_memset(&rcfg, 0, sizeof(rcfg));
1569	rcfg.new_psk_cb = wpas_wps_new_psk_cb;
1570	rcfg.pin_needed_cb = wpas_wps_pin_needed_cb;
1571	rcfg.set_sel_reg_cb = wpas_wps_set_sel_reg_cb;
1572	rcfg.cb_ctx = wpa_s;
1573
1574	wps->registrar = wps_registrar_init(wps, &rcfg);
1575	if (wps->registrar == NULL) {
1576		wpa_printf(MSG_DEBUG, "Failed to initialize WPS Registrar");
1577		os_free(wps);
1578		return -1;
1579	}
1580
1581	wpa_s->wps = wps;
1582
1583	return 0;
1584}
1585
1586
1587#ifdef CONFIG_WPS_ER
1588static void wpas_wps_nfc_clear(struct wps_context *wps)
1589{
1590	wps->ap_nfc_dev_pw_id = 0;
1591	wpabuf_free(wps->ap_nfc_dh_pubkey);
1592	wps->ap_nfc_dh_pubkey = NULL;
1593	wpabuf_free(wps->ap_nfc_dh_privkey);
1594	wps->ap_nfc_dh_privkey = NULL;
1595	wpabuf_free(wps->ap_nfc_dev_pw);
1596	wps->ap_nfc_dev_pw = NULL;
1597}
1598#endif /* CONFIG_WPS_ER */
1599
1600
1601void wpas_wps_deinit(struct wpa_supplicant *wpa_s)
1602{
1603	wpas_wps_assoc_with_cred_cancel(wpa_s);
1604	eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL);
1605	eloop_cancel_timeout(wpas_wps_clear_timeout, wpa_s, NULL);
1606	eloop_cancel_timeout(wpas_wps_reenable_networks_cb, wpa_s, NULL);
1607	wpas_wps_clear_ap_info(wpa_s);
1608
1609#ifdef CONFIG_P2P
1610	eloop_cancel_timeout(wpas_p2p_pbc_overlap_cb, wpa_s, NULL);
1611#endif /* CONFIG_P2P */
1612
1613	if (wpa_s->wps == NULL)
1614		return;
1615
1616#ifdef CONFIG_WPS_ER
1617	wps_er_deinit(wpa_s->wps_er, NULL, NULL);
1618	wpa_s->wps_er = NULL;
1619	wpas_wps_nfc_clear(wpa_s->wps);
1620#endif /* CONFIG_WPS_ER */
1621
1622	wps_registrar_deinit(wpa_s->wps->registrar);
1623	wpabuf_free(wpa_s->wps->dh_pubkey);
1624	wpabuf_free(wpa_s->wps->dh_privkey);
1625	wpabuf_free(wpa_s->wps->dev.vendor_ext_m1);
1626	os_free(wpa_s->wps->network_key);
1627	os_free(wpa_s->wps);
1628	wpa_s->wps = NULL;
1629}
1630
1631
1632int wpas_wps_ssid_bss_match(struct wpa_supplicant *wpa_s,
1633			    struct wpa_ssid *ssid, struct wpa_bss *bss)
1634{
1635	struct wpabuf *wps_ie;
1636
1637	if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS))
1638		return -1;
1639
1640	wps_ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
1641	if (eap_is_wps_pbc_enrollee(&ssid->eap)) {
1642		if (!wps_ie) {
1643			wpa_printf(MSG_DEBUG, "   skip - non-WPS AP");
1644			return 0;
1645		}
1646
1647		if (!wps_is_selected_pbc_registrar(wps_ie)) {
1648			wpa_printf(MSG_DEBUG, "   skip - WPS AP "
1649				   "without active PBC Registrar");
1650			wpabuf_free(wps_ie);
1651			return 0;
1652		}
1653
1654		/* TODO: overlap detection */
1655		wpa_printf(MSG_DEBUG, "   selected based on WPS IE "
1656			   "(Active PBC)");
1657		wpabuf_free(wps_ie);
1658		return 1;
1659	}
1660
1661	if (eap_is_wps_pin_enrollee(&ssid->eap)) {
1662		if (!wps_ie) {
1663			wpa_printf(MSG_DEBUG, "   skip - non-WPS AP");
1664			return 0;
1665		}
1666
1667		/*
1668		 * Start with WPS APs that advertise our address as an
1669		 * authorized MAC (v2.0) or active PIN Registrar (v1.0) and
1670		 * allow any WPS AP after couple of scans since some APs do not
1671		 * set Selected Registrar attribute properly when using
1672		 * external Registrar.
1673		 */
1674		if (!wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1)) {
1675			struct os_reltime age;
1676
1677			os_reltime_age(&wpa_s->wps_pin_start_time, &age);
1678
1679			if (wpa_s->scan_runs < WPS_PIN_SCAN_IGNORE_SEL_REG ||
1680			    age.sec < WPS_PIN_TIME_IGNORE_SEL_REG) {
1681				wpa_printf(MSG_DEBUG,
1682					   "   skip - WPS AP without active PIN Registrar (scan_runs=%d age=%d)",
1683					   wpa_s->scan_runs, (int) age.sec);
1684				wpabuf_free(wps_ie);
1685				return 0;
1686			}
1687			wpa_printf(MSG_DEBUG, "   selected based on WPS IE");
1688		} else {
1689			wpa_printf(MSG_DEBUG, "   selected based on WPS IE "
1690				   "(Authorized MAC or Active PIN)");
1691		}
1692		wpabuf_free(wps_ie);
1693		return 1;
1694	}
1695
1696	if (wps_ie) {
1697		wpa_printf(MSG_DEBUG, "   selected based on WPS IE");
1698		wpabuf_free(wps_ie);
1699		return 1;
1700	}
1701
1702	return -1;
1703}
1704
1705
1706int wpas_wps_ssid_wildcard_ok(struct wpa_supplicant *wpa_s,
1707			      struct wpa_ssid *ssid,
1708			      struct wpa_bss *bss)
1709{
1710	struct wpabuf *wps_ie = NULL;
1711	int ret = 0;
1712
1713	if (eap_is_wps_pbc_enrollee(&ssid->eap)) {
1714		wps_ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
1715		if (wps_ie && wps_is_selected_pbc_registrar(wps_ie)) {
1716			/* allow wildcard SSID for WPS PBC */
1717			ret = 1;
1718		}
1719	} else if (eap_is_wps_pin_enrollee(&ssid->eap)) {
1720		wps_ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
1721		if (wps_ie &&
1722		    (wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1) ||
1723		     wpa_s->scan_runs >= WPS_PIN_SCAN_IGNORE_SEL_REG)) {
1724			/* allow wildcard SSID for WPS PIN */
1725			ret = 1;
1726		}
1727	}
1728
1729	if (!ret && ssid->bssid_set &&
1730	    os_memcmp(ssid->bssid, bss->bssid, ETH_ALEN) == 0) {
1731		/* allow wildcard SSID due to hardcoded BSSID match */
1732		ret = 1;
1733	}
1734
1735#ifdef CONFIG_WPS_STRICT
1736	if (wps_ie) {
1737		if (wps_validate_beacon_probe_resp(wps_ie, bss->beacon_ie_len >
1738						   0, bss->bssid) < 0)
1739			ret = 0;
1740		if (bss->beacon_ie_len) {
1741			struct wpabuf *bcn_wps;
1742			bcn_wps = wpa_bss_get_vendor_ie_multi_beacon(
1743				bss, WPS_IE_VENDOR_TYPE);
1744			if (bcn_wps == NULL) {
1745				wpa_printf(MSG_DEBUG, "WPS: Mandatory WPS IE "
1746					   "missing from AP Beacon");
1747				ret = 0;
1748			} else {
1749				if (wps_validate_beacon(wps_ie) < 0)
1750					ret = 0;
1751				wpabuf_free(bcn_wps);
1752			}
1753		}
1754	}
1755#endif /* CONFIG_WPS_STRICT */
1756
1757	wpabuf_free(wps_ie);
1758
1759	return ret;
1760}
1761
1762
1763int wpas_wps_scan_pbc_overlap(struct wpa_supplicant *wpa_s,
1764			      struct wpa_bss *selected, struct wpa_ssid *ssid)
1765{
1766	const u8 *sel_uuid;
1767	struct wpabuf *wps_ie;
1768	int ret = 0;
1769	size_t i;
1770
1771	if (!eap_is_wps_pbc_enrollee(&ssid->eap))
1772		return 0;
1773
1774	wpa_printf(MSG_DEBUG, "WPS: Check whether PBC session overlap is "
1775		   "present in scan results; selected BSSID " MACSTR,
1776		   MAC2STR(selected->bssid));
1777
1778	/* Make sure that only one AP is in active PBC mode */
1779	wps_ie = wpa_bss_get_vendor_ie_multi(selected, WPS_IE_VENDOR_TYPE);
1780	if (wps_ie) {
1781		sel_uuid = wps_get_uuid_e(wps_ie);
1782		wpa_hexdump(MSG_DEBUG, "WPS: UUID of the selected BSS",
1783			    sel_uuid, UUID_LEN);
1784	} else {
1785		wpa_printf(MSG_DEBUG, "WPS: Selected BSS does not include "
1786			   "WPS IE?!");
1787		sel_uuid = NULL;
1788	}
1789
1790	for (i = 0; i < wpa_s->num_wps_ap; i++) {
1791		struct wps_ap_info *ap = &wpa_s->wps_ap[i];
1792
1793		if (!ap->pbc_active ||
1794		    os_memcmp(selected->bssid, ap->bssid, ETH_ALEN) == 0)
1795			continue;
1796
1797		wpa_printf(MSG_DEBUG, "WPS: Another BSS in active PBC mode: "
1798			   MACSTR, MAC2STR(ap->bssid));
1799		wpa_hexdump(MSG_DEBUG, "WPS: UUID of the other BSS",
1800			    ap->uuid, UUID_LEN);
1801		if (sel_uuid == NULL ||
1802		    os_memcmp(sel_uuid, ap->uuid, UUID_LEN) != 0) {
1803			ret = 1; /* PBC overlap */
1804			wpa_msg(wpa_s, MSG_INFO, "WPS: PBC overlap detected: "
1805				MACSTR " and " MACSTR,
1806				MAC2STR(selected->bssid),
1807				MAC2STR(ap->bssid));
1808			break;
1809		}
1810
1811		/* TODO: verify that this is reasonable dual-band situation */
1812	}
1813
1814	wpabuf_free(wps_ie);
1815
1816	return ret;
1817}
1818
1819
1820void wpas_wps_notify_scan_results(struct wpa_supplicant *wpa_s)
1821{
1822	struct wpa_bss *bss;
1823	unsigned int pbc = 0, auth = 0, pin = 0, wps = 0;
1824
1825	if (wpa_s->disconnected || wpa_s->wpa_state >= WPA_ASSOCIATED)
1826		return;
1827
1828	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1829		struct wpabuf *ie;
1830		ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
1831		if (!ie)
1832			continue;
1833		if (wps_is_selected_pbc_registrar(ie))
1834			pbc++;
1835		else if (wps_is_addr_authorized(ie, wpa_s->own_addr, 0))
1836			auth++;
1837		else if (wps_is_selected_pin_registrar(ie))
1838			pin++;
1839		else
1840			wps++;
1841		wpabuf_free(ie);
1842	}
1843
1844	if (pbc)
1845		wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE_PBC);
1846	else if (auth)
1847		wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE_AUTH);
1848	else if (pin)
1849		wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE_PIN);
1850	else if (wps)
1851		wpa_msg_ctrl(wpa_s, MSG_INFO, WPS_EVENT_AP_AVAILABLE);
1852}
1853
1854
1855int wpas_wps_searching(struct wpa_supplicant *wpa_s)
1856{
1857	struct wpa_ssid *ssid;
1858
1859	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1860		if ((ssid->key_mgmt & WPA_KEY_MGMT_WPS) && !ssid->disabled)
1861			return 1;
1862	}
1863
1864	return 0;
1865}
1866
1867
1868int wpas_wps_scan_result_text(const u8 *ies, size_t ies_len, char *buf,
1869			      char *end)
1870{
1871	struct wpabuf *wps_ie;
1872	int ret;
1873
1874	wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len, WPS_DEV_OUI_WFA);
1875	if (wps_ie == NULL)
1876		return 0;
1877
1878	ret = wps_attr_text(wps_ie, buf, end);
1879	wpabuf_free(wps_ie);
1880	return ret;
1881}
1882
1883
1884int wpas_wps_er_start(struct wpa_supplicant *wpa_s, const char *filter)
1885{
1886#ifdef CONFIG_WPS_ER
1887	if (wpa_s->wps_er) {
1888		wps_er_refresh(wpa_s->wps_er);
1889		return 0;
1890	}
1891	wpa_s->wps_er = wps_er_init(wpa_s->wps, wpa_s->ifname, filter);
1892	if (wpa_s->wps_er == NULL)
1893		return -1;
1894	return 0;
1895#else /* CONFIG_WPS_ER */
1896	return 0;
1897#endif /* CONFIG_WPS_ER */
1898}
1899
1900
1901void wpas_wps_er_stop(struct wpa_supplicant *wpa_s)
1902{
1903#ifdef CONFIG_WPS_ER
1904	wps_er_deinit(wpa_s->wps_er, NULL, NULL);
1905	wpa_s->wps_er = NULL;
1906#endif /* CONFIG_WPS_ER */
1907}
1908
1909
1910#ifdef CONFIG_WPS_ER
1911int wpas_wps_er_add_pin(struct wpa_supplicant *wpa_s, const u8 *addr,
1912			const char *uuid, const char *pin)
1913{
1914	u8 u[UUID_LEN];
1915	const u8 *use_uuid = NULL;
1916	u8 addr_buf[ETH_ALEN];
1917
1918	if (os_strcmp(uuid, "any") == 0) {
1919	} else if (uuid_str2bin(uuid, u) == 0) {
1920		use_uuid = u;
1921	} else if (hwaddr_aton(uuid, addr_buf) == 0) {
1922		use_uuid = wps_er_get_sta_uuid(wpa_s->wps_er, addr_buf);
1923		if (use_uuid == NULL)
1924			return -1;
1925	} else
1926		return -1;
1927	return wps_registrar_add_pin(wpa_s->wps->registrar, addr,
1928				     use_uuid,
1929				     (const u8 *) pin, os_strlen(pin), 300);
1930}
1931
1932
1933int wpas_wps_er_pbc(struct wpa_supplicant *wpa_s, const char *uuid)
1934{
1935	u8 u[UUID_LEN], *use_uuid = NULL;
1936	u8 addr[ETH_ALEN], *use_addr = NULL;
1937
1938	if (uuid_str2bin(uuid, u) == 0)
1939		use_uuid = u;
1940	else if (hwaddr_aton(uuid, addr) == 0)
1941		use_addr = addr;
1942	else
1943		return -1;
1944	return wps_er_pbc(wpa_s->wps_er, use_uuid, use_addr);
1945}
1946
1947
1948int wpas_wps_er_learn(struct wpa_supplicant *wpa_s, const char *uuid,
1949		      const char *pin)
1950{
1951	u8 u[UUID_LEN], *use_uuid = NULL;
1952	u8 addr[ETH_ALEN], *use_addr = NULL;
1953
1954	if (uuid_str2bin(uuid, u) == 0)
1955		use_uuid = u;
1956	else if (hwaddr_aton(uuid, addr) == 0)
1957		use_addr = addr;
1958	else
1959		return -1;
1960
1961	return wps_er_learn(wpa_s->wps_er, use_uuid, use_addr, (const u8 *) pin,
1962			    os_strlen(pin));
1963}
1964
1965
1966static int wpas_wps_network_to_cred(struct wpa_ssid *ssid,
1967				    struct wps_credential *cred)
1968{
1969	os_memset(cred, 0, sizeof(*cred));
1970	if (ssid->ssid_len > SSID_MAX_LEN)
1971		return -1;
1972	os_memcpy(cred->ssid, ssid->ssid, ssid->ssid_len);
1973	cred->ssid_len = ssid->ssid_len;
1974	if (ssid->key_mgmt & WPA_KEY_MGMT_PSK) {
1975		cred->auth_type = (ssid->proto & WPA_PROTO_RSN) ?
1976			WPS_AUTH_WPA2PSK : WPS_AUTH_WPAPSK;
1977		if (ssid->pairwise_cipher & WPA_CIPHER_CCMP)
1978			cred->encr_type = WPS_ENCR_AES;
1979		else
1980			cred->encr_type = WPS_ENCR_TKIP;
1981		if (ssid->passphrase) {
1982			cred->key_len = os_strlen(ssid->passphrase);
1983			if (cred->key_len >= 64)
1984				return -1;
1985			os_memcpy(cred->key, ssid->passphrase, cred->key_len);
1986		} else if (ssid->psk_set) {
1987			cred->key_len = 32;
1988			os_memcpy(cred->key, ssid->psk, 32);
1989		} else
1990			return -1;
1991	} else {
1992		cred->auth_type = WPS_AUTH_OPEN;
1993		cred->encr_type = WPS_ENCR_NONE;
1994	}
1995
1996	return 0;
1997}
1998
1999
2000int wpas_wps_er_set_config(struct wpa_supplicant *wpa_s, const char *uuid,
2001			   int id)
2002{
2003	u8 u[UUID_LEN], *use_uuid = NULL;
2004	u8 addr[ETH_ALEN], *use_addr = NULL;
2005	struct wpa_ssid *ssid;
2006	struct wps_credential cred;
2007	int ret;
2008
2009	if (uuid_str2bin(uuid, u) == 0)
2010		use_uuid = u;
2011	else if (hwaddr_aton(uuid, addr) == 0)
2012		use_addr = addr;
2013	else
2014		return -1;
2015	ssid = wpa_config_get_network(wpa_s->conf, id);
2016	if (ssid == NULL || ssid->ssid == NULL)
2017		return -1;
2018
2019	if (wpas_wps_network_to_cred(ssid, &cred) < 0)
2020		return -1;
2021	ret = wps_er_set_config(wpa_s->wps_er, use_uuid, use_addr, &cred);
2022	os_memset(&cred, 0, sizeof(cred));
2023	return ret;
2024}
2025
2026
2027int wpas_wps_er_config(struct wpa_supplicant *wpa_s, const char *uuid,
2028		       const char *pin, struct wps_new_ap_settings *settings)
2029{
2030	u8 u[UUID_LEN], *use_uuid = NULL;
2031	u8 addr[ETH_ALEN], *use_addr = NULL;
2032	struct wps_credential cred;
2033	size_t len;
2034
2035	if (uuid_str2bin(uuid, u) == 0)
2036		use_uuid = u;
2037	else if (hwaddr_aton(uuid, addr) == 0)
2038		use_addr = addr;
2039	else
2040		return -1;
2041	if (settings->ssid_hex == NULL || settings->auth == NULL ||
2042	    settings->encr == NULL || settings->key_hex == NULL)
2043		return -1;
2044
2045	os_memset(&cred, 0, sizeof(cred));
2046	len = os_strlen(settings->ssid_hex);
2047	if ((len & 1) || len > 2 * sizeof(cred.ssid) ||
2048	    hexstr2bin(settings->ssid_hex, cred.ssid, len / 2))
2049		return -1;
2050	cred.ssid_len = len / 2;
2051
2052	len = os_strlen(settings->key_hex);
2053	if ((len & 1) || len > 2 * sizeof(cred.key) ||
2054	    hexstr2bin(settings->key_hex, cred.key, len / 2))
2055		return -1;
2056	cred.key_len = len / 2;
2057
2058	if (os_strcmp(settings->auth, "OPEN") == 0)
2059		cred.auth_type = WPS_AUTH_OPEN;
2060	else if (os_strcmp(settings->auth, "WPAPSK") == 0)
2061		cred.auth_type = WPS_AUTH_WPAPSK;
2062	else if (os_strcmp(settings->auth, "WPA2PSK") == 0)
2063		cred.auth_type = WPS_AUTH_WPA2PSK;
2064	else
2065		return -1;
2066
2067	if (os_strcmp(settings->encr, "NONE") == 0)
2068		cred.encr_type = WPS_ENCR_NONE;
2069#ifdef CONFIG_TESTING_OPTIONS
2070	else if (os_strcmp(settings->encr, "WEP") == 0)
2071		cred.encr_type = WPS_ENCR_WEP;
2072#endif /* CONFIG_TESTING_OPTIONS */
2073	else if (os_strcmp(settings->encr, "TKIP") == 0)
2074		cred.encr_type = WPS_ENCR_TKIP;
2075	else if (os_strcmp(settings->encr, "CCMP") == 0)
2076		cred.encr_type = WPS_ENCR_AES;
2077	else
2078		return -1;
2079
2080	return wps_er_config(wpa_s->wps_er, use_uuid, use_addr,
2081			     (const u8 *) pin, os_strlen(pin), &cred);
2082}
2083
2084
2085#ifdef CONFIG_WPS_NFC
2086struct wpabuf * wpas_wps_er_nfc_config_token(struct wpa_supplicant *wpa_s,
2087					     int ndef, const char *uuid)
2088{
2089	struct wpabuf *ret;
2090	u8 u[UUID_LEN], *use_uuid = NULL;
2091	u8 addr[ETH_ALEN], *use_addr = NULL;
2092
2093	if (!wpa_s->wps_er)
2094		return NULL;
2095
2096	if (uuid_str2bin(uuid, u) == 0)
2097		use_uuid = u;
2098	else if (hwaddr_aton(uuid, addr) == 0)
2099		use_addr = addr;
2100	else
2101		return NULL;
2102
2103	ret = wps_er_nfc_config_token(wpa_s->wps_er, use_uuid, use_addr);
2104	if (ndef && ret) {
2105		struct wpabuf *tmp;
2106		tmp = ndef_build_wifi(ret);
2107		wpabuf_free(ret);
2108		if (tmp == NULL)
2109			return NULL;
2110		ret = tmp;
2111	}
2112
2113	return ret;
2114}
2115#endif /* CONFIG_WPS_NFC */
2116
2117
2118static int callbacks_pending = 0;
2119
2120static void wpas_wps_terminate_cb(void *ctx)
2121{
2122	wpa_printf(MSG_DEBUG, "WPS ER: Terminated");
2123	if (--callbacks_pending <= 0)
2124		eloop_terminate();
2125}
2126#endif /* CONFIG_WPS_ER */
2127
2128
2129int wpas_wps_terminate_pending(struct wpa_supplicant *wpa_s)
2130{
2131#ifdef CONFIG_WPS_ER
2132	if (wpa_s->wps_er) {
2133		callbacks_pending++;
2134		wps_er_deinit(wpa_s->wps_er, wpas_wps_terminate_cb, wpa_s);
2135		wpa_s->wps_er = NULL;
2136		return 1;
2137	}
2138#endif /* CONFIG_WPS_ER */
2139	return 0;
2140}
2141
2142
2143void wpas_wps_update_config(struct wpa_supplicant *wpa_s)
2144{
2145	struct wps_context *wps = wpa_s->wps;
2146
2147	if (wps == NULL)
2148		return;
2149
2150	if (wpa_s->conf->changed_parameters & CFG_CHANGED_CONFIG_METHODS) {
2151		wps->config_methods = wps_config_methods_str2bin(
2152			wpa_s->conf->config_methods);
2153		if ((wps->config_methods &
2154		     (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) ==
2155		    (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) {
2156			wpa_printf(MSG_ERROR, "WPS: Both Label and Display "
2157				   "config methods are not allowed at the "
2158				   "same time");
2159			wps->config_methods &= ~WPS_CONFIG_LABEL;
2160		}
2161	}
2162	wps->config_methods = wps_fix_config_methods(wps->config_methods);
2163	wps->dev.config_methods = wps->config_methods;
2164
2165	if (wpa_s->conf->changed_parameters & CFG_CHANGED_DEVICE_TYPE)
2166		os_memcpy(wps->dev.pri_dev_type, wpa_s->conf->device_type,
2167			  WPS_DEV_TYPE_LEN);
2168
2169	if (wpa_s->conf->changed_parameters & CFG_CHANGED_SEC_DEVICE_TYPE) {
2170		wps->dev.num_sec_dev_types = wpa_s->conf->num_sec_device_types;
2171		os_memcpy(wps->dev.sec_dev_type, wpa_s->conf->sec_device_type,
2172			  wps->dev.num_sec_dev_types * WPS_DEV_TYPE_LEN);
2173	}
2174
2175	if (wpa_s->conf->changed_parameters & CFG_CHANGED_VENDOR_EXTENSION)
2176		wpas_wps_set_vendor_ext_m1(wpa_s, wps);
2177
2178	if (wpa_s->conf->changed_parameters & CFG_CHANGED_OS_VERSION)
2179		wps->dev.os_version = WPA_GET_BE32(wpa_s->conf->os_version);
2180
2181	if (wpa_s->conf->changed_parameters & CFG_CHANGED_UUID)
2182		wpas_wps_set_uuid(wpa_s, wps);
2183
2184	if (wpa_s->conf->changed_parameters &
2185	    (CFG_CHANGED_DEVICE_NAME | CFG_CHANGED_WPS_STRING)) {
2186		/* Update pointers to make sure they refer current values */
2187		wps->dev.device_name = wpa_s->conf->device_name;
2188		wps->dev.manufacturer = wpa_s->conf->manufacturer;
2189		wps->dev.model_name = wpa_s->conf->model_name;
2190		wps->dev.model_number = wpa_s->conf->model_number;
2191		wps->dev.serial_number = wpa_s->conf->serial_number;
2192	}
2193}
2194
2195
2196#ifdef CONFIG_WPS_NFC
2197
2198#ifdef CONFIG_WPS_ER
2199static struct wpabuf *
2200wpas_wps_network_config_token(struct wpa_supplicant *wpa_s, int ndef,
2201			      struct wpa_ssid *ssid)
2202{
2203	struct wpabuf *ret;
2204	struct wps_credential cred;
2205
2206	if (wpas_wps_network_to_cred(ssid, &cred) < 0)
2207		return NULL;
2208
2209	ret = wps_er_config_token_from_cred(wpa_s->wps, &cred);
2210
2211	if (ndef && ret) {
2212		struct wpabuf *tmp;
2213		tmp = ndef_build_wifi(ret);
2214		wpabuf_free(ret);
2215		if (tmp == NULL)
2216			return NULL;
2217		ret = tmp;
2218	}
2219
2220	return ret;
2221}
2222#endif /* CONFIG_WPS_ER */
2223
2224
2225struct wpabuf * wpas_wps_nfc_config_token(struct wpa_supplicant *wpa_s,
2226					  int ndef, const char *id_str)
2227{
2228#ifdef CONFIG_WPS_ER
2229	if (id_str) {
2230		int id;
2231		char *end = NULL;
2232		struct wpa_ssid *ssid;
2233
2234		id = strtol(id_str, &end, 10);
2235		if (end && *end)
2236			return NULL;
2237
2238		ssid = wpa_config_get_network(wpa_s->conf, id);
2239		if (ssid == NULL)
2240			return NULL;
2241		return wpas_wps_network_config_token(wpa_s, ndef, ssid);
2242	}
2243#endif /* CONFIG_WPS_ER */
2244#ifdef CONFIG_AP
2245	if (wpa_s->ap_iface)
2246		return wpas_ap_wps_nfc_config_token(wpa_s, ndef);
2247#endif /* CONFIG_AP */
2248	return NULL;
2249}
2250
2251
2252struct wpabuf * wpas_wps_nfc_token(struct wpa_supplicant *wpa_s, int ndef)
2253{
2254	if (wpa_s->conf->wps_nfc_pw_from_config) {
2255		return wps_nfc_token_build(ndef,
2256					   wpa_s->conf->wps_nfc_dev_pw_id,
2257					   wpa_s->conf->wps_nfc_dh_pubkey,
2258					   wpa_s->conf->wps_nfc_dev_pw);
2259	}
2260
2261	return wps_nfc_token_gen(ndef, &wpa_s->conf->wps_nfc_dev_pw_id,
2262				 &wpa_s->conf->wps_nfc_dh_pubkey,
2263				 &wpa_s->conf->wps_nfc_dh_privkey,
2264				 &wpa_s->conf->wps_nfc_dev_pw);
2265}
2266
2267
2268int wpas_wps_start_nfc(struct wpa_supplicant *wpa_s, const u8 *go_dev_addr,
2269		       const u8 *bssid,
2270		       const struct wpabuf *dev_pw, u16 dev_pw_id,
2271		       int p2p_group, const u8 *peer_pubkey_hash,
2272		       const u8 *ssid, size_t ssid_len, int freq)
2273{
2274	struct wps_context *wps = wpa_s->wps;
2275	char pw[32 * 2 + 1];
2276
2277	if (dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER && dev_pw == NULL) {
2278		dev_pw = wpa_s->conf->wps_nfc_dev_pw;
2279		dev_pw_id = wpa_s->conf->wps_nfc_dev_pw_id;
2280	}
2281
2282	if (wpa_s->conf->wps_nfc_dh_pubkey == NULL ||
2283	    wpa_s->conf->wps_nfc_dh_privkey == NULL) {
2284		wpa_printf(MSG_DEBUG, "WPS: Missing DH params - "
2285			   "cannot start NFC-triggered connection");
2286		return -1;
2287	}
2288
2289	if (dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER && dev_pw == NULL) {
2290		wpa_printf(MSG_DEBUG, "WPS: Missing Device Password (id=%u) - "
2291			   "cannot start NFC-triggered connection", dev_pw_id);
2292		return -1;
2293	}
2294
2295	dh5_free(wps->dh_ctx);
2296	wpabuf_free(wps->dh_pubkey);
2297	wpabuf_free(wps->dh_privkey);
2298	wps->dh_privkey = wpabuf_dup(wpa_s->conf->wps_nfc_dh_privkey);
2299	wps->dh_pubkey = wpabuf_dup(wpa_s->conf->wps_nfc_dh_pubkey);
2300	if (wps->dh_privkey == NULL || wps->dh_pubkey == NULL) {
2301		wps->dh_ctx = NULL;
2302		wpabuf_free(wps->dh_pubkey);
2303		wps->dh_pubkey = NULL;
2304		wpabuf_free(wps->dh_privkey);
2305		wps->dh_privkey = NULL;
2306		wpa_printf(MSG_DEBUG, "WPS: Failed to get DH priv/pub key");
2307		return -1;
2308	}
2309	wps->dh_ctx = dh5_init_fixed(wps->dh_privkey, wps->dh_pubkey);
2310	if (wps->dh_ctx == NULL) {
2311		wpabuf_free(wps->dh_pubkey);
2312		wps->dh_pubkey = NULL;
2313		wpabuf_free(wps->dh_privkey);
2314		wps->dh_privkey = NULL;
2315		wpa_printf(MSG_DEBUG, "WPS: Failed to initialize DH context");
2316		return -1;
2317	}
2318
2319	if (dev_pw) {
2320		wpa_snprintf_hex_uppercase(pw, sizeof(pw),
2321					   wpabuf_head(dev_pw),
2322					   wpabuf_len(dev_pw));
2323	}
2324	return wpas_wps_start_dev_pw(wpa_s, go_dev_addr, bssid,
2325				     dev_pw ? pw : NULL,
2326				     p2p_group, dev_pw_id, peer_pubkey_hash,
2327				     ssid, ssid_len, freq);
2328}
2329
2330
2331static int wpas_wps_use_cred(struct wpa_supplicant *wpa_s,
2332			     struct wps_parse_attr *attr)
2333{
2334	/*
2335	 * Disable existing networks temporarily to allow the newly learned
2336	 * credential to be preferred. Enable the temporarily disabled networks
2337	 * after 10 seconds.
2338	 */
2339	wpas_wps_temp_disable(wpa_s, NULL);
2340	eloop_register_timeout(10, 0, wpas_wps_reenable_networks_cb, wpa_s,
2341			       NULL);
2342
2343	if (wps_oob_use_cred(wpa_s->wps, attr) < 0)
2344		return -1;
2345
2346	if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED)
2347		return 0;
2348
2349	if (attr->ap_channel) {
2350		u16 chan = WPA_GET_BE16(attr->ap_channel);
2351		int freq = 0;
2352
2353		if (chan >= 1 && chan <= 13)
2354			freq = 2407 + 5 * chan;
2355		else if (chan == 14)
2356			freq = 2484;
2357		else if (chan >= 30)
2358			freq = 5000 + 5 * chan;
2359
2360		if (freq) {
2361			wpa_printf(MSG_DEBUG, "WPS: Credential container indicated AP channel %u -> %u MHz",
2362				   chan, freq);
2363			wpa_s->after_wps = 5;
2364			wpa_s->wps_freq = freq;
2365		}
2366	}
2367
2368	wpa_printf(MSG_DEBUG, "WPS: Request reconnection with new network "
2369		   "based on the received credential added");
2370	wpa_s->normal_scans = 0;
2371	wpa_supplicant_reinit_autoscan(wpa_s);
2372	wpa_s->disconnected = 0;
2373	wpa_s->reassociate = 1;
2374
2375	wpa_supplicant_cancel_sched_scan(wpa_s);
2376	wpa_supplicant_req_scan(wpa_s, 0, 0);
2377
2378	return 0;
2379}
2380
2381
2382#ifdef CONFIG_WPS_ER
2383static int wpas_wps_add_nfc_password_token(struct wpa_supplicant *wpa_s,
2384					   struct wps_parse_attr *attr)
2385{
2386	return wps_registrar_add_nfc_password_token(
2387		wpa_s->wps->registrar, attr->oob_dev_password,
2388		attr->oob_dev_password_len);
2389}
2390#endif /* CONFIG_WPS_ER */
2391
2392
2393static int wpas_wps_nfc_tag_process(struct wpa_supplicant *wpa_s,
2394				    const struct wpabuf *wps)
2395{
2396	struct wps_parse_attr attr;
2397
2398	wpa_hexdump_buf(MSG_DEBUG, "WPS: Received NFC tag payload", wps);
2399
2400	if (wps_parse_msg(wps, &attr)) {
2401		wpa_printf(MSG_DEBUG, "WPS: Ignore invalid data from NFC tag");
2402		return -1;
2403	}
2404
2405	if (attr.num_cred)
2406		return wpas_wps_use_cred(wpa_s, &attr);
2407
2408#ifdef CONFIG_WPS_ER
2409	if (attr.oob_dev_password)
2410		return wpas_wps_add_nfc_password_token(wpa_s, &attr);
2411#endif /* CONFIG_WPS_ER */
2412
2413	wpa_printf(MSG_DEBUG, "WPS: Ignore unrecognized NFC tag");
2414	return -1;
2415}
2416
2417
2418int wpas_wps_nfc_tag_read(struct wpa_supplicant *wpa_s,
2419			  const struct wpabuf *data, int forced_freq)
2420{
2421	const struct wpabuf *wps = data;
2422	struct wpabuf *tmp = NULL;
2423	int ret;
2424
2425	if (wpabuf_len(data) < 4)
2426		return -1;
2427
2428	if (*wpabuf_head_u8(data) != 0x10) {
2429		/* Assume this contains full NDEF record */
2430		tmp = ndef_parse_wifi(data);
2431		if (tmp == NULL) {
2432#ifdef CONFIG_P2P
2433			tmp = ndef_parse_p2p(data);
2434			if (tmp) {
2435				ret = wpas_p2p_nfc_tag_process(wpa_s, tmp,
2436							       forced_freq);
2437				wpabuf_free(tmp);
2438				return ret;
2439			}
2440#endif /* CONFIG_P2P */
2441			wpa_printf(MSG_DEBUG, "WPS: Could not parse NDEF");
2442			return -1;
2443		}
2444		wps = tmp;
2445	}
2446
2447	ret = wpas_wps_nfc_tag_process(wpa_s, wps);
2448	wpabuf_free(tmp);
2449	return ret;
2450}
2451
2452
2453struct wpabuf * wpas_wps_nfc_handover_req(struct wpa_supplicant *wpa_s,
2454					  int ndef)
2455{
2456	struct wpabuf *ret;
2457
2458	if (wpa_s->conf->wps_nfc_dh_pubkey == NULL &&
2459	    wps_nfc_gen_dh(&wpa_s->conf->wps_nfc_dh_pubkey,
2460			   &wpa_s->conf->wps_nfc_dh_privkey) < 0)
2461		return NULL;
2462
2463	ret = wps_build_nfc_handover_req(wpa_s->wps,
2464					 wpa_s->conf->wps_nfc_dh_pubkey);
2465
2466	if (ndef && ret) {
2467		struct wpabuf *tmp;
2468		tmp = ndef_build_wifi(ret);
2469		wpabuf_free(ret);
2470		if (tmp == NULL)
2471			return NULL;
2472		ret = tmp;
2473	}
2474
2475	return ret;
2476}
2477
2478
2479#ifdef CONFIG_WPS_NFC
2480
2481static struct wpabuf *
2482wpas_wps_er_nfc_handover_sel(struct wpa_supplicant *wpa_s, int ndef,
2483			     const char *uuid)
2484{
2485#ifdef CONFIG_WPS_ER
2486	struct wpabuf *ret;
2487	u8 u[UUID_LEN], *use_uuid = NULL;
2488	u8 addr[ETH_ALEN], *use_addr = NULL;
2489	struct wps_context *wps = wpa_s->wps;
2490
2491	if (wps == NULL)
2492		return NULL;
2493
2494	if (uuid == NULL)
2495		return NULL;
2496	if (uuid_str2bin(uuid, u) == 0)
2497		use_uuid = u;
2498	else if (hwaddr_aton(uuid, addr) == 0)
2499		use_addr = addr;
2500	else
2501		return NULL;
2502
2503	if (wpa_s->conf->wps_nfc_dh_pubkey == NULL) {
2504		if (wps_nfc_gen_dh(&wpa_s->conf->wps_nfc_dh_pubkey,
2505				   &wpa_s->conf->wps_nfc_dh_privkey) < 0)
2506			return NULL;
2507	}
2508
2509	wpas_wps_nfc_clear(wps);
2510	wps->ap_nfc_dev_pw_id = DEV_PW_NFC_CONNECTION_HANDOVER;
2511	wps->ap_nfc_dh_pubkey = wpabuf_dup(wpa_s->conf->wps_nfc_dh_pubkey);
2512	wps->ap_nfc_dh_privkey = wpabuf_dup(wpa_s->conf->wps_nfc_dh_privkey);
2513	if (!wps->ap_nfc_dh_pubkey || !wps->ap_nfc_dh_privkey) {
2514		wpas_wps_nfc_clear(wps);
2515		return NULL;
2516	}
2517
2518	ret = wps_er_nfc_handover_sel(wpa_s->wps_er, wpa_s->wps, use_uuid,
2519				      use_addr, wpa_s->conf->wps_nfc_dh_pubkey);
2520	if (ndef && ret) {
2521		struct wpabuf *tmp;
2522		tmp = ndef_build_wifi(ret);
2523		wpabuf_free(ret);
2524		if (tmp == NULL)
2525			return NULL;
2526		ret = tmp;
2527	}
2528
2529	return ret;
2530#else /* CONFIG_WPS_ER */
2531	return NULL;
2532#endif /* CONFIG_WPS_ER */
2533}
2534#endif /* CONFIG_WPS_NFC */
2535
2536
2537struct wpabuf * wpas_wps_nfc_handover_sel(struct wpa_supplicant *wpa_s,
2538					  int ndef, int cr, const char *uuid)
2539{
2540	struct wpabuf *ret;
2541	if (!cr)
2542		return NULL;
2543	ret = wpas_ap_wps_nfc_handover_sel(wpa_s, ndef);
2544	if (ret)
2545		return ret;
2546	return wpas_wps_er_nfc_handover_sel(wpa_s, ndef, uuid);
2547}
2548
2549
2550static int wpas_wps_nfc_rx_handover_sel(struct wpa_supplicant *wpa_s,
2551					const struct wpabuf *data)
2552{
2553	struct wpabuf *wps;
2554	int ret = -1;
2555	u16 wsc_len;
2556	const u8 *pos;
2557	struct wpabuf msg;
2558	struct wps_parse_attr attr;
2559	u16 dev_pw_id;
2560	const u8 *bssid = NULL;
2561	int freq = 0;
2562
2563	wps = ndef_parse_wifi(data);
2564	if (wps == NULL)
2565		return -1;
2566	wpa_printf(MSG_DEBUG, "WPS: Received application/vnd.wfa.wsc "
2567		   "payload from NFC connection handover");
2568	wpa_hexdump_buf(MSG_DEBUG, "WPS: NFC payload", wps);
2569	if (wpabuf_len(wps) < 2) {
2570		wpa_printf(MSG_DEBUG, "WPS: Too short Wi-Fi Handover Select "
2571			   "Message");
2572		goto out;
2573	}
2574	pos = wpabuf_head(wps);
2575	wsc_len = WPA_GET_BE16(pos);
2576	if (wsc_len > wpabuf_len(wps) - 2) {
2577		wpa_printf(MSG_DEBUG, "WPS: Invalid WSC attribute length (%u) "
2578			   "in Wi-Fi Handover Select Message", wsc_len);
2579		goto out;
2580	}
2581	pos += 2;
2582
2583	wpa_hexdump(MSG_DEBUG,
2584		    "WPS: WSC attributes in Wi-Fi Handover Select Message",
2585		    pos, wsc_len);
2586	if (wsc_len < wpabuf_len(wps) - 2) {
2587		wpa_hexdump(MSG_DEBUG,
2588			    "WPS: Ignore extra data after WSC attributes",
2589			    pos + wsc_len, wpabuf_len(wps) - 2 - wsc_len);
2590	}
2591
2592	wpabuf_set(&msg, pos, wsc_len);
2593	ret = wps_parse_msg(&msg, &attr);
2594	if (ret < 0) {
2595		wpa_printf(MSG_DEBUG, "WPS: Could not parse WSC attributes in "
2596			   "Wi-Fi Handover Select Message");
2597		goto out;
2598	}
2599
2600	if (attr.oob_dev_password == NULL ||
2601	    attr.oob_dev_password_len < WPS_OOB_PUBKEY_HASH_LEN + 2) {
2602		wpa_printf(MSG_DEBUG, "WPS: No Out-of-Band Device Password "
2603			   "included in Wi-Fi Handover Select Message");
2604		ret = -1;
2605		goto out;
2606	}
2607
2608	if (attr.ssid == NULL) {
2609		wpa_printf(MSG_DEBUG, "WPS: No SSID included in Wi-Fi Handover "
2610			   "Select Message");
2611		ret = -1;
2612		goto out;
2613	}
2614
2615	wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", attr.ssid, attr.ssid_len);
2616
2617	if (attr.mac_addr) {
2618		bssid = attr.mac_addr;
2619		wpa_printf(MSG_DEBUG, "WPS: MAC Address (BSSID): " MACSTR,
2620			   MAC2STR(bssid));
2621	}
2622
2623	if (attr.rf_bands)
2624		wpa_printf(MSG_DEBUG, "WPS: RF Bands: %d", *attr.rf_bands);
2625
2626	if (attr.ap_channel) {
2627		u16 chan = WPA_GET_BE16(attr.ap_channel);
2628
2629		wpa_printf(MSG_DEBUG, "WPS: AP Channel: %d", chan);
2630
2631		if (chan >= 1 && chan <= 13 &&
2632		    (attr.rf_bands == NULL || *attr.rf_bands & WPS_RF_24GHZ))
2633			freq = 2407 + 5 * chan;
2634		else if (chan == 14 &&
2635			 (attr.rf_bands == NULL ||
2636			  *attr.rf_bands & WPS_RF_24GHZ))
2637			freq = 2484;
2638		else if (chan >= 30 &&
2639			 (attr.rf_bands == NULL ||
2640			  *attr.rf_bands & WPS_RF_50GHZ))
2641			freq = 5000 + 5 * chan;
2642		else if (chan >= 1 && chan <= 4 &&
2643			 (attr.rf_bands == NULL ||
2644			  *attr.rf_bands & WPS_RF_60GHZ))
2645			freq = 56160 + 2160 * chan;
2646
2647		if (freq) {
2648			wpa_printf(MSG_DEBUG,
2649				   "WPS: AP indicated channel %u -> %u MHz",
2650				   chan, freq);
2651		}
2652	}
2653
2654	wpa_hexdump(MSG_DEBUG, "WPS: Out-of-Band Device Password",
2655		    attr.oob_dev_password, attr.oob_dev_password_len);
2656	dev_pw_id = WPA_GET_BE16(attr.oob_dev_password +
2657				 WPS_OOB_PUBKEY_HASH_LEN);
2658	if (dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER) {
2659		wpa_printf(MSG_DEBUG, "WPS: Unexpected OOB Device Password ID "
2660			   "%u in Wi-Fi Handover Select Message", dev_pw_id);
2661		ret = -1;
2662		goto out;
2663	}
2664	wpa_hexdump(MSG_DEBUG, "WPS: AP Public Key hash",
2665		    attr.oob_dev_password, WPS_OOB_PUBKEY_HASH_LEN);
2666
2667	ret = wpas_wps_start_nfc(wpa_s, NULL, bssid, NULL, dev_pw_id, 0,
2668				 attr.oob_dev_password,
2669				 attr.ssid, attr.ssid_len, freq);
2670
2671out:
2672	wpabuf_free(wps);
2673	return ret;
2674}
2675
2676
2677int wpas_wps_nfc_report_handover(struct wpa_supplicant *wpa_s,
2678				 const struct wpabuf *req,
2679				 const struct wpabuf *sel)
2680{
2681	wpa_printf(MSG_DEBUG, "NFC: WPS connection handover reported");
2682	wpa_hexdump_buf_key(MSG_DEBUG, "WPS: Carrier record in request", req);
2683	wpa_hexdump_buf_key(MSG_DEBUG, "WPS: Carrier record in select", sel);
2684	return wpas_wps_nfc_rx_handover_sel(wpa_s, sel);
2685}
2686
2687
2688int wpas_er_wps_nfc_report_handover(struct wpa_supplicant *wpa_s,
2689				    const struct wpabuf *req,
2690				    const struct wpabuf *sel)
2691{
2692	struct wpabuf *wps;
2693	int ret = -1;
2694	u16 wsc_len;
2695	const u8 *pos;
2696	struct wpabuf msg;
2697	struct wps_parse_attr attr;
2698	u16 dev_pw_id;
2699
2700	/*
2701	 * Enrollee/station is always initiator of the NFC connection handover,
2702	 * so use the request message here to find Enrollee public key hash.
2703	 */
2704	wps = ndef_parse_wifi(req);
2705	if (wps == NULL)
2706		return -1;
2707	wpa_printf(MSG_DEBUG, "WPS: Received application/vnd.wfa.wsc "
2708		   "payload from NFC connection handover");
2709	wpa_hexdump_buf(MSG_DEBUG, "WPS: NFC payload", wps);
2710	if (wpabuf_len(wps) < 2) {
2711		wpa_printf(MSG_DEBUG, "WPS: Too short Wi-Fi Handover Request "
2712			   "Message");
2713		goto out;
2714	}
2715	pos = wpabuf_head(wps);
2716	wsc_len = WPA_GET_BE16(pos);
2717	if (wsc_len > wpabuf_len(wps) - 2) {
2718		wpa_printf(MSG_DEBUG, "WPS: Invalid WSC attribute length (%u) "
2719			   "in rt Wi-Fi Handover Request Message", wsc_len);
2720		goto out;
2721	}
2722	pos += 2;
2723
2724	wpa_hexdump(MSG_DEBUG,
2725		    "WPS: WSC attributes in Wi-Fi Handover Request Message",
2726		    pos, wsc_len);
2727	if (wsc_len < wpabuf_len(wps) - 2) {
2728		wpa_hexdump(MSG_DEBUG,
2729			    "WPS: Ignore extra data after WSC attributes",
2730			    pos + wsc_len, wpabuf_len(wps) - 2 - wsc_len);
2731	}
2732
2733	wpabuf_set(&msg, pos, wsc_len);
2734	ret = wps_parse_msg(&msg, &attr);
2735	if (ret < 0) {
2736		wpa_printf(MSG_DEBUG, "WPS: Could not parse WSC attributes in "
2737			   "Wi-Fi Handover Request Message");
2738		goto out;
2739	}
2740
2741	if (attr.oob_dev_password == NULL ||
2742	    attr.oob_dev_password_len < WPS_OOB_PUBKEY_HASH_LEN + 2) {
2743		wpa_printf(MSG_DEBUG, "WPS: No Out-of-Band Device Password "
2744			   "included in Wi-Fi Handover Request Message");
2745		ret = -1;
2746		goto out;
2747	}
2748
2749	if (attr.uuid_e == NULL) {
2750		wpa_printf(MSG_DEBUG, "WPS: No UUID-E included in Wi-Fi "
2751			   "Handover Request Message");
2752		ret = -1;
2753		goto out;
2754	}
2755
2756	wpa_hexdump(MSG_DEBUG, "WPS: UUID-E", attr.uuid_e, WPS_UUID_LEN);
2757
2758	wpa_hexdump(MSG_DEBUG, "WPS: Out-of-Band Device Password",
2759		    attr.oob_dev_password, attr.oob_dev_password_len);
2760	dev_pw_id = WPA_GET_BE16(attr.oob_dev_password +
2761				 WPS_OOB_PUBKEY_HASH_LEN);
2762	if (dev_pw_id != DEV_PW_NFC_CONNECTION_HANDOVER) {
2763		wpa_printf(MSG_DEBUG, "WPS: Unexpected OOB Device Password ID "
2764			   "%u in Wi-Fi Handover Request Message", dev_pw_id);
2765		ret = -1;
2766		goto out;
2767	}
2768	wpa_hexdump(MSG_DEBUG, "WPS: Enrollee Public Key hash",
2769		    attr.oob_dev_password, WPS_OOB_PUBKEY_HASH_LEN);
2770
2771	ret = wps_registrar_add_nfc_pw_token(wpa_s->wps->registrar,
2772					     attr.oob_dev_password,
2773					     DEV_PW_NFC_CONNECTION_HANDOVER,
2774					     NULL, 0, 1);
2775
2776out:
2777	wpabuf_free(wps);
2778	return ret;
2779}
2780
2781#endif /* CONFIG_WPS_NFC */
2782
2783
2784static void wpas_wps_dump_ap_info(struct wpa_supplicant *wpa_s)
2785{
2786	size_t i;
2787	struct os_reltime now;
2788
2789	if (wpa_debug_level > MSG_DEBUG)
2790		return;
2791
2792	if (wpa_s->wps_ap == NULL)
2793		return;
2794
2795	os_get_reltime(&now);
2796
2797	for (i = 0; i < wpa_s->num_wps_ap; i++) {
2798		struct wps_ap_info *ap = &wpa_s->wps_ap[i];
2799		struct wpa_blacklist *e = wpa_blacklist_get(wpa_s, ap->bssid);
2800
2801		wpa_printf(MSG_DEBUG, "WPS: AP[%d] " MACSTR " type=%d "
2802			   "tries=%d last_attempt=%d sec ago blacklist=%d",
2803			   (int) i, MAC2STR(ap->bssid), ap->type, ap->tries,
2804			   ap->last_attempt.sec > 0 ?
2805			   (int) now.sec - (int) ap->last_attempt.sec : -1,
2806			   e ? e->count : 0);
2807	}
2808}
2809
2810
2811static struct wps_ap_info * wpas_wps_get_ap_info(struct wpa_supplicant *wpa_s,
2812						 const u8 *bssid)
2813{
2814	size_t i;
2815
2816	if (wpa_s->wps_ap == NULL)
2817		return NULL;
2818
2819	for (i = 0; i < wpa_s->num_wps_ap; i++) {
2820		struct wps_ap_info *ap = &wpa_s->wps_ap[i];
2821		if (os_memcmp(ap->bssid, bssid, ETH_ALEN) == 0)
2822			return ap;
2823	}
2824
2825	return NULL;
2826}
2827
2828
2829static void wpas_wps_update_ap_info_bss(struct wpa_supplicant *wpa_s,
2830					struct wpa_scan_res *res)
2831{
2832	struct wpabuf *wps;
2833	enum wps_ap_info_type type;
2834	struct wps_ap_info *ap;
2835	int r, pbc_active;
2836	const u8 *uuid;
2837
2838	if (wpa_scan_get_vendor_ie(res, WPS_IE_VENDOR_TYPE) == NULL)
2839		return;
2840
2841	wps = wpa_scan_get_vendor_ie_multi(res, WPS_IE_VENDOR_TYPE);
2842	if (wps == NULL)
2843		return;
2844
2845	r = wps_is_addr_authorized(wps, wpa_s->own_addr, 1);
2846	if (r == 2)
2847		type = WPS_AP_SEL_REG_OUR;
2848	else if (r == 1)
2849		type = WPS_AP_SEL_REG;
2850	else
2851		type = WPS_AP_NOT_SEL_REG;
2852
2853	uuid = wps_get_uuid_e(wps);
2854	pbc_active = wps_is_selected_pbc_registrar(wps);
2855
2856	ap = wpas_wps_get_ap_info(wpa_s, res->bssid);
2857	if (ap) {
2858		if (ap->type != type) {
2859			wpa_printf(MSG_DEBUG, "WPS: AP " MACSTR
2860				   " changed type %d -> %d",
2861				   MAC2STR(res->bssid), ap->type, type);
2862			ap->type = type;
2863			if (type != WPS_AP_NOT_SEL_REG)
2864				wpa_blacklist_del(wpa_s, ap->bssid);
2865		}
2866		ap->pbc_active = pbc_active;
2867		if (uuid)
2868			os_memcpy(ap->uuid, uuid, WPS_UUID_LEN);
2869		goto out;
2870	}
2871
2872	ap = os_realloc_array(wpa_s->wps_ap, wpa_s->num_wps_ap + 1,
2873			      sizeof(struct wps_ap_info));
2874	if (ap == NULL)
2875		goto out;
2876
2877	wpa_s->wps_ap = ap;
2878	ap = &wpa_s->wps_ap[wpa_s->num_wps_ap];
2879	wpa_s->num_wps_ap++;
2880
2881	os_memset(ap, 0, sizeof(*ap));
2882	os_memcpy(ap->bssid, res->bssid, ETH_ALEN);
2883	ap->type = type;
2884	ap->pbc_active = pbc_active;
2885	if (uuid)
2886		os_memcpy(ap->uuid, uuid, WPS_UUID_LEN);
2887	wpa_printf(MSG_DEBUG, "WPS: AP " MACSTR " type %d added",
2888		   MAC2STR(ap->bssid), ap->type);
2889
2890out:
2891	wpabuf_free(wps);
2892}
2893
2894
2895void wpas_wps_update_ap_info(struct wpa_supplicant *wpa_s,
2896			     struct wpa_scan_results *scan_res)
2897{
2898	size_t i;
2899
2900	for (i = 0; i < scan_res->num; i++)
2901		wpas_wps_update_ap_info_bss(wpa_s, scan_res->res[i]);
2902
2903	wpas_wps_dump_ap_info(wpa_s);
2904}
2905
2906
2907void wpas_wps_notify_assoc(struct wpa_supplicant *wpa_s, const u8 *bssid)
2908{
2909	struct wps_ap_info *ap;
2910
2911	wpa_s->after_wps = 0;
2912
2913	if (!wpa_s->wps_ap_iter)
2914		return;
2915	ap = wpas_wps_get_ap_info(wpa_s, bssid);
2916	if (ap == NULL)
2917		return;
2918	ap->tries++;
2919	os_get_reltime(&ap->last_attempt);
2920}
2921