wps_enrollee.c revision b36ed7cd946148d829f311de8fe53ea3ffaaffe3
1/* 2 * Wi-Fi Protected Setup - Enrollee 3 * Copyright (c) 2008, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "includes.h" 10 11#include "common.h" 12#include "crypto/crypto.h" 13#include "crypto/sha256.h" 14#include "crypto/random.h" 15#include "wps_i.h" 16#include "wps_dev_attr.h" 17 18 19static int wps_build_wps_state(struct wps_data *wps, struct wpabuf *msg) 20{ 21 u8 state; 22 if (wps->wps->ap) 23 state = wps->wps->wps_state; 24 else 25 state = WPS_STATE_NOT_CONFIGURED; 26 wpa_printf(MSG_DEBUG, "WPS: * Wi-Fi Protected Setup State (%d)", 27 state); 28 wpabuf_put_be16(msg, ATTR_WPS_STATE); 29 wpabuf_put_be16(msg, 1); 30 wpabuf_put_u8(msg, state); 31 return 0; 32} 33 34 35static int wps_build_e_hash(struct wps_data *wps, struct wpabuf *msg) 36{ 37 u8 *hash; 38 const u8 *addr[4]; 39 size_t len[4]; 40 41 if (random_get_bytes(wps->snonce, 2 * WPS_SECRET_NONCE_LEN) < 0) 42 return -1; 43 wpa_hexdump(MSG_DEBUG, "WPS: E-S1", wps->snonce, WPS_SECRET_NONCE_LEN); 44 wpa_hexdump(MSG_DEBUG, "WPS: E-S2", 45 wps->snonce + WPS_SECRET_NONCE_LEN, WPS_SECRET_NONCE_LEN); 46 47 if (wps->dh_pubkey_e == NULL || wps->dh_pubkey_r == NULL) { 48 wpa_printf(MSG_DEBUG, "WPS: DH public keys not available for " 49 "E-Hash derivation"); 50 return -1; 51 } 52 53 wpa_printf(MSG_DEBUG, "WPS: * E-Hash1"); 54 wpabuf_put_be16(msg, ATTR_E_HASH1); 55 wpabuf_put_be16(msg, SHA256_MAC_LEN); 56 hash = wpabuf_put(msg, SHA256_MAC_LEN); 57 /* E-Hash1 = HMAC_AuthKey(E-S1 || PSK1 || PK_E || PK_R) */ 58 addr[0] = wps->snonce; 59 len[0] = WPS_SECRET_NONCE_LEN; 60 addr[1] = wps->psk1; 61 len[1] = WPS_PSK_LEN; 62 addr[2] = wpabuf_head(wps->dh_pubkey_e); 63 len[2] = wpabuf_len(wps->dh_pubkey_e); 64 addr[3] = wpabuf_head(wps->dh_pubkey_r); 65 len[3] = wpabuf_len(wps->dh_pubkey_r); 66 hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); 67 wpa_hexdump(MSG_DEBUG, "WPS: E-Hash1", hash, SHA256_MAC_LEN); 68 69 wpa_printf(MSG_DEBUG, "WPS: * E-Hash2"); 70 wpabuf_put_be16(msg, ATTR_E_HASH2); 71 wpabuf_put_be16(msg, SHA256_MAC_LEN); 72 hash = wpabuf_put(msg, SHA256_MAC_LEN); 73 /* E-Hash2 = HMAC_AuthKey(E-S2 || PSK2 || PK_E || PK_R) */ 74 addr[0] = wps->snonce + WPS_SECRET_NONCE_LEN; 75 addr[1] = wps->psk2; 76 hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); 77 wpa_hexdump(MSG_DEBUG, "WPS: E-Hash2", hash, SHA256_MAC_LEN); 78 79 return 0; 80} 81 82 83static int wps_build_e_snonce1(struct wps_data *wps, struct wpabuf *msg) 84{ 85 wpa_printf(MSG_DEBUG, "WPS: * E-SNonce1"); 86 wpabuf_put_be16(msg, ATTR_E_SNONCE1); 87 wpabuf_put_be16(msg, WPS_SECRET_NONCE_LEN); 88 wpabuf_put_data(msg, wps->snonce, WPS_SECRET_NONCE_LEN); 89 return 0; 90} 91 92 93static int wps_build_e_snonce2(struct wps_data *wps, struct wpabuf *msg) 94{ 95 wpa_printf(MSG_DEBUG, "WPS: * E-SNonce2"); 96 wpabuf_put_be16(msg, ATTR_E_SNONCE2); 97 wpabuf_put_be16(msg, WPS_SECRET_NONCE_LEN); 98 wpabuf_put_data(msg, wps->snonce + WPS_SECRET_NONCE_LEN, 99 WPS_SECRET_NONCE_LEN); 100 return 0; 101} 102 103 104static struct wpabuf * wps_build_m1(struct wps_data *wps) 105{ 106 struct wpabuf *msg; 107 u16 config_methods; 108 109 if (random_get_bytes(wps->nonce_e, WPS_NONCE_LEN) < 0) 110 return NULL; 111 wpa_hexdump(MSG_DEBUG, "WPS: Enrollee Nonce", 112 wps->nonce_e, WPS_NONCE_LEN); 113 114 wpa_printf(MSG_DEBUG, "WPS: Building Message M1"); 115 msg = wpabuf_alloc(1000); 116 if (msg == NULL) 117 return NULL; 118 119 config_methods = wps->wps->config_methods; 120 if (wps->wps->ap && !wps->pbc_in_m1 && 121 (wps->dev_password_len != 0 || 122 (config_methods & WPS_CONFIG_DISPLAY))) { 123 /* 124 * These are the methods that the AP supports as an Enrollee 125 * for adding external Registrars, so remove PushButton. 126 * 127 * As a workaround for Windows 7 mechanism for probing WPS 128 * capabilities from M1, leave PushButton option if no PIN 129 * method is available or if WPS configuration enables PBC 130 * workaround. 131 */ 132 config_methods &= ~WPS_CONFIG_PUSHBUTTON; 133#ifdef CONFIG_WPS2 134 config_methods &= ~(WPS_CONFIG_VIRT_PUSHBUTTON | 135 WPS_CONFIG_PHY_PUSHBUTTON); 136#endif /* CONFIG_WPS2 */ 137 } 138 139 if (wps_build_version(msg) || 140 wps_build_msg_type(msg, WPS_M1) || 141 wps_build_uuid_e(msg, wps->uuid_e) || 142 wps_build_mac_addr(msg, wps->mac_addr_e) || 143 wps_build_enrollee_nonce(wps, msg) || 144 wps_build_public_key(wps, msg) || 145 wps_build_auth_type_flags(wps, msg) || 146 wps_build_encr_type_flags(wps, msg) || 147 wps_build_conn_type_flags(wps, msg) || 148 wps_build_config_methods(msg, config_methods) || 149 wps_build_wps_state(wps, msg) || 150 wps_build_device_attrs(&wps->wps->dev, msg) || 151 wps_build_rf_bands(&wps->wps->dev, msg, 152 wps->wps->rf_band_cb(wps->wps->cb_ctx)) || 153 wps_build_assoc_state(wps, msg) || 154 wps_build_dev_password_id(msg, wps->dev_pw_id) || 155 wps_build_config_error(msg, WPS_CFG_NO_ERROR) || 156 wps_build_os_version(&wps->wps->dev, msg) || 157 wps_build_wfa_ext(msg, 0, NULL, 0) || 158 wps_build_vendor_ext_m1(&wps->wps->dev, msg)) { 159 wpabuf_free(msg); 160 return NULL; 161 } 162 163 wps->state = RECV_M2; 164 return msg; 165} 166 167 168static struct wpabuf * wps_build_m3(struct wps_data *wps) 169{ 170 struct wpabuf *msg; 171 172 wpa_printf(MSG_DEBUG, "WPS: Building Message M3"); 173 174 if (wps->dev_password == NULL) { 175 wpa_printf(MSG_DEBUG, "WPS: No Device Password available"); 176 return NULL; 177 } 178 wps_derive_psk(wps, wps->dev_password, wps->dev_password_len); 179 180 msg = wpabuf_alloc(1000); 181 if (msg == NULL) 182 return NULL; 183 184 if (wps_build_version(msg) || 185 wps_build_msg_type(msg, WPS_M3) || 186 wps_build_registrar_nonce(wps, msg) || 187 wps_build_e_hash(wps, msg) || 188 wps_build_wfa_ext(msg, 0, NULL, 0) || 189 wps_build_authenticator(wps, msg)) { 190 wpabuf_free(msg); 191 return NULL; 192 } 193 194 wps->state = RECV_M4; 195 return msg; 196} 197 198 199static struct wpabuf * wps_build_m5(struct wps_data *wps) 200{ 201 struct wpabuf *msg, *plain; 202 203 wpa_printf(MSG_DEBUG, "WPS: Building Message M5"); 204 205 plain = wpabuf_alloc(200); 206 if (plain == NULL) 207 return NULL; 208 209 msg = wpabuf_alloc(1000); 210 if (msg == NULL) { 211 wpabuf_free(plain); 212 return NULL; 213 } 214 215 if (wps_build_version(msg) || 216 wps_build_msg_type(msg, WPS_M5) || 217 wps_build_registrar_nonce(wps, msg) || 218 wps_build_e_snonce1(wps, plain) || 219 wps_build_key_wrap_auth(wps, plain) || 220 wps_build_encr_settings(wps, msg, plain) || 221 wps_build_wfa_ext(msg, 0, NULL, 0) || 222 wps_build_authenticator(wps, msg)) { 223 wpabuf_free(plain); 224 wpabuf_free(msg); 225 return NULL; 226 } 227 wpabuf_free(plain); 228 229 wps->state = RECV_M6; 230 return msg; 231} 232 233 234static int wps_build_cred_ssid(struct wps_data *wps, struct wpabuf *msg) 235{ 236 wpa_printf(MSG_DEBUG, "WPS: * SSID"); 237 wpabuf_put_be16(msg, ATTR_SSID); 238 wpabuf_put_be16(msg, wps->wps->ssid_len); 239 wpabuf_put_data(msg, wps->wps->ssid, wps->wps->ssid_len); 240 return 0; 241} 242 243 244static int wps_build_cred_auth_type(struct wps_data *wps, struct wpabuf *msg) 245{ 246 wpa_printf(MSG_DEBUG, "WPS: * Authentication Type (0x%x)", 247 wps->wps->ap_auth_type); 248 wpabuf_put_be16(msg, ATTR_AUTH_TYPE); 249 wpabuf_put_be16(msg, 2); 250 wpabuf_put_be16(msg, wps->wps->ap_auth_type); 251 return 0; 252} 253 254 255static int wps_build_cred_encr_type(struct wps_data *wps, struct wpabuf *msg) 256{ 257 wpa_printf(MSG_DEBUG, "WPS: * Encryption Type (0x%x)", 258 wps->wps->ap_encr_type); 259 wpabuf_put_be16(msg, ATTR_ENCR_TYPE); 260 wpabuf_put_be16(msg, 2); 261 wpabuf_put_be16(msg, wps->wps->ap_encr_type); 262 return 0; 263} 264 265 266static int wps_build_cred_network_key(struct wps_data *wps, struct wpabuf *msg) 267{ 268 if ((wps->wps->ap_auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) && 269 wps->wps->network_key_len == 0) { 270 char hex[65]; 271 u8 psk[32]; 272 /* Generate a random per-device PSK */ 273 if (random_get_bytes(psk, sizeof(psk)) < 0) 274 return -1; 275 wpa_hexdump_key(MSG_DEBUG, "WPS: Generated per-device PSK", 276 psk, sizeof(psk)); 277 wpa_printf(MSG_DEBUG, "WPS: * Network Key (len=%u)", 278 (unsigned int) wps->new_psk_len * 2); 279 wpa_snprintf_hex(hex, sizeof(hex), psk, sizeof(psk)); 280 wpabuf_put_be16(msg, ATTR_NETWORK_KEY); 281 wpabuf_put_be16(msg, sizeof(psk) * 2); 282 wpabuf_put_data(msg, hex, sizeof(psk) * 2); 283 if (wps->wps->registrar) { 284 wps_cb_new_psk(wps->wps->registrar, 285 wps->peer_dev.mac_addr, 286 wps->p2p_dev_addr, psk, sizeof(psk)); 287 } 288 return 0; 289 } 290 291 wpa_printf(MSG_DEBUG, "WPS: * Network Key (len=%u)", 292 (unsigned int) wps->wps->network_key_len); 293 wpabuf_put_be16(msg, ATTR_NETWORK_KEY); 294 wpabuf_put_be16(msg, wps->wps->network_key_len); 295 wpabuf_put_data(msg, wps->wps->network_key, wps->wps->network_key_len); 296 return 0; 297} 298 299 300static int wps_build_cred_mac_addr(struct wps_data *wps, struct wpabuf *msg) 301{ 302 wpa_printf(MSG_DEBUG, "WPS: * MAC Address (AP BSSID)"); 303 wpabuf_put_be16(msg, ATTR_MAC_ADDR); 304 wpabuf_put_be16(msg, ETH_ALEN); 305 wpabuf_put_data(msg, wps->wps->dev.mac_addr, ETH_ALEN); 306 return 0; 307} 308 309 310static int wps_build_ap_settings(struct wps_data *wps, struct wpabuf *plain) 311{ 312 const u8 *start, *end; 313 int ret; 314 315 if (wps->wps->ap_settings) { 316 wpa_printf(MSG_DEBUG, "WPS: * AP Settings (pre-configured)"); 317 wpabuf_put_data(plain, wps->wps->ap_settings, 318 wps->wps->ap_settings_len); 319 return 0; 320 } 321 322 wpa_printf(MSG_DEBUG, "WPS: * AP Settings based on current configuration"); 323 start = wpabuf_put(plain, 0); 324 ret = wps_build_cred_ssid(wps, plain) || 325 wps_build_cred_mac_addr(wps, plain) || 326 wps_build_cred_auth_type(wps, plain) || 327 wps_build_cred_encr_type(wps, plain) || 328 wps_build_cred_network_key(wps, plain); 329 end = wpabuf_put(plain, 0); 330 331 wpa_hexdump_key(MSG_DEBUG, "WPS: Plaintext AP Settings", 332 start, end - start); 333 334 return ret; 335} 336 337 338static struct wpabuf * wps_build_m7(struct wps_data *wps) 339{ 340 struct wpabuf *msg, *plain; 341 342 wpa_printf(MSG_DEBUG, "WPS: Building Message M7"); 343 344 plain = wpabuf_alloc(500 + wps->wps->ap_settings_len); 345 if (plain == NULL) 346 return NULL; 347 348 msg = wpabuf_alloc(1000 + wps->wps->ap_settings_len); 349 if (msg == NULL) { 350 wpabuf_free(plain); 351 return NULL; 352 } 353 354 if (wps_build_version(msg) || 355 wps_build_msg_type(msg, WPS_M7) || 356 wps_build_registrar_nonce(wps, msg) || 357 wps_build_e_snonce2(wps, plain) || 358 (wps->wps->ap && wps_build_ap_settings(wps, plain)) || 359 wps_build_key_wrap_auth(wps, plain) || 360 wps_build_encr_settings(wps, msg, plain) || 361 wps_build_wfa_ext(msg, 0, NULL, 0) || 362 wps_build_authenticator(wps, msg)) { 363 wpabuf_free(plain); 364 wpabuf_free(msg); 365 return NULL; 366 } 367 wpabuf_free(plain); 368 369 if (wps->wps->ap && wps->wps->registrar) { 370 /* 371 * If the Registrar is only learning our current configuration, 372 * it may not continue protocol run to successful completion. 373 * Store information here to make sure it remains available. 374 */ 375 wps_device_store(wps->wps->registrar, &wps->peer_dev, 376 wps->uuid_r); 377 } 378 379 wps->state = RECV_M8; 380 return msg; 381} 382 383 384static struct wpabuf * wps_build_wsc_done(struct wps_data *wps) 385{ 386 struct wpabuf *msg; 387 388 wpa_printf(MSG_DEBUG, "WPS: Building Message WSC_Done"); 389 390 msg = wpabuf_alloc(1000); 391 if (msg == NULL) 392 return NULL; 393 394 if (wps_build_version(msg) || 395 wps_build_msg_type(msg, WPS_WSC_DONE) || 396 wps_build_enrollee_nonce(wps, msg) || 397 wps_build_registrar_nonce(wps, msg) || 398 wps_build_wfa_ext(msg, 0, NULL, 0)) { 399 wpabuf_free(msg); 400 return NULL; 401 } 402 403 if (wps->wps->ap) 404 wps->state = RECV_ACK; 405 else { 406 wps_success_event(wps->wps, wps->peer_dev.mac_addr); 407 wps->state = WPS_FINISHED; 408 } 409 return msg; 410} 411 412 413struct wpabuf * wps_enrollee_get_msg(struct wps_data *wps, 414 enum wsc_op_code *op_code) 415{ 416 struct wpabuf *msg; 417 418 switch (wps->state) { 419 case SEND_M1: 420 msg = wps_build_m1(wps); 421 *op_code = WSC_MSG; 422 break; 423 case SEND_M3: 424 msg = wps_build_m3(wps); 425 *op_code = WSC_MSG; 426 break; 427 case SEND_M5: 428 msg = wps_build_m5(wps); 429 *op_code = WSC_MSG; 430 break; 431 case SEND_M7: 432 msg = wps_build_m7(wps); 433 *op_code = WSC_MSG; 434 break; 435 case RECEIVED_M2D: 436 if (wps->wps->ap) { 437 msg = wps_build_wsc_nack(wps); 438 *op_code = WSC_NACK; 439 break; 440 } 441 msg = wps_build_wsc_ack(wps); 442 *op_code = WSC_ACK; 443 if (msg) { 444 /* Another M2/M2D may be received */ 445 wps->state = RECV_M2; 446 } 447 break; 448 case SEND_WSC_NACK: 449 msg = wps_build_wsc_nack(wps); 450 *op_code = WSC_NACK; 451 break; 452 case WPS_MSG_DONE: 453 msg = wps_build_wsc_done(wps); 454 *op_code = WSC_Done; 455 break; 456 default: 457 wpa_printf(MSG_DEBUG, "WPS: Unsupported state %d for building " 458 "a message", wps->state); 459 msg = NULL; 460 break; 461 } 462 463 if (*op_code == WSC_MSG && msg) { 464 /* Save a copy of the last message for Authenticator derivation 465 */ 466 wpabuf_free(wps->last_msg); 467 wps->last_msg = wpabuf_dup(msg); 468 } 469 470 return msg; 471} 472 473 474static int wps_process_registrar_nonce(struct wps_data *wps, const u8 *r_nonce) 475{ 476 if (r_nonce == NULL) { 477 wpa_printf(MSG_DEBUG, "WPS: No Registrar Nonce received"); 478 return -1; 479 } 480 481 os_memcpy(wps->nonce_r, r_nonce, WPS_NONCE_LEN); 482 wpa_hexdump(MSG_DEBUG, "WPS: Registrar Nonce", 483 wps->nonce_r, WPS_NONCE_LEN); 484 485 return 0; 486} 487 488 489static int wps_process_enrollee_nonce(struct wps_data *wps, const u8 *e_nonce) 490{ 491 if (e_nonce == NULL) { 492 wpa_printf(MSG_DEBUG, "WPS: No Enrollee Nonce received"); 493 return -1; 494 } 495 496 if (os_memcmp(wps->nonce_e, e_nonce, WPS_NONCE_LEN) != 0) { 497 wpa_printf(MSG_DEBUG, "WPS: Invalid Enrollee Nonce received"); 498 return -1; 499 } 500 501 return 0; 502} 503 504 505static int wps_process_uuid_r(struct wps_data *wps, const u8 *uuid_r) 506{ 507 if (uuid_r == NULL) { 508 wpa_printf(MSG_DEBUG, "WPS: No UUID-R received"); 509 return -1; 510 } 511 512 os_memcpy(wps->uuid_r, uuid_r, WPS_UUID_LEN); 513 wpa_hexdump(MSG_DEBUG, "WPS: UUID-R", wps->uuid_r, WPS_UUID_LEN); 514 515 return 0; 516} 517 518 519static int wps_process_pubkey(struct wps_data *wps, const u8 *pk, 520 size_t pk_len) 521{ 522 if (pk == NULL || pk_len == 0) { 523 wpa_printf(MSG_DEBUG, "WPS: No Public Key received"); 524 return -1; 525 } 526 527 if (wps->peer_pubkey_hash_set) { 528 u8 hash[WPS_HASH_LEN]; 529 sha256_vector(1, &pk, &pk_len, hash); 530 if (os_memcmp(hash, wps->peer_pubkey_hash, 531 WPS_OOB_PUBKEY_HASH_LEN) != 0) { 532 wpa_printf(MSG_ERROR, "WPS: Public Key hash mismatch"); 533 wpa_hexdump(MSG_DEBUG, "WPS: Received public key", 534 pk, pk_len); 535 wpa_hexdump(MSG_DEBUG, "WPS: Calculated public key " 536 "hash", hash, WPS_OOB_PUBKEY_HASH_LEN); 537 wpa_hexdump(MSG_DEBUG, "WPS: Expected public key hash", 538 wps->peer_pubkey_hash, 539 WPS_OOB_PUBKEY_HASH_LEN); 540 wps->config_error = WPS_CFG_PUBLIC_KEY_HASH_MISMATCH; 541 return -1; 542 } 543 } 544 545 wpabuf_free(wps->dh_pubkey_r); 546 wps->dh_pubkey_r = wpabuf_alloc_copy(pk, pk_len); 547 if (wps->dh_pubkey_r == NULL) 548 return -1; 549 550 if (wps_derive_keys(wps) < 0) 551 return -1; 552 553 return 0; 554} 555 556 557static int wps_process_r_hash1(struct wps_data *wps, const u8 *r_hash1) 558{ 559 if (r_hash1 == NULL) { 560 wpa_printf(MSG_DEBUG, "WPS: No R-Hash1 received"); 561 return -1; 562 } 563 564 os_memcpy(wps->peer_hash1, r_hash1, WPS_HASH_LEN); 565 wpa_hexdump(MSG_DEBUG, "WPS: R-Hash1", wps->peer_hash1, WPS_HASH_LEN); 566 567 return 0; 568} 569 570 571static int wps_process_r_hash2(struct wps_data *wps, const u8 *r_hash2) 572{ 573 if (r_hash2 == NULL) { 574 wpa_printf(MSG_DEBUG, "WPS: No R-Hash2 received"); 575 return -1; 576 } 577 578 os_memcpy(wps->peer_hash2, r_hash2, WPS_HASH_LEN); 579 wpa_hexdump(MSG_DEBUG, "WPS: R-Hash2", wps->peer_hash2, WPS_HASH_LEN); 580 581 return 0; 582} 583 584 585static int wps_process_r_snonce1(struct wps_data *wps, const u8 *r_snonce1) 586{ 587 u8 hash[SHA256_MAC_LEN]; 588 const u8 *addr[4]; 589 size_t len[4]; 590 591 if (r_snonce1 == NULL) { 592 wpa_printf(MSG_DEBUG, "WPS: No R-SNonce1 received"); 593 return -1; 594 } 595 596 wpa_hexdump_key(MSG_DEBUG, "WPS: R-SNonce1", r_snonce1, 597 WPS_SECRET_NONCE_LEN); 598 599 /* R-Hash1 = HMAC_AuthKey(R-S1 || PSK1 || PK_E || PK_R) */ 600 addr[0] = r_snonce1; 601 len[0] = WPS_SECRET_NONCE_LEN; 602 addr[1] = wps->psk1; 603 len[1] = WPS_PSK_LEN; 604 addr[2] = wpabuf_head(wps->dh_pubkey_e); 605 len[2] = wpabuf_len(wps->dh_pubkey_e); 606 addr[3] = wpabuf_head(wps->dh_pubkey_r); 607 len[3] = wpabuf_len(wps->dh_pubkey_r); 608 hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); 609 610 if (os_memcmp(wps->peer_hash1, hash, WPS_HASH_LEN) != 0) { 611 wpa_printf(MSG_DEBUG, "WPS: R-Hash1 derived from R-S1 does " 612 "not match with the pre-committed value"); 613 wps->config_error = WPS_CFG_DEV_PASSWORD_AUTH_FAILURE; 614 wps_pwd_auth_fail_event(wps->wps, 1, 1, wps->peer_dev.mac_addr); 615 return -1; 616 } 617 618 wpa_printf(MSG_DEBUG, "WPS: Registrar proved knowledge of the first " 619 "half of the device password"); 620 621 return 0; 622} 623 624 625static int wps_process_r_snonce2(struct wps_data *wps, const u8 *r_snonce2) 626{ 627 u8 hash[SHA256_MAC_LEN]; 628 const u8 *addr[4]; 629 size_t len[4]; 630 631 if (r_snonce2 == NULL) { 632 wpa_printf(MSG_DEBUG, "WPS: No R-SNonce2 received"); 633 return -1; 634 } 635 636 wpa_hexdump_key(MSG_DEBUG, "WPS: R-SNonce2", r_snonce2, 637 WPS_SECRET_NONCE_LEN); 638 639 /* R-Hash2 = HMAC_AuthKey(R-S2 || PSK2 || PK_E || PK_R) */ 640 addr[0] = r_snonce2; 641 len[0] = WPS_SECRET_NONCE_LEN; 642 addr[1] = wps->psk2; 643 len[1] = WPS_PSK_LEN; 644 addr[2] = wpabuf_head(wps->dh_pubkey_e); 645 len[2] = wpabuf_len(wps->dh_pubkey_e); 646 addr[3] = wpabuf_head(wps->dh_pubkey_r); 647 len[3] = wpabuf_len(wps->dh_pubkey_r); 648 hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash); 649 650 if (os_memcmp(wps->peer_hash2, hash, WPS_HASH_LEN) != 0) { 651 wpa_printf(MSG_DEBUG, "WPS: R-Hash2 derived from R-S2 does " 652 "not match with the pre-committed value"); 653 wps->config_error = WPS_CFG_DEV_PASSWORD_AUTH_FAILURE; 654 wps_pwd_auth_fail_event(wps->wps, 1, 2, wps->peer_dev.mac_addr); 655 return -1; 656 } 657 658 wpa_printf(MSG_DEBUG, "WPS: Registrar proved knowledge of the second " 659 "half of the device password"); 660 661 return 0; 662} 663 664 665static int wps_process_cred_e(struct wps_data *wps, const u8 *cred, 666 size_t cred_len, int wps2) 667{ 668 struct wps_parse_attr attr; 669 struct wpabuf msg; 670 int ret = 0; 671 672 wpa_printf(MSG_DEBUG, "WPS: Received Credential"); 673 os_memset(&wps->cred, 0, sizeof(wps->cred)); 674 wpabuf_set(&msg, cred, cred_len); 675 if (wps_parse_msg(&msg, &attr) < 0 || 676 wps_process_cred(&attr, &wps->cred)) 677 return -1; 678 679 if (os_memcmp(wps->cred.mac_addr, wps->wps->dev.mac_addr, ETH_ALEN) != 680 0) { 681 wpa_printf(MSG_DEBUG, "WPS: MAC Address in the Credential (" 682 MACSTR ") does not match with own address (" MACSTR 683 ")", MAC2STR(wps->cred.mac_addr), 684 MAC2STR(wps->wps->dev.mac_addr)); 685 /* 686 * In theory, this could be consider fatal error, but there are 687 * number of deployed implementations using other address here 688 * due to unclarity in the specification. For interoperability 689 * reasons, allow this to be processed since we do not really 690 * use the MAC Address information for anything. 691 */ 692#ifdef CONFIG_WPS_STRICT 693 if (wps2) { 694 wpa_printf(MSG_INFO, "WPS: Do not accept incorrect " 695 "MAC Address in AP Settings"); 696 return -1; 697 } 698#endif /* CONFIG_WPS_STRICT */ 699 } 700 701#ifdef CONFIG_WPS2 702 if (!(wps->cred.encr_type & 703 (WPS_ENCR_NONE | WPS_ENCR_TKIP | WPS_ENCR_AES))) { 704 if (wps->cred.encr_type & WPS_ENCR_WEP) { 705 wpa_printf(MSG_INFO, "WPS: Reject Credential " 706 "due to WEP configuration"); 707 wps->error_indication = WPS_EI_SECURITY_WEP_PROHIBITED; 708 return -2; 709 } 710 711 wpa_printf(MSG_INFO, "WPS: Reject Credential due to " 712 "invalid encr_type 0x%x", wps->cred.encr_type); 713 return -1; 714 } 715#endif /* CONFIG_WPS2 */ 716 717 if (wps->wps->cred_cb) { 718 wps->cred.cred_attr = cred - 4; 719 wps->cred.cred_attr_len = cred_len + 4; 720 ret = wps->wps->cred_cb(wps->wps->cb_ctx, &wps->cred); 721 wps->cred.cred_attr = NULL; 722 wps->cred.cred_attr_len = 0; 723 } 724 725 return ret; 726} 727 728 729static int wps_process_creds(struct wps_data *wps, const u8 *cred[], 730 size_t cred_len[], size_t num_cred, int wps2) 731{ 732 size_t i; 733 int ok = 0; 734 735 if (wps->wps->ap) 736 return 0; 737 738 if (num_cred == 0) { 739 wpa_printf(MSG_DEBUG, "WPS: No Credential attributes " 740 "received"); 741 return -1; 742 } 743 744 for (i = 0; i < num_cred; i++) { 745 int res; 746 res = wps_process_cred_e(wps, cred[i], cred_len[i], wps2); 747 if (res == 0) 748 ok++; 749 else if (res == -2) 750 wpa_printf(MSG_DEBUG, "WPS: WEP credential skipped"); 751 else 752 return -1; 753 } 754 755 if (ok == 0) { 756 wpa_printf(MSG_DEBUG, "WPS: No valid Credential attribute " 757 "received"); 758 return -1; 759 } 760 761 return 0; 762} 763 764 765static int wps_process_ap_settings_e(struct wps_data *wps, 766 struct wps_parse_attr *attr, 767 struct wpabuf *attrs, int wps2) 768{ 769 struct wps_credential cred; 770 771 if (!wps->wps->ap) 772 return 0; 773 774 if (wps_process_ap_settings(attr, &cred) < 0) 775 return -1; 776 777 wpa_printf(MSG_INFO, "WPS: Received new AP configuration from " 778 "Registrar"); 779 780 if (os_memcmp(cred.mac_addr, wps->wps->dev.mac_addr, ETH_ALEN) != 781 0) { 782 wpa_printf(MSG_DEBUG, "WPS: MAC Address in the AP Settings (" 783 MACSTR ") does not match with own address (" MACSTR 784 ")", MAC2STR(cred.mac_addr), 785 MAC2STR(wps->wps->dev.mac_addr)); 786 /* 787 * In theory, this could be consider fatal error, but there are 788 * number of deployed implementations using other address here 789 * due to unclarity in the specification. For interoperability 790 * reasons, allow this to be processed since we do not really 791 * use the MAC Address information for anything. 792 */ 793#ifdef CONFIG_WPS_STRICT 794 if (wps2) { 795 wpa_printf(MSG_INFO, "WPS: Do not accept incorrect " 796 "MAC Address in AP Settings"); 797 return -1; 798 } 799#endif /* CONFIG_WPS_STRICT */ 800 } 801 802#ifdef CONFIG_WPS2 803 if (!(cred.encr_type & (WPS_ENCR_NONE | WPS_ENCR_TKIP | WPS_ENCR_AES))) 804 { 805 if (cred.encr_type & WPS_ENCR_WEP) { 806 wpa_printf(MSG_INFO, "WPS: Reject new AP settings " 807 "due to WEP configuration"); 808 wps->error_indication = WPS_EI_SECURITY_WEP_PROHIBITED; 809 return -1; 810 } 811 812 wpa_printf(MSG_INFO, "WPS: Reject new AP settings due to " 813 "invalid encr_type 0x%x", cred.encr_type); 814 return -1; 815 } 816#endif /* CONFIG_WPS2 */ 817 818#ifdef CONFIG_WPS_STRICT 819 if (wps2) { 820 if ((cred.encr_type & (WPS_ENCR_TKIP | WPS_ENCR_AES)) == 821 WPS_ENCR_TKIP || 822 (cred.auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) == 823 WPS_AUTH_WPAPSK) { 824 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid WSC 2.0 " 825 "AP Settings: WPA-Personal/TKIP only"); 826 wps->error_indication = 827 WPS_EI_SECURITY_TKIP_ONLY_PROHIBITED; 828 return -1; 829 } 830 } 831#endif /* CONFIG_WPS_STRICT */ 832 833#ifdef CONFIG_WPS2 834 if ((cred.encr_type & (WPS_ENCR_TKIP | WPS_ENCR_AES)) == WPS_ENCR_TKIP) 835 { 836 wpa_printf(MSG_DEBUG, "WPS: Upgrade encr_type TKIP -> " 837 "TKIP+AES"); 838 cred.encr_type |= WPS_ENCR_AES; 839 } 840 841 if ((cred.auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) == 842 WPS_AUTH_WPAPSK) { 843 wpa_printf(MSG_DEBUG, "WPS: Upgrade auth_type WPAPSK -> " 844 "WPAPSK+WPA2PSK"); 845 cred.auth_type |= WPS_AUTH_WPA2PSK; 846 } 847#endif /* CONFIG_WPS2 */ 848 849 if (wps->wps->cred_cb) { 850 cred.cred_attr = wpabuf_head(attrs); 851 cred.cred_attr_len = wpabuf_len(attrs); 852 wps->wps->cred_cb(wps->wps->cb_ctx, &cred); 853 } 854 855 return 0; 856} 857 858 859static int wps_process_dev_pw_id(struct wps_data *wps, const u8 *dev_pw_id) 860{ 861 u16 id; 862 863 if (dev_pw_id == NULL) { 864 wpa_printf(MSG_DEBUG, "WPS: Device Password ID"); 865 return -1; 866 } 867 868 id = WPA_GET_BE16(dev_pw_id); 869 if (wps->dev_pw_id == id) { 870 wpa_printf(MSG_DEBUG, "WPS: Device Password ID %u", id); 871 return 0; 872 } 873 874#ifdef CONFIG_P2P 875 if ((id == DEV_PW_DEFAULT && 876 wps->dev_pw_id == DEV_PW_REGISTRAR_SPECIFIED) || 877 (id == DEV_PW_REGISTRAR_SPECIFIED && 878 wps->dev_pw_id == DEV_PW_DEFAULT)) { 879 /* 880 * Common P2P use cases indicate whether the PIN is from the 881 * client or GO using Device Password Id in M1/M2 in a way that 882 * does not look fully compliant with WSC specification. Anyway, 883 * this is deployed and needs to be allowed, so ignore changes 884 * between Registrar-Specified and Default PIN. 885 */ 886 wpa_printf(MSG_DEBUG, "WPS: Allow PIN Device Password ID " 887 "change"); 888 return 0; 889 } 890#endif /* CONFIG_P2P */ 891 892 wpa_printf(MSG_DEBUG, "WPS: Registrar trying to change Device Password " 893 "ID from %u to %u", wps->dev_pw_id, id); 894 895 if (wps->dev_pw_id == DEV_PW_PUSHBUTTON && id == DEV_PW_DEFAULT) { 896 wpa_printf(MSG_DEBUG, 897 "WPS: Workaround - ignore PBC-to-PIN change"); 898 return 0; 899 } 900 901 if (wps->alt_dev_password && wps->alt_dev_pw_id == id) { 902 wpa_printf(MSG_DEBUG, "WPS: Found a matching Device Password"); 903 os_free(wps->dev_password); 904 wps->dev_pw_id = wps->alt_dev_pw_id; 905 wps->dev_password = wps->alt_dev_password; 906 wps->dev_password_len = wps->alt_dev_password_len; 907 wps->alt_dev_password = NULL; 908 wps->alt_dev_password_len = 0; 909 return 0; 910 } 911 912 return -1; 913} 914 915 916static enum wps_process_res wps_process_m2(struct wps_data *wps, 917 const struct wpabuf *msg, 918 struct wps_parse_attr *attr) 919{ 920 wpa_printf(MSG_DEBUG, "WPS: Received M2"); 921 922 if (wps->state != RECV_M2) { 923 wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for " 924 "receiving M2", wps->state); 925 wps->state = SEND_WSC_NACK; 926 return WPS_CONTINUE; 927 } 928 929 if (wps_process_registrar_nonce(wps, attr->registrar_nonce) || 930 wps_process_enrollee_nonce(wps, attr->enrollee_nonce) || 931 wps_process_uuid_r(wps, attr->uuid_r) || 932 wps_process_dev_pw_id(wps, attr->dev_password_id)) { 933 wps->state = SEND_WSC_NACK; 934 return WPS_CONTINUE; 935 } 936 937 /* 938 * Stop here on an AP as an Enrollee if AP Setup is locked unless the 939 * special locked mode is used to allow protocol run up to M7 in order 940 * to support external Registrars that only learn the current AP 941 * configuration without changing it. 942 */ 943 if (wps->wps->ap && 944 ((wps->wps->ap_setup_locked && wps->wps->ap_setup_locked != 2) || 945 wps->dev_password == NULL)) { 946 wpa_printf(MSG_DEBUG, "WPS: AP Setup is locked - refuse " 947 "registration of a new Registrar"); 948 wps->config_error = WPS_CFG_SETUP_LOCKED; 949 wps->state = SEND_WSC_NACK; 950 return WPS_CONTINUE; 951 } 952 953 if (wps_process_pubkey(wps, attr->public_key, attr->public_key_len) || 954 wps_process_authenticator(wps, attr->authenticator, msg) || 955 wps_process_device_attrs(&wps->peer_dev, attr)) { 956 wps->state = SEND_WSC_NACK; 957 return WPS_CONTINUE; 958 } 959 960#ifdef CONFIG_WPS_NFC 961 if (wps->peer_pubkey_hash_set) { 962 struct wpabuf *decrypted; 963 struct wps_parse_attr eattr; 964 965 decrypted = wps_decrypt_encr_settings(wps, attr->encr_settings, 966 attr->encr_settings_len); 967 if (decrypted == NULL) { 968 wpa_printf(MSG_DEBUG, "WPS: Failed to decrypt " 969 "Encrypted Settings attribute"); 970 wps->state = SEND_WSC_NACK; 971 return WPS_CONTINUE; 972 } 973 974 wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted " 975 "Settings attribute"); 976 if (wps_parse_msg(decrypted, &eattr) < 0 || 977 wps_process_key_wrap_auth(wps, decrypted, 978 eattr.key_wrap_auth) || 979 wps_process_creds(wps, eattr.cred, eattr.cred_len, 980 eattr.num_cred, attr->version2 != NULL)) { 981 wpabuf_free(decrypted); 982 wps->state = SEND_WSC_NACK; 983 return WPS_CONTINUE; 984 } 985 wpabuf_free(decrypted); 986 987 wps->state = WPS_MSG_DONE; 988 return WPS_CONTINUE; 989 } 990#endif /* CONFIG_WPS_NFC */ 991 992 wps->state = SEND_M3; 993 return WPS_CONTINUE; 994} 995 996 997static enum wps_process_res wps_process_m2d(struct wps_data *wps, 998 struct wps_parse_attr *attr) 999{ 1000 wpa_printf(MSG_DEBUG, "WPS: Received M2D"); 1001 1002 if (wps->state != RECV_M2) { 1003 wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for " 1004 "receiving M2D", wps->state); 1005 wps->state = SEND_WSC_NACK; 1006 return WPS_CONTINUE; 1007 } 1008 1009 wpa_hexdump_ascii(MSG_DEBUG, "WPS: Manufacturer", 1010 attr->manufacturer, attr->manufacturer_len); 1011 wpa_hexdump_ascii(MSG_DEBUG, "WPS: Model Name", 1012 attr->model_name, attr->model_name_len); 1013 wpa_hexdump_ascii(MSG_DEBUG, "WPS: Model Number", 1014 attr->model_number, attr->model_number_len); 1015 wpa_hexdump_ascii(MSG_DEBUG, "WPS: Serial Number", 1016 attr->serial_number, attr->serial_number_len); 1017 wpa_hexdump_ascii(MSG_DEBUG, "WPS: Device Name", 1018 attr->dev_name, attr->dev_name_len); 1019 1020 if (wps->wps->event_cb) { 1021 union wps_event_data data; 1022 struct wps_event_m2d *m2d = &data.m2d; 1023 os_memset(&data, 0, sizeof(data)); 1024 if (attr->config_methods) 1025 m2d->config_methods = 1026 WPA_GET_BE16(attr->config_methods); 1027 m2d->manufacturer = attr->manufacturer; 1028 m2d->manufacturer_len = attr->manufacturer_len; 1029 m2d->model_name = attr->model_name; 1030 m2d->model_name_len = attr->model_name_len; 1031 m2d->model_number = attr->model_number; 1032 m2d->model_number_len = attr->model_number_len; 1033 m2d->serial_number = attr->serial_number; 1034 m2d->serial_number_len = attr->serial_number_len; 1035 m2d->dev_name = attr->dev_name; 1036 m2d->dev_name_len = attr->dev_name_len; 1037 m2d->primary_dev_type = attr->primary_dev_type; 1038 if (attr->config_error) 1039 m2d->config_error = 1040 WPA_GET_BE16(attr->config_error); 1041 if (attr->dev_password_id) 1042 m2d->dev_password_id = 1043 WPA_GET_BE16(attr->dev_password_id); 1044 wps->wps->event_cb(wps->wps->cb_ctx, WPS_EV_M2D, &data); 1045 } 1046 1047 wps->state = RECEIVED_M2D; 1048 return WPS_CONTINUE; 1049} 1050 1051 1052static enum wps_process_res wps_process_m4(struct wps_data *wps, 1053 const struct wpabuf *msg, 1054 struct wps_parse_attr *attr) 1055{ 1056 struct wpabuf *decrypted; 1057 struct wps_parse_attr eattr; 1058 1059 wpa_printf(MSG_DEBUG, "WPS: Received M4"); 1060 1061 if (wps->state != RECV_M4) { 1062 wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for " 1063 "receiving M4", wps->state); 1064 wps->state = SEND_WSC_NACK; 1065 return WPS_CONTINUE; 1066 } 1067 1068 if (wps_process_enrollee_nonce(wps, attr->enrollee_nonce) || 1069 wps_process_authenticator(wps, attr->authenticator, msg) || 1070 wps_process_r_hash1(wps, attr->r_hash1) || 1071 wps_process_r_hash2(wps, attr->r_hash2)) { 1072 wps->state = SEND_WSC_NACK; 1073 return WPS_CONTINUE; 1074 } 1075 1076 decrypted = wps_decrypt_encr_settings(wps, attr->encr_settings, 1077 attr->encr_settings_len); 1078 if (decrypted == NULL) { 1079 wpa_printf(MSG_DEBUG, "WPS: Failed to decrypted Encrypted " 1080 "Settings attribute"); 1081 wps->state = SEND_WSC_NACK; 1082 return WPS_CONTINUE; 1083 } 1084 1085 if (wps_validate_m4_encr(decrypted, attr->version2 != NULL) < 0) { 1086 wpabuf_free(decrypted); 1087 wps->state = SEND_WSC_NACK; 1088 return WPS_CONTINUE; 1089 } 1090 1091 wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted Settings " 1092 "attribute"); 1093 if (wps_parse_msg(decrypted, &eattr) < 0 || 1094 wps_process_key_wrap_auth(wps, decrypted, eattr.key_wrap_auth) || 1095 wps_process_r_snonce1(wps, eattr.r_snonce1)) { 1096 wpabuf_free(decrypted); 1097 wps->state = SEND_WSC_NACK; 1098 return WPS_CONTINUE; 1099 } 1100 wpabuf_free(decrypted); 1101 1102 wps->state = SEND_M5; 1103 return WPS_CONTINUE; 1104} 1105 1106 1107static enum wps_process_res wps_process_m6(struct wps_data *wps, 1108 const struct wpabuf *msg, 1109 struct wps_parse_attr *attr) 1110{ 1111 struct wpabuf *decrypted; 1112 struct wps_parse_attr eattr; 1113 1114 wpa_printf(MSG_DEBUG, "WPS: Received M6"); 1115 1116 if (wps->state != RECV_M6) { 1117 wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for " 1118 "receiving M6", wps->state); 1119 wps->state = SEND_WSC_NACK; 1120 return WPS_CONTINUE; 1121 } 1122 1123 if (wps_process_enrollee_nonce(wps, attr->enrollee_nonce) || 1124 wps_process_authenticator(wps, attr->authenticator, msg)) { 1125 wps->state = SEND_WSC_NACK; 1126 return WPS_CONTINUE; 1127 } 1128 1129 decrypted = wps_decrypt_encr_settings(wps, attr->encr_settings, 1130 attr->encr_settings_len); 1131 if (decrypted == NULL) { 1132 wpa_printf(MSG_DEBUG, "WPS: Failed to decrypted Encrypted " 1133 "Settings attribute"); 1134 wps->state = SEND_WSC_NACK; 1135 return WPS_CONTINUE; 1136 } 1137 1138 if (wps_validate_m6_encr(decrypted, attr->version2 != NULL) < 0) { 1139 wpabuf_free(decrypted); 1140 wps->state = SEND_WSC_NACK; 1141 return WPS_CONTINUE; 1142 } 1143 1144 wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted Settings " 1145 "attribute"); 1146 if (wps_parse_msg(decrypted, &eattr) < 0 || 1147 wps_process_key_wrap_auth(wps, decrypted, eattr.key_wrap_auth) || 1148 wps_process_r_snonce2(wps, eattr.r_snonce2)) { 1149 wpabuf_free(decrypted); 1150 wps->state = SEND_WSC_NACK; 1151 return WPS_CONTINUE; 1152 } 1153 wpabuf_free(decrypted); 1154 1155 if (wps->wps->ap) 1156 wps->wps->event_cb(wps->wps->cb_ctx, WPS_EV_AP_PIN_SUCCESS, 1157 NULL); 1158 1159 wps->state = SEND_M7; 1160 return WPS_CONTINUE; 1161} 1162 1163 1164static enum wps_process_res wps_process_m8(struct wps_data *wps, 1165 const struct wpabuf *msg, 1166 struct wps_parse_attr *attr) 1167{ 1168 struct wpabuf *decrypted; 1169 struct wps_parse_attr eattr; 1170 1171 wpa_printf(MSG_DEBUG, "WPS: Received M8"); 1172 1173 if (wps->state != RECV_M8) { 1174 wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for " 1175 "receiving M8", wps->state); 1176 wps->state = SEND_WSC_NACK; 1177 return WPS_CONTINUE; 1178 } 1179 1180 if (wps_process_enrollee_nonce(wps, attr->enrollee_nonce) || 1181 wps_process_authenticator(wps, attr->authenticator, msg)) { 1182 wps->state = SEND_WSC_NACK; 1183 return WPS_CONTINUE; 1184 } 1185 1186 if (wps->wps->ap && wps->wps->ap_setup_locked) { 1187 /* 1188 * Stop here if special ap_setup_locked == 2 mode allowed the 1189 * protocol to continue beyond M2. This allows ER to learn the 1190 * current AP settings without changing them. 1191 */ 1192 wpa_printf(MSG_DEBUG, "WPS: AP Setup is locked - refuse " 1193 "registration of a new Registrar"); 1194 wps->config_error = WPS_CFG_SETUP_LOCKED; 1195 wps->state = SEND_WSC_NACK; 1196 return WPS_CONTINUE; 1197 } 1198 1199 decrypted = wps_decrypt_encr_settings(wps, attr->encr_settings, 1200 attr->encr_settings_len); 1201 if (decrypted == NULL) { 1202 wpa_printf(MSG_DEBUG, "WPS: Failed to decrypted Encrypted " 1203 "Settings attribute"); 1204 wps->state = SEND_WSC_NACK; 1205 return WPS_CONTINUE; 1206 } 1207 1208 if (wps_validate_m8_encr(decrypted, wps->wps->ap, 1209 attr->version2 != NULL) < 0) { 1210 wpabuf_free(decrypted); 1211 wps->state = SEND_WSC_NACK; 1212 return WPS_CONTINUE; 1213 } 1214 1215 wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted Settings " 1216 "attribute"); 1217 if (wps_parse_msg(decrypted, &eattr) < 0 || 1218 wps_process_key_wrap_auth(wps, decrypted, eattr.key_wrap_auth) || 1219 wps_process_creds(wps, eattr.cred, eattr.cred_len, 1220 eattr.num_cred, attr->version2 != NULL) || 1221 wps_process_ap_settings_e(wps, &eattr, decrypted, 1222 attr->version2 != NULL)) { 1223 wpabuf_free(decrypted); 1224 wps->state = SEND_WSC_NACK; 1225 return WPS_CONTINUE; 1226 } 1227 wpabuf_free(decrypted); 1228 1229 wps->state = WPS_MSG_DONE; 1230 return WPS_CONTINUE; 1231} 1232 1233 1234static enum wps_process_res wps_process_wsc_msg(struct wps_data *wps, 1235 const struct wpabuf *msg) 1236{ 1237 struct wps_parse_attr attr; 1238 enum wps_process_res ret = WPS_CONTINUE; 1239 1240 wpa_printf(MSG_DEBUG, "WPS: Received WSC_MSG"); 1241 1242 if (wps_parse_msg(msg, &attr) < 0) 1243 return WPS_FAILURE; 1244 1245 if (attr.enrollee_nonce == NULL || 1246 os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) { 1247 wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce"); 1248 return WPS_FAILURE; 1249 } 1250 1251 if (attr.msg_type == NULL) { 1252 wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute"); 1253 wps->state = SEND_WSC_NACK; 1254 return WPS_CONTINUE; 1255 } 1256 1257 switch (*attr.msg_type) { 1258 case WPS_M2: 1259 if (wps_validate_m2(msg) < 0) 1260 return WPS_FAILURE; 1261 ret = wps_process_m2(wps, msg, &attr); 1262 break; 1263 case WPS_M2D: 1264 if (wps_validate_m2d(msg) < 0) 1265 return WPS_FAILURE; 1266 ret = wps_process_m2d(wps, &attr); 1267 break; 1268 case WPS_M4: 1269 if (wps_validate_m4(msg) < 0) 1270 return WPS_FAILURE; 1271 ret = wps_process_m4(wps, msg, &attr); 1272 if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK) 1273 wps_fail_event(wps->wps, WPS_M4, wps->config_error, 1274 wps->error_indication, 1275 wps->peer_dev.mac_addr); 1276 break; 1277 case WPS_M6: 1278 if (wps_validate_m6(msg) < 0) 1279 return WPS_FAILURE; 1280 ret = wps_process_m6(wps, msg, &attr); 1281 if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK) 1282 wps_fail_event(wps->wps, WPS_M6, wps->config_error, 1283 wps->error_indication, 1284 wps->peer_dev.mac_addr); 1285 break; 1286 case WPS_M8: 1287 if (wps_validate_m8(msg) < 0) 1288 return WPS_FAILURE; 1289 ret = wps_process_m8(wps, msg, &attr); 1290 if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK) 1291 wps_fail_event(wps->wps, WPS_M8, wps->config_error, 1292 wps->error_indication, 1293 wps->peer_dev.mac_addr); 1294 break; 1295 default: 1296 wpa_printf(MSG_DEBUG, "WPS: Unsupported Message Type %d", 1297 *attr.msg_type); 1298 return WPS_FAILURE; 1299 } 1300 1301 /* 1302 * Save a copy of the last message for Authenticator derivation if we 1303 * are continuing. However, skip M2D since it is not authenticated and 1304 * neither is the ACK/NACK response frame. This allows the possibly 1305 * following M2 to be processed correctly by using the previously sent 1306 * M1 in Authenticator derivation. 1307 */ 1308 if (ret == WPS_CONTINUE && *attr.msg_type != WPS_M2D) { 1309 /* Save a copy of the last message for Authenticator derivation 1310 */ 1311 wpabuf_free(wps->last_msg); 1312 wps->last_msg = wpabuf_dup(msg); 1313 } 1314 1315 return ret; 1316} 1317 1318 1319static enum wps_process_res wps_process_wsc_ack(struct wps_data *wps, 1320 const struct wpabuf *msg) 1321{ 1322 struct wps_parse_attr attr; 1323 1324 wpa_printf(MSG_DEBUG, "WPS: Received WSC_ACK"); 1325 1326 if (wps_parse_msg(msg, &attr) < 0) 1327 return WPS_FAILURE; 1328 1329 if (attr.msg_type == NULL) { 1330 wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute"); 1331 return WPS_FAILURE; 1332 } 1333 1334 if (*attr.msg_type != WPS_WSC_ACK) { 1335 wpa_printf(MSG_DEBUG, "WPS: Invalid Message Type %d", 1336 *attr.msg_type); 1337 return WPS_FAILURE; 1338 } 1339 1340 if (attr.registrar_nonce == NULL || 1341 os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN) != 0) 1342 { 1343 wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce"); 1344 return WPS_FAILURE; 1345 } 1346 1347 if (attr.enrollee_nonce == NULL || 1348 os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) { 1349 wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce"); 1350 return WPS_FAILURE; 1351 } 1352 1353 if (wps->state == RECV_ACK && wps->wps->ap) { 1354 wpa_printf(MSG_DEBUG, "WPS: External Registrar registration " 1355 "completed successfully"); 1356 wps_success_event(wps->wps, wps->peer_dev.mac_addr); 1357 wps->state = WPS_FINISHED; 1358 return WPS_DONE; 1359 } 1360 1361 return WPS_FAILURE; 1362} 1363 1364 1365static enum wps_process_res wps_process_wsc_nack(struct wps_data *wps, 1366 const struct wpabuf *msg) 1367{ 1368 struct wps_parse_attr attr; 1369 u16 config_error; 1370 1371 wpa_printf(MSG_DEBUG, "WPS: Received WSC_NACK"); 1372 1373 if (wps_parse_msg(msg, &attr) < 0) 1374 return WPS_FAILURE; 1375 1376 if (attr.msg_type == NULL) { 1377 wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute"); 1378 return WPS_FAILURE; 1379 } 1380 1381 if (*attr.msg_type != WPS_WSC_NACK) { 1382 wpa_printf(MSG_DEBUG, "WPS: Invalid Message Type %d", 1383 *attr.msg_type); 1384 return WPS_FAILURE; 1385 } 1386 1387 if (attr.registrar_nonce == NULL || 1388 os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN) != 0) 1389 { 1390 wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce"); 1391 wpa_hexdump(MSG_DEBUG, "WPS: Received Registrar Nonce", 1392 attr.registrar_nonce, WPS_NONCE_LEN); 1393 wpa_hexdump(MSG_DEBUG, "WPS: Expected Registrar Nonce", 1394 wps->nonce_r, WPS_NONCE_LEN); 1395 return WPS_FAILURE; 1396 } 1397 1398 if (attr.enrollee_nonce == NULL || 1399 os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) { 1400 wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce"); 1401 wpa_hexdump(MSG_DEBUG, "WPS: Received Enrollee Nonce", 1402 attr.enrollee_nonce, WPS_NONCE_LEN); 1403 wpa_hexdump(MSG_DEBUG, "WPS: Expected Enrollee Nonce", 1404 wps->nonce_e, WPS_NONCE_LEN); 1405 return WPS_FAILURE; 1406 } 1407 1408 if (attr.config_error == NULL) { 1409 wpa_printf(MSG_DEBUG, "WPS: No Configuration Error attribute " 1410 "in WSC_NACK"); 1411 return WPS_FAILURE; 1412 } 1413 1414 config_error = WPA_GET_BE16(attr.config_error); 1415 wpa_printf(MSG_DEBUG, "WPS: Registrar terminated negotiation with " 1416 "Configuration Error %d", config_error); 1417 1418 switch (wps->state) { 1419 case RECV_M4: 1420 wps_fail_event(wps->wps, WPS_M3, config_error, 1421 wps->error_indication, wps->peer_dev.mac_addr); 1422 break; 1423 case RECV_M6: 1424 wps_fail_event(wps->wps, WPS_M5, config_error, 1425 wps->error_indication, wps->peer_dev.mac_addr); 1426 break; 1427 case RECV_M8: 1428 wps_fail_event(wps->wps, WPS_M7, config_error, 1429 wps->error_indication, wps->peer_dev.mac_addr); 1430 break; 1431 default: 1432 break; 1433 } 1434 1435 /* Followed by NACK if Enrollee is Supplicant or EAP-Failure if 1436 * Enrollee is Authenticator */ 1437 wps->state = SEND_WSC_NACK; 1438 1439 return WPS_FAILURE; 1440} 1441 1442 1443enum wps_process_res wps_enrollee_process_msg(struct wps_data *wps, 1444 enum wsc_op_code op_code, 1445 const struct wpabuf *msg) 1446{ 1447 1448 wpa_printf(MSG_DEBUG, "WPS: Processing received message (len=%lu " 1449 "op_code=%d)", 1450 (unsigned long) wpabuf_len(msg), op_code); 1451 1452 if (op_code == WSC_UPnP) { 1453 /* Determine the OpCode based on message type attribute */ 1454 struct wps_parse_attr attr; 1455 if (wps_parse_msg(msg, &attr) == 0 && attr.msg_type) { 1456 if (*attr.msg_type == WPS_WSC_ACK) 1457 op_code = WSC_ACK; 1458 else if (*attr.msg_type == WPS_WSC_NACK) 1459 op_code = WSC_NACK; 1460 } 1461 } 1462 1463 switch (op_code) { 1464 case WSC_MSG: 1465 case WSC_UPnP: 1466 return wps_process_wsc_msg(wps, msg); 1467 case WSC_ACK: 1468 if (wps_validate_wsc_ack(msg) < 0) 1469 return WPS_FAILURE; 1470 return wps_process_wsc_ack(wps, msg); 1471 case WSC_NACK: 1472 if (wps_validate_wsc_nack(msg) < 0) 1473 return WPS_FAILURE; 1474 return wps_process_wsc_nack(wps, msg); 1475 default: 1476 wpa_printf(MSG_DEBUG, "WPS: Unsupported op_code %d", op_code); 1477 return WPS_FAILURE; 1478 } 1479} 1480