1 /*
2  * wpa_supplicant - DPP
3  * Copyright (c) 2017, Qualcomm Atheros, Inc.
4  * Copyright (c) 2018-2020, The Linux Foundation
5  * Copyright (c) 2021-2022, Qualcomm Innovation Center, Inc.
6  *
7  * This software may be distributed under the terms of the BSD license.
8  * See README for more details.
9  */
10 
11 #include "utils/includes.h"
12 
13 #include "utils/common.h"
14 #include "utils/eloop.h"
15 #include "utils/ip_addr.h"
16 #include "utils/base64.h"
17 #include "common/dpp.h"
18 #include "common/gas.h"
19 #include "common/gas_server.h"
20 #include "crypto/random.h"
21 #include "rsn_supp/wpa.h"
22 #include "rsn_supp/pmksa_cache.h"
23 #include "wpa_supplicant_i.h"
24 #include "config.h"
25 #include "driver_i.h"
26 #include "offchannel.h"
27 #include "gas_query.h"
28 #include "bss.h"
29 #include "scan.h"
30 #include "notify.h"
31 #include "dpp_supplicant.h"
32 #include "aidl/vendor/aidl.h"
33 
34 
35 static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
36 				 unsigned int freq);
37 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx);
38 static void wpas_dpp_auth_conf_wait_timeout(void *eloop_ctx, void *timeout_ctx);
39 static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator);
40 static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
41 			       unsigned int freq, const u8 *dst,
42 			       const u8 *src, const u8 *bssid,
43 			       const u8 *data, size_t data_len,
44 			       enum offchannel_send_action_result result);
45 static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx);
46 static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s);
47 static void
48 wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s,
49 			unsigned int freq, const u8 *dst,
50 			const u8 *src, const u8 *bssid,
51 			const u8 *data, size_t data_len,
52 			enum offchannel_send_action_result result);
53 static void wpas_dpp_gas_client_timeout(void *eloop_ctx, void *timeout_ctx);
54 #ifdef CONFIG_DPP2
55 static void wpas_dpp_reconfig_reply_wait_timeout(void *eloop_ctx,
56 						 void *timeout_ctx);
57 static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s);
58 static int wpas_dpp_process_conf_obj(void *ctx,
59 				     struct dpp_authentication *auth);
60 static bool wpas_dpp_tcp_msg_sent(void *ctx, struct dpp_authentication *auth);
61 #endif /* CONFIG_DPP2 */
62 #ifdef CONFIG_DPP3
63 static void wpas_dpp_pb_next(void *eloop_ctx, void *timeout_ctx);
64 #endif /* CONFIG_DPP3 */
65 
66 static const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
67 
68 /* Use a hardcoded Transaction ID 1 in Peer Discovery frames since there is only
69  * a single transaction in progress at any point in time. */
70 static const u8 TRANSACTION_ID = 1;
71 
72 
73 /**
74  * wpas_dpp_qr_code - Parse and add DPP bootstrapping info from a QR Code
75  * @wpa_s: Pointer to wpa_supplicant data
76  * @cmd: DPP URI read from a QR Code
77  * Returns: Identifier of the stored info or -1 on failure
78  */
wpas_dpp_qr_code(struct wpa_supplicant * wpa_s,const char * cmd)79 int wpas_dpp_qr_code(struct wpa_supplicant *wpa_s, const char *cmd)
80 {
81 	struct dpp_bootstrap_info *bi;
82 	struct dpp_authentication *auth = wpa_s->dpp_auth;
83 
84 	bi = dpp_add_qr_code(wpa_s->dpp, cmd);
85 	if (!bi)
86 		return -1;
87 
88 	if (auth && auth->response_pending &&
89 	    dpp_notify_new_qr_code(auth, bi) == 1) {
90 		wpa_printf(MSG_DEBUG,
91 			   "DPP: Sending out pending authentication response");
92 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
93 			" freq=%u type=%d",
94 			MAC2STR(auth->peer_mac_addr), auth->curr_freq,
95 			DPP_PA_AUTHENTICATION_RESP);
96 		offchannel_send_action(wpa_s, auth->curr_freq,
97 				       auth->peer_mac_addr, wpa_s->own_addr,
98 				       broadcast,
99 				       wpabuf_head(auth->resp_msg),
100 				       wpabuf_len(auth->resp_msg),
101 				       500, wpas_dpp_tx_status, 0);
102 	}
103 
104 #ifdef CONFIG_DPP2
105 	dpp_controller_new_qr_code(wpa_s->dpp, bi);
106 #endif /* CONFIG_DPP2 */
107 
108 	return bi->id;
109 }
110 
111 
112 /**
113  * wpas_dpp_nfc_uri - Parse and add DPP bootstrapping info from NFC Tag (URI)
114  * @wpa_s: Pointer to wpa_supplicant data
115  * @cmd: DPP URI read from a NFC Tag (URI NDEF message)
116  * Returns: Identifier of the stored info or -1 on failure
117  */
wpas_dpp_nfc_uri(struct wpa_supplicant * wpa_s,const char * cmd)118 int wpas_dpp_nfc_uri(struct wpa_supplicant *wpa_s, const char *cmd)
119 {
120 	struct dpp_bootstrap_info *bi;
121 
122 	bi = dpp_add_nfc_uri(wpa_s->dpp, cmd);
123 	if (!bi)
124 		return -1;
125 
126 	return bi->id;
127 }
128 
129 
wpas_dpp_nfc_handover_req(struct wpa_supplicant * wpa_s,const char * cmd)130 int wpas_dpp_nfc_handover_req(struct wpa_supplicant *wpa_s, const char *cmd)
131 {
132 	const char *pos;
133 	struct dpp_bootstrap_info *peer_bi, *own_bi;
134 
135 	pos = os_strstr(cmd, " own=");
136 	if (!pos)
137 		return -1;
138 	pos += 5;
139 	own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
140 	if (!own_bi)
141 		return -1;
142 	own_bi->nfc_negotiated = 1;
143 
144 	pos = os_strstr(cmd, " uri=");
145 	if (!pos)
146 		return -1;
147 	pos += 5;
148 	peer_bi = dpp_add_nfc_uri(wpa_s->dpp, pos);
149 	if (!peer_bi) {
150 		wpa_printf(MSG_INFO,
151 			   "DPP: Failed to parse URI from NFC Handover Request");
152 		return -1;
153 	}
154 
155 	if (dpp_nfc_update_bi(own_bi, peer_bi) < 0)
156 		return -1;
157 
158 	return peer_bi->id;
159 }
160 
161 
wpas_dpp_nfc_handover_sel(struct wpa_supplicant * wpa_s,const char * cmd)162 int wpas_dpp_nfc_handover_sel(struct wpa_supplicant *wpa_s, const char *cmd)
163 {
164 	const char *pos;
165 	struct dpp_bootstrap_info *peer_bi, *own_bi;
166 
167 	pos = os_strstr(cmd, " own=");
168 	if (!pos)
169 		return -1;
170 	pos += 5;
171 	own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
172 	if (!own_bi)
173 		return -1;
174 	own_bi->nfc_negotiated = 1;
175 
176 	pos = os_strstr(cmd, " uri=");
177 	if (!pos)
178 		return -1;
179 	pos += 5;
180 	peer_bi = dpp_add_nfc_uri(wpa_s->dpp, pos);
181 	if (!peer_bi) {
182 		wpa_printf(MSG_INFO,
183 			   "DPP: Failed to parse URI from NFC Handover Select");
184 		return -1;
185 	}
186 
187 	if (peer_bi->curve != own_bi->curve) {
188 		wpa_printf(MSG_INFO,
189 			   "DPP: Peer (NFC Handover Selector) used different curve");
190 		return -1;
191 	}
192 
193 	return peer_bi->id;
194 }
195 
196 
wpas_dpp_auth_resp_retry_timeout(void * eloop_ctx,void * timeout_ctx)197 static void wpas_dpp_auth_resp_retry_timeout(void *eloop_ctx, void *timeout_ctx)
198 {
199 	struct wpa_supplicant *wpa_s = eloop_ctx;
200 	struct dpp_authentication *auth = wpa_s->dpp_auth;
201 
202 	if (!auth || !auth->resp_msg)
203 		return;
204 
205 	wpa_printf(MSG_DEBUG,
206 		   "DPP: Retry Authentication Response after timeout");
207 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
208 		" freq=%u type=%d",
209 		MAC2STR(auth->peer_mac_addr), auth->curr_freq,
210 		DPP_PA_AUTHENTICATION_RESP);
211 	offchannel_send_action(wpa_s, auth->curr_freq, auth->peer_mac_addr,
212 			       wpa_s->own_addr, broadcast,
213 			       wpabuf_head(auth->resp_msg),
214 			       wpabuf_len(auth->resp_msg),
215 			       500, wpas_dpp_tx_status, 0);
216 }
217 
218 
wpas_dpp_auth_resp_retry(struct wpa_supplicant * wpa_s)219 static void wpas_dpp_auth_resp_retry(struct wpa_supplicant *wpa_s)
220 {
221 	struct dpp_authentication *auth = wpa_s->dpp_auth;
222 	unsigned int wait_time, max_tries;
223 
224 	if (!auth || !auth->resp_msg)
225 		return;
226 
227 	if (wpa_s->dpp_resp_max_tries)
228 		max_tries = wpa_s->dpp_resp_max_tries;
229 	else
230 		max_tries = 5;
231 	auth->auth_resp_tries++;
232 	if (auth->auth_resp_tries >= max_tries) {
233 		wpa_printf(MSG_INFO, "DPP: No confirm received from initiator - stopping exchange");
234 		offchannel_send_action_done(wpa_s);
235 		dpp_auth_deinit(wpa_s->dpp_auth);
236 		wpa_s->dpp_auth = NULL;
237 		return;
238 	}
239 
240 	if (wpa_s->dpp_resp_retry_time)
241 		wait_time = wpa_s->dpp_resp_retry_time;
242 	else
243 		wait_time = 1000;
244 	if (wpa_s->dpp_tx_chan_change) {
245 		wpa_s->dpp_tx_chan_change = false;
246 		if (wait_time > 100)
247 			wait_time = 100;
248 	}
249 
250 	wpa_printf(MSG_DEBUG,
251 		   "DPP: Schedule retransmission of Authentication Response frame in %u ms",
252 		wait_time);
253 	eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
254 	eloop_register_timeout(wait_time / 1000,
255 			       (wait_time % 1000) * 1000,
256 			       wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
257 }
258 
259 
wpas_dpp_try_to_connect(struct wpa_supplicant * wpa_s)260 static void wpas_dpp_try_to_connect(struct wpa_supplicant *wpa_s)
261 {
262 	wpa_printf(MSG_DEBUG, "DPP: Trying to connect to the new network");
263 	wpa_s->suitable_network = 0;
264 	wpa_s->no_suitable_network = 0;
265 	wpa_s->disconnected = 0;
266 	wpa_s->reassociate = 1;
267 	wpa_s->scan_runs = 0;
268 	wpa_s->normal_scans = 0;
269 	wpa_supplicant_cancel_sched_scan(wpa_s);
270 	wpa_supplicant_req_scan(wpa_s, 0, 0);
271 }
272 
273 
274 #ifdef CONFIG_DPP2
275 
wpas_dpp_stop_listen_for_tx(struct wpa_supplicant * wpa_s,unsigned int freq,unsigned int wait_time)276 static void wpas_dpp_stop_listen_for_tx(struct wpa_supplicant *wpa_s,
277 					unsigned int freq,
278 					unsigned int wait_time)
279 {
280 	struct os_reltime now, res;
281 	unsigned int remaining;
282 
283 	if (!wpa_s->dpp_listen_freq)
284 		return;
285 
286 	os_get_reltime(&now);
287 	if (os_reltime_before(&now, &wpa_s->dpp_listen_end)) {
288 		os_reltime_sub(&wpa_s->dpp_listen_end, &now, &res);
289 		remaining = res.sec * 1000 + res.usec / 1000;
290 	} else {
291 		remaining = 0;
292 	}
293 	if (wpa_s->dpp_listen_freq == freq && remaining > wait_time)
294 		return;
295 
296 	wpa_printf(MSG_DEBUG,
297 		   "DPP: Stop listen on %u MHz ending in %u ms to allow immediate TX on %u MHz for %u ms",
298 		   wpa_s->dpp_listen_freq, remaining, freq, wait_time);
299 	wpas_dpp_listen_stop(wpa_s);
300 
301 	/* TODO: Restart listen in some cases after TX? */
302 }
303 
304 
wpas_dpp_conn_status_result_timeout(void * eloop_ctx,void * timeout_ctx)305 static void wpas_dpp_conn_status_result_timeout(void *eloop_ctx,
306 						void *timeout_ctx)
307 {
308 	struct wpa_supplicant *wpa_s = eloop_ctx;
309 	struct dpp_authentication *auth = wpa_s->dpp_auth;
310 	enum dpp_status_error result;
311 
312 	if ((!auth || !auth->conn_status_requested) &&
313 	    !dpp_tcp_conn_status_requested(wpa_s->dpp))
314 		return;
315 
316 	wpa_printf(MSG_DEBUG,
317 		   "DPP: Connection timeout - report Connection Status Result");
318 	if (wpa_s->suitable_network)
319 		result = DPP_STATUS_AUTH_FAILURE;
320 	else if (wpa_s->no_suitable_network)
321 		result = DPP_STATUS_NO_AP;
322 	else
323 		result = 255; /* What to report here for unexpected state? */
324 	if (wpa_s->wpa_state == WPA_SCANNING)
325 		wpas_abort_ongoing_scan(wpa_s);
326 	wpas_dpp_send_conn_status_result(wpa_s, result);
327 }
328 
329 
wpas_dpp_scan_channel_list(struct wpa_supplicant * wpa_s)330 static char * wpas_dpp_scan_channel_list(struct wpa_supplicant *wpa_s)
331 {
332 	char *str, *end, *pos;
333 	size_t len;
334 	unsigned int i;
335 	u8 last_op_class = 0;
336 	int res;
337 
338 	if (!wpa_s->last_scan_freqs || !wpa_s->num_last_scan_freqs)
339 		return NULL;
340 
341 	len = wpa_s->num_last_scan_freqs * 8;
342 	str = os_zalloc(len);
343 	if (!str)
344 		return NULL;
345 	end = str + len;
346 	pos = str;
347 
348 	for (i = 0; i < wpa_s->num_last_scan_freqs; i++) {
349 		enum hostapd_hw_mode mode;
350 		u8 op_class, channel;
351 
352 		mode = ieee80211_freq_to_channel_ext(wpa_s->last_scan_freqs[i],
353 						     0, 0, &op_class, &channel);
354 		if (mode == NUM_HOSTAPD_MODES)
355 			continue;
356 		if (op_class == last_op_class)
357 			res = os_snprintf(pos, end - pos, ",%d", channel);
358 		else
359 			res = os_snprintf(pos, end - pos, "%s%d/%d",
360 					  pos == str ? "" : ",",
361 					  op_class, channel);
362 		if (os_snprintf_error(end - pos, res)) {
363 			*pos = '\0';
364 			break;
365 		}
366 		pos += res;
367 		last_op_class = op_class;
368 	}
369 
370 	if (pos == str) {
371 		os_free(str);
372 		str = NULL;
373 	}
374 	return str;
375 }
376 
377 
wpas_dpp_send_conn_status_result(struct wpa_supplicant * wpa_s,enum dpp_status_error result)378 void wpas_dpp_send_conn_status_result(struct wpa_supplicant *wpa_s,
379 				      enum dpp_status_error result)
380 {
381 	struct wpabuf *msg;
382 	const char *channel_list = NULL;
383 	char *channel_list_buf = NULL;
384 	struct wpa_ssid *ssid = wpa_s->current_ssid;
385 	struct dpp_authentication *auth = wpa_s->dpp_auth;
386 
387 	eloop_cancel_timeout(wpas_dpp_conn_status_result_timeout, wpa_s, NULL);
388 
389 	if ((!auth || !auth->conn_status_requested) &&
390 	    !dpp_tcp_conn_status_requested(wpa_s->dpp))
391 		return;
392 
393 	wpa_printf(MSG_DEBUG, "DPP: Report connection status result %d",
394 		   result);
395 
396 	if (result == DPP_STATUS_NO_AP) {
397 		channel_list_buf = wpas_dpp_scan_channel_list(wpa_s);
398 		channel_list = channel_list_buf;
399 	}
400 
401 	if (!auth || !auth->conn_status_requested) {
402 		dpp_tcp_send_conn_status(wpa_s->dpp, result,
403 					 ssid ? ssid->ssid :
404 					 wpa_s->dpp_last_ssid,
405 					 ssid ? ssid->ssid_len :
406 					 wpa_s->dpp_last_ssid_len,
407 					 channel_list);
408 		os_free(channel_list_buf);
409 		return;
410 	}
411 
412 	auth->conn_status_requested = 0;
413 
414 	msg = dpp_build_conn_status_result(auth, result,
415 					   ssid ? ssid->ssid :
416 					   wpa_s->dpp_last_ssid,
417 					   ssid ? ssid->ssid_len :
418 					   wpa_s->dpp_last_ssid_len,
419 					   channel_list);
420 	os_free(channel_list_buf);
421 	if (!msg) {
422 		dpp_auth_deinit(wpa_s->dpp_auth);
423 		wpa_s->dpp_auth = NULL;
424 		return;
425 	}
426 
427 	wpa_msg(wpa_s, MSG_INFO,
428 		DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
429 		MAC2STR(auth->peer_mac_addr), auth->curr_freq,
430 		DPP_PA_CONNECTION_STATUS_RESULT);
431 	if (offchannel_send_action(wpa_s, auth->curr_freq,
432 				   auth->peer_mac_addr, wpa_s->own_addr, broadcast,
433 				   wpabuf_head(msg), wpabuf_len(msg),
434 				   500, wpas_dpp_tx_status, 0) < 0) {
435 		wpas_notify_dpp_connection_status_sent(wpa_s, result);
436 		wpabuf_free(msg);
437 		dpp_auth_deinit(wpa_s->dpp_auth);
438 		wpa_s->dpp_auth = NULL;
439 		return;
440 	}
441 
442 	wpabuf_free(msg);
443 
444 	auth->conn_result_status = result;
445 	auth->tx_conn_status_result_started = 1;
446 	/* This exchange will be terminated in the TX status handler */
447 	auth->remove_on_tx_status = 1;
448 
449 	return;
450 }
451 
452 
wpas_dpp_connected_timeout(void * eloop_ctx,void * timeout_ctx)453 static void wpas_dpp_connected_timeout(void *eloop_ctx, void *timeout_ctx)
454 {
455 	struct wpa_supplicant *wpa_s = eloop_ctx;
456 	struct dpp_authentication *auth = wpa_s->dpp_auth;
457 
458 	if ((auth && auth->conn_status_requested) ||
459 	    dpp_tcp_conn_status_requested(wpa_s->dpp))
460 		wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_OK);
461 }
462 
463 
wpas_dpp_connected(struct wpa_supplicant * wpa_s)464 void wpas_dpp_connected(struct wpa_supplicant *wpa_s)
465 {
466 	struct dpp_authentication *auth = wpa_s->dpp_auth;
467 
468 	if ((auth && auth->conn_status_requested) ||
469 	    dpp_tcp_conn_status_requested(wpa_s->dpp)) {
470 		/* Report connection result from an eloop timeout to avoid delay
471 		 * to completing all connection completion steps since this
472 		 * function is called in a middle of the post 4-way handshake
473 		 * processing. */
474 		eloop_register_timeout(0, 0, wpas_dpp_connected_timeout,
475 				       wpa_s, NULL);
476 	}
477 }
478 
479 #endif /* CONFIG_DPP2 */
480 
481 
wpas_dpp_drv_wait_timeout(void * eloop_ctx,void * timeout_ctx)482 static void wpas_dpp_drv_wait_timeout(void *eloop_ctx, void *timeout_ctx)
483 {
484 	struct wpa_supplicant *wpa_s = eloop_ctx;
485 	struct dpp_authentication *auth = wpa_s->dpp_auth;
486 
487 	if (auth && auth->waiting_auth_resp) {
488 		wpa_printf(MSG_DEBUG,
489 			   "DPP: Call wpas_dpp_auth_init_next() from %s",
490 			   __func__);
491 		wpas_dpp_auth_init_next(wpa_s);
492 	} else {
493 		wpa_printf(MSG_DEBUG, "DPP: %s, but no waiting_auth_resp",
494 			   __func__);
495 	}
496 }
497 
498 
wpas_dpp_neg_freq_timeout(void * eloop_ctx,void * timeout_ctx)499 static void wpas_dpp_neg_freq_timeout(void *eloop_ctx, void *timeout_ctx)
500 {
501 	struct wpa_supplicant *wpa_s = eloop_ctx;
502 	struct dpp_authentication *auth = wpa_s->dpp_auth;
503 
504 	if (!wpa_s->dpp_listen_on_tx_expire || !auth || !auth->neg_freq)
505 		return;
506 
507 	wpa_printf(MSG_DEBUG,
508 		   "DPP: Start listen on neg_freq %u MHz based on timeout for TX wait expiration",
509 		   auth->neg_freq);
510 	wpas_dpp_listen_start(wpa_s, auth->neg_freq);
511 }
512 
513 
wpas_dpp_tx_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)514 static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
515 			       unsigned int freq, const u8 *dst,
516 			       const u8 *src, const u8 *bssid,
517 			       const u8 *data, size_t data_len,
518 			       enum offchannel_send_action_result result)
519 {
520 	const char *res_txt;
521 	struct dpp_authentication *auth = wpa_s->dpp_auth;
522 
523 	res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
524 		(result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
525 		 "FAILED");
526 	wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
527 		   " result=%s", freq, MAC2STR(dst), res_txt);
528 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
529 		" freq=%u result=%s", MAC2STR(dst), freq, res_txt);
530 
531 	if (!wpa_s->dpp_auth) {
532 		wpa_printf(MSG_DEBUG,
533 			   "DPP: Ignore TX status since there is no ongoing authentication exchange");
534 		return;
535 	}
536 
537 #ifdef CONFIG_DPP2
538 	if (auth->connect_on_tx_status) {
539 		auth->connect_on_tx_status = 0;
540 		wpa_printf(MSG_DEBUG,
541 			   "DPP: Try to connect after completed configuration result");
542 		wpas_dpp_try_to_connect(wpa_s);
543 		if (auth->conn_status_requested) {
544 			wpa_printf(MSG_DEBUG,
545 				   "DPP: Start 15 second timeout for reporting connection status result");
546 			eloop_cancel_timeout(
547 				wpas_dpp_conn_status_result_timeout,
548 				wpa_s, NULL);
549 			eloop_register_timeout(
550 				15, 0, wpas_dpp_conn_status_result_timeout,
551 				wpa_s, NULL);
552 		} else {
553 			dpp_auth_deinit(wpa_s->dpp_auth);
554 			wpa_s->dpp_auth = NULL;
555 		}
556 		return;
557 	}
558 #endif /* CONFIG_DPP2 */
559 
560 	if (wpa_s->dpp_auth->remove_on_tx_status) {
561 		if (auth->tx_conn_status_result_started) {
562 			wpas_notify_dpp_connection_status_sent(wpa_s, auth->conn_result_status);
563 		}
564 		wpa_printf(MSG_DEBUG,
565 			   "DPP: Terminate authentication exchange due to a request to do so on TX status");
566 		eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
567 		eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
568 		eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s,
569 				     NULL);
570 		eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s,
571 				     NULL);
572 #ifdef CONFIG_DPP2
573 		eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout,
574 				     wpa_s, NULL);
575 #endif /* CONFIG_DPP2 */
576 		offchannel_send_action_done(wpa_s);
577 		dpp_auth_deinit(wpa_s->dpp_auth);
578 		wpa_s->dpp_auth = NULL;
579 		return;
580 	}
581 
582 	if (wpa_s->dpp_auth_ok_on_ack)
583 		wpas_dpp_auth_success(wpa_s, 1);
584 
585 	if (!is_broadcast_ether_addr(dst) &&
586 	    result != OFFCHANNEL_SEND_ACTION_SUCCESS) {
587 		wpa_printf(MSG_DEBUG,
588 			   "DPP: Unicast DPP Action frame was not ACKed");
589 		if (auth->waiting_auth_resp) {
590 			/* In case of DPP Authentication Request frame, move to
591 			 * the next channel immediately. */
592 			offchannel_send_action_done(wpa_s);
593 			/* Call wpas_dpp_auth_init_next(wpa_s) from driver event
594 			 * notifying frame wait was completed or from eloop
595 			 * timeout. */
596 			eloop_register_timeout(0, 10000,
597 					       wpas_dpp_drv_wait_timeout,
598 					       wpa_s, NULL);
599 			return;
600 		}
601 		if (auth->waiting_auth_conf) {
602 			wpas_dpp_auth_resp_retry(wpa_s);
603 			return;
604 		}
605 	}
606 
607 	if (auth->waiting_auth_conf &&
608 	    auth->auth_resp_status == DPP_STATUS_OK) {
609 		/* Make sure we do not get stuck waiting for Auth Confirm
610 		 * indefinitely after successfully transmitted Auth Response to
611 		 * allow new authentication exchanges to be started. */
612 		eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s,
613 				     NULL);
614 		eloop_register_timeout(1, 0, wpas_dpp_auth_conf_wait_timeout,
615 				       wpa_s, NULL);
616 	}
617 
618 	if (!is_broadcast_ether_addr(dst) && auth->waiting_auth_resp &&
619 	    result == OFFCHANNEL_SEND_ACTION_SUCCESS) {
620 		/* Allow timeout handling to stop iteration if no response is
621 		 * received from a peer that has ACKed a request. */
622 		auth->auth_req_ack = 1;
623 	}
624 
625 	if (!wpa_s->dpp_auth_ok_on_ack && wpa_s->dpp_auth->neg_freq > 0 &&
626 	    wpa_s->dpp_auth->curr_freq != wpa_s->dpp_auth->neg_freq) {
627 		wpa_printf(MSG_DEBUG,
628 			   "DPP: Move from curr_freq %u MHz to neg_freq %u MHz for response",
629 			   wpa_s->dpp_auth->curr_freq,
630 			   wpa_s->dpp_auth->neg_freq);
631 		offchannel_send_action_done(wpa_s);
632 		wpa_s->dpp_listen_on_tx_expire = true;
633 		eloop_register_timeout(0, 100000, wpas_dpp_neg_freq_timeout,
634 				       wpa_s, NULL);
635 	}
636 
637 	if (wpa_s->dpp_auth_ok_on_ack)
638 		wpa_s->dpp_auth_ok_on_ack = 0;
639 }
640 
641 
wpas_dpp_reply_wait_timeout(void * eloop_ctx,void * timeout_ctx)642 static void wpas_dpp_reply_wait_timeout(void *eloop_ctx, void *timeout_ctx)
643 {
644 	struct wpa_supplicant *wpa_s = eloop_ctx;
645 	struct dpp_authentication *auth = wpa_s->dpp_auth;
646 	unsigned int freq;
647 	struct os_reltime now, diff;
648 	unsigned int wait_time, diff_ms;
649 
650 	if (!auth || !auth->waiting_auth_resp)
651 		return;
652 
653 	wait_time = wpa_s->dpp_resp_wait_time ?
654 		wpa_s->dpp_resp_wait_time : 2000;
655 	os_get_reltime(&now);
656 	os_reltime_sub(&now, &wpa_s->dpp_last_init, &diff);
657 	diff_ms = diff.sec * 1000 + diff.usec / 1000;
658 	wpa_printf(MSG_DEBUG,
659 		   "DPP: Reply wait timeout - wait_time=%u diff_ms=%u",
660 		   wait_time, diff_ms);
661 
662 	if (auth->auth_req_ack && diff_ms >= wait_time) {
663 		/* Peer ACK'ed Authentication Request frame, but did not reply
664 		 * with Authentication Response frame within two seconds. */
665 		wpa_printf(MSG_INFO,
666 			   "DPP: No response received from responder - stopping initiation attempt");
667 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
668 		wpas_notify_dpp_timeout(wpa_s);
669 		offchannel_send_action_done(wpa_s);
670 		wpas_dpp_listen_stop(wpa_s);
671 		dpp_auth_deinit(auth);
672 		wpa_s->dpp_auth = NULL;
673 		return;
674 	}
675 
676 	if (diff_ms >= wait_time) {
677 		/* Authentication Request frame was not ACK'ed and no reply
678 		 * was receiving within two seconds. */
679 		wpa_printf(MSG_DEBUG,
680 			   "DPP: Continue Initiator channel iteration");
681 		offchannel_send_action_done(wpa_s);
682 		wpas_dpp_listen_stop(wpa_s);
683 		wpas_dpp_auth_init_next(wpa_s);
684 		return;
685 	}
686 
687 	/* Driver did not support 2000 ms long wait_time with TX command, so
688 	 * schedule listen operation to continue waiting for the response.
689 	 *
690 	 * DPP listen operations continue until stopped, so simply schedule a
691 	 * new call to this function at the point when the two second reply
692 	 * wait has expired. */
693 	wait_time -= diff_ms;
694 
695 	freq = auth->curr_freq;
696 	if (auth->neg_freq > 0)
697 		freq = auth->neg_freq;
698 	wpa_printf(MSG_DEBUG,
699 		   "DPP: Continue reply wait on channel %u MHz for %u ms",
700 		   freq, wait_time);
701 	wpa_s->dpp_in_response_listen = 1;
702 	wpas_dpp_listen_start(wpa_s, freq);
703 
704 	eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
705 			       wpas_dpp_reply_wait_timeout, wpa_s, NULL);
706 }
707 
708 
wpas_dpp_auth_conf_wait_timeout(void * eloop_ctx,void * timeout_ctx)709 static void wpas_dpp_auth_conf_wait_timeout(void *eloop_ctx, void *timeout_ctx)
710 {
711 	struct wpa_supplicant *wpa_s = eloop_ctx;
712 	struct dpp_authentication *auth = wpa_s->dpp_auth;
713 
714 	if (!auth || !auth->waiting_auth_conf)
715 		return;
716 
717 	wpa_printf(MSG_DEBUG,
718 		   "DPP: Terminate authentication exchange due to Auth Confirm timeout");
719 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL "No Auth Confirm received");
720 	offchannel_send_action_done(wpa_s);
721 	dpp_auth_deinit(auth);
722 	wpa_s->dpp_auth = NULL;
723 }
724 
725 
wpas_dpp_set_testing_options(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth)726 static void wpas_dpp_set_testing_options(struct wpa_supplicant *wpa_s,
727 					 struct dpp_authentication *auth)
728 {
729 #ifdef CONFIG_TESTING_OPTIONS
730 	if (wpa_s->dpp_config_obj_override)
731 		auth->config_obj_override =
732 			os_strdup(wpa_s->dpp_config_obj_override);
733 	if (wpa_s->dpp_discovery_override)
734 		auth->discovery_override =
735 			os_strdup(wpa_s->dpp_discovery_override);
736 	if (wpa_s->dpp_groups_override)
737 		auth->groups_override =
738 			os_strdup(wpa_s->dpp_groups_override);
739 	auth->ignore_netaccesskey_mismatch =
740 		wpa_s->dpp_ignore_netaccesskey_mismatch;
741 #endif /* CONFIG_TESTING_OPTIONS */
742 }
743 
744 
wpas_dpp_init_timeout(void * eloop_ctx,void * timeout_ctx)745 static void wpas_dpp_init_timeout(void *eloop_ctx, void *timeout_ctx)
746 {
747 	struct wpa_supplicant *wpa_s = eloop_ctx;
748 
749 	if (!wpa_s->dpp_auth)
750 		return;
751 	wpa_printf(MSG_DEBUG, "DPP: Retry initiation after timeout");
752 	wpas_dpp_auth_init_next(wpa_s);
753 }
754 
755 
wpas_dpp_auth_init_next(struct wpa_supplicant * wpa_s)756 static int wpas_dpp_auth_init_next(struct wpa_supplicant *wpa_s)
757 {
758 	struct dpp_authentication *auth = wpa_s->dpp_auth;
759 	const u8 *dst;
760 	unsigned int wait_time, max_wait_time, freq, max_tries, used;
761 	struct os_reltime now, diff;
762 
763 	eloop_cancel_timeout(wpas_dpp_drv_wait_timeout, wpa_s, NULL);
764 
765 	wpa_s->dpp_in_response_listen = 0;
766 	if (!auth)
767 		return -1;
768 
769 	if (auth->freq_idx == 0)
770 		os_get_reltime(&wpa_s->dpp_init_iter_start);
771 
772 	if (auth->freq_idx >= auth->num_freq) {
773 		auth->num_freq_iters++;
774 		if (wpa_s->dpp_init_max_tries)
775 			max_tries = wpa_s->dpp_init_max_tries;
776 		else
777 			max_tries = 5;
778 		if (auth->num_freq_iters >= max_tries || auth->auth_req_ack) {
779 			wpa_printf(MSG_INFO,
780 				   "DPP: No response received from responder - stopping initiation attempt");
781 			wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_AUTH_INIT_FAILED);
782 			wpas_notify_dpp_timeout(wpa_s);
783 			eloop_cancel_timeout(wpas_dpp_reply_wait_timeout,
784 					     wpa_s, NULL);
785 			offchannel_send_action_done(wpa_s);
786 			dpp_auth_deinit(wpa_s->dpp_auth);
787 			wpa_s->dpp_auth = NULL;
788 			return -1;
789 		}
790 		auth->freq_idx = 0;
791 		eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
792 		if (wpa_s->dpp_init_retry_time)
793 			wait_time = wpa_s->dpp_init_retry_time;
794 		else
795 			wait_time = 10000;
796 		os_get_reltime(&now);
797 		os_reltime_sub(&now, &wpa_s->dpp_init_iter_start, &diff);
798 		used = diff.sec * 1000 + diff.usec / 1000;
799 		if (used > wait_time)
800 			wait_time = 0;
801 		else
802 			wait_time -= used;
803 		wpa_printf(MSG_DEBUG, "DPP: Next init attempt in %u ms",
804 			   wait_time);
805 		eloop_register_timeout(wait_time / 1000,
806 				       (wait_time % 1000) * 1000,
807 				       wpas_dpp_init_timeout, wpa_s,
808 				       NULL);
809 		return 0;
810 	}
811 	freq = auth->freq[auth->freq_idx++];
812 	auth->curr_freq = freq;
813 
814 	if (!is_zero_ether_addr(auth->peer_mac_addr))
815 		dst = auth->peer_mac_addr;
816 	else if (is_zero_ether_addr(auth->peer_bi->mac_addr))
817 		dst = broadcast;
818 	else
819 		dst = auth->peer_bi->mac_addr;
820 	wpa_s->dpp_auth_ok_on_ack = 0;
821 	eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
822 	wait_time = wpa_s->max_remain_on_chan;
823 	max_wait_time = wpa_s->dpp_resp_wait_time ?
824 		wpa_s->dpp_resp_wait_time : 2000;
825 	if (wait_time > max_wait_time)
826 		wait_time = max_wait_time;
827 	wait_time += 10; /* give the driver some extra time to complete */
828 	eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
829 			       wpas_dpp_reply_wait_timeout,
830 			       wpa_s, NULL);
831 	wait_time -= 10;
832 	if (auth->neg_freq > 0 && freq != auth->neg_freq) {
833 		wpa_printf(MSG_DEBUG,
834 			   "DPP: Initiate on %u MHz and move to neg_freq %u MHz for response",
835 			   freq, auth->neg_freq);
836 	}
837 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
838 		MAC2STR(dst), freq, DPP_PA_AUTHENTICATION_REQ);
839 	auth->auth_req_ack = 0;
840 	os_get_reltime(&wpa_s->dpp_last_init);
841 	return offchannel_send_action(wpa_s, freq, dst,
842 				      wpa_s->own_addr, broadcast,
843 				      wpabuf_head(auth->req_msg),
844 				      wpabuf_len(auth->req_msg),
845 				      wait_time, wpas_dpp_tx_status, 0);
846 }
847 
848 
wpas_dpp_auth_init(struct wpa_supplicant * wpa_s,const char * cmd)849 int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd)
850 {
851 	const char *pos;
852 	struct dpp_bootstrap_info *peer_bi, *own_bi = NULL;
853 	struct dpp_authentication *auth;
854 	u8 allowed_roles = DPP_CAPAB_CONFIGURATOR;
855 	unsigned int neg_freq = 0;
856 	int tcp = 0;
857 #ifdef CONFIG_DPP2
858 	int tcp_port = DPP_TCP_PORT;
859 	struct hostapd_ip_addr ipaddr;
860 	char *addr;
861 #endif /* CONFIG_DPP2 */
862 
863 	wpa_s->dpp_gas_client = 0;
864 	wpa_s->dpp_gas_server = 0;
865 
866 	pos = os_strstr(cmd, " peer=");
867 	if (!pos)
868 		return -1;
869 	pos += 6;
870 	peer_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
871 	if (!peer_bi) {
872 		wpa_printf(MSG_INFO,
873 			   "DPP: Could not find bootstrapping info for the identified peer");
874 		return -1;
875 	}
876 
877 #ifdef CONFIG_DPP2
878 	pos = os_strstr(cmd, " tcp_port=");
879 	if (pos) {
880 		pos += 10;
881 		tcp_port = atoi(pos);
882 	}
883 
884 	addr = get_param(cmd, " tcp_addr=");
885 	if (addr && os_strcmp(addr, "from-uri") == 0) {
886 		os_free(addr);
887 		if (!peer_bi->host) {
888 			wpa_printf(MSG_INFO,
889 				   "DPP: TCP address not available in peer URI");
890 			return -1;
891 		}
892 		tcp = 1;
893 		os_memcpy(&ipaddr, peer_bi->host, sizeof(ipaddr));
894 		tcp_port = peer_bi->port;
895 	} else if (addr) {
896 		int res;
897 
898 		res = hostapd_parse_ip_addr(addr, &ipaddr);
899 		os_free(addr);
900 		if (res)
901 			return -1;
902 		tcp = 1;
903 	}
904 #endif /* CONFIG_DPP2 */
905 
906 	pos = os_strstr(cmd, " own=");
907 	if (pos) {
908 		pos += 5;
909 		own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
910 		if (!own_bi) {
911 			wpa_printf(MSG_INFO,
912 				   "DPP: Could not find bootstrapping info for the identified local entry");
913 			return -1;
914 		}
915 
916 		if (peer_bi->curve != own_bi->curve) {
917 			wpa_printf(MSG_INFO,
918 				   "DPP: Mismatching curves in bootstrapping info (peer=%s own=%s)",
919 				   peer_bi->curve->name, own_bi->curve->name);
920 			return -1;
921 		}
922 	}
923 
924 	pos = os_strstr(cmd, " role=");
925 	if (pos) {
926 		pos += 6;
927 		if (os_strncmp(pos, "configurator", 12) == 0)
928 			allowed_roles = DPP_CAPAB_CONFIGURATOR;
929 		else if (os_strncmp(pos, "enrollee", 8) == 0)
930 			allowed_roles = DPP_CAPAB_ENROLLEE;
931 		else if (os_strncmp(pos, "either", 6) == 0)
932 			allowed_roles = DPP_CAPAB_CONFIGURATOR |
933 				DPP_CAPAB_ENROLLEE;
934 		else
935 			goto fail;
936 	}
937 
938 	pos = os_strstr(cmd, " netrole=");
939 	if (pos) {
940 		pos += 9;
941 		if (os_strncmp(pos, "ap", 2) == 0)
942 			wpa_s->dpp_netrole = DPP_NETROLE_AP;
943 		else if (os_strncmp(pos, "configurator", 12) == 0)
944 			wpa_s->dpp_netrole = DPP_NETROLE_CONFIGURATOR;
945 		else
946 			wpa_s->dpp_netrole = DPP_NETROLE_STA;
947 	} else {
948 		wpa_s->dpp_netrole = DPP_NETROLE_STA;
949 	}
950 
951 	pos = os_strstr(cmd, " neg_freq=");
952 	if (pos)
953 		neg_freq = atoi(pos + 10);
954 
955 	if (!tcp && wpa_s->dpp_auth) {
956 		eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
957 		eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
958 		eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s,
959 				     NULL);
960 		eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s,
961 				     NULL);
962 #ifdef CONFIG_DPP2
963 		eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout,
964 				     wpa_s, NULL);
965 #endif /* CONFIG_DPP2 */
966 		offchannel_send_action_done(wpa_s);
967 		dpp_auth_deinit(wpa_s->dpp_auth);
968 		wpa_s->dpp_auth = NULL;
969 	}
970 
971 	auth = dpp_auth_init(wpa_s->dpp, wpa_s, peer_bi, own_bi, allowed_roles,
972 			     neg_freq, wpa_s->hw.modes, wpa_s->hw.num_modes);
973 	if (!auth)
974 		goto fail;
975 	wpas_dpp_set_testing_options(wpa_s, auth);
976 	if (dpp_set_configurator(auth, cmd) < 0) {
977 		dpp_auth_deinit(auth);
978 		goto fail;
979 	}
980 
981 	auth->neg_freq = neg_freq;
982 
983 	if (!is_zero_ether_addr(peer_bi->mac_addr))
984 		os_memcpy(auth->peer_mac_addr, peer_bi->mac_addr, ETH_ALEN);
985 
986 #ifdef CONFIG_DPP2
987 	if (tcp)
988 		return dpp_tcp_init(wpa_s->dpp, auth, &ipaddr, tcp_port,
989 				    wpa_s->conf->dpp_name, DPP_NETROLE_STA,
990 				    wpa_s->conf->dpp_mud_url,
991 				    wpa_s->conf->dpp_extra_conf_req_name,
992 				    wpa_s->conf->dpp_extra_conf_req_value,
993 				    wpa_s, wpa_s, wpas_dpp_process_conf_obj,
994 				    wpas_dpp_tcp_msg_sent);
995 #endif /* CONFIG_DPP2 */
996 
997 	wpa_s->dpp_auth = auth;
998 	return wpas_dpp_auth_init_next(wpa_s);
999 fail:
1000 	return -1;
1001 }
1002 
1003 
1004 struct wpas_dpp_listen_work {
1005 	unsigned int freq;
1006 	unsigned int duration;
1007 	struct wpabuf *probe_resp_ie;
1008 };
1009 
1010 
wpas_dpp_listen_work_free(struct wpas_dpp_listen_work * lwork)1011 static void wpas_dpp_listen_work_free(struct wpas_dpp_listen_work *lwork)
1012 {
1013 	if (!lwork)
1014 		return;
1015 	os_free(lwork);
1016 }
1017 
1018 
wpas_dpp_listen_work_done(struct wpa_supplicant * wpa_s)1019 static void wpas_dpp_listen_work_done(struct wpa_supplicant *wpa_s)
1020 {
1021 	struct wpas_dpp_listen_work *lwork;
1022 
1023 	if (!wpa_s->dpp_listen_work)
1024 		return;
1025 
1026 	lwork = wpa_s->dpp_listen_work->ctx;
1027 	wpas_dpp_listen_work_free(lwork);
1028 	radio_work_done(wpa_s->dpp_listen_work);
1029 	wpa_s->dpp_listen_work = NULL;
1030 }
1031 
1032 
dpp_start_listen_cb(struct wpa_radio_work * work,int deinit)1033 static void dpp_start_listen_cb(struct wpa_radio_work *work, int deinit)
1034 {
1035 	struct wpa_supplicant *wpa_s = work->wpa_s;
1036 	struct wpas_dpp_listen_work *lwork = work->ctx;
1037 
1038 	if (deinit) {
1039 		if (work->started) {
1040 			wpa_s->dpp_listen_work = NULL;
1041 			wpas_dpp_listen_stop(wpa_s);
1042 		}
1043 		wpas_dpp_listen_work_free(lwork);
1044 		return;
1045 	}
1046 
1047 	wpa_s->dpp_listen_work = work;
1048 
1049 	wpa_s->dpp_pending_listen_freq = lwork->freq;
1050 
1051 	if (wpa_drv_remain_on_channel(wpa_s, lwork->freq,
1052 				      wpa_s->max_remain_on_chan) < 0) {
1053 		wpa_printf(MSG_DEBUG,
1054 			   "DPP: Failed to request the driver to remain on channel (%u MHz) for listen",
1055 			   lwork->freq);
1056 		wpa_s->dpp_listen_freq = 0;
1057 		wpas_dpp_listen_work_done(wpa_s);
1058 		wpa_s->dpp_pending_listen_freq = 0;
1059 		return;
1060 	}
1061 	wpa_s->off_channel_freq = 0;
1062 	wpa_s->roc_waiting_drv_freq = lwork->freq;
1063 	wpa_drv_dpp_listen(wpa_s, true);
1064 	wpa_s->dpp_tx_auth_resp_on_roc_stop = false;
1065 	wpa_s->dpp_tx_chan_change = false;
1066 }
1067 
1068 
wpas_dpp_listen_start(struct wpa_supplicant * wpa_s,unsigned int freq)1069 static int wpas_dpp_listen_start(struct wpa_supplicant *wpa_s,
1070 				 unsigned int freq)
1071 {
1072 	struct wpas_dpp_listen_work *lwork;
1073 
1074 	if (wpa_s->dpp_listen_work) {
1075 		wpa_printf(MSG_DEBUG,
1076 			   "DPP: Reject start_listen since dpp_listen_work already exists");
1077 		return -1;
1078 	}
1079 
1080 	if (wpa_s->dpp_listen_freq)
1081 		wpas_dpp_listen_stop(wpa_s);
1082 	wpa_s->dpp_listen_freq = freq;
1083 
1084 	lwork = os_zalloc(sizeof(*lwork));
1085 	if (!lwork)
1086 		return -1;
1087 	lwork->freq = freq;
1088 
1089 	if (radio_add_work(wpa_s, freq, "dpp-listen", 0, dpp_start_listen_cb,
1090 			   lwork) < 0) {
1091 		wpas_dpp_listen_work_free(lwork);
1092 		return -1;
1093 	}
1094 
1095 	return 0;
1096 }
1097 
1098 
wpas_dpp_listen(struct wpa_supplicant * wpa_s,const char * cmd)1099 int wpas_dpp_listen(struct wpa_supplicant *wpa_s, const char *cmd)
1100 {
1101 	int freq;
1102 
1103 	freq = atoi(cmd);
1104 	if (freq <= 0)
1105 		return -1;
1106 
1107 	if (os_strstr(cmd, " role=configurator"))
1108 		wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR;
1109 	else if (os_strstr(cmd, " role=enrollee"))
1110 		wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
1111 	else
1112 		wpa_s->dpp_allowed_roles = DPP_CAPAB_CONFIGURATOR |
1113 			DPP_CAPAB_ENROLLEE;
1114 	wpa_s->dpp_qr_mutual = os_strstr(cmd, " qr=mutual") != NULL;
1115 	if (os_strstr(cmd, " netrole=ap"))
1116 		wpa_s->dpp_netrole = DPP_NETROLE_AP;
1117 	else if (os_strstr(cmd, " netrole=configurator"))
1118 		wpa_s->dpp_netrole = DPP_NETROLE_CONFIGURATOR;
1119 	else
1120 		wpa_s->dpp_netrole = DPP_NETROLE_STA;
1121 	if (wpa_s->dpp_listen_freq == (unsigned int) freq) {
1122 		wpa_printf(MSG_DEBUG, "DPP: Already listening on %u MHz",
1123 			   freq);
1124 		return 0;
1125 	}
1126 
1127 	return wpas_dpp_listen_start(wpa_s, freq);
1128 }
1129 
1130 
wpas_dpp_listen_stop(struct wpa_supplicant * wpa_s)1131 void wpas_dpp_listen_stop(struct wpa_supplicant *wpa_s)
1132 {
1133 	wpa_s->dpp_in_response_listen = 0;
1134 	if (!wpa_s->dpp_listen_freq)
1135 		return;
1136 
1137 	wpa_printf(MSG_DEBUG, "DPP: Stop listen on %u MHz",
1138 		   wpa_s->dpp_listen_freq);
1139 	wpa_drv_cancel_remain_on_channel(wpa_s);
1140 	wpa_drv_dpp_listen(wpa_s, false);
1141 	wpa_s->dpp_listen_freq = 0;
1142 	wpas_dpp_listen_work_done(wpa_s);
1143 	radio_remove_works(wpa_s, "dpp-listen", 0);
1144 }
1145 
1146 
wpas_dpp_remain_on_channel_cb(struct wpa_supplicant * wpa_s,unsigned int freq,unsigned int duration)1147 void wpas_dpp_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
1148 				   unsigned int freq, unsigned int duration)
1149 {
1150 	if (wpa_s->dpp_listen_freq != freq)
1151 		return;
1152 
1153 	wpa_printf(MSG_DEBUG,
1154 		   "DPP: Remain-on-channel started for listen on %u MHz for %u ms",
1155 		   freq, duration);
1156 	os_get_reltime(&wpa_s->dpp_listen_end);
1157 	wpa_s->dpp_listen_end.usec += duration * 1000;
1158 	while (wpa_s->dpp_listen_end.usec >= 1000000) {
1159 		wpa_s->dpp_listen_end.sec++;
1160 		wpa_s->dpp_listen_end.usec -= 1000000;
1161 	}
1162 }
1163 
1164 
wpas_dpp_tx_auth_resp(struct wpa_supplicant * wpa_s)1165 static void wpas_dpp_tx_auth_resp(struct wpa_supplicant *wpa_s)
1166 {
1167 	struct dpp_authentication *auth = wpa_s->dpp_auth;
1168 
1169 	if (!auth)
1170 		return;
1171 
1172 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
1173 		MAC2STR(auth->peer_mac_addr), auth->curr_freq,
1174 		DPP_PA_AUTHENTICATION_RESP);
1175 	offchannel_send_action(wpa_s, auth->curr_freq,
1176 			       auth->peer_mac_addr, wpa_s->own_addr, broadcast,
1177 			       wpabuf_head(auth->resp_msg),
1178 			       wpabuf_len(auth->resp_msg),
1179 			       500, wpas_dpp_tx_status, 0);
1180 }
1181 
1182 
wpas_dpp_tx_auth_resp_roc_timeout(void * eloop_ctx,void * timeout_ctx)1183 static void wpas_dpp_tx_auth_resp_roc_timeout(void *eloop_ctx,
1184 					      void *timeout_ctx)
1185 {
1186 	struct wpa_supplicant *wpa_s = eloop_ctx;
1187 	struct dpp_authentication *auth = wpa_s->dpp_auth;
1188 
1189 	if (!auth || !wpa_s->dpp_tx_auth_resp_on_roc_stop)
1190 		return;
1191 
1192 	wpa_s->dpp_tx_auth_resp_on_roc_stop = false;
1193 	wpa_s->dpp_tx_chan_change = true;
1194 	wpa_printf(MSG_DEBUG,
1195 		   "DPP: Send postponed Authentication Response on remain-on-channel termination timeout");
1196 	wpas_dpp_tx_auth_resp(wpa_s);
1197 }
1198 
1199 
wpas_dpp_cancel_remain_on_channel_cb(struct wpa_supplicant * wpa_s,unsigned int freq)1200 void wpas_dpp_cancel_remain_on_channel_cb(struct wpa_supplicant *wpa_s,
1201 					  unsigned int freq)
1202 {
1203 	wpa_printf(MSG_DEBUG, "DPP: Remain on channel cancel for %u MHz", freq);
1204 	wpas_dpp_listen_work_done(wpa_s);
1205 
1206 	if (wpa_s->dpp_auth && wpa_s->dpp_tx_auth_resp_on_roc_stop) {
1207 		eloop_cancel_timeout(wpas_dpp_tx_auth_resp_roc_timeout,
1208 				     wpa_s, NULL);
1209 		wpa_s->dpp_tx_auth_resp_on_roc_stop = false;
1210 		wpa_s->dpp_tx_chan_change = true;
1211 		wpa_printf(MSG_DEBUG,
1212 			   "DPP: Send postponed Authentication Response on remain-on-channel termination");
1213 		wpas_dpp_tx_auth_resp(wpa_s);
1214 		return;
1215 	}
1216 
1217 	if (wpa_s->dpp_auth && wpa_s->dpp_in_response_listen) {
1218 		unsigned int new_freq;
1219 
1220 		/* Continue listen with a new remain-on-channel */
1221 		if (wpa_s->dpp_auth->neg_freq > 0)
1222 			new_freq = wpa_s->dpp_auth->neg_freq;
1223 		else
1224 			new_freq = wpa_s->dpp_auth->curr_freq;
1225 		wpa_printf(MSG_DEBUG,
1226 			   "DPP: Continue wait on %u MHz for the ongoing DPP provisioning session",
1227 			   new_freq);
1228 		wpas_dpp_listen_start(wpa_s, new_freq);
1229 		return;
1230 	}
1231 
1232 	if (wpa_s->dpp_listen_freq) {
1233 		/* Continue listen with a new remain-on-channel */
1234 		wpas_dpp_listen_start(wpa_s, wpa_s->dpp_listen_freq);
1235 	}
1236 }
1237 
1238 
wpas_dpp_rx_auth_req(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)1239 static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
1240 				 const u8 *hdr, const u8 *buf, size_t len,
1241 				 unsigned int freq)
1242 {
1243 	const u8 *r_bootstrap, *i_bootstrap;
1244 	u16 r_bootstrap_len, i_bootstrap_len;
1245 	struct dpp_bootstrap_info *own_bi = NULL, *peer_bi = NULL;
1246 
1247 	if (!wpa_s->dpp)
1248 		return;
1249 
1250 	wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR,
1251 		   MAC2STR(src));
1252 
1253 #ifdef CONFIG_DPP2
1254 	wpas_dpp_chirp_stop(wpa_s);
1255 #endif /* CONFIG_DPP2 */
1256 
1257 	r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
1258 				   &r_bootstrap_len);
1259 	if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
1260 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1261 			"Missing or invalid required Responder Bootstrapping Key Hash attribute");
1262 		return;
1263 	}
1264 	wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
1265 		    r_bootstrap, r_bootstrap_len);
1266 
1267 	i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
1268 				   &i_bootstrap_len);
1269 	if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) {
1270 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1271 			"Missing or invalid required Initiator Bootstrapping Key Hash attribute");
1272 		return;
1273 	}
1274 	wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash",
1275 		    i_bootstrap, i_bootstrap_len);
1276 
1277 	/* Try to find own and peer bootstrapping key matches based on the
1278 	 * received hash values */
1279 	dpp_bootstrap_find_pair(wpa_s->dpp, i_bootstrap, r_bootstrap,
1280 				&own_bi, &peer_bi);
1281 	if (!own_bi) {
1282 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1283 			"No matching own bootstrapping key found - ignore message");
1284 		return;
1285 	}
1286 
1287 	if (own_bi->type == DPP_BOOTSTRAP_PKEX) {
1288 		if (!peer_bi || peer_bi->type != DPP_BOOTSTRAP_PKEX) {
1289 			wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1290 				"No matching peer bootstrapping key found for PKEX - ignore message");
1291 			return;
1292 		}
1293 
1294 		if (os_memcmp(peer_bi->pubkey_hash, own_bi->peer_pubkey_hash,
1295 			      SHA256_MAC_LEN) != 0) {
1296 			wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1297 				"Mismatching peer PKEX bootstrapping key - ignore message");
1298 			return;
1299 		}
1300 	}
1301 
1302 	if (wpa_s->dpp_auth) {
1303 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
1304 			"Already in DPP authentication exchange - ignore new one");
1305 		return;
1306 	}
1307 
1308 	wpa_s->dpp_pkex_wait_auth_req = false;
1309 	wpa_s->dpp_gas_client = 0;
1310 	wpa_s->dpp_gas_server = 0;
1311 	wpa_s->dpp_auth_ok_on_ack = 0;
1312 	wpa_s->dpp_auth = dpp_auth_req_rx(wpa_s->dpp, wpa_s,
1313 					  wpa_s->dpp_allowed_roles,
1314 					  wpa_s->dpp_qr_mutual,
1315 					  peer_bi, own_bi, freq, hdr, buf, len);
1316 	if (!wpa_s->dpp_auth) {
1317 		wpa_printf(MSG_DEBUG, "DPP: No response generated");
1318 		return;
1319 	}
1320 	wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
1321 	if (dpp_set_configurator(wpa_s->dpp_auth,
1322 				 wpa_s->dpp_configurator_params) < 0) {
1323 		dpp_auth_deinit(wpa_s->dpp_auth);
1324 		wpa_s->dpp_auth = NULL;
1325 		return;
1326 	}
1327 	os_memcpy(wpa_s->dpp_auth->peer_mac_addr, src, ETH_ALEN);
1328 
1329 	if (wpa_s->dpp_listen_freq &&
1330 	    wpa_s->dpp_listen_freq != wpa_s->dpp_auth->curr_freq) {
1331 		wpa_printf(MSG_DEBUG,
1332 			   "DPP: Stop listen on %u MHz to allow response on the request %u MHz",
1333 			   wpa_s->dpp_listen_freq, wpa_s->dpp_auth->curr_freq);
1334 		wpa_s->dpp_tx_auth_resp_on_roc_stop = true;
1335 		eloop_register_timeout(0, 100000,
1336 				       wpas_dpp_tx_auth_resp_roc_timeout,
1337 				       wpa_s, NULL);
1338 		wpas_dpp_listen_stop(wpa_s);
1339 		return;
1340 	}
1341 	wpa_s->dpp_tx_auth_resp_on_roc_stop = false;
1342 	wpa_s->dpp_tx_chan_change = false;
1343 
1344 	wpas_dpp_tx_auth_resp(wpa_s);
1345 }
1346 
1347 
wpas_dpp_tx_wait_expire(struct wpa_supplicant * wpa_s)1348 void wpas_dpp_tx_wait_expire(struct wpa_supplicant *wpa_s)
1349 {
1350 	struct dpp_authentication *auth = wpa_s->dpp_auth;
1351 	int freq;
1352 
1353 #ifdef CONFIG_DPP3
1354 	if (wpa_s->dpp_pb_announcement && wpa_s->dpp_pb_discovery_done) {
1355 		wpa_printf(MSG_DEBUG,
1356 			   "DPP: Failed to send push button announcement");
1357 		if (eloop_register_timeout(0, 0, wpas_dpp_pb_next,
1358 					   wpa_s, NULL) < 0)
1359 			wpas_dpp_push_button_stop(wpa_s);
1360 	}
1361 #endif /* CONFIG_DPP3 */
1362 
1363 	if (wpa_s->dpp_listen_on_tx_expire && auth && auth->neg_freq) {
1364 		wpa_printf(MSG_DEBUG,
1365 			   "DPP: Start listen on neg_freq %u MHz based on TX wait expiration on the previous channel",
1366 			   auth->neg_freq);
1367 		eloop_cancel_timeout(wpas_dpp_neg_freq_timeout, wpa_s, NULL);
1368 		wpas_dpp_listen_start(wpa_s, auth->neg_freq);
1369 		return;
1370 	}
1371 
1372 	if (!wpa_s->dpp_gas_server || !auth) {
1373 		if (auth && auth->waiting_auth_resp &&
1374 		    eloop_is_timeout_registered(wpas_dpp_drv_wait_timeout,
1375 						wpa_s, NULL)) {
1376 			eloop_cancel_timeout(wpas_dpp_drv_wait_timeout,
1377 					     wpa_s, NULL);
1378 			wpa_printf(MSG_DEBUG,
1379 				   "DPP: Call wpas_dpp_auth_init_next() from %s",
1380 				   __func__);
1381 			wpas_dpp_auth_init_next(wpa_s);
1382 		}
1383 		return;
1384 	}
1385 
1386 	freq = auth->neg_freq > 0 ? auth->neg_freq : auth->curr_freq;
1387 	if (wpa_s->dpp_listen_work || (int) wpa_s->dpp_listen_freq == freq)
1388 		return; /* listen state is already in progress */
1389 
1390 	wpa_printf(MSG_DEBUG, "DPP: Start listen on %u MHz for GAS", freq);
1391 	wpa_s->dpp_in_response_listen = 1;
1392 	wpas_dpp_listen_start(wpa_s, freq);
1393 }
1394 
1395 
wpas_dpp_start_gas_server(struct wpa_supplicant * wpa_s)1396 static void wpas_dpp_start_gas_server(struct wpa_supplicant *wpa_s)
1397 {
1398 	struct dpp_authentication *auth = wpa_s->dpp_auth;
1399 
1400 	wpa_printf(MSG_DEBUG,
1401 		   "DPP: Starting GAS server (curr_freq=%d neg_freq=%d dpp_listen_freq=%d dpp_listen_work=%d)",
1402 		   auth->curr_freq, auth->neg_freq, wpa_s->dpp_listen_freq,
1403 		   !!wpa_s->dpp_listen_work);
1404 	wpa_s->dpp_gas_server = 1;
1405 }
1406 
1407 
wpas_dpp_add_network(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth,struct dpp_config_obj * conf)1408 static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
1409 					      struct dpp_authentication *auth,
1410 					      struct dpp_config_obj *conf)
1411 {
1412 	struct wpa_ssid *ssid;
1413 
1414 #ifdef CONFIG_DPP2
1415 	if (conf->akm == DPP_AKM_SAE) {
1416 #ifdef CONFIG_SAE
1417 		struct wpa_driver_capa capa;
1418 		int res;
1419 
1420 		res = wpa_drv_get_capa(wpa_s, &capa);
1421 		if (res == 0 &&
1422 		    !(capa.key_mgmt_iftype[WPA_IF_STATION] &
1423 		      WPA_DRIVER_CAPA_KEY_MGMT_SAE) &&
1424 		    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE)) {
1425 			wpa_printf(MSG_DEBUG,
1426 				   "DPP: SAE not supported by the driver");
1427 			return NULL;
1428 		}
1429 #else /* CONFIG_SAE */
1430 		wpa_printf(MSG_DEBUG, "DPP: SAE not supported in the build");
1431 		return NULL;
1432 #endif /* CONFIG_SAE */
1433 	}
1434 #endif /* CONFIG_DPP2 */
1435 
1436 	ssid = wpa_config_add_network(wpa_s->conf);
1437 	if (!ssid)
1438 		return NULL;
1439 	wpas_notify_network_added(wpa_s, ssid);
1440 	wpa_config_set_network_defaults(ssid);
1441 	ssid->disabled = 1;
1442 
1443 	ssid->ssid = os_malloc(conf->ssid_len);
1444 	if (!ssid->ssid)
1445 		goto fail;
1446 	os_memcpy(ssid->ssid, conf->ssid, conf->ssid_len);
1447 	ssid->ssid_len = conf->ssid_len;
1448 
1449 #ifdef CONFIG_DPP3
1450 	if (conf->akm == DPP_AKM_SAE && conf->password_id[0]) {
1451 		size_t len = os_strlen(conf->password_id);
1452 
1453 		ssid->sae_password_id = os_zalloc(len + 1);
1454 		if (!ssid->sae_password_id)
1455 			goto fail;
1456 		os_memcpy(ssid->sae_password_id, conf->password_id, len);
1457 	}
1458 #endif /* CONFIG_DPP3 */
1459 
1460 	if (conf->connector) {
1461 		if (dpp_akm_dpp(conf->akm)) {
1462 			ssid->key_mgmt = WPA_KEY_MGMT_DPP;
1463 			ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
1464 		}
1465 		ssid->dpp_connector = os_strdup(conf->connector);
1466 		if (!ssid->dpp_connector)
1467 			goto fail;
1468 
1469 		ssid->dpp_connector_privacy =
1470 			wpa_s->conf->dpp_connector_privacy_default;
1471 	}
1472 
1473 	if (conf->c_sign_key) {
1474 		ssid->dpp_csign = os_malloc(wpabuf_len(conf->c_sign_key));
1475 		if (!ssid->dpp_csign)
1476 			goto fail;
1477 		os_memcpy(ssid->dpp_csign, wpabuf_head(conf->c_sign_key),
1478 			  wpabuf_len(conf->c_sign_key));
1479 		ssid->dpp_csign_len = wpabuf_len(conf->c_sign_key);
1480 	}
1481 
1482 	if (conf->pp_key) {
1483 		ssid->dpp_pp_key = os_malloc(wpabuf_len(conf->pp_key));
1484 		if (!ssid->dpp_pp_key)
1485 			goto fail;
1486 		os_memcpy(ssid->dpp_pp_key, wpabuf_head(conf->pp_key),
1487 			  wpabuf_len(conf->pp_key));
1488 		ssid->dpp_pp_key_len = wpabuf_len(conf->pp_key);
1489 	}
1490 
1491 	if (auth->net_access_key) {
1492 		ssid->dpp_netaccesskey =
1493 			os_malloc(wpabuf_len(auth->net_access_key));
1494 		if (!ssid->dpp_netaccesskey)
1495 			goto fail;
1496 		os_memcpy(ssid->dpp_netaccesskey,
1497 			  wpabuf_head(auth->net_access_key),
1498 			  wpabuf_len(auth->net_access_key));
1499 		ssid->dpp_netaccesskey_len = wpabuf_len(auth->net_access_key);
1500 		ssid->dpp_netaccesskey_expiry = auth->net_access_key_expiry;
1501 	}
1502 
1503 	if (!conf->connector || dpp_akm_psk(conf->akm) ||
1504 	    dpp_akm_sae(conf->akm)) {
1505 		if (!conf->connector || !dpp_akm_dpp(conf->akm))
1506 			ssid->key_mgmt = 0;
1507 		if (dpp_akm_psk(conf->akm))
1508 			ssid->key_mgmt |= WPA_KEY_MGMT_PSK |
1509 				WPA_KEY_MGMT_PSK_SHA256 | WPA_KEY_MGMT_FT_PSK;
1510 		if (dpp_akm_sae(conf->akm))
1511 			ssid->key_mgmt |= WPA_KEY_MGMT_SAE |
1512 				WPA_KEY_MGMT_FT_SAE;
1513 		if (dpp_akm_psk(conf->akm))
1514 			ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
1515 		else
1516 			ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
1517 		if (conf->passphrase[0] && dpp_akm_psk(conf->akm)) {
1518 			if (wpa_config_set_quoted(ssid, "psk",
1519 						  conf->passphrase) < 0)
1520 				goto fail;
1521 			wpa_config_update_psk(ssid);
1522 			ssid->export_keys = 1;
1523 		} else if (conf->passphrase[0] && dpp_akm_sae(conf->akm)) {
1524 			if (wpa_config_set_quoted(ssid, "sae_password",
1525 						  conf->passphrase) < 0)
1526 				goto fail;
1527 			ssid->export_keys = 1;
1528 		} else {
1529 			ssid->psk_set = conf->psk_set;
1530 			os_memcpy(ssid->psk, conf->psk, PMK_LEN);
1531 		}
1532 	}
1533 
1534 #if defined(CONFIG_DPP2) && defined(IEEE8021X_EAPOL)
1535 	if (conf->akm == DPP_AKM_DOT1X) {
1536 		int i;
1537 		char name[100], blobname[128];
1538 		struct wpa_config_blob *blob;
1539 
1540 		ssid->key_mgmt = WPA_KEY_MGMT_IEEE8021X |
1541 			WPA_KEY_MGMT_IEEE8021X_SHA256 |
1542 			WPA_KEY_MGMT_IEEE8021X_SHA384;
1543 		ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
1544 
1545 		if (conf->cacert) {
1546 			/* caCert is DER-encoded X.509v3 certificate for the
1547 			 * server certificate if that is different from the
1548 			 * trust root included in certBag. */
1549 			/* TODO: ssid->eap.cert.ca_cert */
1550 		}
1551 
1552 		if (conf->certs) {
1553 			for (i = 0; ; i++) {
1554 				os_snprintf(name, sizeof(name), "dpp-certs-%d",
1555 					    i);
1556 				if (!wpa_config_get_blob(wpa_s->conf, name))
1557 					break;
1558 			}
1559 
1560 			blob = os_zalloc(sizeof(*blob));
1561 			if (!blob)
1562 				goto fail;
1563 			blob->len = wpabuf_len(conf->certs);
1564 			blob->name = os_strdup(name);
1565 			blob->data = os_malloc(blob->len);
1566 			if (!blob->name || !blob->data) {
1567 				wpa_config_free_blob(blob);
1568 				goto fail;
1569 			}
1570 			os_memcpy(blob->data, wpabuf_head(conf->certs),
1571 				  blob->len);
1572 			os_snprintf(blobname, sizeof(blobname), "blob://%s",
1573 				    name);
1574 			wpa_config_set_blob(wpa_s->conf, blob);
1575 			wpa_printf(MSG_DEBUG, "DPP: Added certificate blob %s",
1576 				   name);
1577 			ssid->eap.cert.client_cert = os_strdup(blobname);
1578 			if (!ssid->eap.cert.client_cert)
1579 				goto fail;
1580 
1581 			/* TODO: ssid->eap.identity from own certificate */
1582 			if (wpa_config_set(ssid, "identity", "\"dpp-ent\"",
1583 					   0) < 0)
1584 				goto fail;
1585 		}
1586 
1587 		if (auth->priv_key) {
1588 			for (i = 0; ; i++) {
1589 				os_snprintf(name, sizeof(name), "dpp-key-%d",
1590 					    i);
1591 				if (!wpa_config_get_blob(wpa_s->conf, name))
1592 					break;
1593 			}
1594 
1595 			blob = os_zalloc(sizeof(*blob));
1596 			if (!blob)
1597 				goto fail;
1598 			blob->len = wpabuf_len(auth->priv_key);
1599 			blob->name = os_strdup(name);
1600 			blob->data = os_malloc(blob->len);
1601 			if (!blob->name || !blob->data) {
1602 				wpa_config_free_blob(blob);
1603 				goto fail;
1604 			}
1605 			os_memcpy(blob->data, wpabuf_head(auth->priv_key),
1606 				  blob->len);
1607 			os_snprintf(blobname, sizeof(blobname), "blob://%s",
1608 				    name);
1609 			wpa_config_set_blob(wpa_s->conf, blob);
1610 			wpa_printf(MSG_DEBUG, "DPP: Added private key blob %s",
1611 				   name);
1612 			ssid->eap.cert.private_key = os_strdup(blobname);
1613 			if (!ssid->eap.cert.private_key)
1614 				goto fail;
1615 		}
1616 
1617 		if (conf->server_name) {
1618 			ssid->eap.cert.domain_suffix_match =
1619 				os_strdup(conf->server_name);
1620 			if (!ssid->eap.cert.domain_suffix_match)
1621 				goto fail;
1622 		}
1623 
1624 		/* TODO: Use entCreds::eapMethods */
1625 		if (wpa_config_set(ssid, "eap", "TLS", 0) < 0)
1626 			goto fail;
1627 	}
1628 #endif /* CONFIG_DPP2 && IEEE8021X_EAPOL */
1629 
1630 	os_memcpy(wpa_s->dpp_last_ssid, conf->ssid, conf->ssid_len);
1631 	wpa_s->dpp_last_ssid_len = conf->ssid_len;
1632 
1633 	return ssid;
1634 fail:
1635 	wpas_notify_network_removed(wpa_s, ssid);
1636 	wpa_config_remove_network(wpa_s->conf, ssid->id);
1637 	return NULL;
1638 }
1639 
1640 
wpas_dpp_process_config(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth,struct dpp_config_obj * conf)1641 static int wpas_dpp_process_config(struct wpa_supplicant *wpa_s,
1642 				   struct dpp_authentication *auth,
1643 				   struct dpp_config_obj *conf)
1644 {
1645 	struct wpa_ssid *ssid;
1646 
1647 	if (wpa_s->conf->dpp_config_processing < 1)
1648 		return 0;
1649 
1650 	ssid = wpas_dpp_add_network(wpa_s, auth, conf);
1651 	if (!ssid)
1652 		return -1;
1653 
1654 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_NETWORK_ID "%d", ssid->id);
1655 
1656 	wpas_notify_dpp_config_received(wpa_s, ssid, auth->conn_status_requested ? 1 : 0);
1657 
1658 	if (wpa_s->conf->dpp_config_processing == 2)
1659 		ssid->disabled = 0;
1660 
1661 #ifndef CONFIG_NO_CONFIG_WRITE
1662 	if (wpa_s->conf->update_config &&
1663 	    wpa_config_write(wpa_s->confname, wpa_s->conf))
1664 		wpa_printf(MSG_DEBUG, "DPP: Failed to update configuration");
1665 #endif /* CONFIG_NO_CONFIG_WRITE */
1666 
1667 	return 0;
1668 }
1669 
1670 
wpas_dpp_post_process_config(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth)1671 static void wpas_dpp_post_process_config(struct wpa_supplicant *wpa_s,
1672 					 struct dpp_authentication *auth)
1673 {
1674 #ifdef CONFIG_DPP2
1675 	if (auth->reconfig && wpa_s->dpp_reconfig_ssid &&
1676 	    wpa_config_get_network(wpa_s->conf, wpa_s->dpp_reconfig_ssid_id) ==
1677 	    wpa_s->dpp_reconfig_ssid) {
1678 		wpa_printf(MSG_DEBUG,
1679 			   "DPP: Remove reconfigured network profile");
1680 		wpas_notify_network_removed(wpa_s, wpa_s->dpp_reconfig_ssid);
1681 		wpa_config_remove_network(wpa_s->conf,
1682 					  wpa_s->dpp_reconfig_ssid_id);
1683 		wpa_s->dpp_reconfig_ssid = NULL;
1684 		wpa_s->dpp_reconfig_ssid_id = -1;
1685 	}
1686 #endif /* CONFIG_DPP2 */
1687 
1688 	if (wpa_s->conf->dpp_config_processing < 2)
1689 		return;
1690 
1691 #ifdef CONFIG_DPP2
1692 	if (auth->peer_version >= 2) {
1693 		wpa_printf(MSG_DEBUG,
1694 			   "DPP: Postpone connection attempt to wait for completion of DPP Configuration Result");
1695 		auth->connect_on_tx_status = 1;
1696 		return;
1697 	}
1698 #endif /* CONFIG_DPP2 */
1699 
1700 	wpas_dpp_try_to_connect(wpa_s);
1701 }
1702 
1703 
wpas_dpp_handle_config_obj(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth,struct dpp_config_obj * conf)1704 static int wpas_dpp_handle_config_obj(struct wpa_supplicant *wpa_s,
1705 				      struct dpp_authentication *auth,
1706 				      struct dpp_config_obj *conf)
1707 {
1708 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_RECEIVED);
1709 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_AKM "%s",
1710 		dpp_akm_str(conf->akm));
1711 	if (conf->ssid_len)
1712 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_SSID "%s",
1713 			wpa_ssid_txt(conf->ssid, conf->ssid_len));
1714 	if (conf->ssid_charset)
1715 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_SSID_CHARSET "%d",
1716 			conf->ssid_charset);
1717 	if (conf->connector) {
1718 		/* TODO: Save the Connector and consider using a command
1719 		 * to fetch the value instead of sending an event with
1720 		 * it. The Connector could end up being larger than what
1721 		 * most clients are ready to receive as an event
1722 		 * message. */
1723 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONNECTOR "%s",
1724 			conf->connector);
1725 	}
1726 	if (conf->passphrase[0]) {
1727 		char hex[64 * 2 + 1];
1728 
1729 		wpa_snprintf_hex(hex, sizeof(hex),
1730 				 (const u8 *) conf->passphrase,
1731 				 os_strlen(conf->passphrase));
1732 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_PASS "%s",
1733 			hex);
1734 	} else if (conf->psk_set) {
1735 		char hex[PMK_LEN * 2 + 1];
1736 
1737 		wpa_snprintf_hex(hex, sizeof(hex), conf->psk, PMK_LEN);
1738 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_PSK "%s",
1739 			hex);
1740 	}
1741 #ifdef CONFIG_DPP3
1742 	if (conf->password_id[0]) {
1743 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_IDPASS "%s",
1744 			conf->password_id);
1745 	}
1746 #endif /* CONFIG_DPP3 */
1747 	if (conf->c_sign_key) {
1748 		char *hex;
1749 		size_t hexlen;
1750 
1751 		hexlen = 2 * wpabuf_len(conf->c_sign_key) + 1;
1752 		hex = os_malloc(hexlen);
1753 		if (hex) {
1754 			wpa_snprintf_hex(hex, hexlen,
1755 					 wpabuf_head(conf->c_sign_key),
1756 					 wpabuf_len(conf->c_sign_key));
1757 			wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY "%s",
1758 				hex);
1759 			os_free(hex);
1760 		}
1761 	}
1762 	if (conf->pp_key) {
1763 		char *hex;
1764 		size_t hexlen;
1765 
1766 		hexlen = 2 * wpabuf_len(conf->pp_key) + 1;
1767 		hex = os_malloc(hexlen);
1768 		if (hex) {
1769 			wpa_snprintf_hex(hex, hexlen,
1770 					 wpabuf_head(conf->pp_key),
1771 					 wpabuf_len(conf->pp_key));
1772 			wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PP_KEY "%s", hex);
1773 			os_free(hex);
1774 		}
1775 	}
1776 	if (auth->net_access_key) {
1777 		char *hex;
1778 		size_t hexlen;
1779 
1780 		hexlen = 2 * wpabuf_len(auth->net_access_key) + 1;
1781 		hex = os_malloc(hexlen);
1782 		if (hex) {
1783 			wpa_snprintf_hex(hex, hexlen,
1784 					 wpabuf_head(auth->net_access_key),
1785 					 wpabuf_len(auth->net_access_key));
1786 			if (auth->net_access_key_expiry)
1787 				wpa_msg(wpa_s, MSG_INFO,
1788 					DPP_EVENT_NET_ACCESS_KEY "%s %lu", hex,
1789 					(long unsigned)
1790 					auth->net_access_key_expiry);
1791 			else
1792 				wpa_msg(wpa_s, MSG_INFO,
1793 					DPP_EVENT_NET_ACCESS_KEY "%s", hex);
1794 			os_free(hex);
1795 		}
1796 	}
1797 
1798 #ifdef CONFIG_DPP2
1799 	if (conf->certbag) {
1800 		char *b64;
1801 
1802 		b64 = base64_encode_no_lf(wpabuf_head(conf->certbag),
1803 					  wpabuf_len(conf->certbag), NULL);
1804 		if (b64)
1805 			wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CERTBAG "%s", b64);
1806 		os_free(b64);
1807 	}
1808 
1809 	if (conf->cacert) {
1810 		char *b64;
1811 
1812 		b64 = base64_encode_no_lf(wpabuf_head(conf->cacert),
1813 					  wpabuf_len(conf->cacert), NULL);
1814 		if (b64)
1815 			wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CACERT "%s", b64);
1816 		os_free(b64);
1817 	}
1818 
1819 	if (conf->server_name)
1820 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_SERVER_NAME "%s",
1821 			conf->server_name);
1822 #endif /* CONFIG_DPP2 */
1823 
1824 #ifdef CONFIG_DPP3
1825 	if (!wpa_s->dpp_pb_result_indicated) {
1826 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT "success");
1827 		wpa_s->dpp_pb_result_indicated = true;
1828 	}
1829 
1830 #endif /* CONFIG_DPP3 */
1831 
1832 	return wpas_dpp_process_config(wpa_s, auth, conf);
1833 }
1834 
1835 
wpas_dpp_handle_key_pkg(struct wpa_supplicant * wpa_s,struct dpp_asymmetric_key * key)1836 static int wpas_dpp_handle_key_pkg(struct wpa_supplicant *wpa_s,
1837 				   struct dpp_asymmetric_key *key)
1838 {
1839 #ifdef CONFIG_DPP2
1840 	int res;
1841 
1842 	if (!key)
1843 		return 0;
1844 
1845 	wpa_printf(MSG_DEBUG, "DPP: Received Configurator backup");
1846 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_RECEIVED);
1847 	wpa_s->dpp_conf_backup_received = true;
1848 
1849 	while (key) {
1850 		res = dpp_configurator_from_backup(wpa_s->dpp, key);
1851 		if (res < 0)
1852 			return -1;
1853 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFIGURATOR_ID "%d",
1854 			res);
1855 		key = key->next;
1856 	}
1857 #endif /* CONFIG_DPP2 */
1858 
1859 	return 0;
1860 }
1861 
1862 
1863 #ifdef CONFIG_DPP2
wpas_dpp_build_csr(void * eloop_ctx,void * timeout_ctx)1864 static void wpas_dpp_build_csr(void *eloop_ctx, void *timeout_ctx)
1865 {
1866 	struct wpa_supplicant *wpa_s = eloop_ctx;
1867 	struct dpp_authentication *auth = wpa_s->dpp_auth;
1868 
1869 	if (!auth || !auth->csrattrs)
1870 		return;
1871 
1872 	wpa_printf(MSG_DEBUG, "DPP: Build CSR");
1873 	wpabuf_free(auth->csr);
1874 	/* TODO: Additional information needed for CSR based on csrAttrs */
1875 	auth->csr = dpp_build_csr(auth, wpa_s->conf->dpp_name ?
1876 				  wpa_s->conf->dpp_name : "Test");
1877 	if (!auth->csr) {
1878 		dpp_auth_deinit(wpa_s->dpp_auth);
1879 		wpa_s->dpp_auth = NULL;
1880 		return;
1881 	}
1882 
1883 	wpas_dpp_start_gas_client(wpa_s);
1884 }
1885 #endif /* CONFIG_DPP2 */
1886 
1887 
1888 #ifdef CONFIG_DPP3
wpas_dpp_build_new_key(void * eloop_ctx,void * timeout_ctx)1889 static void wpas_dpp_build_new_key(void *eloop_ctx, void *timeout_ctx)
1890 {
1891 	struct wpa_supplicant *wpa_s = eloop_ctx;
1892 	struct dpp_authentication *auth = wpa_s->dpp_auth;
1893 
1894 	if (!auth || !auth->waiting_new_key)
1895 		return;
1896 
1897 	wpa_printf(MSG_DEBUG, "DPP: Build config request with a new key");
1898 	wpas_dpp_start_gas_client(wpa_s);
1899 }
1900 #endif /* CONFIG_DPP3 */
1901 
1902 
wpas_dpp_gas_resp_cb(void * ctx,const u8 * addr,u8 dialog_token,enum gas_query_result result,const struct wpabuf * adv_proto,const struct wpabuf * resp,u16 status_code)1903 static void wpas_dpp_gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token,
1904 				 enum gas_query_result result,
1905 				 const struct wpabuf *adv_proto,
1906 				 const struct wpabuf *resp, u16 status_code)
1907 {
1908 	struct wpa_supplicant *wpa_s = ctx;
1909 	const u8 *pos;
1910 	struct dpp_authentication *auth = wpa_s->dpp_auth;
1911 	int res;
1912 	enum dpp_status_error status = DPP_STATUS_CONFIG_REJECTED;
1913 	unsigned int i;
1914 
1915 	eloop_cancel_timeout(wpas_dpp_gas_client_timeout, wpa_s, NULL);
1916 	wpa_s->dpp_gas_dialog_token = -1;
1917 
1918 	if (!auth || (!auth->auth_success && !auth->reconfig_success) ||
1919 	    !ether_addr_equal(addr, auth->peer_mac_addr)) {
1920 		wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
1921 		return;
1922 	}
1923 	if (result != GAS_QUERY_SUCCESS ||
1924 	    !resp || status_code != WLAN_STATUS_SUCCESS) {
1925 		wpa_printf(MSG_DEBUG, "DPP: GAS query did not succeed");
1926 		goto fail;
1927 	}
1928 
1929 	wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response adv_proto",
1930 			adv_proto);
1931 	wpa_hexdump_buf(MSG_DEBUG, "DPP: Configuration Response (GAS response)",
1932 			resp);
1933 
1934 	if (wpabuf_len(adv_proto) != 10 ||
1935 	    !(pos = wpabuf_head(adv_proto)) ||
1936 	    pos[0] != WLAN_EID_ADV_PROTO ||
1937 	    pos[1] != 8 ||
1938 	    pos[3] != WLAN_EID_VENDOR_SPECIFIC ||
1939 	    pos[4] != 5 ||
1940 	    WPA_GET_BE24(&pos[5]) != OUI_WFA ||
1941 	    pos[8] != 0x1a ||
1942 	    pos[9] != 1) {
1943 		wpa_printf(MSG_DEBUG,
1944 			   "DPP: Not a DPP Advertisement Protocol ID");
1945 		goto fail;
1946 	}
1947 
1948 	res = dpp_conf_resp_rx(auth, resp);
1949 #ifdef CONFIG_DPP2
1950 	if (res == -2) {
1951 		wpa_printf(MSG_DEBUG, "DPP: CSR needed");
1952 		eloop_register_timeout(0, 0, wpas_dpp_build_csr, wpa_s, NULL);
1953 		return;
1954 	}
1955 #endif /* CONFIG_DPP2 */
1956 #ifdef CONFIG_DPP3
1957 	if (res == -3) {
1958 		wpa_printf(MSG_DEBUG, "DPP: New protocol key needed");
1959 		eloop_register_timeout(0, 0, wpas_dpp_build_new_key, wpa_s,
1960 				       NULL);
1961 		return;
1962 	}
1963 #endif /* CONFIG_DPP3 */
1964 	if (res < 0) {
1965 		wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed");
1966 		goto fail;
1967 	}
1968 
1969 	wpa_s->dpp_conf_backup_received = false;
1970 	for (i = 0; i < auth->num_conf_obj; i++) {
1971 		res = wpas_dpp_handle_config_obj(wpa_s, auth,
1972 						 &auth->conf_obj[i]);
1973 		if (res < 0)
1974 			goto fail;
1975 	}
1976 	if (auth->num_conf_obj)
1977 		wpas_dpp_post_process_config(wpa_s, auth);
1978 	if (wpas_dpp_handle_key_pkg(wpa_s, auth->conf_key_pkg) < 0)
1979 		goto fail;
1980 
1981 	status = DPP_STATUS_OK;
1982 #ifdef CONFIG_TESTING_OPTIONS
1983 	if (dpp_test == DPP_TEST_REJECT_CONFIG) {
1984 		wpa_printf(MSG_INFO, "DPP: TESTING - Reject Config Object");
1985 		status = DPP_STATUS_CONFIG_REJECTED;
1986 	}
1987 #endif /* CONFIG_TESTING_OPTIONS */
1988 fail:
1989 	if (status != DPP_STATUS_OK) {
1990 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
1991 		wpas_notify_dpp_configuration_failure(wpa_s);
1992 	}
1993 #ifdef CONFIG_DPP2
1994 	if (auth->peer_version >= 2 &&
1995 	    auth->conf_resp_status == DPP_STATUS_OK) {
1996 		struct wpabuf *msg;
1997 
1998 		wpa_printf(MSG_DEBUG, "DPP: Send DPP Configuration Result");
1999 		msg = dpp_build_conf_result(auth, status);
2000 		if (!msg)
2001 			goto fail2;
2002 
2003 		wpa_msg(wpa_s, MSG_INFO,
2004 			DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2005 			MAC2STR(addr), auth->curr_freq,
2006 			DPP_PA_CONFIGURATION_RESULT);
2007 		offchannel_send_action(wpa_s, auth->curr_freq,
2008 				       addr, wpa_s->own_addr, broadcast,
2009 				       wpabuf_head(msg),
2010 				       wpabuf_len(msg),
2011 				       500, wpas_dpp_tx_status, 0);
2012 		wpabuf_free(msg);
2013 
2014 		/* This exchange will be terminated in the TX status handler */
2015 		if (wpa_s->conf->dpp_config_processing < 1 ||
2016 		    wpa_s->dpp_conf_backup_received)
2017 			auth->remove_on_tx_status = 1;
2018 		return;
2019 	}
2020 fail2:
2021 #endif /* CONFIG_DPP2 */
2022 	dpp_auth_deinit(wpa_s->dpp_auth);
2023 	wpa_s->dpp_auth = NULL;
2024 }
2025 
2026 
wpas_dpp_gas_client_timeout(void * eloop_ctx,void * timeout_ctx)2027 static void wpas_dpp_gas_client_timeout(void *eloop_ctx, void *timeout_ctx)
2028 {
2029 	struct wpa_supplicant *wpa_s = eloop_ctx;
2030 	struct dpp_authentication *auth = wpa_s->dpp_auth;
2031 
2032 	if (!wpa_s->dpp_gas_client || !auth ||
2033 	    (!auth->auth_success && !auth->reconfig_success))
2034 		return;
2035 
2036 	wpa_printf(MSG_DEBUG, "DPP: Timeout while waiting for Config Response");
2037 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
2038 	dpp_auth_deinit(wpa_s->dpp_auth);
2039 	wpa_s->dpp_auth = NULL;
2040 }
2041 
2042 
wpas_dpp_start_gas_client(struct wpa_supplicant * wpa_s)2043 static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s)
2044 {
2045 	struct dpp_authentication *auth = wpa_s->dpp_auth;
2046 	struct wpabuf *buf;
2047 	int res;
2048 	int *supp_op_classes;
2049 
2050 	wpa_s->dpp_gas_client = 1;
2051 	offchannel_send_action_done(wpa_s);
2052 	wpas_dpp_listen_stop(wpa_s);
2053 
2054 #ifdef CONFIG_NO_RRM
2055 	supp_op_classes = NULL;
2056 #else /* CONFIG_NO_RRM */
2057 	supp_op_classes = wpas_supp_op_classes(wpa_s);
2058 #endif /* CONFIG_NO_RRM */
2059 	buf = dpp_build_conf_req_helper(auth, wpa_s->conf->dpp_name,
2060 					wpa_s->dpp_netrole,
2061 					wpa_s->conf->dpp_mud_url,
2062 					supp_op_classes,
2063 					wpa_s->conf->dpp_extra_conf_req_name,
2064 					wpa_s->conf->dpp_extra_conf_req_value);
2065 	os_free(supp_op_classes);
2066 	if (!buf) {
2067 		wpa_printf(MSG_DEBUG,
2068 			   "DPP: No configuration request data available");
2069 		return;
2070 	}
2071 
2072 	wpa_printf(MSG_DEBUG, "DPP: GAS request to " MACSTR " (freq %u MHz)",
2073 		   MAC2STR(auth->peer_mac_addr), auth->curr_freq);
2074 
2075 	/* Use a 120 second timeout since the gas_query_req() operation could
2076 	 * remain waiting indefinitely for the response if the Configurator
2077 	 * keeps sending out comeback responses with additional delay. The
2078 	 * DPP technical specification expects the Enrollee to continue sending
2079 	 * out new Config Requests for 60 seconds, so this gives an extra 60
2080 	 * second time after the last expected new Config Request for the
2081 	 * Configurator to determine what kind of configuration to provide. */
2082 	eloop_register_timeout(120, 0, wpas_dpp_gas_client_timeout,
2083 			       wpa_s, NULL);
2084 
2085 	res = gas_query_req(wpa_s->gas, auth->peer_mac_addr, auth->curr_freq,
2086 			    1, 1, buf, wpas_dpp_gas_resp_cb, wpa_s);
2087 	if (res < 0) {
2088 		wpa_msg(wpa_s, MSG_DEBUG, "GAS: Failed to send Query Request");
2089 		wpabuf_free(buf);
2090 	} else {
2091 		wpa_printf(MSG_DEBUG,
2092 			   "DPP: GAS query started with dialog token %u", res);
2093 		wpa_s->dpp_gas_dialog_token = res;
2094 	}
2095 }
2096 
2097 
wpas_dpp_auth_success(struct wpa_supplicant * wpa_s,int initiator)2098 static void wpas_dpp_auth_success(struct wpa_supplicant *wpa_s, int initiator)
2099 {
2100 	wpa_printf(MSG_DEBUG, "DPP: Authentication succeeded");
2101 	dpp_notify_auth_success(wpa_s->dpp_auth, initiator);
2102 	wpas_notify_dpp_auth_success(wpa_s);
2103 #ifdef CONFIG_TESTING_OPTIONS
2104 	if (dpp_test == DPP_TEST_STOP_AT_AUTH_CONF) {
2105 		wpa_printf(MSG_INFO,
2106 			   "DPP: TESTING - stop at Authentication Confirm");
2107 		if (wpa_s->dpp_auth->configurator) {
2108 			/* Prevent GAS response */
2109 			wpa_s->dpp_auth->auth_success = 0;
2110 		}
2111 		return;
2112 	}
2113 #endif /* CONFIG_TESTING_OPTIONS */
2114 
2115 	if (wpa_s->dpp_auth->configurator)
2116 		wpas_dpp_start_gas_server(wpa_s);
2117 	else
2118 		wpas_dpp_start_gas_client(wpa_s);
2119 }
2120 
2121 
wpas_dpp_rx_auth_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2122 static void wpas_dpp_rx_auth_resp(struct wpa_supplicant *wpa_s, const u8 *src,
2123 				  const u8 *hdr, const u8 *buf, size_t len,
2124 				  unsigned int freq)
2125 {
2126 	struct dpp_authentication *auth = wpa_s->dpp_auth;
2127 	struct wpabuf *msg;
2128 
2129 	wpa_printf(MSG_DEBUG, "DPP: Authentication Response from " MACSTR
2130 		   " (freq %u MHz)", MAC2STR(src), freq);
2131 
2132 	if (!auth) {
2133 		wpa_printf(MSG_DEBUG,
2134 			   "DPP: No DPP Authentication in progress - drop");
2135 		return;
2136 	}
2137 
2138 	if (!is_zero_ether_addr(auth->peer_mac_addr) &&
2139 	    !ether_addr_equal(src, auth->peer_mac_addr)) {
2140 		wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
2141 			   MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
2142 		return;
2143 	}
2144 
2145 	eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
2146 
2147 	if (auth->curr_freq != freq && auth->neg_freq == freq) {
2148 		wpa_printf(MSG_DEBUG,
2149 			   "DPP: Responder accepted request for different negotiation channel");
2150 		auth->curr_freq = freq;
2151 	}
2152 
2153 	eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
2154 	msg = dpp_auth_resp_rx(auth, hdr, buf, len);
2155 	if (!msg) {
2156 		if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) {
2157 			wpa_printf(MSG_DEBUG,
2158 				   "DPP: Start wait for full response");
2159 			wpas_notify_dpp_resp_pending(wpa_s);
2160 			offchannel_send_action_done(wpa_s);
2161 			wpas_dpp_listen_start(wpa_s, auth->curr_freq);
2162 			return;
2163 		}
2164 		wpa_printf(MSG_DEBUG, "DPP: No confirm generated");
2165 		return;
2166 	}
2167 	os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
2168 
2169 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2170 		MAC2STR(src), auth->curr_freq, DPP_PA_AUTHENTICATION_CONF);
2171 	offchannel_send_action(wpa_s, auth->curr_freq,
2172 			       src, wpa_s->own_addr, broadcast,
2173 			       wpabuf_head(msg), wpabuf_len(msg),
2174 			       500, wpas_dpp_tx_status, 0);
2175 	wpabuf_free(msg);
2176 	wpa_s->dpp_auth_ok_on_ack = 1;
2177 }
2178 
2179 
wpas_dpp_rx_auth_conf(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len)2180 static void wpas_dpp_rx_auth_conf(struct wpa_supplicant *wpa_s, const u8 *src,
2181 				  const u8 *hdr, const u8 *buf, size_t len)
2182 {
2183 	struct dpp_authentication *auth = wpa_s->dpp_auth;
2184 
2185 	wpa_printf(MSG_DEBUG, "DPP: Authentication Confirmation from " MACSTR,
2186 		   MAC2STR(src));
2187 
2188 	if (!auth) {
2189 		wpa_printf(MSG_DEBUG,
2190 			   "DPP: No DPP Authentication in progress - drop");
2191 		return;
2192 	}
2193 
2194 	if (!ether_addr_equal(src, auth->peer_mac_addr)) {
2195 		wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
2196 			   MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
2197 		return;
2198 	}
2199 
2200 	eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s, NULL);
2201 
2202 	if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) {
2203 		wpa_printf(MSG_DEBUG, "DPP: Authentication failed");
2204 		wpas_notify_dpp_auth_failure(wpa_s);
2205 		return;
2206 	}
2207 
2208 	wpas_dpp_auth_success(wpa_s, 0);
2209 }
2210 
2211 
2212 #ifdef CONFIG_DPP2
2213 
wpas_dpp_config_result_wait_timeout(void * eloop_ctx,void * timeout_ctx)2214 static void wpas_dpp_config_result_wait_timeout(void *eloop_ctx,
2215 						void *timeout_ctx)
2216 {
2217 	struct wpa_supplicant *wpa_s = eloop_ctx;
2218 	struct dpp_authentication *auth = wpa_s->dpp_auth;
2219 
2220 	if (!auth || !auth->waiting_conf_result)
2221 		return;
2222 
2223 	wpa_printf(MSG_DEBUG,
2224 		   "DPP: Timeout while waiting for Configuration Result");
2225 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
2226 	wpas_notify_dpp_configuration_failure(wpa_s);
2227 	dpp_auth_deinit(auth);
2228 	wpa_s->dpp_auth = NULL;
2229 }
2230 
2231 
wpas_dpp_conn_status_result_wait_timeout(void * eloop_ctx,void * timeout_ctx)2232 static void wpas_dpp_conn_status_result_wait_timeout(void *eloop_ctx,
2233 						     void *timeout_ctx)
2234 {
2235 	struct wpa_supplicant *wpa_s = eloop_ctx;
2236 	struct dpp_authentication *auth = wpa_s->dpp_auth;
2237 
2238 	if (!auth || !auth->waiting_conn_status_result)
2239 		return;
2240 
2241 	wpa_printf(MSG_DEBUG,
2242 		   "DPP: Timeout while waiting for Connection Status Result");
2243 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONN_STATUS_RESULT "timeout");
2244 	wpas_notify_dpp_timeout(wpa_s);
2245 	wpas_dpp_listen_stop(wpa_s);
2246 	dpp_auth_deinit(auth);
2247 	wpa_s->dpp_auth = NULL;
2248 }
2249 
2250 
2251 #ifdef CONFIG_DPP3
2252 
wpas_dpp_pb_active(struct wpa_supplicant * wpa_s)2253 static bool wpas_dpp_pb_active(struct wpa_supplicant *wpa_s)
2254 {
2255 	return (wpa_s->dpp_pb_time.sec || wpa_s->dpp_pb_time.usec) &&
2256 		wpa_s->dpp_pb_configurator;
2257 }
2258 
2259 
wpas_dpp_remove_pb_hash(struct wpa_supplicant * wpa_s)2260 static void wpas_dpp_remove_pb_hash(struct wpa_supplicant *wpa_s)
2261 {
2262 	int i;
2263 
2264 	if (!wpa_s->dpp_pb_bi)
2265 		return;
2266 	for (i = 0; i < DPP_PB_INFO_COUNT; i++) {
2267 		struct dpp_pb_info *info = &wpa_s->dpp_pb[i];
2268 
2269 		if (info->rx_time.sec == 0 && info->rx_time.usec == 0)
2270 			continue;
2271 		if (os_memcmp(info->hash, wpa_s->dpp_pb_resp_hash,
2272 			      SHA256_MAC_LEN) == 0) {
2273 			/* Allow a new push button session to be established
2274 			 * immediately without the successfully completed
2275 			 * session triggering session overlap. */
2276 			info->rx_time.sec = 0;
2277 			info->rx_time.usec = 0;
2278 			wpa_printf(MSG_DEBUG,
2279 				   "DPP: Removed PB hash from session overlap detection due to successfully completed provisioning");
2280 		}
2281 	}
2282 }
2283 
2284 #endif /* CONFIG_DPP3 */
2285 
2286 
wpas_dpp_rx_conf_result(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len)2287 static void wpas_dpp_rx_conf_result(struct wpa_supplicant *wpa_s, const u8 *src,
2288 				    const u8 *hdr, const u8 *buf, size_t len)
2289 {
2290 	struct dpp_authentication *auth = wpa_s->dpp_auth;
2291 	enum dpp_status_error status;
2292 
2293 	wpa_printf(MSG_DEBUG, "DPP: Configuration Result from " MACSTR,
2294 		   MAC2STR(src));
2295 
2296 	if (!auth || !auth->waiting_conf_result) {
2297 		if (auth &&
2298 		    ether_addr_equal(src, auth->peer_mac_addr) &&
2299 		    gas_server_response_sent(wpa_s->gas_server,
2300 					     auth->gas_server_ctx)) {
2301 			/* This could happen if the TX status event gets delayed
2302 			 * long enough for the Enrollee to have time to send
2303 			 * the next frame before the TX status gets processed
2304 			 * locally. */
2305 			wpa_printf(MSG_DEBUG,
2306 				   "DPP: GAS response was sent but TX status not yet received - assume it was ACKed since the Enrollee sent the next frame in the sequence");
2307 			auth->waiting_conf_result = 1;
2308 		} else {
2309 			wpa_printf(MSG_DEBUG,
2310 				   "DPP: No DPP Configuration waiting for result - drop");
2311 			return;
2312 		}
2313 	}
2314 
2315 	if (!ether_addr_equal(src, auth->peer_mac_addr)) {
2316 		wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
2317 			   MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
2318 		return;
2319 	}
2320 
2321 	status = dpp_conf_result_rx(auth, hdr, buf, len);
2322 
2323 	if (status == DPP_STATUS_OK && auth->send_conn_status) {
2324 		int freq;
2325 
2326 		wpa_msg(wpa_s, MSG_INFO,
2327 			DPP_EVENT_CONF_SENT "wait_conn_status=1 conf_status=%d",
2328 			auth->conf_resp_status);
2329 		wpa_printf(MSG_DEBUG, "DPP: Wait for Connection Status Result");
2330 		wpas_notify_dpp_config_accepted(wpa_s);
2331 		eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout,
2332 				     wpa_s, NULL);
2333 		auth->waiting_conn_status_result = 1;
2334 		eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout,
2335 				     wpa_s, NULL);
2336 		eloop_register_timeout(16, 0,
2337 				       wpas_dpp_conn_status_result_wait_timeout,
2338 				       wpa_s, NULL);
2339 		offchannel_send_action_done(wpa_s);
2340 		freq = auth->neg_freq ? auth->neg_freq : auth->curr_freq;
2341 		if (!wpa_s->dpp_in_response_listen ||
2342 		    (int) wpa_s->dpp_listen_freq != freq)
2343 			wpas_dpp_listen_start(wpa_s, freq);
2344 		return;
2345 	}
2346 	offchannel_send_action_done(wpa_s);
2347 	wpas_dpp_listen_stop(wpa_s);
2348 	if (status == DPP_STATUS_OK) {
2349 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_SENT "conf_status=%d",
2350 			auth->conf_resp_status);
2351 		wpas_notify_dpp_config_sent(wpa_s);
2352 	}
2353 	else {
2354 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
2355 		wpas_notify_dpp_config_rejected(wpa_s);
2356 	}
2357 	dpp_auth_deinit(auth);
2358 	wpa_s->dpp_auth = NULL;
2359 	eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout, wpa_s, NULL);
2360 #ifdef CONFIG_DPP3
2361 	if (!wpa_s->dpp_pb_result_indicated && wpas_dpp_pb_active(wpa_s)) {
2362 		if (status == DPP_STATUS_OK)
2363 			wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT
2364 				"success");
2365 		else
2366 			wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT
2367 				"no-configuration-available");
2368 		wpa_s->dpp_pb_result_indicated = true;
2369 		if (status == DPP_STATUS_OK)
2370 			wpas_dpp_remove_pb_hash(wpa_s);
2371 		wpas_dpp_push_button_stop(wpa_s);
2372 	}
2373 #endif /* CONFIG_DPP3 */
2374 }
2375 
2376 
wpas_dpp_rx_conn_status_result(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len)2377 static void wpas_dpp_rx_conn_status_result(struct wpa_supplicant *wpa_s,
2378 					   const u8 *src, const u8 *hdr,
2379 					   const u8 *buf, size_t len)
2380 {
2381 	struct dpp_authentication *auth = wpa_s->dpp_auth;
2382 	enum dpp_status_error status;
2383 	u8 ssid[SSID_MAX_LEN];
2384 	size_t ssid_len = 0;
2385 	char *channel_list = NULL;
2386 
2387 	wpa_printf(MSG_DEBUG, "DPP: Connection Status Result");
2388 
2389 	if (!auth || !auth->waiting_conn_status_result) {
2390 		wpa_printf(MSG_DEBUG,
2391 			   "DPP: No DPP Configuration waiting for connection status result - drop");
2392 		return;
2393 	}
2394 
2395 	status = dpp_conn_status_result_rx(auth, hdr, buf, len,
2396 					   ssid, &ssid_len, &channel_list);
2397 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONN_STATUS_RESULT
2398 		"result=%d ssid=%s channel_list=%s",
2399 		status, wpa_ssid_txt(ssid, ssid_len),
2400 		channel_list ? channel_list : "N/A");
2401 	wpas_notify_dpp_conn_status(wpa_s, status, wpa_ssid_txt(ssid, ssid_len),
2402 			channel_list, auth->band_list, auth->band_list_size);
2403 	os_free(channel_list);
2404 	offchannel_send_action_done(wpa_s);
2405 	wpas_dpp_listen_stop(wpa_s);
2406 	dpp_auth_deinit(auth);
2407 	wpa_s->dpp_auth = NULL;
2408 	eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout,
2409 			     wpa_s, NULL);
2410 }
2411 
2412 
wpas_dpp_process_conf_obj(void * ctx,struct dpp_authentication * auth)2413 static int wpas_dpp_process_conf_obj(void *ctx,
2414 				     struct dpp_authentication *auth)
2415 {
2416 	struct wpa_supplicant *wpa_s = ctx;
2417 	unsigned int i;
2418 	int res = -1;
2419 
2420 	for (i = 0; i < auth->num_conf_obj; i++) {
2421 		res = wpas_dpp_handle_config_obj(wpa_s, auth,
2422 						 &auth->conf_obj[i]);
2423 		if (res)
2424 			break;
2425 	}
2426 	if (!res)
2427 		wpas_dpp_post_process_config(wpa_s, auth);
2428 
2429 	return res;
2430 }
2431 
2432 
wpas_dpp_tcp_msg_sent(void * ctx,struct dpp_authentication * auth)2433 static bool wpas_dpp_tcp_msg_sent(void *ctx, struct dpp_authentication *auth)
2434 {
2435 	struct wpa_supplicant *wpa_s = ctx;
2436 
2437 	wpa_printf(MSG_DEBUG, "DPP: TCP message sent callback");
2438 
2439 	if (auth->connect_on_tx_status) {
2440 		auth->connect_on_tx_status = 0;
2441 		wpa_printf(MSG_DEBUG,
2442 			   "DPP: Try to connect after completed configuration result");
2443 		wpas_dpp_try_to_connect(wpa_s);
2444 		if (auth->conn_status_requested) {
2445 			wpa_printf(MSG_DEBUG,
2446 				   "DPP: Start 15 second timeout for reporting connection status result");
2447 			eloop_cancel_timeout(
2448 				wpas_dpp_conn_status_result_timeout,
2449 				wpa_s, NULL);
2450 			eloop_register_timeout(
2451 				15, 0, wpas_dpp_conn_status_result_timeout,
2452 				wpa_s, NULL);
2453 			return true;
2454 		}
2455 	}
2456 
2457 	return false;
2458 }
2459 
2460 
wpas_dpp_remove_bi(void * ctx,struct dpp_bootstrap_info * bi)2461 static void wpas_dpp_remove_bi(void *ctx, struct dpp_bootstrap_info *bi)
2462 {
2463 	struct wpa_supplicant *wpa_s = ctx;
2464 
2465 	if (bi == wpa_s->dpp_chirp_bi)
2466 		wpas_dpp_chirp_stop(wpa_s);
2467 }
2468 
2469 
2470 static void
wpas_dpp_rx_presence_announcement(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2471 wpas_dpp_rx_presence_announcement(struct wpa_supplicant *wpa_s, const u8 *src,
2472 				  const u8 *hdr, const u8 *buf, size_t len,
2473 				  unsigned int freq)
2474 {
2475 	const u8 *r_bootstrap;
2476 	u16 r_bootstrap_len;
2477 	struct dpp_bootstrap_info *peer_bi;
2478 	struct dpp_authentication *auth;
2479 	unsigned int wait_time, max_wait_time;
2480 
2481 	if (!wpa_s->dpp)
2482 		return;
2483 
2484 	if (wpa_s->dpp_auth) {
2485 		wpa_printf(MSG_DEBUG,
2486 			   "DPP: Ignore Presence Announcement during ongoing Authentication");
2487 		return;
2488 	}
2489 
2490 	wpa_printf(MSG_DEBUG, "DPP: Presence Announcement from " MACSTR,
2491 		   MAC2STR(src));
2492 
2493 	r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
2494 				   &r_bootstrap_len);
2495 	if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
2496 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
2497 			"Missing or invalid required Responder Bootstrapping Key Hash attribute");
2498 		return;
2499 	}
2500 	wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
2501 		    r_bootstrap, r_bootstrap_len);
2502 	peer_bi = dpp_bootstrap_find_chirp(wpa_s->dpp, r_bootstrap);
2503 	dpp_notify_chirp_received(wpa_s, peer_bi ? (int) peer_bi->id : -1, src,
2504 				  freq, r_bootstrap);
2505 	if (!peer_bi) {
2506 		wpa_printf(MSG_DEBUG,
2507 			   "DPP: No matching bootstrapping information found");
2508 		return;
2509 	}
2510 
2511 	wpa_printf(MSG_DEBUG, "DPP: Start Authentication exchange with " MACSTR
2512 		   " based on the received Presence Announcement",
2513 		   MAC2STR(src));
2514 	auth = dpp_auth_init(wpa_s->dpp, wpa_s, peer_bi, NULL,
2515 			     DPP_CAPAB_CONFIGURATOR, freq, NULL, 0);
2516 	if (!auth)
2517 		return;
2518 	wpas_dpp_set_testing_options(wpa_s, auth);
2519 	if (dpp_set_configurator(auth, wpa_s->dpp_configurator_params) < 0) {
2520 		dpp_auth_deinit(auth);
2521 		return;
2522 	}
2523 
2524 	auth->neg_freq = freq;
2525 
2526 	/* The source address of the Presence Announcement frame overrides any
2527 	 * MAC address information from the bootstrapping information. */
2528 	os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
2529 
2530 	wait_time = wpa_s->max_remain_on_chan;
2531 	max_wait_time = wpa_s->dpp_resp_wait_time ?
2532 		wpa_s->dpp_resp_wait_time : 2000;
2533 	if (wait_time > max_wait_time)
2534 		wait_time = max_wait_time;
2535 	wpas_dpp_stop_listen_for_tx(wpa_s, freq, wait_time);
2536 
2537 	wpa_s->dpp_auth = auth;
2538 	if (wpas_dpp_auth_init_next(wpa_s) < 0) {
2539 		dpp_auth_deinit(wpa_s->dpp_auth);
2540 		wpa_s->dpp_auth = NULL;
2541 	}
2542 }
2543 
2544 
wpas_dpp_reconfig_reply_wait_timeout(void * eloop_ctx,void * timeout_ctx)2545 static void wpas_dpp_reconfig_reply_wait_timeout(void *eloop_ctx,
2546 						 void *timeout_ctx)
2547 {
2548 	struct wpa_supplicant *wpa_s = eloop_ctx;
2549 	struct dpp_authentication *auth = wpa_s->dpp_auth;
2550 
2551 	if (!auth)
2552 		return;
2553 
2554 	wpa_printf(MSG_DEBUG, "DPP: Reconfig Reply wait timeout");
2555 	offchannel_send_action_done(wpa_s);
2556 	wpas_dpp_listen_stop(wpa_s);
2557 	dpp_auth_deinit(auth);
2558 	wpa_s->dpp_auth = NULL;
2559 }
2560 
2561 
2562 static void
wpas_dpp_rx_reconfig_announcement(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2563 wpas_dpp_rx_reconfig_announcement(struct wpa_supplicant *wpa_s, const u8 *src,
2564 				  const u8 *hdr, const u8 *buf, size_t len,
2565 				  unsigned int freq)
2566 {
2567 	const u8 *csign_hash, *fcgroup, *a_nonce, *e_id;
2568 	u16 csign_hash_len, fcgroup_len, a_nonce_len, e_id_len;
2569 	struct dpp_configurator *conf;
2570 	struct dpp_authentication *auth;
2571 	unsigned int wait_time, max_wait_time;
2572 	u16 group;
2573 
2574 	if (!wpa_s->dpp)
2575 		return;
2576 
2577 	if (wpa_s->dpp_auth) {
2578 		wpa_printf(MSG_DEBUG,
2579 			   "DPP: Ignore Reconfig Announcement during ongoing Authentication");
2580 		return;
2581 	}
2582 
2583 	wpa_printf(MSG_DEBUG, "DPP: Reconfig Announcement from " MACSTR,
2584 		   MAC2STR(src));
2585 
2586 	csign_hash = dpp_get_attr(buf, len, DPP_ATTR_C_SIGN_KEY_HASH,
2587 				  &csign_hash_len);
2588 	if (!csign_hash || csign_hash_len != SHA256_MAC_LEN) {
2589 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
2590 			"Missing or invalid required Configurator C-sign key Hash attribute");
2591 		return;
2592 	}
2593 	wpa_hexdump(MSG_MSGDUMP, "DPP: Configurator C-sign key Hash (kid)",
2594 		    csign_hash, csign_hash_len);
2595 	conf = dpp_configurator_find_kid(wpa_s->dpp, csign_hash);
2596 	if (!conf) {
2597 		wpa_printf(MSG_DEBUG,
2598 			   "DPP: No matching Configurator information found");
2599 		return;
2600 	}
2601 
2602 	fcgroup = dpp_get_attr(buf, len, DPP_ATTR_FINITE_CYCLIC_GROUP,
2603 			       &fcgroup_len);
2604 	if (!fcgroup || fcgroup_len != 2) {
2605 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
2606 			"Missing or invalid required Finite Cyclic Group attribute");
2607 		return;
2608 	}
2609 	group = WPA_GET_LE16(fcgroup);
2610 	wpa_printf(MSG_DEBUG, "DPP: Enrollee finite cyclic group: %u", group);
2611 
2612 	a_nonce = dpp_get_attr(buf, len, DPP_ATTR_A_NONCE, &a_nonce_len);
2613 	e_id = dpp_get_attr(buf, len, DPP_ATTR_E_PRIME_ID, &e_id_len);
2614 
2615 	auth = dpp_reconfig_init(wpa_s->dpp, wpa_s, conf, freq, group,
2616 				 a_nonce, a_nonce_len, e_id, e_id_len);
2617 	if (!auth)
2618 		return;
2619 	wpas_dpp_set_testing_options(wpa_s, auth);
2620 	if (dpp_set_configurator(auth, wpa_s->dpp_configurator_params) < 0) {
2621 		dpp_auth_deinit(auth);
2622 		return;
2623 	}
2624 
2625 	os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
2626 	wpa_s->dpp_auth = auth;
2627 
2628 	wpa_s->dpp_in_response_listen = 0;
2629 	wpa_s->dpp_auth_ok_on_ack = 0;
2630 	wait_time = wpa_s->max_remain_on_chan;
2631 	max_wait_time = wpa_s->dpp_resp_wait_time ?
2632 		wpa_s->dpp_resp_wait_time : 2000;
2633 	if (wait_time > max_wait_time)
2634 		wait_time = max_wait_time;
2635 	wait_time += 10; /* give the driver some extra time to complete */
2636 	eloop_register_timeout(wait_time / 1000, (wait_time % 1000) * 1000,
2637 			       wpas_dpp_reconfig_reply_wait_timeout,
2638 			       wpa_s, NULL);
2639 	wait_time -= 10;
2640 
2641 	wpas_dpp_stop_listen_for_tx(wpa_s, freq, wait_time);
2642 
2643 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2644 		MAC2STR(src), freq, DPP_PA_RECONFIG_AUTH_REQ);
2645 	if (offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, broadcast,
2646 				   wpabuf_head(auth->reconfig_req_msg),
2647 				   wpabuf_len(auth->reconfig_req_msg),
2648 				   wait_time, wpas_dpp_tx_status, 0) < 0) {
2649 		dpp_auth_deinit(wpa_s->dpp_auth);
2650 		wpa_s->dpp_auth = NULL;
2651 	}
2652 }
2653 
2654 
2655 static void
wpas_dpp_rx_reconfig_auth_req(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2656 wpas_dpp_rx_reconfig_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
2657 			      const u8 *hdr, const u8 *buf, size_t len,
2658 			      unsigned int freq)
2659 {
2660 	struct wpa_ssid *ssid;
2661 	struct dpp_authentication *auth;
2662 
2663 	wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Request from "
2664 		   MACSTR, MAC2STR(src));
2665 
2666 	if (!wpa_s->dpp)
2667 		return;
2668 	if (wpa_s->dpp_auth) {
2669 		wpa_printf(MSG_DEBUG,
2670 			   "DPP: Not ready for reconfiguration - pending authentication exchange in progress");
2671 		return;
2672 	}
2673 	if (!wpa_s->dpp_reconfig_ssid) {
2674 		wpa_printf(MSG_DEBUG,
2675 			   "DPP: Not ready for reconfiguration - not requested");
2676 		return;
2677 	}
2678 	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
2679 		if (ssid == wpa_s->dpp_reconfig_ssid &&
2680 		    ssid->id == wpa_s->dpp_reconfig_ssid_id)
2681 			break;
2682 	}
2683 	if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
2684 	    !ssid->dpp_csign) {
2685 		wpa_printf(MSG_DEBUG,
2686 			   "DPP: Not ready for reconfiguration - no matching network profile with Connector found");
2687 		return;
2688 	}
2689 
2690 	auth = dpp_reconfig_auth_req_rx(wpa_s->dpp, wpa_s, ssid->dpp_connector,
2691 					ssid->dpp_netaccesskey,
2692 					ssid->dpp_netaccesskey_len,
2693 					ssid->dpp_csign, ssid->dpp_csign_len,
2694 					freq, hdr, buf, len);
2695 	if (!auth)
2696 		return;
2697 	os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
2698 	wpa_s->dpp_auth = auth;
2699 
2700 	wpas_dpp_chirp_stop(wpa_s);
2701 
2702 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2703 		MAC2STR(src), freq, DPP_PA_RECONFIG_AUTH_RESP);
2704 	if (offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, broadcast,
2705 				   wpabuf_head(auth->reconfig_resp_msg),
2706 				   wpabuf_len(auth->reconfig_resp_msg),
2707 				   500, wpas_dpp_tx_status, 0) < 0) {
2708 		dpp_auth_deinit(wpa_s->dpp_auth);
2709 		wpa_s->dpp_auth = NULL;
2710 	}
2711 }
2712 
2713 
2714 static void
wpas_dpp_rx_reconfig_auth_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2715 wpas_dpp_rx_reconfig_auth_resp(struct wpa_supplicant *wpa_s, const u8 *src,
2716 			       const u8 *hdr, const u8 *buf, size_t len,
2717 			       unsigned int freq)
2718 {
2719 	struct dpp_authentication *auth = wpa_s->dpp_auth;
2720 	struct wpabuf *conf;
2721 
2722 	wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Response from "
2723 		   MACSTR, MAC2STR(src));
2724 
2725 	if (!auth || !auth->reconfig || !auth->configurator) {
2726 		wpa_printf(MSG_DEBUG,
2727 			   "DPP: No DPP Reconfig Authentication in progress - drop");
2728 		return;
2729 	}
2730 
2731 	if (!ether_addr_equal(src, auth->peer_mac_addr)) {
2732 		wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
2733 			   MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
2734 		return;
2735 	}
2736 
2737 	conf = dpp_reconfig_auth_resp_rx(auth, hdr, buf, len);
2738 	if (!conf)
2739 		return;
2740 
2741 	eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout, wpa_s, NULL);
2742 
2743 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
2744 		MAC2STR(src), freq, DPP_PA_RECONFIG_AUTH_CONF);
2745 	if (offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, broadcast,
2746 				   wpabuf_head(conf), wpabuf_len(conf),
2747 				   500, wpas_dpp_tx_status, 0) < 0) {
2748 		wpabuf_free(conf);
2749 		dpp_auth_deinit(wpa_s->dpp_auth);
2750 		wpa_s->dpp_auth = NULL;
2751 		return;
2752 	}
2753 	wpabuf_free(conf);
2754 
2755 	wpas_dpp_start_gas_server(wpa_s);
2756 }
2757 
2758 
2759 static void
wpas_dpp_rx_reconfig_auth_conf(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)2760 wpas_dpp_rx_reconfig_auth_conf(struct wpa_supplicant *wpa_s, const u8 *src,
2761 			       const u8 *hdr, const u8 *buf, size_t len,
2762 			       unsigned int freq)
2763 {
2764 	struct dpp_authentication *auth = wpa_s->dpp_auth;
2765 
2766 	wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Confirm from "
2767 		   MACSTR, MAC2STR(src));
2768 
2769 	if (!auth || !auth->reconfig || auth->configurator) {
2770 		wpa_printf(MSG_DEBUG,
2771 			   "DPP: No DPP Reconfig Authentication in progress - drop");
2772 		return;
2773 	}
2774 
2775 	if (!ether_addr_equal(src, auth->peer_mac_addr)) {
2776 		wpa_printf(MSG_DEBUG, "DPP: MAC address mismatch (expected "
2777 			   MACSTR ") - drop", MAC2STR(auth->peer_mac_addr));
2778 		return;
2779 	}
2780 
2781 	if (dpp_reconfig_auth_conf_rx(auth, hdr, buf, len) < 0)
2782 		return;
2783 
2784 	wpas_dpp_start_gas_client(wpa_s);
2785 }
2786 
2787 #endif /* CONFIG_DPP2 */
2788 
2789 
wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * buf,size_t len)2790 static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
2791 				       const u8 *src,
2792 				       const u8 *buf, size_t len)
2793 {
2794 	struct wpa_ssid *ssid;
2795 	const u8 *connector, *trans_id, *status;
2796 	u16 connector_len, trans_id_len, status_len;
2797 #ifdef CONFIG_DPP2
2798 	const u8 *version;
2799 	u16 version_len;
2800 #endif /* CONFIG_DPP2 */
2801 	u8 peer_version = 1;
2802 	struct dpp_introduction intro;
2803 	struct rsn_pmksa_cache_entry *entry;
2804 	struct os_time now;
2805 	struct os_reltime rnow;
2806 	os_time_t expiry;
2807 	unsigned int seconds;
2808 	enum dpp_status_error res;
2809 
2810 	wpa_printf(MSG_DEBUG, "DPP: Peer Discovery Response from " MACSTR,
2811 		   MAC2STR(src));
2812 	if (is_zero_ether_addr(wpa_s->dpp_intro_bssid) ||
2813 	    !ether_addr_equal(src, wpa_s->dpp_intro_bssid)) {
2814 		wpa_printf(MSG_DEBUG, "DPP: Not waiting for response from "
2815 			   MACSTR " - drop", MAC2STR(src));
2816 		return;
2817 	}
2818 	offchannel_send_action_done(wpa_s);
2819 
2820 	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
2821 		if (ssid == wpa_s->dpp_intro_network)
2822 			break;
2823 	}
2824 	if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
2825 	    !ssid->dpp_csign) {
2826 		wpa_printf(MSG_DEBUG,
2827 			   "DPP: Profile not found for network introduction");
2828 		return;
2829 	}
2830 
2831 	os_memset(&intro, 0, sizeof(intro));
2832 
2833 	trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID,
2834 			       &trans_id_len);
2835 	if (!trans_id || trans_id_len != 1) {
2836 		wpa_printf(MSG_DEBUG,
2837 			   "DPP: Peer did not include Transaction ID");
2838 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2839 			" fail=missing_transaction_id", MAC2STR(src));
2840 		goto fail;
2841 	}
2842 	if (trans_id[0] != TRANSACTION_ID) {
2843 		wpa_printf(MSG_DEBUG,
2844 			   "DPP: Ignore frame with unexpected Transaction ID %u",
2845 			   trans_id[0]);
2846 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2847 			" fail=transaction_id_mismatch", MAC2STR(src));
2848 		goto fail;
2849 	}
2850 
2851 	status = dpp_get_attr(buf, len, DPP_ATTR_STATUS, &status_len);
2852 	if (!status || status_len != 1) {
2853 		wpa_printf(MSG_DEBUG, "DPP: Peer did not include Status");
2854 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2855 			" fail=missing_status", MAC2STR(src));
2856 		goto fail;
2857 	}
2858 	if (status[0] != DPP_STATUS_OK) {
2859 		wpa_printf(MSG_DEBUG,
2860 			   "DPP: Peer rejected network introduction: Status %u",
2861 			   status[0]);
2862 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2863 			" status=%u", MAC2STR(src), status[0]);
2864 #ifdef CONFIG_DPP2
2865 		wpas_dpp_send_conn_status_result(wpa_s, status[0]);
2866 #endif /* CONFIG_DPP2 */
2867 		goto fail;
2868 	}
2869 
2870 	connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len);
2871 	if (!connector) {
2872 		wpa_printf(MSG_DEBUG,
2873 			   "DPP: Peer did not include its Connector");
2874 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2875 			" fail=missing_connector", MAC2STR(src));
2876 		goto fail;
2877 	}
2878 
2879 	res = dpp_peer_intro(&intro, ssid->dpp_connector,
2880 			     ssid->dpp_netaccesskey,
2881 			     ssid->dpp_netaccesskey_len,
2882 			     ssid->dpp_csign,
2883 			     ssid->dpp_csign_len,
2884 			     connector, connector_len, &expiry, NULL);
2885 	if (res != DPP_STATUS_OK) {
2886 		wpa_printf(MSG_INFO,
2887 			   "DPP: Network Introduction protocol resulted in failure");
2888 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2889 			" fail=peer_connector_validation_failed", MAC2STR(src));
2890 #ifdef CONFIG_DPP2
2891 		wpas_dpp_send_conn_status_result(wpa_s, res);
2892 #endif /* CONFIG_DPP2 */
2893 		goto fail;
2894 	}
2895 
2896 	entry = os_zalloc(sizeof(*entry));
2897 	if (!entry)
2898 		goto fail;
2899 	os_memcpy(entry->aa, src, ETH_ALEN);
2900 	os_memcpy(entry->spa, wpa_s->own_addr, ETH_ALEN);
2901 	os_memcpy(entry->pmkid, intro.pmkid, PMKID_LEN);
2902 	os_memcpy(entry->pmk, intro.pmk, intro.pmk_len);
2903 	entry->pmk_len = intro.pmk_len;
2904 	entry->akmp = WPA_KEY_MGMT_DPP;
2905 #ifdef CONFIG_DPP2
2906 	version = dpp_get_attr(buf, len, DPP_ATTR_PROTOCOL_VERSION,
2907 			       &version_len);
2908 	if (version && version_len >= 1)
2909 		peer_version = version[0];
2910 #ifdef CONFIG_DPP3
2911 	if (intro.peer_version && intro.peer_version >= 2 &&
2912 	    peer_version != intro.peer_version) {
2913 		wpa_printf(MSG_INFO,
2914 			   "DPP: Protocol version mismatch (Connector: %d Attribute: %d",
2915 			   intro.peer_version, peer_version);
2916 		wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_NO_MATCH);
2917 		goto fail;
2918 	}
2919 #endif /* CONFIG_DPP3 */
2920 	entry->dpp_pfs = peer_version >= 2;
2921 #endif /* CONFIG_DPP2 */
2922 	if (expiry) {
2923 		os_get_time(&now);
2924 		seconds = expiry - now.sec;
2925 	} else {
2926 		seconds = 86400 * 7;
2927 	}
2928 	os_get_reltime(&rnow);
2929 	entry->expiration = rnow.sec + seconds;
2930 	entry->reauth_time = rnow.sec + seconds;
2931 	entry->network_ctx = ssid;
2932 	wpa_sm_pmksa_cache_add_entry(wpa_s->wpa, entry);
2933 
2934 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
2935 		" status=%u version=%u", MAC2STR(src), status[0], peer_version);
2936 
2937 	wpa_printf(MSG_DEBUG,
2938 		   "DPP: Try connection again after successful network introduction");
2939 	if (wpa_supplicant_fast_associate(wpa_s) != 1) {
2940 		wpa_supplicant_cancel_sched_scan(wpa_s);
2941 		wpa_supplicant_req_scan(wpa_s, 0, 0);
2942 	}
2943 fail:
2944 	dpp_peer_intro_deinit(&intro);
2945 }
2946 
2947 
wpas_dpp_allow_ir(struct wpa_supplicant * wpa_s,unsigned int freq)2948 static int wpas_dpp_allow_ir(struct wpa_supplicant *wpa_s, unsigned int freq)
2949 {
2950 	int i, j;
2951 
2952 	if (!wpa_s->hw.modes)
2953 		return -1;
2954 
2955 	for (i = 0; i < wpa_s->hw.num_modes; i++) {
2956 		struct hostapd_hw_modes *mode = &wpa_s->hw.modes[i];
2957 
2958 		for (j = 0; j < mode->num_channels; j++) {
2959 			struct hostapd_channel_data *chan = &mode->channels[j];
2960 
2961 			if (chan->freq != (int) freq)
2962 				continue;
2963 
2964 			if (chan->flag & (HOSTAPD_CHAN_DISABLED |
2965 					  HOSTAPD_CHAN_NO_IR |
2966 					  HOSTAPD_CHAN_RADAR))
2967 				continue;
2968 
2969 			return 1;
2970 		}
2971 	}
2972 
2973 	wpa_printf(MSG_DEBUG,
2974 		   "DPP: Frequency %u MHz not supported or does not allow PKEX initiation in the current channel list",
2975 		   freq);
2976 
2977 	return 0;
2978 }
2979 
2980 
wpas_dpp_pkex_next_channel(struct wpa_supplicant * wpa_s,struct dpp_pkex * pkex)2981 static int wpas_dpp_pkex_next_channel(struct wpa_supplicant *wpa_s,
2982 				      struct dpp_pkex *pkex)
2983 {
2984 	if (pkex->freq == 2437)
2985 		pkex->freq = 5745;
2986 	else if (pkex->freq == 5745)
2987 		pkex->freq = 5220;
2988 	else if (pkex->freq == 5220)
2989 		pkex->freq = 60480;
2990 	else
2991 		return -1; /* no more channels to try */
2992 
2993 	if (wpas_dpp_allow_ir(wpa_s, pkex->freq) == 1) {
2994 		wpa_printf(MSG_DEBUG, "DPP: Try to initiate on %u MHz",
2995 			   pkex->freq);
2996 		return 0;
2997 	}
2998 
2999 	/* Could not use this channel - try the next one */
3000 	return wpas_dpp_pkex_next_channel(wpa_s, pkex);
3001 }
3002 
3003 
wpas_dpp_pkex_clear_code(struct wpa_supplicant * wpa_s)3004 static void wpas_dpp_pkex_clear_code(struct wpa_supplicant *wpa_s)
3005 {
3006 	if (!wpa_s->dpp_pkex_code && !wpa_s->dpp_pkex_identifier)
3007 		return;
3008 
3009 	/* Delete PKEX code and identifier on successful completion of
3010 	 * PKEX. We are not supposed to reuse these without being
3011 	 * explicitly requested to perform PKEX again. */
3012 	wpa_printf(MSG_DEBUG, "DPP: Delete PKEX code/identifier");
3013 	os_free(wpa_s->dpp_pkex_code);
3014 	wpa_s->dpp_pkex_code = NULL;
3015 	os_free(wpa_s->dpp_pkex_identifier);
3016 	wpa_s->dpp_pkex_identifier = NULL;
3017 
3018 }
3019 
3020 
3021 #ifdef CONFIG_DPP2
wpas_dpp_pkex_done(void * ctx,void * conn,struct dpp_bootstrap_info * peer_bi)3022 static int wpas_dpp_pkex_done(void *ctx, void *conn,
3023 			      struct dpp_bootstrap_info *peer_bi)
3024 {
3025 	struct wpa_supplicant *wpa_s = ctx;
3026 	char cmd[500];
3027 	const char *pos;
3028 	u8 allowed_roles = DPP_CAPAB_CONFIGURATOR;
3029 	struct dpp_bootstrap_info *own_bi = NULL;
3030 	struct dpp_authentication *auth;
3031 
3032 	wpas_dpp_pkex_clear_code(wpa_s);
3033 
3034 	os_snprintf(cmd, sizeof(cmd), " peer=%u %s", peer_bi->id,
3035 		    wpa_s->dpp_pkex_auth_cmd ? wpa_s->dpp_pkex_auth_cmd : "");
3036 	wpa_printf(MSG_DEBUG, "DPP: Start authentication after PKEX (cmd: %s)",
3037 		   cmd);
3038 
3039 	pos = os_strstr(cmd, " own=");
3040 	if (pos) {
3041 		pos += 5;
3042 		own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
3043 		if (!own_bi) {
3044 			wpa_printf(MSG_INFO,
3045 				   "DPP: Could not find bootstrapping info for the identified local entry");
3046 			return -1;
3047 		}
3048 
3049 		if (peer_bi->curve != own_bi->curve) {
3050 			wpa_printf(MSG_INFO,
3051 				   "DPP: Mismatching curves in bootstrapping info (peer=%s own=%s)",
3052 				   peer_bi->curve->name, own_bi->curve->name);
3053 			return -1;
3054 		}
3055 	}
3056 
3057 	pos = os_strstr(cmd, " role=");
3058 	if (pos) {
3059 		pos += 6;
3060 		if (os_strncmp(pos, "configurator", 12) == 0)
3061 			allowed_roles = DPP_CAPAB_CONFIGURATOR;
3062 		else if (os_strncmp(pos, "enrollee", 8) == 0)
3063 			allowed_roles = DPP_CAPAB_ENROLLEE;
3064 		else if (os_strncmp(pos, "either", 6) == 0)
3065 			allowed_roles = DPP_CAPAB_CONFIGURATOR |
3066 				DPP_CAPAB_ENROLLEE;
3067 		else
3068 			return -1;
3069 	}
3070 
3071 	auth = dpp_auth_init(wpa_s->dpp, wpa_s, peer_bi, own_bi, allowed_roles,
3072 			     0, wpa_s->hw.modes, wpa_s->hw.num_modes);
3073 	if (!auth)
3074 		return -1;
3075 
3076 	wpas_dpp_set_testing_options(wpa_s, auth);
3077 	if (dpp_set_configurator(auth, cmd) < 0) {
3078 		dpp_auth_deinit(auth);
3079 		return -1;
3080 	}
3081 
3082 	return dpp_tcp_auth(wpa_s->dpp, conn, auth, wpa_s->conf->dpp_name,
3083 			    DPP_NETROLE_STA,
3084 			    wpa_s->conf->dpp_mud_url,
3085 			    wpa_s->conf->dpp_extra_conf_req_name,
3086 			    wpa_s->conf->dpp_extra_conf_req_value,
3087 			    wpas_dpp_process_conf_obj,
3088 			    wpas_dpp_tcp_msg_sent);
3089 }
3090 #endif /* CONFIG_DPP2 */
3091 
3092 
wpas_dpp_pkex_init(struct wpa_supplicant * wpa_s,enum dpp_pkex_ver ver,const struct hostapd_ip_addr * ipaddr,int tcp_port)3093 static int wpas_dpp_pkex_init(struct wpa_supplicant *wpa_s,
3094 			      enum dpp_pkex_ver ver,
3095 			      const struct hostapd_ip_addr *ipaddr,
3096 			      int tcp_port)
3097 {
3098 	struct dpp_pkex *pkex;
3099 	struct wpabuf *msg;
3100 	unsigned int wait_time;
3101 	bool v2 = ver != PKEX_VER_ONLY_1;
3102 
3103 	wpa_printf(MSG_DEBUG, "DPP: Initiating PKEXv%d", v2 ? 2 : 1);
3104 	dpp_pkex_free(wpa_s->dpp_pkex);
3105 	wpa_s->dpp_pkex = NULL;
3106 	pkex = dpp_pkex_init(wpa_s, wpa_s->dpp_pkex_bi, wpa_s->own_addr,
3107 			     wpa_s->dpp_pkex_identifier,
3108 			     wpa_s->dpp_pkex_code, wpa_s->dpp_pkex_code_len,
3109 			     v2);
3110 	if (!pkex)
3111 		return -1;
3112 	pkex->forced_ver = ver != PKEX_VER_AUTO;
3113 
3114 	if (ipaddr) {
3115 #ifdef CONFIG_DPP2
3116 		return dpp_tcp_pkex_init(wpa_s->dpp, pkex, ipaddr, tcp_port,
3117 					 wpa_s, wpa_s, wpas_dpp_pkex_done);
3118 #else /* CONFIG_DPP2 */
3119 		return -1;
3120 #endif /* CONFIG_DPP2 */
3121 	}
3122 
3123 	wpa_s->dpp_pkex = pkex;
3124 	msg = pkex->exchange_req;
3125 	wait_time = wpa_s->max_remain_on_chan;
3126 	if (wait_time > 2000)
3127 		wait_time = 2000;
3128 	pkex->freq = 2437;
3129 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
3130 		" freq=%u type=%d",
3131 		MAC2STR(broadcast), pkex->freq,
3132 		v2 ? DPP_PA_PKEX_EXCHANGE_REQ :
3133 		DPP_PA_PKEX_V1_EXCHANGE_REQ);
3134 	offchannel_send_action(wpa_s, pkex->freq, broadcast,
3135 			       wpa_s->own_addr, broadcast,
3136 			       wpabuf_head(msg), wpabuf_len(msg),
3137 			       wait_time, wpas_dpp_tx_pkex_status, 0);
3138 	if (wait_time == 0)
3139 		wait_time = 2000;
3140 	pkex->exch_req_wait_time = wait_time;
3141 	pkex->exch_req_tries = 1;
3142 
3143 	return 0;
3144 }
3145 
3146 
wpas_dpp_pkex_retry_timeout(void * eloop_ctx,void * timeout_ctx)3147 static void wpas_dpp_pkex_retry_timeout(void *eloop_ctx, void *timeout_ctx)
3148 {
3149 	struct wpa_supplicant *wpa_s = eloop_ctx;
3150 	struct dpp_pkex *pkex = wpa_s->dpp_pkex;
3151 
3152 	if (!pkex || !pkex->exchange_req)
3153 		return;
3154 	if (pkex->exch_req_tries >= 5) {
3155 		if (wpas_dpp_pkex_next_channel(wpa_s, pkex) < 0) {
3156 #ifdef CONFIG_DPP3
3157 			if (pkex->v2 && !pkex->forced_ver) {
3158 				wpa_printf(MSG_DEBUG,
3159 					   "DPP: Fall back to PKEXv1");
3160 				wpas_dpp_pkex_init(wpa_s, PKEX_VER_ONLY_1,
3161 						   NULL, 0);
3162 				return;
3163 			}
3164 #endif /* CONFIG_DPP3 */
3165 			wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
3166 				"No response from PKEX peer");
3167 			dpp_pkex_free(pkex);
3168 			wpa_s->dpp_pkex = NULL;
3169 			return;
3170 		}
3171 		pkex->exch_req_tries = 0;
3172 	}
3173 
3174 	pkex->exch_req_tries++;
3175 	wpa_printf(MSG_DEBUG, "DPP: Retransmit PKEX Exchange Request (try %u)",
3176 		   pkex->exch_req_tries);
3177 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
3178 		MAC2STR(broadcast), pkex->freq,
3179 		pkex->v2 ? DPP_PA_PKEX_EXCHANGE_REQ :
3180 		DPP_PA_PKEX_V1_EXCHANGE_REQ);
3181 	offchannel_send_action(wpa_s, pkex->freq, broadcast,
3182 			       wpa_s->own_addr, broadcast,
3183 			       wpabuf_head(pkex->exchange_req),
3184 			       wpabuf_len(pkex->exchange_req),
3185 			       pkex->exch_req_wait_time,
3186 			       wpas_dpp_tx_pkex_status, 0);
3187 }
3188 
3189 
3190 static void
wpas_dpp_tx_pkex_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)3191 wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s,
3192 			unsigned int freq, const u8 *dst,
3193 			const u8 *src, const u8 *bssid,
3194 			const u8 *data, size_t data_len,
3195 			enum offchannel_send_action_result result)
3196 {
3197 	const char *res_txt;
3198 	struct dpp_pkex *pkex = wpa_s->dpp_pkex;
3199 
3200 	res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
3201 		(result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
3202 		 "FAILED");
3203 	wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
3204 		   " result=%s (PKEX)",
3205 		   freq, MAC2STR(dst), res_txt);
3206 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
3207 		" freq=%u result=%s", MAC2STR(dst), freq, res_txt);
3208 
3209 	if (!pkex) {
3210 		wpa_printf(MSG_DEBUG,
3211 			   "DPP: Ignore TX status since there is no ongoing PKEX exchange");
3212 		return;
3213 	}
3214 
3215 	if (pkex->failed) {
3216 		wpa_printf(MSG_DEBUG,
3217 			   "DPP: Terminate PKEX exchange due to an earlier error");
3218 		if (pkex->t > pkex->own_bi->pkex_t)
3219 			pkex->own_bi->pkex_t = pkex->t;
3220 		dpp_pkex_free(pkex);
3221 		wpa_s->dpp_pkex = NULL;
3222 		return;
3223 	}
3224 
3225 	if (pkex->exch_req_wait_time && pkex->exchange_req) {
3226 		/* Wait for PKEX Exchange Response frame and retry request if
3227 		 * no response is seen. */
3228 		eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
3229 		eloop_register_timeout(pkex->exch_req_wait_time / 1000,
3230 				       (pkex->exch_req_wait_time % 1000) * 1000,
3231 				       wpas_dpp_pkex_retry_timeout, wpa_s,
3232 				       NULL);
3233 	}
3234 }
3235 
3236 
3237 static void
wpas_dpp_rx_pkex_exchange_req(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * buf,size_t len,unsigned int freq,bool v2)3238 wpas_dpp_rx_pkex_exchange_req(struct wpa_supplicant *wpa_s, const u8 *src,
3239 			      const u8 *buf, size_t len, unsigned int freq,
3240 			      bool v2)
3241 {
3242 	struct wpabuf *msg;
3243 	unsigned int wait_time;
3244 
3245 	wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request from " MACSTR,
3246 		   MAC2STR(src));
3247 
3248 	if (wpa_s->dpp_pkex_ver == PKEX_VER_ONLY_1 && v2) {
3249 		wpa_printf(MSG_DEBUG,
3250 			   "DPP: Ignore PKEXv2 Exchange Request when configured to be PKEX v1 only");
3251 		return;
3252 	}
3253 	if (wpa_s->dpp_pkex_ver == PKEX_VER_ONLY_2 && !v2) {
3254 		wpa_printf(MSG_DEBUG,
3255 			   "DPP: Ignore PKEXv1 Exchange Request when configured to be PKEX v2 only");
3256 		return;
3257 	}
3258 
3259 	/* TODO: Support multiple PKEX codes by iterating over all the enabled
3260 	 * values here */
3261 
3262 	if (!wpa_s->dpp_pkex_code || !wpa_s->dpp_pkex_bi) {
3263 		wpa_printf(MSG_DEBUG,
3264 			   "DPP: No PKEX code configured - ignore request");
3265 		return;
3266 	}
3267 
3268 #ifdef CONFIG_DPP2
3269 	if (dpp_controller_is_own_pkex_req(wpa_s->dpp, buf, len)) {
3270 		wpa_printf(MSG_DEBUG,
3271 			   "DPP: PKEX Exchange Request is from local Controller - ignore request");
3272 		return;
3273 	}
3274 #endif /* CONFIG_DPP2 */
3275 
3276 	if (wpa_s->dpp_pkex) {
3277 		/* TODO: Support parallel operations */
3278 		wpa_printf(MSG_DEBUG,
3279 			   "DPP: Already in PKEX session - ignore new request");
3280 		return;
3281 	}
3282 
3283 	wpa_s->dpp_pkex = dpp_pkex_rx_exchange_req(wpa_s, wpa_s->dpp_pkex_bi,
3284 						   wpa_s->own_addr, src,
3285 						   wpa_s->dpp_pkex_identifier,
3286 						   wpa_s->dpp_pkex_code,
3287 						   wpa_s->dpp_pkex_code_len,
3288 						   buf, len, v2);
3289 	if (!wpa_s->dpp_pkex) {
3290 		wpa_printf(MSG_DEBUG,
3291 			   "DPP: Failed to process the request - ignore it");
3292 		return;
3293 	}
3294 
3295 #ifdef CONFIG_DPP3
3296 	if (wpa_s->dpp_pb_bi && wpa_s->dpp_pb_announcement) {
3297 		wpa_printf(MSG_DEBUG,
3298 			   "DPP: Started PB PKEX (no more PB announcements)");
3299 		wpabuf_free(wpa_s->dpp_pb_announcement);
3300 		wpa_s->dpp_pb_announcement = NULL;
3301 	}
3302 #endif /* CONFIG_DPP3 */
3303 	wpa_s->dpp_pkex_wait_auth_req = false;
3304 	msg = wpa_s->dpp_pkex->exchange_resp;
3305 	wait_time = wpa_s->max_remain_on_chan;
3306 	if (wait_time > 2000)
3307 		wait_time = 2000;
3308 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
3309 		MAC2STR(src), freq, DPP_PA_PKEX_EXCHANGE_RESP);
3310 	offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
3311 			       broadcast,
3312 			       wpabuf_head(msg), wpabuf_len(msg),
3313 			       wait_time, wpas_dpp_tx_pkex_status, 0);
3314 }
3315 
3316 
3317 static void
wpas_dpp_rx_pkex_exchange_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * buf,size_t len,unsigned int freq)3318 wpas_dpp_rx_pkex_exchange_resp(struct wpa_supplicant *wpa_s, const u8 *src,
3319 			       const u8 *buf, size_t len, unsigned int freq)
3320 {
3321 	struct wpabuf *msg;
3322 	unsigned int wait_time;
3323 
3324 	wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Response from " MACSTR,
3325 		   MAC2STR(src));
3326 
3327 	/* TODO: Support multiple PKEX codes by iterating over all the enabled
3328 	 * values here */
3329 
3330 	if (!wpa_s->dpp_pkex || !wpa_s->dpp_pkex->initiator ||
3331 	    wpa_s->dpp_pkex->exchange_done) {
3332 		wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
3333 		return;
3334 	}
3335 
3336 	eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
3337 	wpa_s->dpp_pkex->exch_req_wait_time = 0;
3338 
3339 	msg = dpp_pkex_rx_exchange_resp(wpa_s->dpp_pkex, src, buf, len);
3340 	if (!msg) {
3341 		wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
3342 		return;
3343 	}
3344 
3345 	wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Request to " MACSTR,
3346 		   MAC2STR(src));
3347 
3348 	wait_time = wpa_s->max_remain_on_chan;
3349 	if (wait_time > 2000)
3350 		wait_time = 2000;
3351 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
3352 		MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_REQ);
3353 	offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
3354 			       broadcast,
3355 			       wpabuf_head(msg), wpabuf_len(msg),
3356 			       wait_time, wpas_dpp_tx_pkex_status, 0);
3357 	wpabuf_free(msg);
3358 }
3359 
3360 
3361 static struct dpp_bootstrap_info *
wpas_dpp_pkex_finish(struct wpa_supplicant * wpa_s,const u8 * peer,unsigned int freq)3362 wpas_dpp_pkex_finish(struct wpa_supplicant *wpa_s, const u8 *peer,
3363 		     unsigned int freq)
3364 {
3365 	struct dpp_bootstrap_info *bi;
3366 
3367 	wpas_dpp_pkex_clear_code(wpa_s);
3368 	bi = dpp_pkex_finish(wpa_s->dpp, wpa_s->dpp_pkex, peer, freq);
3369 	if (!bi)
3370 		return NULL;
3371 
3372 	wpa_s->dpp_pkex = NULL;
3373 
3374 #ifdef CONFIG_DPP3
3375 	if (wpa_s->dpp_pb_bi && !wpa_s->dpp_pb_configurator &&
3376 	    os_memcmp(bi->pubkey_hash_chirp, wpa_s->dpp_pb_init_hash,
3377 		      SHA256_MAC_LEN) != 0) {
3378 		char id[20];
3379 
3380 		wpa_printf(MSG_INFO,
3381 			   "DPP: Peer bootstrap key from PKEX does not match PB announcement response hash");
3382 		wpa_hexdump(MSG_DEBUG,
3383 			    "DPP: Peer provided bootstrap key hash(chirp) from PB PKEX",
3384 			    bi->pubkey_hash_chirp, SHA256_MAC_LEN);
3385 		wpa_hexdump(MSG_DEBUG,
3386 			    "DPP: Peer provided bootstrap key hash(chirp) from PB announcement response",
3387 			    wpa_s->dpp_pb_init_hash, SHA256_MAC_LEN);
3388 
3389 		os_snprintf(id, sizeof(id), "%u", bi->id);
3390 		dpp_bootstrap_remove(wpa_s->dpp, id);
3391 		wpas_dpp_push_button_stop(wpa_s);
3392 		return NULL;
3393 	}
3394 #endif /* CONFIG_DPP3 */
3395 
3396 	return bi;
3397 }
3398 
3399 
3400 static void
wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)3401 wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant *wpa_s, const u8 *src,
3402 				   const u8 *hdr, const u8 *buf, size_t len,
3403 				   unsigned int freq)
3404 {
3405 	struct wpabuf *msg;
3406 	unsigned int wait_time;
3407 	struct dpp_pkex *pkex = wpa_s->dpp_pkex;
3408 
3409 	wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Request from " MACSTR,
3410 		   MAC2STR(src));
3411 
3412 	if (!pkex || pkex->initiator || !pkex->exchange_done) {
3413 		wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
3414 		return;
3415 	}
3416 
3417 	msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
3418 	if (!msg) {
3419 		wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
3420 		if (pkex->failed) {
3421 			wpa_printf(MSG_DEBUG, "DPP: Terminate PKEX exchange");
3422 			if (pkex->t > pkex->own_bi->pkex_t)
3423 				pkex->own_bi->pkex_t = pkex->t;
3424 			dpp_pkex_free(wpa_s->dpp_pkex);
3425 			wpa_s->dpp_pkex = NULL;
3426 		}
3427 		return;
3428 	}
3429 
3430 	wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Response to "
3431 		   MACSTR, MAC2STR(src));
3432 
3433 	wait_time = wpa_s->max_remain_on_chan;
3434 	if (wait_time > 2000)
3435 		wait_time = 2000;
3436 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
3437 		MAC2STR(src), freq, DPP_PA_PKEX_COMMIT_REVEAL_RESP);
3438 	offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr,
3439 			       broadcast,
3440 			       wpabuf_head(msg), wpabuf_len(msg),
3441 			       wait_time, wpas_dpp_tx_pkex_status, 0);
3442 	wpabuf_free(msg);
3443 
3444 	wpas_dpp_pkex_finish(wpa_s, src, freq);
3445 	wpa_s->dpp_pkex_wait_auth_req = true;
3446 }
3447 
3448 
3449 static void
wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)3450 wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant *wpa_s, const u8 *src,
3451 				    const u8 *hdr, const u8 *buf, size_t len,
3452 				    unsigned int freq)
3453 {
3454 	int res;
3455 	struct dpp_bootstrap_info *bi;
3456 	struct dpp_pkex *pkex = wpa_s->dpp_pkex;
3457 	char cmd[500];
3458 
3459 	wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Response from " MACSTR,
3460 		   MAC2STR(src));
3461 
3462 	if (!pkex || !pkex->initiator || !pkex->exchange_done) {
3463 		wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
3464 		return;
3465 	}
3466 
3467 	res = dpp_pkex_rx_commit_reveal_resp(pkex, hdr, buf, len);
3468 	if (res < 0) {
3469 		wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
3470 		return;
3471 	}
3472 
3473 	bi = wpas_dpp_pkex_finish(wpa_s, src, freq);
3474 	if (!bi)
3475 		return;
3476 
3477 #ifdef CONFIG_DPP3
3478 	if (wpa_s->dpp_pb_bi && wpa_s->dpp_pb_configurator &&
3479 	    os_memcmp(bi->pubkey_hash_chirp, wpa_s->dpp_pb_resp_hash,
3480 		      SHA256_MAC_LEN) != 0) {
3481 		char id[20];
3482 
3483 		wpa_printf(MSG_INFO,
3484 			   "DPP: Peer bootstrap key from PKEX does not match PB announcement hash");
3485 		wpa_hexdump(MSG_DEBUG,
3486 			    "DPP: Peer provided bootstrap key hash(chirp) from PB PKEX",
3487 			    bi->pubkey_hash_chirp, SHA256_MAC_LEN);
3488 		wpa_hexdump(MSG_DEBUG,
3489 			    "DPP: Peer provided bootstrap key hash(chirp) from PB announcement",
3490 			    wpa_s->dpp_pb_resp_hash, SHA256_MAC_LEN);
3491 
3492 		os_snprintf(id, sizeof(id), "%u", bi->id);
3493 		dpp_bootstrap_remove(wpa_s->dpp, id);
3494 		wpas_dpp_push_button_stop(wpa_s);
3495 		return;
3496 	}
3497 #endif /* CONFIG_DPP3 */
3498 
3499 	os_snprintf(cmd, sizeof(cmd), " peer=%u %s",
3500 		    bi->id,
3501 		    wpa_s->dpp_pkex_auth_cmd ? wpa_s->dpp_pkex_auth_cmd : "");
3502 	wpa_printf(MSG_DEBUG,
3503 		   "DPP: Start authentication after PKEX with parameters: %s",
3504 		   cmd);
3505 	if (wpas_dpp_auth_init(wpa_s, cmd) < 0) {
3506 		wpa_printf(MSG_DEBUG,
3507 			   "DPP: Authentication initialization failed");
3508 		offchannel_send_action_done(wpa_s);
3509 		return;
3510 	}
3511 }
3512 
3513 
3514 #ifdef CONFIG_DPP3
3515 
wpas_dpp_pb_pkex_init(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * src,const u8 * r_hash)3516 static void wpas_dpp_pb_pkex_init(struct wpa_supplicant *wpa_s,
3517 				  unsigned int freq, const u8 *src,
3518 				  const u8 *r_hash)
3519 {
3520 	struct dpp_pkex *pkex;
3521 	struct wpabuf *msg;
3522 	unsigned int wait_time;
3523 	size_t len;
3524 
3525 	if (wpa_s->dpp_pkex) {
3526 		wpa_printf(MSG_DEBUG,
3527 			   "DPP: Sending previously generated PKEX Exchange Request to "
3528 			   MACSTR, MAC2STR(src));
3529 		msg = wpa_s->dpp_pkex->exchange_req;
3530 		wait_time = wpa_s->max_remain_on_chan;
3531 		if (wait_time > 2000)
3532 			wait_time = 2000;
3533 		offchannel_send_action(wpa_s, freq, src,
3534 				       wpa_s->own_addr, broadcast,
3535 				       wpabuf_head(msg), wpabuf_len(msg),
3536 				       wait_time, wpas_dpp_tx_pkex_status, 0);
3537 		return;
3538 	}
3539 
3540 	wpa_printf(MSG_DEBUG, "DPP: Initiate PKEX for push button with "
3541 		   MACSTR, MAC2STR(src));
3542 
3543 	if (!wpa_s->dpp_pb_cmd) {
3544 		wpa_printf(MSG_INFO,
3545 			   "DPP: No configuration to provision as push button Configurator");
3546 		wpas_dpp_push_button_stop(wpa_s);
3547 		return;
3548 	}
3549 
3550 	wpa_s->dpp_pkex_bi = wpa_s->dpp_pb_bi;
3551 	os_memcpy(wpa_s->dpp_pb_resp_hash, r_hash, SHA256_MAC_LEN);
3552 
3553 	pkex = dpp_pkex_init(wpa_s, wpa_s->dpp_pkex_bi, wpa_s->own_addr,
3554 			     "PBPKEX", (const char *) wpa_s->dpp_pb_c_nonce,
3555 			     wpa_s->dpp_pb_bi->curve->nonce_len,
3556 			     true);
3557 	if (!pkex) {
3558 		wpas_dpp_push_button_stop(wpa_s);
3559 		return;
3560 	}
3561 	pkex->freq = freq;
3562 
3563 	wpa_s->dpp_pkex = pkex;
3564 	msg = wpa_s->dpp_pkex->exchange_req;
3565 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
3566 		" freq=%u type=%d", MAC2STR(src), freq,
3567 		DPP_PA_PKEX_EXCHANGE_REQ);
3568 	wait_time = wpa_s->max_remain_on_chan;
3569 	if (wait_time > 2000)
3570 		wait_time = 2000;
3571 	offchannel_send_action(wpa_s, pkex->freq, src,
3572 			       wpa_s->own_addr, broadcast,
3573 			       wpabuf_head(msg), wpabuf_len(msg),
3574 			       wait_time, wpas_dpp_tx_pkex_status, 0);
3575 	pkex->exch_req_wait_time = 2000;
3576 	pkex->exch_req_tries = 1;
3577 
3578 	/* Use the externally provided configuration */
3579 	os_free(wpa_s->dpp_pkex_auth_cmd);
3580 	len = 30 + os_strlen(wpa_s->dpp_pb_cmd);
3581 	wpa_s->dpp_pkex_auth_cmd = os_malloc(len);
3582 	if (wpa_s->dpp_pkex_auth_cmd)
3583 		os_snprintf(wpa_s->dpp_pkex_auth_cmd, len, " own=%d %s",
3584 			    wpa_s->dpp_pkex_bi->id, wpa_s->dpp_pb_cmd);
3585 	else
3586 		wpas_dpp_push_button_stop(wpa_s);
3587 }
3588 
3589 
3590 static void
wpas_dpp_rx_pb_presence_announcement(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)3591 wpas_dpp_rx_pb_presence_announcement(struct wpa_supplicant *wpa_s,
3592 				     const u8 *src, const u8 *hdr,
3593 				     const u8 *buf, size_t len,
3594 				     unsigned int freq)
3595 {
3596 	const u8 *r_hash;
3597 	u16 r_hash_len;
3598 	unsigned int i;
3599 	bool found = false;
3600 	struct dpp_pb_info *info, *tmp;
3601 	struct os_reltime now, age;
3602 	struct wpabuf *msg;
3603 
3604 	os_get_reltime(&now);
3605 	wpa_printf(MSG_DEBUG, "DPP: Push Button Presence Announcement from "
3606 		   MACSTR, MAC2STR(src));
3607 
3608 	r_hash = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
3609 			      &r_hash_len);
3610 	if (!r_hash || r_hash_len != SHA256_MAC_LEN) {
3611 		wpa_printf(MSG_DEBUG,
3612 			   "DPP: Missing or invalid required Responder Bootstrapping Key Hash attribute");
3613 		return;
3614 	}
3615 	wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
3616 		    r_hash, r_hash_len);
3617 
3618 	for (i = 0; i < DPP_PB_INFO_COUNT; i++) {
3619 		info = &wpa_s->dpp_pb[i];
3620 		if ((info->rx_time.sec == 0 && info->rx_time.usec == 0) ||
3621 		    os_memcmp(r_hash, info->hash, SHA256_MAC_LEN) != 0)
3622 			continue;
3623 		wpa_printf(MSG_DEBUG,
3624 			   "DPP: Active push button Enrollee already known");
3625 		found = true;
3626 		info->rx_time = now;
3627 	}
3628 
3629 	if (!found) {
3630 		for (i = 0; i < DPP_PB_INFO_COUNT; i++) {
3631 			tmp = &wpa_s->dpp_pb[i];
3632 			if (tmp->rx_time.sec == 0 && tmp->rx_time.usec == 0)
3633 				continue;
3634 
3635 			if (os_reltime_expired(&now, &tmp->rx_time, 120)) {
3636 				wpa_hexdump(MSG_DEBUG,
3637 					    "DPP: Push button Enrollee hash expired",
3638 					    tmp->hash, SHA256_MAC_LEN);
3639 				tmp->rx_time.sec = 0;
3640 				tmp->rx_time.usec = 0;
3641 				continue;
3642 			}
3643 
3644 			wpa_hexdump(MSG_DEBUG,
3645 				    "DPP: Push button session overlap with hash",
3646 				    tmp->hash, SHA256_MAC_LEN);
3647 			if (!wpa_s->dpp_pb_result_indicated &&
3648 			    wpas_dpp_pb_active(wpa_s)) {
3649 				wpa_msg(wpa_s, MSG_INFO,
3650 					DPP_EVENT_PB_RESULT "session-overlap");
3651 				wpa_s->dpp_pb_result_indicated = true;
3652 			}
3653 			wpas_dpp_push_button_stop(wpa_s);
3654 			return;
3655 		}
3656 
3657 		/* Replace the oldest entry */
3658 		info = &wpa_s->dpp_pb[0];
3659 		for (i = 1; i < DPP_PB_INFO_COUNT; i++) {
3660 			tmp = &wpa_s->dpp_pb[i];
3661 			if (os_reltime_before(&tmp->rx_time, &info->rx_time))
3662 				info = tmp;
3663 		}
3664 		wpa_printf(MSG_DEBUG, "DPP: New active push button Enrollee");
3665 		os_memcpy(info->hash, r_hash, SHA256_MAC_LEN);
3666 		info->rx_time = now;
3667 	}
3668 
3669 	if (!wpas_dpp_pb_active(wpa_s)) {
3670 		wpa_printf(MSG_DEBUG,
3671 			   "DPP: Discard message since own push button has not been pressed");
3672 		return;
3673 	}
3674 
3675 	if (wpa_s->dpp_pb_announce_time.sec == 0 &&
3676 	    wpa_s->dpp_pb_announce_time.usec == 0) {
3677 		/* Start a wait before allowing PKEX to be initiated */
3678 		wpa_s->dpp_pb_announce_time = now;
3679 	}
3680 
3681 	if (!wpa_s->dpp_pb_bi) {
3682 		int res;
3683 
3684 		res = dpp_bootstrap_gen(wpa_s->dpp, "type=pkex");
3685 		if (res < 0)
3686 			return;
3687 		wpa_s->dpp_pb_bi = dpp_bootstrap_get_id(wpa_s->dpp, res);
3688 		if (!wpa_s->dpp_pb_bi)
3689 			return;
3690 
3691 		if (random_get_bytes(wpa_s->dpp_pb_c_nonce,
3692 				     wpa_s->dpp_pb_bi->curve->nonce_len)) {
3693 			wpa_printf(MSG_ERROR,
3694 				   "DPP: Failed to generate C-nonce");
3695 			wpas_dpp_push_button_stop(wpa_s);
3696 			return;
3697 		}
3698 	}
3699 
3700 	/* Skip the response if one was sent within last 50 ms since the
3701 	 * Enrollee is going to send out at least three announcement messages.
3702 	 */
3703 	os_reltime_sub(&now, &wpa_s->dpp_pb_last_resp, &age);
3704 	if (age.sec == 0 && age.usec < 50000) {
3705 		wpa_printf(MSG_DEBUG,
3706 			   "DPP: Skip Push Button Presence Announcement Response frame immediately after having sent one");
3707 		return;
3708 	}
3709 
3710 	msg = dpp_build_pb_announcement_resp(
3711 		wpa_s->dpp_pb_bi, r_hash, wpa_s->dpp_pb_c_nonce,
3712 		wpa_s->dpp_pb_bi->curve->nonce_len);
3713 	if (!msg) {
3714 		wpas_dpp_push_button_stop(wpa_s);
3715 		return;
3716 	}
3717 
3718 	wpa_printf(MSG_DEBUG,
3719 		   "DPP: Send Push Button Presence Announcement Response to "
3720 		   MACSTR, MAC2STR(src));
3721 	wpa_s->dpp_pb_last_resp = now;
3722 
3723 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
3724 		MAC2STR(src), freq, DPP_PA_PB_PRESENCE_ANNOUNCEMENT_RESP);
3725 	offchannel_send_action(wpa_s, freq, src, wpa_s->own_addr, broadcast,
3726 			       wpabuf_head(msg), wpabuf_len(msg),
3727 			       0, NULL, 0);
3728 	wpabuf_free(msg);
3729 
3730 	if (os_reltime_expired(&now, &wpa_s->dpp_pb_announce_time, 15))
3731 		wpas_dpp_pb_pkex_init(wpa_s, freq, src, r_hash);
3732 }
3733 
3734 
3735 static void
wpas_dpp_rx_pb_presence_announcement_resp(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)3736 wpas_dpp_rx_pb_presence_announcement_resp(struct wpa_supplicant *wpa_s,
3737 					  const u8 *src, const u8 *hdr,
3738 					  const u8 *buf, size_t len,
3739 					  unsigned int freq)
3740 {
3741 	const u8 *i_hash, *r_hash, *c_nonce;
3742 	u16 i_hash_len, r_hash_len, c_nonce_len;
3743 	bool overlap = false;
3744 
3745 	if (!wpa_s->dpp_pb_announcement || !wpa_s->dpp_pb_bi ||
3746 	    wpa_s->dpp_pb_configurator) {
3747 		wpa_printf(MSG_INFO,
3748 			   "DPP: Not in active push button Enrollee mode - discard Push Button Presence Announcement Response from "
3749 			   MACSTR, MAC2STR(src));
3750 		return;
3751 	}
3752 
3753 	wpa_printf(MSG_DEBUG,
3754 		   "DPP: Push Button Presence Announcement Response from "
3755 		   MACSTR, MAC2STR(src));
3756 
3757 	i_hash = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
3758 			      &i_hash_len);
3759 	r_hash = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
3760 			      &r_hash_len);
3761 	c_nonce = dpp_get_attr(buf, len, DPP_ATTR_CONFIGURATOR_NONCE,
3762 			       &c_nonce_len);
3763 	if (!i_hash || i_hash_len != SHA256_MAC_LEN ||
3764 	    !r_hash || r_hash_len != SHA256_MAC_LEN ||
3765 	    !c_nonce || c_nonce_len > DPP_MAX_NONCE_LEN) {
3766 		wpa_printf(MSG_DEBUG,
3767 			   "DPP: Missing or invalid required attribute");
3768 		return;
3769 	}
3770 	wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash",
3771 		    i_hash, i_hash_len);
3772 	wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
3773 		    r_hash, r_hash_len);
3774 	wpa_hexdump(MSG_MSGDUMP, "DPP: Configurator Nonce",
3775 		    c_nonce, c_nonce_len);
3776 
3777 #ifdef CONFIG_TESTING_OPTIONS
3778 	if (dpp_test == DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_PB_REQ &&
3779 	    os_memcmp(r_hash, wpa_s->dpp_pb_bi->pubkey_hash_chirp,
3780 		      SHA256_MAC_LEN - 1) == 0)
3781 		goto skip_hash_check;
3782 #endif /* CONFIG_TESTING_OPTIONS */
3783 	if (os_memcmp(r_hash, wpa_s->dpp_pb_bi->pubkey_hash_chirp,
3784 		      SHA256_MAC_LEN) != 0) {
3785 		wpa_printf(MSG_INFO,
3786 			   "DPP: Unexpected push button Responder hash - abort");
3787 		overlap = true;
3788 	}
3789 #ifdef CONFIG_TESTING_OPTIONS
3790 skip_hash_check:
3791 #endif /* CONFIG_TESTING_OPTIONS */
3792 
3793 	if (wpa_s->dpp_pb_resp_freq &&
3794 	    os_memcmp(i_hash, wpa_s->dpp_pb_init_hash, SHA256_MAC_LEN) != 0) {
3795 		wpa_printf(MSG_INFO,
3796 			   "DPP: Push button session overlap detected - abort");
3797 		overlap = true;
3798 	}
3799 
3800 	if (overlap) {
3801 		if (!wpa_s->dpp_pb_result_indicated) {
3802 			wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT
3803 				"session-overlap");
3804 			wpa_s->dpp_pb_result_indicated = true;
3805 		}
3806 		wpas_dpp_push_button_stop(wpa_s);
3807 		return;
3808 	}
3809 
3810 	if (!wpa_s->dpp_pb_resp_freq) {
3811 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_STATUS
3812 			"discovered push button AP/Configurator " MACSTR,
3813 			MAC2STR(src));
3814 		wpa_s->dpp_pb_resp_freq = freq;
3815 		os_memcpy(wpa_s->dpp_pb_init_hash, i_hash, SHA256_MAC_LEN);
3816 		os_memcpy(wpa_s->dpp_pb_c_nonce, c_nonce, c_nonce_len);
3817 		wpa_s->dpp_pb_c_nonce_len = c_nonce_len;
3818 		/* Stop announcement iterations after at least one more full
3819 		 * round and one extra round for postponed session overlap
3820 		 * detection. */
3821 		wpa_s->dpp_pb_stop_iter = 3;
3822 	}
3823 }
3824 
3825 
3826 static void
wpas_dpp_tx_priv_intro_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)3827 wpas_dpp_tx_priv_intro_status(struct wpa_supplicant *wpa_s,
3828 			      unsigned int freq, const u8 *dst,
3829 			      const u8 *src, const u8 *bssid,
3830 			      const u8 *data, size_t data_len,
3831 			      enum offchannel_send_action_result result)
3832 {
3833 	const char *res_txt;
3834 
3835 	res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
3836 		(result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
3837 		 "FAILED");
3838 	wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
3839 		   " result=%s (DPP Private Peer Introduction Update)",
3840 		   freq, MAC2STR(dst), res_txt);
3841 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
3842 		" freq=%u result=%s", MAC2STR(dst), freq, res_txt);
3843 
3844 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR " version=%u",
3845 		MAC2STR(src), wpa_s->dpp_intro_peer_version);
3846 
3847 	wpa_printf(MSG_DEBUG,
3848 		   "DPP: Try connection again after successful network introduction");
3849 	if (wpa_supplicant_fast_associate(wpa_s) != 1) {
3850 		wpa_supplicant_cancel_sched_scan(wpa_s);
3851 		wpa_supplicant_req_scan(wpa_s, 0, 0);
3852 	}
3853 }
3854 
3855 
3856 static int
wpas_dpp_send_private_peer_intro_update(struct wpa_supplicant * wpa_s,struct dpp_introduction * intro,struct wpa_ssid * ssid,const u8 * dst,unsigned int freq)3857 wpas_dpp_send_private_peer_intro_update(struct wpa_supplicant *wpa_s,
3858 					struct dpp_introduction *intro,
3859 					struct wpa_ssid *ssid,
3860 					const u8 *dst, unsigned int freq)
3861 {
3862 	struct wpabuf *pt, *msg, *enc_ct;
3863 	size_t len;
3864 	u8 ver = DPP_VERSION;
3865 	int conn_ver;
3866 	const u8 *aad;
3867 	size_t aad_len;
3868 	unsigned int wait_time;
3869 
3870 	wpa_printf(MSG_DEBUG, "HPKE(kem_id=%u kdf_id=%u aead_id=%u)",
3871 		   intro->kem_id, intro->kdf_id, intro->aead_id);
3872 
3873 	/* Plaintext for HPKE */
3874 	len = 5 + 4 + os_strlen(ssid->dpp_connector);
3875 	pt = wpabuf_alloc(len);
3876 	if (!pt)
3877 		return -1;
3878 
3879 	/* Protocol Version */
3880 	conn_ver = dpp_get_connector_version(ssid->dpp_connector);
3881 	if (conn_ver > 0 && ver != conn_ver) {
3882 		wpa_printf(MSG_DEBUG,
3883 			   "DPP: Use Connector version %d instead of current protocol version %d",
3884 			   conn_ver, ver);
3885 		ver = conn_ver;
3886 	}
3887 	wpabuf_put_le16(pt, DPP_ATTR_PROTOCOL_VERSION);
3888 	wpabuf_put_le16(pt, 1);
3889 	wpabuf_put_u8(pt, ver);
3890 
3891 	/* Connector */
3892 	wpabuf_put_le16(pt, DPP_ATTR_CONNECTOR);
3893 	wpabuf_put_le16(pt, os_strlen(ssid->dpp_connector));
3894 	wpabuf_put_str(pt, ssid->dpp_connector);
3895 	wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Plaintext for HPKE", pt);
3896 
3897 	/* HPKE(pt) using AP's public key (from its Connector) */
3898 	msg = dpp_alloc_msg(DPP_PA_PRIV_PEER_INTRO_UPDATE, 0);
3899 	if (!msg) {
3900 		wpabuf_free(pt);
3901 		return -1;
3902 	}
3903 	aad = wpabuf_head_u8(msg) + 2; /* from the OUI field (inclusive) */
3904 	aad_len = DPP_HDR_LEN; /* to the DPP Frame Type field (inclusive) */
3905 	wpa_hexdump(MSG_MSGDUMP, "DPP: AAD for HPKE", aad, aad_len);
3906 
3907 	enc_ct = hpke_base_seal(intro->kem_id, intro->kdf_id, intro->aead_id,
3908 				intro->peer_key, NULL, 0, aad, aad_len,
3909 				wpabuf_head(pt), wpabuf_len(pt));
3910 	wpabuf_free(pt);
3911 	wpabuf_free(msg);
3912 	if (!enc_ct) {
3913 		wpa_printf(MSG_INFO, "DPP: HPKE Seal(Connector) failed");
3914 		return -1;
3915 	}
3916 	wpa_hexdump_buf(MSG_MSGDUMP, "DPP: HPKE enc|ct", enc_ct);
3917 
3918 	/* HPKE(pt) to generate payload for Wrapped Data */
3919 	len = 5 + 4 + wpabuf_len(enc_ct);
3920 	msg = dpp_alloc_msg(DPP_PA_PRIV_PEER_INTRO_UPDATE, len);
3921 	if (!msg) {
3922 		wpabuf_free(enc_ct);
3923 		return -1;
3924 	}
3925 
3926 	/* Transaction ID */
3927 	wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
3928 	wpabuf_put_le16(msg, 1);
3929 	wpabuf_put_u8(msg, TRANSACTION_ID);
3930 
3931 	/* Wrapped Data */
3932 	wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA);
3933 	wpabuf_put_le16(msg, wpabuf_len(enc_ct));
3934 	wpabuf_put_buf(msg, enc_ct);
3935 	wpabuf_free(enc_ct);
3936 
3937 	wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Private Peer Intro Update", msg);
3938 
3939 	/* TODO: Timeout on AP response */
3940 	wait_time = wpa_s->max_remain_on_chan;
3941 	if (wait_time > 2000)
3942 		wait_time = 2000;
3943 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
3944 		MAC2STR(dst), freq, DPP_PA_PRIV_PEER_INTRO_QUERY);
3945 	offchannel_send_action(wpa_s, freq, dst, wpa_s->own_addr, broadcast,
3946 			       wpabuf_head(msg), wpabuf_len(msg),
3947 			       wait_time, wpas_dpp_tx_priv_intro_status, 0);
3948 	wpabuf_free(msg);
3949 
3950 	return 0;
3951 }
3952 
3953 
3954 static void
wpas_dpp_rx_priv_peer_intro_notify(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq)3955 wpas_dpp_rx_priv_peer_intro_notify(struct wpa_supplicant *wpa_s,
3956 				   const u8 *src, const u8 *hdr,
3957 				   const u8 *buf, size_t len,
3958 				   unsigned int freq)
3959 {
3960 	struct wpa_ssid *ssid;
3961 	const u8 *connector, *trans_id, *version;
3962 	u16 connector_len, trans_id_len, version_len;
3963 	u8 peer_version = 1;
3964 	struct dpp_introduction intro;
3965 	struct rsn_pmksa_cache_entry *entry;
3966 	struct os_time now;
3967 	struct os_reltime rnow;
3968 	os_time_t expiry;
3969 	unsigned int seconds;
3970 	enum dpp_status_error res;
3971 
3972 	os_memset(&intro, 0, sizeof(intro));
3973 
3974 	wpa_printf(MSG_DEBUG, "DPP: Private Peer Introduction Notify from "
3975 		   MACSTR, MAC2STR(src));
3976 	if (is_zero_ether_addr(wpa_s->dpp_intro_bssid) ||
3977 	    !ether_addr_equal(src, wpa_s->dpp_intro_bssid)) {
3978 		wpa_printf(MSG_DEBUG, "DPP: Not waiting for response from "
3979 			   MACSTR " - drop", MAC2STR(src));
3980 		return;
3981 	}
3982 	offchannel_send_action_done(wpa_s);
3983 
3984 	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
3985 		if (ssid == wpa_s->dpp_intro_network)
3986 			break;
3987 	}
3988 	if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
3989 	    !ssid->dpp_csign) {
3990 		wpa_printf(MSG_DEBUG,
3991 			   "DPP: Profile not found for network introduction");
3992 		return;
3993 	}
3994 
3995 	trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID,
3996 			       &trans_id_len);
3997 	if (!trans_id || trans_id_len != 1) {
3998 		wpa_printf(MSG_DEBUG,
3999 			   "DPP: Peer did not include Transaction ID");
4000 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
4001 			" fail=missing_transaction_id", MAC2STR(src));
4002 		goto fail;
4003 	}
4004 	if (trans_id[0] != TRANSACTION_ID) {
4005 		wpa_printf(MSG_DEBUG,
4006 			   "DPP: Ignore frame with unexpected Transaction ID %u",
4007 			   trans_id[0]);
4008 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
4009 			" fail=transaction_id_mismatch", MAC2STR(src));
4010 		goto fail;
4011 	}
4012 
4013 	connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len);
4014 	if (!connector) {
4015 		wpa_printf(MSG_DEBUG,
4016 			   "DPP: Peer did not include its Connector");
4017 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
4018 			" fail=missing_connector", MAC2STR(src));
4019 		goto fail;
4020 	}
4021 
4022 	version = dpp_get_attr(buf, len, DPP_ATTR_PROTOCOL_VERSION,
4023 			       &version_len);
4024 	if (!version || version_len < 1) {
4025 		wpa_printf(MSG_DEBUG,
4026 			   "DPP: Peer did not include valid Version");
4027 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
4028 			" fail=missing_version", MAC2STR(src));
4029 		goto fail;
4030 	}
4031 
4032 	res = dpp_peer_intro(&intro, ssid->dpp_connector,
4033 			     ssid->dpp_netaccesskey,
4034 			     ssid->dpp_netaccesskey_len,
4035 			     ssid->dpp_csign,
4036 			     ssid->dpp_csign_len,
4037 			     connector, connector_len, &expiry, NULL);
4038 	if (res != DPP_STATUS_OK) {
4039 		wpa_printf(MSG_INFO,
4040 			   "DPP: Network Introduction protocol resulted in failure");
4041 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_INTRO "peer=" MACSTR
4042 			" fail=peer_connector_validation_failed", MAC2STR(src));
4043 		wpas_dpp_send_conn_status_result(wpa_s, res);
4044 		goto fail;
4045 	}
4046 
4047 	peer_version = version[0];
4048 	if (intro.peer_version && intro.peer_version >= 2 &&
4049 	    peer_version != intro.peer_version) {
4050 		wpa_printf(MSG_INFO,
4051 			   "DPP: Protocol version mismatch (Connector: %d Attribute: %d",
4052 			   intro.peer_version, peer_version);
4053 		wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_NO_MATCH);
4054 		goto fail;
4055 	}
4056 	wpa_s->dpp_intro_peer_version = peer_version;
4057 
4058 	entry = os_zalloc(sizeof(*entry));
4059 	if (!entry)
4060 		goto fail;
4061 	entry->dpp_pfs = peer_version >= 2;
4062 	os_memcpy(entry->aa, src, ETH_ALEN);
4063 	os_memcpy(entry->spa, wpa_s->own_addr, ETH_ALEN);
4064 	os_memcpy(entry->pmkid, intro.pmkid, PMKID_LEN);
4065 	os_memcpy(entry->pmk, intro.pmk, intro.pmk_len);
4066 	entry->pmk_len = intro.pmk_len;
4067 	entry->akmp = WPA_KEY_MGMT_DPP;
4068 	if (expiry) {
4069 		os_get_time(&now);
4070 		seconds = expiry - now.sec;
4071 	} else {
4072 		seconds = 86400 * 7;
4073 	}
4074 
4075 	if (wpas_dpp_send_private_peer_intro_update(wpa_s, &intro, ssid, src,
4076 						    freq) < 0) {
4077 		os_free(entry);
4078 		goto fail;
4079 	}
4080 
4081 	os_get_reltime(&rnow);
4082 	entry->expiration = rnow.sec + seconds;
4083 	entry->reauth_time = rnow.sec + seconds;
4084 	entry->network_ctx = ssid;
4085 	wpa_sm_pmksa_cache_add_entry(wpa_s->wpa, entry);
4086 
4087 	/* Association will be initiated from TX status handler for the Private
4088 	 * Peer Intro Update: wpas_dpp_tx_priv_intro_status() */
4089 
4090 fail:
4091 	dpp_peer_intro_deinit(&intro);
4092 }
4093 
4094 #endif /* CONFIG_DPP3 */
4095 
4096 
wpas_dpp_rx_action(struct wpa_supplicant * wpa_s,const u8 * src,const u8 * buf,size_t len,unsigned int freq)4097 void wpas_dpp_rx_action(struct wpa_supplicant *wpa_s, const u8 *src,
4098 			const u8 *buf, size_t len, unsigned int freq)
4099 {
4100 	u8 crypto_suite;
4101 	enum dpp_public_action_frame_type type;
4102 	const u8 *hdr;
4103 	unsigned int pkex_t;
4104 
4105 	if (len < DPP_HDR_LEN)
4106 		return;
4107 	if (WPA_GET_BE24(buf) != OUI_WFA || buf[3] != DPP_OUI_TYPE)
4108 		return;
4109 	hdr = buf;
4110 	buf += 4;
4111 	len -= 4;
4112 	crypto_suite = *buf++;
4113 	type = *buf++;
4114 	len -= 2;
4115 
4116 	wpa_printf(MSG_DEBUG,
4117 		   "DPP: Received DPP Public Action frame crypto suite %u type %d from "
4118 		   MACSTR " freq=%u",
4119 		   crypto_suite, type, MAC2STR(src), freq);
4120 #ifdef CONFIG_TESTING_OPTIONS
4121 	if (wpa_s->dpp_discard_public_action &&
4122 	    type != DPP_PA_PEER_DISCOVERY_RESP &&
4123 	    type != DPP_PA_PRIV_PEER_INTRO_NOTIFY) {
4124 		wpa_printf(MSG_DEBUG,
4125 			   "TESTING: Discard received DPP Public Action frame");
4126 		return;
4127 	}
4128 #endif /* CONFIG_TESTING_OPTIONS */
4129 	if (crypto_suite != 1) {
4130 		wpa_printf(MSG_DEBUG, "DPP: Unsupported crypto suite %u",
4131 			   crypto_suite);
4132 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
4133 			" freq=%u type=%d ignore=unsupported-crypto-suite",
4134 			MAC2STR(src), freq, type);
4135 		return;
4136 	}
4137 	wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes", buf, len);
4138 	if (dpp_check_attrs(buf, len) < 0) {
4139 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR
4140 			" freq=%u type=%d ignore=invalid-attributes",
4141 			MAC2STR(src), freq, type);
4142 		return;
4143 	}
4144 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_RX "src=" MACSTR " freq=%u type=%d",
4145 		MAC2STR(src), freq, type);
4146 
4147 	switch (type) {
4148 	case DPP_PA_AUTHENTICATION_REQ:
4149 		wpas_dpp_rx_auth_req(wpa_s, src, hdr, buf, len, freq);
4150 		break;
4151 	case DPP_PA_AUTHENTICATION_RESP:
4152 		wpas_dpp_rx_auth_resp(wpa_s, src, hdr, buf, len, freq);
4153 		break;
4154 	case DPP_PA_AUTHENTICATION_CONF:
4155 		wpas_dpp_rx_auth_conf(wpa_s, src, hdr, buf, len);
4156 		break;
4157 	case DPP_PA_PEER_DISCOVERY_RESP:
4158 		wpas_dpp_rx_peer_disc_resp(wpa_s, src, buf, len);
4159 		break;
4160 #ifdef CONFIG_DPP3
4161 	case DPP_PA_PKEX_EXCHANGE_REQ:
4162 		/* This is for PKEXv2, but for now, process only with
4163 		 * CONFIG_DPP3 to avoid issues with a capability that has not
4164 		 * been tested with other implementations. */
4165 		wpas_dpp_rx_pkex_exchange_req(wpa_s, src, buf, len, freq, true);
4166 		break;
4167 #endif /* CONFIG_DPP3 */
4168 	case DPP_PA_PKEX_V1_EXCHANGE_REQ:
4169 		wpas_dpp_rx_pkex_exchange_req(wpa_s, src, buf, len, freq,
4170 					      false);
4171 		break;
4172 	case DPP_PA_PKEX_EXCHANGE_RESP:
4173 		wpas_dpp_rx_pkex_exchange_resp(wpa_s, src, buf, len, freq);
4174 		break;
4175 	case DPP_PA_PKEX_COMMIT_REVEAL_REQ:
4176 		wpas_dpp_rx_pkex_commit_reveal_req(wpa_s, src, hdr, buf, len,
4177 						   freq);
4178 		break;
4179 	case DPP_PA_PKEX_COMMIT_REVEAL_RESP:
4180 		wpas_dpp_rx_pkex_commit_reveal_resp(wpa_s, src, hdr, buf, len,
4181 						    freq);
4182 		break;
4183 #ifdef CONFIG_DPP2
4184 	case DPP_PA_CONFIGURATION_RESULT:
4185 		wpas_dpp_rx_conf_result(wpa_s, src, hdr, buf, len);
4186 		break;
4187 	case DPP_PA_CONNECTION_STATUS_RESULT:
4188 		wpas_dpp_rx_conn_status_result(wpa_s, src, hdr, buf, len);
4189 		break;
4190 	case DPP_PA_PRESENCE_ANNOUNCEMENT:
4191 		wpas_dpp_rx_presence_announcement(wpa_s, src, hdr, buf, len,
4192 						  freq);
4193 		break;
4194 	case DPP_PA_RECONFIG_ANNOUNCEMENT:
4195 		wpas_dpp_rx_reconfig_announcement(wpa_s, src, hdr, buf, len,
4196 						  freq);
4197 		break;
4198 	case DPP_PA_RECONFIG_AUTH_REQ:
4199 		wpas_dpp_rx_reconfig_auth_req(wpa_s, src, hdr, buf, len, freq);
4200 		break;
4201 	case DPP_PA_RECONFIG_AUTH_RESP:
4202 		wpas_dpp_rx_reconfig_auth_resp(wpa_s, src, hdr, buf, len, freq);
4203 		break;
4204 	case DPP_PA_RECONFIG_AUTH_CONF:
4205 		wpas_dpp_rx_reconfig_auth_conf(wpa_s, src, hdr, buf, len, freq);
4206 		break;
4207 #endif /* CONFIG_DPP2 */
4208 #ifdef CONFIG_DPP3
4209 	case DPP_PA_PB_PRESENCE_ANNOUNCEMENT:
4210 		wpas_dpp_rx_pb_presence_announcement(wpa_s, src, hdr,
4211 						     buf, len, freq);
4212 		break;
4213 	case DPP_PA_PB_PRESENCE_ANNOUNCEMENT_RESP:
4214 		wpas_dpp_rx_pb_presence_announcement_resp(wpa_s, src, hdr,
4215 							  buf, len, freq);
4216 		break;
4217 	case DPP_PA_PRIV_PEER_INTRO_NOTIFY:
4218 		wpas_dpp_rx_priv_peer_intro_notify(wpa_s, src, hdr,
4219 						   buf, len, freq);
4220 		break;
4221 #endif /* CONFIG_DPP3 */
4222 	default:
4223 		wpa_printf(MSG_DEBUG,
4224 			   "DPP: Ignored unsupported frame subtype %d", type);
4225 		break;
4226 	}
4227 
4228 	if (wpa_s->dpp_pkex)
4229 		pkex_t = wpa_s->dpp_pkex->t;
4230 	else if (wpa_s->dpp_pkex_bi)
4231 		pkex_t = wpa_s->dpp_pkex_bi->pkex_t;
4232 	else
4233 		pkex_t = 0;
4234 	if (pkex_t >= PKEX_COUNTER_T_LIMIT) {
4235 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PKEX_T_LIMIT "id=0");
4236 		wpas_dpp_pkex_remove(wpa_s, "*");
4237 	}
4238 }
4239 
4240 
wpas_dpp_gas_initial_resp_timeout(void * eloop_ctx,void * timeout_ctx)4241 static void wpas_dpp_gas_initial_resp_timeout(void *eloop_ctx,
4242 					      void *timeout_ctx)
4243 {
4244 	struct wpa_supplicant *wpa_s = eloop_ctx;
4245 	struct dpp_authentication *auth = wpa_s->dpp_auth;
4246 
4247 	if (!auth || !auth->waiting_config || !auth->config_resp_ctx)
4248 		return;
4249 
4250 	wpa_printf(MSG_DEBUG,
4251 		   "DPP: No configuration available from upper layers - send initial response with comeback delay");
4252 	gas_server_set_comeback_delay(wpa_s->gas_server, auth->config_resp_ctx,
4253 				      500);
4254 }
4255 
4256 
4257 static struct wpabuf *
wpas_dpp_gas_req_handler(void * ctx,void * resp_ctx,const u8 * sa,const u8 * query,size_t query_len,int * comeback_delay)4258 wpas_dpp_gas_req_handler(void *ctx, void *resp_ctx, const u8 *sa,
4259 			 const u8 *query, size_t query_len, int *comeback_delay)
4260 {
4261 	struct wpa_supplicant *wpa_s = ctx;
4262 	struct dpp_authentication *auth = wpa_s->dpp_auth;
4263 	struct wpabuf *resp;
4264 
4265 	wpa_printf(MSG_DEBUG, "DPP: GAS request from " MACSTR,
4266 		   MAC2STR(sa));
4267 	if (!auth || (!auth->auth_success && !auth->reconfig_success) ||
4268 	    !ether_addr_equal(sa, auth->peer_mac_addr)) {
4269 		wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
4270 		return NULL;
4271 	}
4272 
4273 	if (wpa_s->dpp_auth_ok_on_ack && auth->configurator) {
4274 		wpa_printf(MSG_DEBUG,
4275 			   "DPP: Have not received ACK for Auth Confirm yet - assume it was received based on this GAS request");
4276 		/* wpas_dpp_auth_success() would normally have been called from
4277 		 * TX status handler, but since there was no such handler call
4278 		 * yet, simply send out the event message and proceed with
4279 		 * exchange. */
4280 		dpp_notify_auth_success(auth, 1);
4281 		wpa_s->dpp_auth_ok_on_ack = 0;
4282 #ifdef CONFIG_TESTING_OPTIONS
4283 		if (dpp_test == DPP_TEST_STOP_AT_AUTH_CONF) {
4284 			wpa_printf(MSG_INFO,
4285 				   "DPP: TESTING - stop at Authentication Confirm");
4286 			return NULL;
4287 		}
4288 #endif /* CONFIG_TESTING_OPTIONS */
4289 	}
4290 
4291 	wpa_hexdump(MSG_DEBUG,
4292 		    "DPP: Received Configuration Request (GAS Query Request)",
4293 		    query, query_len);
4294 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_REQ_RX "src=" MACSTR,
4295 		MAC2STR(sa));
4296 	resp = dpp_conf_req_rx(auth, query, query_len);
4297 
4298 	auth->gas_server_ctx = resp_ctx;
4299 
4300 #ifdef CONFIG_DPP2
4301 	if (!resp && auth->waiting_cert) {
4302 		wpa_printf(MSG_DEBUG, "DPP: Certificate not yet ready");
4303 		auth->config_resp_ctx = resp_ctx;
4304 		*comeback_delay = 500;
4305 		return NULL;
4306 	}
4307 #endif /* CONFIG_DPP2 */
4308 
4309 	if (!resp && auth->waiting_config &&
4310 	    (auth->peer_bi || auth->tmp_peer_bi)) {
4311 		char *buf = NULL, *name = "";
4312 		char band[200], *pos, *end;
4313 		int i, res, *opclass = auth->e_band_support;
4314 		char *mud_url = "N/A";
4315 
4316 		wpa_printf(MSG_DEBUG, "DPP: Configuration not yet ready");
4317 		auth->config_resp_ctx = resp_ctx;
4318 		*comeback_delay = -1;
4319 		if (auth->e_name) {
4320 			size_t len = os_strlen(auth->e_name);
4321 
4322 			buf = os_malloc(len * 4 + 1);
4323 			if (buf) {
4324 				printf_encode(buf, len * 4 + 1,
4325 					      (const u8 *) auth->e_name, len);
4326 				name = buf;
4327 			}
4328 		}
4329 		band[0] = '\0';
4330 		pos = band;
4331 		end = band + sizeof(band);
4332 		for (i = 0; opclass && opclass[i]; i++) {
4333 			res = os_snprintf(pos, end - pos, "%s%d",
4334 					  pos == band ? "" : ",", opclass[i]);
4335 			if (os_snprintf_error(end - pos, res)) {
4336 				*pos = '\0';
4337 				break;
4338 			}
4339 			pos += res;
4340 		}
4341 		if (auth->e_mud_url) {
4342 			size_t len = os_strlen(auth->e_mud_url);
4343 
4344 			if (!has_ctrl_char((const u8 *) auth->e_mud_url, len))
4345 				mud_url = auth->e_mud_url;
4346 		}
4347 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_NEEDED "peer=%d src="
4348 			MACSTR " net_role=%s name=\"%s\" opclass=%s mud_url=%s",
4349 			auth->peer_bi ? auth->peer_bi->id :
4350 			auth->tmp_peer_bi->id, MAC2STR(sa),
4351 			dpp_netrole_str(auth->e_netrole), name, band, mud_url);
4352 		os_free(buf);
4353 
4354 		eloop_cancel_timeout(wpas_dpp_gas_initial_resp_timeout, wpa_s,
4355 				     NULL);
4356 		eloop_register_timeout(0, 50000,
4357 				       wpas_dpp_gas_initial_resp_timeout, wpa_s,
4358 				       NULL);
4359 		return NULL;
4360 	}
4361 
4362 	auth->conf_resp = resp;
4363 	if (!resp) {
4364 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
4365 		wpas_notify_dpp_configuration_failure(wpa_s);
4366 		dpp_auth_deinit(wpa_s->dpp_auth);
4367 		wpa_s->dpp_auth = NULL;
4368 	}
4369 	return resp;
4370 }
4371 
4372 
4373 static void
wpas_dpp_gas_status_handler(void * ctx,struct wpabuf * resp,int ok)4374 wpas_dpp_gas_status_handler(void *ctx, struct wpabuf *resp, int ok)
4375 {
4376 	struct wpa_supplicant *wpa_s = ctx;
4377 	struct dpp_authentication *auth = wpa_s->dpp_auth;
4378 
4379 	if (!auth) {
4380 		wpabuf_free(resp);
4381 		return;
4382 	}
4383 	if (auth->conf_resp != resp) {
4384 		wpa_printf(MSG_DEBUG,
4385 			   "DPP: Ignore GAS status report (ok=%d) for unknown response",
4386 			ok);
4387 		wpabuf_free(resp);
4388 		return;
4389 	}
4390 
4391 #ifdef CONFIG_DPP2
4392 	if (auth->waiting_csr && ok) {
4393 		wpa_printf(MSG_DEBUG, "DPP: Waiting for CSR");
4394 		wpabuf_free(resp);
4395 		return;
4396 	}
4397 #endif /* CONFIG_DPP2 */
4398 
4399 #ifdef CONFIG_DPP3
4400 	if (auth->waiting_new_key && ok) {
4401 		wpa_printf(MSG_DEBUG, "DPP: Waiting for a new key");
4402 		wpabuf_free(resp);
4403 		return;
4404 	}
4405 #endif /* CONFIG_DPP3 */
4406 
4407 	wpa_printf(MSG_DEBUG, "DPP: Configuration exchange completed (ok=%d)",
4408 		   ok);
4409 	eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
4410 	eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s, NULL);
4411 	eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
4412 #ifdef CONFIG_DPP2
4413 	if (ok && auth->peer_version >= 2 &&
4414 	    auth->conf_resp_status == DPP_STATUS_OK &&
4415 	    !auth->waiting_conf_result) {
4416 		wpa_printf(MSG_DEBUG, "DPP: Wait for Configuration Result");
4417 		wpas_notify_dpp_config_sent_wait_response(wpa_s);
4418 		auth->waiting_conf_result = 1;
4419 		auth->conf_resp = NULL;
4420 		wpabuf_free(resp);
4421 		eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout,
4422 				     wpa_s, NULL);
4423 		eloop_register_timeout(2, 0,
4424 				       wpas_dpp_config_result_wait_timeout,
4425 				       wpa_s, NULL);
4426 		return;
4427 	}
4428 #endif /* CONFIG_DPP2 */
4429 	offchannel_send_action_done(wpa_s);
4430 	wpas_dpp_listen_stop(wpa_s);
4431 	if (ok) {
4432 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_SENT "conf_status=%d",
4433 			auth->conf_resp_status);
4434 		wpas_notify_dpp_config_sent(wpa_s);
4435 	}
4436 	else {
4437 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONF_FAILED);
4438 		wpas_notify_dpp_configuration_failure(wpa_s);
4439 	}
4440 	dpp_auth_deinit(wpa_s->dpp_auth);
4441 	wpa_s->dpp_auth = NULL;
4442 	wpabuf_free(resp);
4443 #ifdef CONFIG_DPP3
4444 	if (!wpa_s->dpp_pb_result_indicated && wpas_dpp_pb_active(wpa_s)) {
4445 		if (ok)
4446 			wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT
4447 				"success");
4448 		else
4449 			wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT
4450 				"could-not-connect");
4451 		wpa_s->dpp_pb_result_indicated = true;
4452 		if (ok)
4453 			wpas_dpp_remove_pb_hash(wpa_s);
4454 		wpas_dpp_push_button_stop(wpa_s);
4455 	}
4456 #endif /* CONFIG_DPP3 */
4457 }
4458 
4459 
wpas_dpp_configurator_sign(struct wpa_supplicant * wpa_s,const char * cmd)4460 int wpas_dpp_configurator_sign(struct wpa_supplicant *wpa_s, const char *cmd)
4461 {
4462 	struct dpp_authentication *auth;
4463 	int ret = -1;
4464 	char *curve = NULL;
4465 
4466 	auth = dpp_alloc_auth(wpa_s->dpp, wpa_s);
4467 	if (!auth)
4468 		return -1;
4469 
4470 	curve = get_param(cmd, " curve=");
4471 	wpas_dpp_set_testing_options(wpa_s, auth);
4472 	if (dpp_set_configurator(auth, cmd) == 0 &&
4473 	    dpp_configurator_own_config(auth, curve, 0) == 0)
4474 		ret = wpas_dpp_handle_config_obj(wpa_s, auth,
4475 						 &auth->conf_obj[0]);
4476 	if (!ret)
4477 		wpas_dpp_post_process_config(wpa_s, auth);
4478 
4479 	dpp_auth_deinit(auth);
4480 	os_free(curve);
4481 
4482 	return ret;
4483 }
4484 
4485 
4486 static void
wpas_dpp_tx_introduction_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)4487 wpas_dpp_tx_introduction_status(struct wpa_supplicant *wpa_s,
4488 				unsigned int freq, const u8 *dst,
4489 				const u8 *src, const u8 *bssid,
4490 				const u8 *data, size_t data_len,
4491 				enum offchannel_send_action_result result)
4492 {
4493 	const char *res_txt;
4494 
4495 	res_txt = result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
4496 		(result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
4497 		 "FAILED");
4498 	wpa_printf(MSG_DEBUG, "DPP: TX status: freq=%u dst=" MACSTR
4499 		   " result=%s (DPP Peer Discovery Request)",
4500 		   freq, MAC2STR(dst), res_txt);
4501 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX_STATUS "dst=" MACSTR
4502 		" freq=%u result=%s", MAC2STR(dst), freq, res_txt);
4503 	/* TODO: Time out wait for response more quickly in error cases? */
4504 }
4505 
4506 
4507 #ifdef CONFIG_DPP3
wpas_dpp_start_private_peer_intro(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_bss * bss)4508 static int wpas_dpp_start_private_peer_intro(struct wpa_supplicant *wpa_s,
4509 					     struct wpa_ssid *ssid,
4510 					     struct wpa_bss *bss)
4511 {
4512 	struct wpabuf *msg;
4513 	unsigned int wait_time;
4514 	size_t len;
4515 	u8 ver = DPP_VERSION;
4516 	int conn_ver;
4517 
4518 	len = 5 + 5;
4519 	msg = dpp_alloc_msg(DPP_PA_PRIV_PEER_INTRO_QUERY, len);
4520 	if (!msg)
4521 		return -1;
4522 
4523 	/* Transaction ID */
4524 	wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
4525 	wpabuf_put_le16(msg, 1);
4526 	wpabuf_put_u8(msg, TRANSACTION_ID);
4527 
4528 	conn_ver = dpp_get_connector_version(ssid->dpp_connector);
4529 	if (conn_ver > 0 && ver != conn_ver) {
4530 		wpa_printf(MSG_DEBUG,
4531 			   "DPP: Use Connector version %d instead of current protocol version %d",
4532 			   conn_ver, ver);
4533 		ver = conn_ver;
4534 	}
4535 
4536 	/* Protocol Version */
4537 	wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION);
4538 	wpabuf_put_le16(msg, 1);
4539 	wpabuf_put_u8(msg, ver);
4540 
4541 	wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Private Peer Intro Query", msg);
4542 
4543 	/* TODO: Timeout on AP response */
4544 	wait_time = wpa_s->max_remain_on_chan;
4545 	if (wait_time > 2000)
4546 		wait_time = 2000;
4547 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
4548 		MAC2STR(bss->bssid), bss->freq, DPP_PA_PRIV_PEER_INTRO_QUERY);
4549 	offchannel_send_action(wpa_s, bss->freq, bss->bssid, wpa_s->own_addr,
4550 			       broadcast,
4551 			       wpabuf_head(msg), wpabuf_len(msg),
4552 			       wait_time, wpas_dpp_tx_introduction_status, 0);
4553 	wpabuf_free(msg);
4554 
4555 	/* Request this connection attempt to terminate - new one will be
4556 	 * started when network introduction protocol completes */
4557 	os_memcpy(wpa_s->dpp_intro_bssid, bss->bssid, ETH_ALEN);
4558 	wpa_s->dpp_intro_network = ssid;
4559 	return 1;
4560 }
4561 #endif /* CONFIG_DPP3 */
4562 
4563 
wpas_dpp_check_connect(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_bss * bss)4564 int wpas_dpp_check_connect(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
4565 			   struct wpa_bss *bss)
4566 {
4567 	struct os_time now;
4568 	struct wpabuf *msg;
4569 	unsigned int wait_time;
4570 	const u8 *rsn;
4571 	struct wpa_ie_data ied;
4572 	size_t len;
4573 
4574 	if (!(ssid->key_mgmt & WPA_KEY_MGMT_DPP) || !bss)
4575 		return 0; /* Not using DPP AKM - continue */
4576 	rsn = wpa_bss_get_rsne(wpa_s, bss, ssid, false);
4577 	if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 &&
4578 	    !(ied.key_mgmt & WPA_KEY_MGMT_DPP))
4579 		return 0; /* AP does not support DPP AKM - continue */
4580 	if (wpa_sm_pmksa_exists(wpa_s->wpa, bss->bssid, wpa_s->own_addr, ssid))
4581 		return 0; /* PMKSA exists for DPP AKM - continue */
4582 
4583 	if (!ssid->dpp_connector || !ssid->dpp_netaccesskey ||
4584 	    !ssid->dpp_csign) {
4585 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
4586 			"missing %s",
4587 			!ssid->dpp_connector ? "Connector" :
4588 			(!ssid->dpp_netaccesskey ? "netAccessKey" :
4589 			 "C-sign-key"));
4590 		return -1;
4591 	}
4592 
4593 	os_get_time(&now);
4594 
4595 	if (ssid->dpp_netaccesskey_expiry &&
4596 	    (os_time_t) ssid->dpp_netaccesskey_expiry < now.sec) {
4597 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
4598 			"netAccessKey expired");
4599 		return -1;
4600 	}
4601 
4602 	wpa_printf(MSG_DEBUG,
4603 		   "DPP: Starting %snetwork introduction protocol to derive PMKSA for "
4604 		   MACSTR,
4605 		   ssid->dpp_connector_privacy ? "private " : "",
4606 		   MAC2STR(bss->bssid));
4607 	if (wpa_s->wpa_state == WPA_SCANNING)
4608 		wpa_supplicant_set_state(wpa_s, wpa_s->scan_prev_wpa_state);
4609 
4610 #ifdef CONFIG_DPP3
4611 	if (ssid->dpp_connector_privacy)
4612 		return wpas_dpp_start_private_peer_intro(wpa_s, ssid, bss);
4613 #endif /* CONFIG_DPP3 */
4614 
4615 	len = 5 + 4 + os_strlen(ssid->dpp_connector);
4616 #ifdef CONFIG_DPP2
4617 	len += 5;
4618 #endif /* CONFIG_DPP2 */
4619 	msg = dpp_alloc_msg(DPP_PA_PEER_DISCOVERY_REQ, len);
4620 	if (!msg)
4621 		return -1;
4622 
4623 #ifdef CONFIG_TESTING_OPTIONS
4624 	if (dpp_test == DPP_TEST_NO_TRANSACTION_ID_PEER_DISC_REQ) {
4625 		wpa_printf(MSG_INFO, "DPP: TESTING - no Transaction ID");
4626 		goto skip_trans_id;
4627 	}
4628 	if (dpp_test == DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_REQ) {
4629 		wpa_printf(MSG_INFO, "DPP: TESTING - invalid Transaction ID");
4630 		wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
4631 		wpabuf_put_le16(msg, 0);
4632 		goto skip_trans_id;
4633 	}
4634 #endif /* CONFIG_TESTING_OPTIONS */
4635 
4636 	/* Transaction ID */
4637 	wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
4638 	wpabuf_put_le16(msg, 1);
4639 	wpabuf_put_u8(msg, TRANSACTION_ID);
4640 
4641 #ifdef CONFIG_TESTING_OPTIONS
4642 skip_trans_id:
4643 	if (dpp_test == DPP_TEST_NO_CONNECTOR_PEER_DISC_REQ) {
4644 		wpa_printf(MSG_INFO, "DPP: TESTING - no Connector");
4645 		goto skip_connector;
4646 	}
4647 	if (dpp_test == DPP_TEST_INVALID_CONNECTOR_PEER_DISC_REQ) {
4648 		char *connector;
4649 
4650 		wpa_printf(MSG_INFO, "DPP: TESTING - invalid Connector");
4651 		connector = dpp_corrupt_connector_signature(
4652 			ssid->dpp_connector);
4653 		if (!connector) {
4654 			wpabuf_free(msg);
4655 			return -1;
4656 		}
4657 		wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
4658 		wpabuf_put_le16(msg, os_strlen(connector));
4659 		wpabuf_put_str(msg, connector);
4660 		os_free(connector);
4661 		goto skip_connector;
4662 	}
4663 #endif /* CONFIG_TESTING_OPTIONS */
4664 
4665 	/* DPP Connector */
4666 	wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
4667 	wpabuf_put_le16(msg, os_strlen(ssid->dpp_connector));
4668 	wpabuf_put_str(msg, ssid->dpp_connector);
4669 
4670 #ifdef CONFIG_TESTING_OPTIONS
4671 skip_connector:
4672 	if (dpp_test == DPP_TEST_NO_PROTOCOL_VERSION_PEER_DISC_REQ) {
4673 		wpa_printf(MSG_INFO, "DPP: TESTING - no Protocol Version");
4674 		goto skip_proto_ver;
4675 	}
4676 #endif /* CONFIG_TESTING_OPTIONS */
4677 
4678 #ifdef CONFIG_DPP2
4679 	if (DPP_VERSION > 1) {
4680 		u8 ver = DPP_VERSION;
4681 #ifdef CONFIG_DPP3
4682 		int conn_ver;
4683 
4684 		conn_ver = dpp_get_connector_version(ssid->dpp_connector);
4685 		if (conn_ver > 0 && ver != conn_ver) {
4686 			wpa_printf(MSG_DEBUG,
4687 				   "DPP: Use Connector version %d instead of current protocol version %d",
4688 				   conn_ver, ver);
4689 			ver = conn_ver;
4690 		}
4691 #endif /* CONFIG_DPP3 */
4692 
4693 #ifdef CONFIG_TESTING_OPTIONS
4694 	if (dpp_test == DPP_TEST_INVALID_PROTOCOL_VERSION_PEER_DISC_REQ) {
4695 		wpa_printf(MSG_INFO, "DPP: TESTING - invalid Protocol Version");
4696 		ver = 1;
4697 	}
4698 #endif /* CONFIG_TESTING_OPTIONS */
4699 
4700 		/* Protocol Version */
4701 		wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION);
4702 		wpabuf_put_le16(msg, 1);
4703 		wpabuf_put_u8(msg, ver);
4704 	}
4705 #endif /* CONFIG_DPP2 */
4706 
4707 #ifdef CONFIG_TESTING_OPTIONS
4708 skip_proto_ver:
4709 #endif /* CONFIG_TESTING_OPTIONS */
4710 
4711 	/* TODO: Timeout on AP response */
4712 	wait_time = wpa_s->max_remain_on_chan;
4713 	if (wait_time > 2000)
4714 		wait_time = 2000;
4715 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
4716 		MAC2STR(bss->bssid), bss->freq, DPP_PA_PEER_DISCOVERY_REQ);
4717 	offchannel_send_action(wpa_s, bss->freq, bss->bssid, wpa_s->own_addr,
4718 			       broadcast,
4719 			       wpabuf_head(msg), wpabuf_len(msg),
4720 			       wait_time, wpas_dpp_tx_introduction_status, 0);
4721 	wpabuf_free(msg);
4722 
4723 	/* Request this connection attempt to terminate - new one will be
4724 	 * started when network introduction protocol completes */
4725 	os_memcpy(wpa_s->dpp_intro_bssid, bss->bssid, ETH_ALEN);
4726 	wpa_s->dpp_intro_network = ssid;
4727 	return 1;
4728 }
4729 
4730 
wpas_dpp_pkex_add(struct wpa_supplicant * wpa_s,const char * cmd)4731 int wpas_dpp_pkex_add(struct wpa_supplicant *wpa_s, const char *cmd)
4732 {
4733 	struct dpp_bootstrap_info *own_bi;
4734 	const char *pos, *end;
4735 #ifdef CONFIG_DPP3
4736 	enum dpp_pkex_ver ver = PKEX_VER_AUTO;
4737 #else /* CONFIG_DPP3 */
4738 	enum dpp_pkex_ver ver = PKEX_VER_ONLY_1;
4739 #endif /* CONFIG_DPP3 */
4740 	int tcp_port = DPP_TCP_PORT;
4741 	struct hostapd_ip_addr *ipaddr = NULL;
4742 #ifdef CONFIG_DPP2
4743 	struct hostapd_ip_addr ipaddr_buf;
4744 	char *addr;
4745 
4746 	pos = os_strstr(cmd, " tcp_port=");
4747 	if (pos) {
4748 		pos += 10;
4749 		tcp_port = atoi(pos);
4750 	}
4751 
4752 	addr = get_param(cmd, " tcp_addr=");
4753 	if (addr) {
4754 		int res;
4755 
4756 		res = hostapd_parse_ip_addr(addr, &ipaddr_buf);
4757 		os_free(addr);
4758 		if (res)
4759 			return -1;
4760 		ipaddr = &ipaddr_buf;
4761 	}
4762 #endif /* CONFIG_DPP2 */
4763 
4764 	pos = os_strstr(cmd, " own=");
4765 	if (!pos)
4766 		return -1;
4767 	pos += 5;
4768 	own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
4769 	if (!own_bi) {
4770 		wpa_printf(MSG_DEBUG,
4771 			   "DPP: Identified bootstrap info not found");
4772 		return -1;
4773 	}
4774 	if (own_bi->type != DPP_BOOTSTRAP_PKEX) {
4775 		wpa_printf(MSG_DEBUG,
4776 			   "DPP: Identified bootstrap info not for PKEX");
4777 		return -1;
4778 	}
4779 	wpa_s->dpp_pkex_bi = own_bi;
4780 	own_bi->pkex_t = 0; /* clear pending errors on new code */
4781 
4782 	os_free(wpa_s->dpp_pkex_identifier);
4783 	wpa_s->dpp_pkex_identifier = NULL;
4784 	pos = os_strstr(cmd, " identifier=");
4785 	if (pos) {
4786 		pos += 12;
4787 		end = os_strchr(pos, ' ');
4788 		if (!end)
4789 			return -1;
4790 		wpa_s->dpp_pkex_identifier = os_malloc(end - pos + 1);
4791 		if (!wpa_s->dpp_pkex_identifier)
4792 			return -1;
4793 		os_memcpy(wpa_s->dpp_pkex_identifier, pos, end - pos);
4794 		wpa_s->dpp_pkex_identifier[end - pos] = '\0';
4795 	}
4796 
4797 	pos = os_strstr(cmd, " code=");
4798 	if (!pos)
4799 		return -1;
4800 	os_free(wpa_s->dpp_pkex_code);
4801 	wpa_s->dpp_pkex_code = os_strdup(pos + 6);
4802 	if (!wpa_s->dpp_pkex_code)
4803 		return -1;
4804 	wpa_s->dpp_pkex_code_len = os_strlen(wpa_s->dpp_pkex_code);
4805 
4806 	pos = os_strstr(cmd, " ver=");
4807 	if (pos) {
4808 		int v;
4809 
4810 		pos += 5;
4811 		v = atoi(pos);
4812 		if (v == 1)
4813 			ver = PKEX_VER_ONLY_1;
4814 		else if (v == 2)
4815 			ver = PKEX_VER_ONLY_2;
4816 		else
4817 			return -1;
4818 	}
4819 	wpa_s->dpp_pkex_ver = ver;
4820 
4821 	if (os_strstr(cmd, " init=1")) {
4822 		if (wpas_dpp_pkex_init(wpa_s, ver, ipaddr, tcp_port) < 0)
4823 			return -1;
4824 	} else {
4825 #ifdef CONFIG_DPP2
4826 		dpp_controller_pkex_add(wpa_s->dpp, own_bi,
4827 					wpa_s->dpp_pkex_code,
4828 					wpa_s->dpp_pkex_identifier);
4829 #endif /* CONFIG_DPP2 */
4830 	}
4831 
4832 	/* TODO: Support multiple PKEX info entries */
4833 
4834 	os_free(wpa_s->dpp_pkex_auth_cmd);
4835 	wpa_s->dpp_pkex_auth_cmd = os_strdup(cmd);
4836 
4837 	return 1;
4838 }
4839 
4840 
wpas_dpp_pkex_remove(struct wpa_supplicant * wpa_s,const char * id)4841 int wpas_dpp_pkex_remove(struct wpa_supplicant *wpa_s, const char *id)
4842 {
4843 	unsigned int id_val;
4844 
4845 	if (os_strcmp(id, "*") == 0) {
4846 		id_val = 0;
4847 	} else {
4848 		id_val = atoi(id);
4849 		if (id_val == 0)
4850 			return -1;
4851 	}
4852 
4853 	if ((id_val != 0 && id_val != 1))
4854 		return -1;
4855 
4856 	/* TODO: Support multiple PKEX entries */
4857 	os_free(wpa_s->dpp_pkex_code);
4858 	wpa_s->dpp_pkex_code = NULL;
4859 	os_free(wpa_s->dpp_pkex_identifier);
4860 	wpa_s->dpp_pkex_identifier = NULL;
4861 	os_free(wpa_s->dpp_pkex_auth_cmd);
4862 	wpa_s->dpp_pkex_auth_cmd = NULL;
4863 	wpa_s->dpp_pkex_bi = NULL;
4864 	/* TODO: Remove dpp_pkex only if it is for the identified PKEX code */
4865 	dpp_pkex_free(wpa_s->dpp_pkex);
4866 	wpa_s->dpp_pkex = NULL;
4867 	return 0;
4868 }
4869 
4870 
wpas_dpp_stop(struct wpa_supplicant * wpa_s)4871 void wpas_dpp_stop(struct wpa_supplicant *wpa_s)
4872 {
4873 	if (wpa_s->dpp_auth || wpa_s->dpp_pkex || wpa_s->dpp_pkex_wait_auth_req)
4874 		offchannel_send_action_done(wpa_s);
4875 	dpp_auth_deinit(wpa_s->dpp_auth);
4876 	wpa_s->dpp_auth = NULL;
4877 	dpp_pkex_free(wpa_s->dpp_pkex);
4878 	wpa_s->dpp_pkex = NULL;
4879 	wpa_s->dpp_pkex_wait_auth_req = false;
4880 	if (wpa_s->dpp_gas_client && wpa_s->dpp_gas_dialog_token >= 0)
4881 		gas_query_stop(wpa_s->gas, wpa_s->dpp_gas_dialog_token);
4882 #ifdef CONFIG_DPP3
4883 	wpas_dpp_push_button_stop(wpa_s);
4884 #endif /* CONFIG_DPP3 */
4885 }
4886 
4887 
wpas_dpp_init(struct wpa_supplicant * wpa_s)4888 int wpas_dpp_init(struct wpa_supplicant *wpa_s)
4889 {
4890 	struct dpp_global_config config;
4891 	u8 adv_proto_id[7];
4892 
4893 	adv_proto_id[0] = WLAN_EID_VENDOR_SPECIFIC;
4894 	adv_proto_id[1] = 5;
4895 	WPA_PUT_BE24(&adv_proto_id[2], OUI_WFA);
4896 	adv_proto_id[5] = DPP_OUI_TYPE;
4897 	adv_proto_id[6] = 0x01;
4898 
4899 	if (gas_server_register(wpa_s->gas_server, adv_proto_id,
4900 				sizeof(adv_proto_id), wpas_dpp_gas_req_handler,
4901 				wpas_dpp_gas_status_handler, wpa_s) < 0)
4902 		return -1;
4903 
4904 	os_memset(&config, 0, sizeof(config));
4905 	config.cb_ctx = wpa_s;
4906 #ifdef CONFIG_DPP2
4907 	config.remove_bi = wpas_dpp_remove_bi;
4908 #endif /* CONFIG_DPP2 */
4909 	wpa_s->dpp = dpp_global_init(&config);
4910 	return wpa_s->dpp ? 0 : -1;
4911 }
4912 
4913 
wpas_dpp_deinit(struct wpa_supplicant * wpa_s)4914 void wpas_dpp_deinit(struct wpa_supplicant *wpa_s)
4915 {
4916 #ifdef CONFIG_TESTING_OPTIONS
4917 	os_free(wpa_s->dpp_config_obj_override);
4918 	wpa_s->dpp_config_obj_override = NULL;
4919 	os_free(wpa_s->dpp_discovery_override);
4920 	wpa_s->dpp_discovery_override = NULL;
4921 	os_free(wpa_s->dpp_groups_override);
4922 	wpa_s->dpp_groups_override = NULL;
4923 	wpa_s->dpp_ignore_netaccesskey_mismatch = 0;
4924 #endif /* CONFIG_TESTING_OPTIONS */
4925 	if (!wpa_s->dpp)
4926 		return;
4927 	eloop_cancel_timeout(wpas_dpp_pkex_retry_timeout, wpa_s, NULL);
4928 	eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
4929 	eloop_cancel_timeout(wpas_dpp_auth_conf_wait_timeout, wpa_s, NULL);
4930 	eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL);
4931 	eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL);
4932 	eloop_cancel_timeout(wpas_dpp_gas_initial_resp_timeout, wpa_s, NULL);
4933 	eloop_cancel_timeout(wpas_dpp_gas_client_timeout, wpa_s, NULL);
4934 	eloop_cancel_timeout(wpas_dpp_drv_wait_timeout, wpa_s, NULL);
4935 	eloop_cancel_timeout(wpas_dpp_tx_auth_resp_roc_timeout, wpa_s, NULL);
4936 	eloop_cancel_timeout(wpas_dpp_neg_freq_timeout, wpa_s, NULL);
4937 #ifdef CONFIG_DPP2
4938 	eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout, wpa_s, NULL);
4939 	eloop_cancel_timeout(wpas_dpp_conn_status_result_wait_timeout,
4940 			     wpa_s, NULL);
4941 	eloop_cancel_timeout(wpas_dpp_conn_status_result_timeout, wpa_s, NULL);
4942 	eloop_cancel_timeout(wpas_dpp_reconfig_reply_wait_timeout,
4943 			     wpa_s, NULL);
4944 	eloop_cancel_timeout(wpas_dpp_build_csr, wpa_s, NULL);
4945 	eloop_cancel_timeout(wpas_dpp_connected_timeout, wpa_s, NULL);
4946 	dpp_pfs_free(wpa_s->dpp_pfs);
4947 	wpa_s->dpp_pfs = NULL;
4948 	wpas_dpp_chirp_stop(wpa_s);
4949 	dpp_free_reconfig_id(wpa_s->dpp_reconfig_id);
4950 	wpa_s->dpp_reconfig_id = NULL;
4951 #endif /* CONFIG_DPP2 */
4952 #ifdef CONFIG_DPP3
4953 	eloop_cancel_timeout(wpas_dpp_build_new_key, wpa_s, NULL);
4954 #endif /* CONFIG_DPP3 */
4955 	offchannel_send_action_done(wpa_s);
4956 	wpas_dpp_listen_stop(wpa_s);
4957 	wpas_dpp_stop(wpa_s);
4958 	wpas_dpp_pkex_remove(wpa_s, "*");
4959 	os_memset(wpa_s->dpp_intro_bssid, 0, ETH_ALEN);
4960 	os_free(wpa_s->dpp_configurator_params);
4961 	wpa_s->dpp_configurator_params = NULL;
4962 	dpp_global_clear(wpa_s->dpp);
4963 }
4964 
4965 
wpas_dpp_build_conf_resp(struct wpa_supplicant * wpa_s,struct dpp_authentication * auth,bool tcp)4966 static int wpas_dpp_build_conf_resp(struct wpa_supplicant *wpa_s,
4967 				    struct dpp_authentication *auth, bool tcp)
4968 {
4969 	struct wpabuf *resp;
4970 
4971 	resp = dpp_build_conf_resp(auth, auth->e_nonce, auth->curve->nonce_len,
4972 				   auth->e_netrole, true);
4973 	if (!resp)
4974 		return -1;
4975 
4976 	if (tcp) {
4977 		auth->conf_resp_tcp = resp;
4978 		return 0;
4979 	}
4980 
4981 	eloop_cancel_timeout(wpas_dpp_gas_initial_resp_timeout, wpa_s, NULL);
4982 	if (gas_server_set_resp(wpa_s->gas_server, auth->config_resp_ctx,
4983 				resp) < 0) {
4984 		wpa_printf(MSG_DEBUG,
4985 			   "DPP: Could not find pending GAS response");
4986 		wpabuf_free(resp);
4987 		return -1;
4988 	}
4989 	auth->conf_resp = resp;
4990 	return 0;
4991 }
4992 
4993 
wpas_dpp_conf_set(struct wpa_supplicant * wpa_s,const char * cmd)4994 int wpas_dpp_conf_set(struct wpa_supplicant *wpa_s, const char *cmd)
4995 {
4996 	int peer;
4997 	const char *pos;
4998 	struct dpp_authentication *auth = wpa_s->dpp_auth;
4999 	bool tcp = false;
5000 
5001 	pos = os_strstr(cmd, " peer=");
5002 	if (!pos)
5003 		return -1;
5004 	peer = atoi(pos + 6);
5005 #ifdef CONFIG_DPP2
5006 	if (!auth || !auth->waiting_config ||
5007 	    (auth->peer_bi &&
5008 	     (unsigned int) peer != auth->peer_bi->id)) {
5009 		auth = dpp_controller_get_auth(wpa_s->dpp, peer);
5010 		tcp = true;
5011 	}
5012 #endif /* CONFIG_DPP2 */
5013 
5014 	if (!auth || !auth->waiting_config) {
5015 		wpa_printf(MSG_DEBUG,
5016 			   "DPP: No authentication exchange waiting for configuration information");
5017 		return -1;
5018 	}
5019 
5020 	if ((!auth->peer_bi ||
5021 	     (unsigned int) peer != auth->peer_bi->id) &&
5022 	    (!auth->tmp_peer_bi ||
5023 	     (unsigned int) peer != auth->tmp_peer_bi->id)) {
5024 		wpa_printf(MSG_DEBUG, "DPP: Peer mismatch");
5025 		return -1;
5026 	}
5027 
5028 	pos = os_strstr(cmd, " comeback=");
5029 	if (pos) {
5030 		eloop_cancel_timeout(wpas_dpp_gas_initial_resp_timeout, wpa_s,
5031 				     NULL);
5032 		gas_server_set_comeback_delay(wpa_s->gas_server,
5033 					      auth->config_resp_ctx,
5034 					      atoi(pos + 10));
5035 		return 0;
5036 	}
5037 
5038 	if (dpp_set_configurator(auth, cmd) < 0)
5039 		return -1;
5040 
5041 	auth->use_config_query = false;
5042 	auth->waiting_config = false;
5043 	return wpas_dpp_build_conf_resp(wpa_s, auth, tcp);
5044 }
5045 
5046 
5047 #ifdef CONFIG_DPP2
5048 
wpas_dpp_controller_start(struct wpa_supplicant * wpa_s,const char * cmd)5049 int wpas_dpp_controller_start(struct wpa_supplicant *wpa_s, const char *cmd)
5050 {
5051 	struct dpp_controller_config config;
5052 	const char *pos;
5053 
5054 	os_memset(&config, 0, sizeof(config));
5055 	config.allowed_roles = DPP_CAPAB_ENROLLEE | DPP_CAPAB_CONFIGURATOR;
5056 	config.netrole = DPP_NETROLE_STA;
5057 	config.msg_ctx = wpa_s;
5058 	config.cb_ctx = wpa_s;
5059 	config.process_conf_obj = wpas_dpp_process_conf_obj;
5060 	config.tcp_msg_sent = wpas_dpp_tcp_msg_sent;
5061 	if (cmd) {
5062 		pos = os_strstr(cmd, " tcp_port=");
5063 		if (pos) {
5064 			pos += 10;
5065 			config.tcp_port = atoi(pos);
5066 		}
5067 
5068 		pos = os_strstr(cmd, " role=");
5069 		if (pos) {
5070 			pos += 6;
5071 			if (os_strncmp(pos, "configurator", 12) == 0)
5072 				config.allowed_roles = DPP_CAPAB_CONFIGURATOR;
5073 			else if (os_strncmp(pos, "enrollee", 8) == 0)
5074 				config.allowed_roles = DPP_CAPAB_ENROLLEE;
5075 			else if (os_strncmp(pos, "either", 6) == 0)
5076 				config.allowed_roles = DPP_CAPAB_CONFIGURATOR |
5077 					DPP_CAPAB_ENROLLEE;
5078 			else
5079 				return -1;
5080 		}
5081 
5082 		config.qr_mutual = os_strstr(cmd, " qr=mutual") != NULL;
5083 	}
5084 	config.configurator_params = wpa_s->dpp_configurator_params;
5085 	return dpp_controller_start(wpa_s->dpp, &config);
5086 }
5087 
5088 
5089 static void wpas_dpp_chirp_next(void *eloop_ctx, void *timeout_ctx);
5090 
wpas_dpp_chirp_timeout(void * eloop_ctx,void * timeout_ctx)5091 static void wpas_dpp_chirp_timeout(void *eloop_ctx, void *timeout_ctx)
5092 {
5093 	struct wpa_supplicant *wpa_s = eloop_ctx;
5094 
5095 	wpa_printf(MSG_DEBUG, "DPP: No chirp response received");
5096 	offchannel_send_action_done(wpa_s);
5097 	wpas_dpp_chirp_next(wpa_s, NULL);
5098 }
5099 
5100 
wpas_dpp_chirp_tx_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)5101 static void wpas_dpp_chirp_tx_status(struct wpa_supplicant *wpa_s,
5102 				     unsigned int freq, const u8 *dst,
5103 				     const u8 *src, const u8 *bssid,
5104 				     const u8 *data, size_t data_len,
5105 				     enum offchannel_send_action_result result)
5106 {
5107 	if (result == OFFCHANNEL_SEND_ACTION_FAILED) {
5108 		wpa_printf(MSG_DEBUG, "DPP: Failed to send chirp on %d MHz",
5109 			   wpa_s->dpp_chirp_freq);
5110 		if (eloop_register_timeout(0, 0, wpas_dpp_chirp_next,
5111 					   wpa_s, NULL) < 0)
5112 			wpas_dpp_chirp_stop(wpa_s);
5113 		return;
5114 	}
5115 
5116 	wpa_printf(MSG_DEBUG, "DPP: Chirp send completed - wait for response");
5117 	if (eloop_register_timeout(2, 0, wpas_dpp_chirp_timeout,
5118 				   wpa_s, NULL) < 0)
5119 		wpas_dpp_chirp_stop(wpa_s);
5120 }
5121 
5122 
wpas_dpp_chirp_start(struct wpa_supplicant * wpa_s)5123 static void wpas_dpp_chirp_start(struct wpa_supplicant *wpa_s)
5124 {
5125 	struct wpabuf *msg, *announce = NULL;
5126 	int type;
5127 
5128 	msg = wpa_s->dpp_presence_announcement;
5129 	type = DPP_PA_PRESENCE_ANNOUNCEMENT;
5130 	if (!msg) {
5131 		struct wpa_ssid *ssid = wpa_s->dpp_reconfig_ssid;
5132 
5133 		if (ssid && wpa_s->dpp_reconfig_id &&
5134 		    wpa_config_get_network(wpa_s->conf,
5135 					   wpa_s->dpp_reconfig_ssid_id) ==
5136 		    ssid) {
5137 			announce = dpp_build_reconfig_announcement(
5138 				ssid->dpp_csign,
5139 				ssid->dpp_csign_len,
5140 				ssid->dpp_netaccesskey,
5141 				ssid->dpp_netaccesskey_len,
5142 				wpa_s->dpp_reconfig_id);
5143 			msg = announce;
5144 		}
5145 		if (!msg)
5146 			return;
5147 		type = DPP_PA_RECONFIG_ANNOUNCEMENT;
5148 	}
5149 	wpa_printf(MSG_DEBUG, "DPP: Chirp on %d MHz", wpa_s->dpp_chirp_freq);
5150 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
5151 		MAC2STR(broadcast), wpa_s->dpp_chirp_freq, type);
5152 	if (offchannel_send_action(
5153 		    wpa_s, wpa_s->dpp_chirp_freq, broadcast,
5154 		    wpa_s->own_addr, broadcast,
5155 		    wpabuf_head(msg), wpabuf_len(msg),
5156 		    2000, wpas_dpp_chirp_tx_status, 0) < 0)
5157 		wpas_dpp_chirp_stop(wpa_s);
5158 
5159 	wpabuf_free(announce);
5160 }
5161 
5162 
wpas_dpp_presence_ann_channels(struct wpa_supplicant * wpa_s,struct dpp_bootstrap_info * bi)5163 static int * wpas_dpp_presence_ann_channels(struct wpa_supplicant *wpa_s,
5164 					    struct dpp_bootstrap_info *bi)
5165 {
5166 	unsigned int i;
5167 	struct hostapd_hw_modes *mode;
5168 	int c;
5169 	struct wpa_bss *bss;
5170 	bool chan6 = wpa_s->hw.modes == NULL;
5171 	int *freqs = NULL;
5172 
5173 	/* Channels from own bootstrapping info */
5174 	if (bi) {
5175 		for (i = 0; i < bi->num_freq; i++)
5176 			int_array_add_unique(&freqs, bi->freq[i]);
5177 	}
5178 
5179 	/* Preferred chirping channels */
5180 	mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
5181 			HOSTAPD_MODE_IEEE80211G, false);
5182 	if (mode) {
5183 		for (c = 0; c < mode->num_channels; c++) {
5184 			struct hostapd_channel_data *chan = &mode->channels[c];
5185 
5186 			if ((chan->flag & HOSTAPD_CHAN_DISABLED) ||
5187 			    chan->freq != 2437)
5188 				continue;
5189 			chan6 = true;
5190 			break;
5191 		}
5192 	}
5193 	if (chan6)
5194 		int_array_add_unique(&freqs, 2437);
5195 
5196 	mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
5197 			HOSTAPD_MODE_IEEE80211A, false);
5198 	if (mode) {
5199 		int chan44 = 0, chan149 = 0;
5200 
5201 		for (c = 0; c < mode->num_channels; c++) {
5202 			struct hostapd_channel_data *chan = &mode->channels[c];
5203 
5204 			if (chan->flag & (HOSTAPD_CHAN_DISABLED |
5205 					  HOSTAPD_CHAN_RADAR))
5206 				continue;
5207 			if (chan->freq == 5220)
5208 				chan44 = 1;
5209 			if (chan->freq == 5745)
5210 				chan149 = 1;
5211 		}
5212 		if (chan149)
5213 			int_array_add_unique(&freqs, 5745);
5214 		else if (chan44)
5215 			int_array_add_unique(&freqs, 5220);
5216 	}
5217 
5218 	mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
5219 			HOSTAPD_MODE_IEEE80211AD, false);
5220 	if (mode) {
5221 		for (c = 0; c < mode->num_channels; c++) {
5222 			struct hostapd_channel_data *chan = &mode->channels[c];
5223 
5224 			if ((chan->flag & (HOSTAPD_CHAN_DISABLED |
5225 					   HOSTAPD_CHAN_RADAR)) ||
5226 			    chan->freq != 60480)
5227 				continue;
5228 			int_array_add_unique(&freqs, 60480);
5229 			break;
5230 		}
5231 	}
5232 
5233 	/* Add channels from scan results for APs that advertise Configurator
5234 	 * Connectivity element */
5235 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
5236 		if (wpa_bss_get_vendor_ie(bss, DPP_CC_IE_VENDOR_TYPE))
5237 			int_array_add_unique(&freqs, bss->freq);
5238 	}
5239 
5240 	return freqs;
5241 }
5242 
5243 
wpas_dpp_chirp_scan_res_handler(struct wpa_supplicant * wpa_s,struct wpa_scan_results * scan_res)5244 static void wpas_dpp_chirp_scan_res_handler(struct wpa_supplicant *wpa_s,
5245 					    struct wpa_scan_results *scan_res)
5246 {
5247 	struct dpp_bootstrap_info *bi = wpa_s->dpp_chirp_bi;
5248 
5249 	if (!bi && !wpa_s->dpp_reconfig_ssid)
5250 		return;
5251 
5252 	wpa_s->dpp_chirp_scan_done = 1;
5253 
5254 	os_free(wpa_s->dpp_chirp_freqs);
5255 	wpa_s->dpp_chirp_freqs = wpas_dpp_presence_ann_channels(wpa_s, bi);
5256 
5257 	if (!wpa_s->dpp_chirp_freqs ||
5258 	    eloop_register_timeout(0, 0, wpas_dpp_chirp_next, wpa_s, NULL) < 0)
5259 		wpas_dpp_chirp_stop(wpa_s);
5260 }
5261 
5262 
wpas_dpp_chirp_next(void * eloop_ctx,void * timeout_ctx)5263 static void wpas_dpp_chirp_next(void *eloop_ctx, void *timeout_ctx)
5264 {
5265 	struct wpa_supplicant *wpa_s = eloop_ctx;
5266 	int i;
5267 
5268 	if (wpa_s->dpp_chirp_listen)
5269 		wpas_dpp_listen_stop(wpa_s);
5270 
5271 	if (wpa_s->dpp_chirp_freq == 0) {
5272 		if (wpa_s->dpp_chirp_round % 4 == 0 &&
5273 		    !wpa_s->dpp_chirp_scan_done) {
5274 			if (wpas_scan_scheduled(wpa_s)) {
5275 				wpa_printf(MSG_DEBUG,
5276 					   "DPP: Deferring chirp scan because another scan is planned already");
5277 				if (eloop_register_timeout(1, 0,
5278 							   wpas_dpp_chirp_next,
5279 							   wpa_s, NULL) < 0) {
5280 					wpas_dpp_chirp_stop(wpa_s);
5281 					return;
5282 				}
5283 				return;
5284 			}
5285 			wpa_printf(MSG_DEBUG,
5286 				   "DPP: Update channel list for chirping");
5287 			wpa_s->scan_req = MANUAL_SCAN_REQ;
5288 			wpa_s->scan_res_handler =
5289 				wpas_dpp_chirp_scan_res_handler;
5290 			wpa_supplicant_req_scan(wpa_s, 0, 0);
5291 			return;
5292 		}
5293 		wpa_s->dpp_chirp_freq = wpa_s->dpp_chirp_freqs[0];
5294 		wpa_s->dpp_chirp_round++;
5295 		wpa_printf(MSG_DEBUG, "DPP: Start chirping round %d",
5296 			   wpa_s->dpp_chirp_round);
5297 	} else {
5298 		for (i = 0; wpa_s->dpp_chirp_freqs[i]; i++)
5299 			if (wpa_s->dpp_chirp_freqs[i] == wpa_s->dpp_chirp_freq)
5300 				break;
5301 		if (!wpa_s->dpp_chirp_freqs[i]) {
5302 			wpa_printf(MSG_DEBUG,
5303 				   "DPP: Previous chirp freq %d not found",
5304 				   wpa_s->dpp_chirp_freq);
5305 			return;
5306 		}
5307 		i++;
5308 		if (wpa_s->dpp_chirp_freqs[i]) {
5309 			wpa_s->dpp_chirp_freq = wpa_s->dpp_chirp_freqs[i];
5310 		} else {
5311 			wpa_s->dpp_chirp_iter--;
5312 			if (wpa_s->dpp_chirp_iter <= 0) {
5313 				wpa_printf(MSG_DEBUG,
5314 					   "DPP: Chirping iterations completed");
5315 				wpas_dpp_chirp_stop(wpa_s);
5316 				return;
5317 			}
5318 			wpa_s->dpp_chirp_freq = 0;
5319 			wpa_s->dpp_chirp_scan_done = 0;
5320 			if (eloop_register_timeout(30, 0, wpas_dpp_chirp_next,
5321 						   wpa_s, NULL) < 0) {
5322 				wpas_dpp_chirp_stop(wpa_s);
5323 				return;
5324 			}
5325 			if (wpa_s->dpp_chirp_listen) {
5326 				wpa_printf(MSG_DEBUG,
5327 					   "DPP: Listen on %d MHz during chirp 30 second wait",
5328 					wpa_s->dpp_chirp_listen);
5329 				wpas_dpp_listen_start(wpa_s,
5330 						      wpa_s->dpp_chirp_listen);
5331 			} else {
5332 				wpa_printf(MSG_DEBUG,
5333 					   "DPP: Wait 30 seconds before starting the next chirping round");
5334 			}
5335 			return;
5336 		}
5337 	}
5338 
5339 	wpas_dpp_chirp_start(wpa_s);
5340 }
5341 
5342 
wpas_dpp_chirp(struct wpa_supplicant * wpa_s,const char * cmd)5343 int wpas_dpp_chirp(struct wpa_supplicant *wpa_s, const char *cmd)
5344 {
5345 	const char *pos;
5346 	int iter = 1, listen_freq = 0;
5347 	struct dpp_bootstrap_info *bi;
5348 
5349 	pos = os_strstr(cmd, " own=");
5350 	if (!pos)
5351 		return -1;
5352 	pos += 5;
5353 	bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos));
5354 	if (!bi) {
5355 		wpa_printf(MSG_DEBUG,
5356 			   "DPP: Identified bootstrap info not found");
5357 		return -1;
5358 	}
5359 
5360 	pos = os_strstr(cmd, " iter=");
5361 	if (pos) {
5362 		iter = atoi(pos + 6);
5363 		if (iter <= 0)
5364 			return -1;
5365 	}
5366 
5367 	pos = os_strstr(cmd, " listen=");
5368 	if (pos) {
5369 		listen_freq = atoi(pos + 8);
5370 		if (listen_freq <= 0)
5371 			return -1;
5372 	}
5373 
5374 	wpas_dpp_chirp_stop(wpa_s);
5375 	wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
5376 	wpa_s->dpp_netrole = DPP_NETROLE_STA;
5377 	wpa_s->dpp_qr_mutual = 0;
5378 	wpa_s->dpp_chirp_bi = bi;
5379 	wpa_s->dpp_presence_announcement = dpp_build_presence_announcement(bi);
5380 	if (!wpa_s->dpp_presence_announcement)
5381 		return -1;
5382 	wpa_s->dpp_chirp_iter = iter;
5383 	wpa_s->dpp_chirp_round = 0;
5384 	wpa_s->dpp_chirp_scan_done = 0;
5385 	wpa_s->dpp_chirp_listen = listen_freq;
5386 
5387 	return eloop_register_timeout(0, 0, wpas_dpp_chirp_next, wpa_s, NULL);
5388 }
5389 
5390 
wpas_dpp_chirp_stop(struct wpa_supplicant * wpa_s)5391 void wpas_dpp_chirp_stop(struct wpa_supplicant *wpa_s)
5392 {
5393 	if (wpa_s->dpp_presence_announcement ||
5394 	    wpa_s->dpp_reconfig_ssid) {
5395 		offchannel_send_action_done(wpa_s);
5396 		wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CHIRP_STOPPED);
5397 	}
5398 	wpa_s->dpp_chirp_bi = NULL;
5399 	wpabuf_free(wpa_s->dpp_presence_announcement);
5400 	wpa_s->dpp_presence_announcement = NULL;
5401 	if (wpa_s->dpp_chirp_listen)
5402 		wpas_dpp_listen_stop(wpa_s);
5403 	wpa_s->dpp_chirp_listen = 0;
5404 	wpa_s->dpp_chirp_freq = 0;
5405 	os_free(wpa_s->dpp_chirp_freqs);
5406 	wpa_s->dpp_chirp_freqs = NULL;
5407 	eloop_cancel_timeout(wpas_dpp_chirp_next, wpa_s, NULL);
5408 	eloop_cancel_timeout(wpas_dpp_chirp_timeout, wpa_s, NULL);
5409 	if (wpa_s->scan_res_handler == wpas_dpp_chirp_scan_res_handler) {
5410 		wpas_abort_ongoing_scan(wpa_s);
5411 		wpa_s->scan_res_handler = NULL;
5412 	}
5413 }
5414 
5415 
wpas_dpp_reconfig(struct wpa_supplicant * wpa_s,const char * cmd)5416 int wpas_dpp_reconfig(struct wpa_supplicant *wpa_s, const char *cmd)
5417 {
5418 	struct wpa_ssid *ssid;
5419 	int iter = 1;
5420 	const char *pos;
5421 
5422 	ssid = wpa_config_get_network(wpa_s->conf, atoi(cmd));
5423 	if (!ssid || !ssid->dpp_connector || !ssid->dpp_netaccesskey ||
5424 	    !ssid->dpp_csign) {
5425 		wpa_printf(MSG_DEBUG,
5426 			   "DPP: Not a valid network profile for reconfiguration");
5427 		return -1;
5428 	}
5429 
5430 	pos = os_strstr(cmd, " iter=");
5431 	if (pos) {
5432 		iter = atoi(pos + 6);
5433 		if (iter <= 0)
5434 			return -1;
5435 	}
5436 
5437 	if (wpa_s->dpp_auth) {
5438 		wpa_printf(MSG_DEBUG,
5439 			   "DPP: Not ready to start reconfiguration - pending authentication exchange in progress");
5440 		return -1;
5441 	}
5442 
5443 	dpp_free_reconfig_id(wpa_s->dpp_reconfig_id);
5444 	wpa_s->dpp_reconfig_id = dpp_gen_reconfig_id(ssid->dpp_csign,
5445 						     ssid->dpp_csign_len,
5446 						     ssid->dpp_pp_key,
5447 						     ssid->dpp_pp_key_len);
5448 	if (!wpa_s->dpp_reconfig_id) {
5449 		wpa_printf(MSG_DEBUG,
5450 			   "DPP: Failed to generate E-id for reconfiguration");
5451 		return -1;
5452 	}
5453 	if (wpa_s->wpa_state >= WPA_AUTHENTICATING) {
5454 		wpa_printf(MSG_DEBUG, "DPP: Disconnect for reconfiguration");
5455 		wpa_s->own_disconnect_req = 1;
5456 		wpa_supplicant_deauthenticate(
5457 			wpa_s, WLAN_REASON_DEAUTH_LEAVING);
5458 	}
5459 	wpas_dpp_chirp_stop(wpa_s);
5460 	wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
5461 	wpa_s->dpp_netrole = DPP_NETROLE_STA;
5462 	wpa_s->dpp_qr_mutual = 0;
5463 	wpa_s->dpp_reconfig_ssid = ssid;
5464 	wpa_s->dpp_reconfig_ssid_id = ssid->id;
5465 	wpa_s->dpp_chirp_iter = iter;
5466 	wpa_s->dpp_chirp_round = 0;
5467 	wpa_s->dpp_chirp_scan_done = 0;
5468 	wpa_s->dpp_chirp_listen = 0;
5469 
5470 	return eloop_register_timeout(0, 0, wpas_dpp_chirp_next, wpa_s, NULL);
5471 }
5472 
5473 
wpas_dpp_ca_set(struct wpa_supplicant * wpa_s,const char * cmd)5474 int wpas_dpp_ca_set(struct wpa_supplicant *wpa_s, const char *cmd)
5475 {
5476 	int peer = -1;
5477 	const char *pos, *value;
5478 	struct dpp_authentication *auth = wpa_s->dpp_auth;
5479 	u8 *bin;
5480 	size_t bin_len;
5481 	struct wpabuf *buf;
5482 	bool tcp = false;
5483 
5484 	pos = os_strstr(cmd, " peer=");
5485 	if (pos) {
5486 		peer = atoi(pos + 6);
5487 		if (!auth || !auth->waiting_cert ||
5488 		    (auth->peer_bi &&
5489 		     (unsigned int) peer != auth->peer_bi->id)) {
5490 			auth = dpp_controller_get_auth(wpa_s->dpp, peer);
5491 			tcp = true;
5492 		}
5493 	}
5494 
5495 	if (!auth || !auth->waiting_cert) {
5496 		wpa_printf(MSG_DEBUG,
5497 			   "DPP: No authentication exchange waiting for certificate information");
5498 		return -1;
5499 	}
5500 
5501 	if (peer >= 0 &&
5502 	    (!auth->peer_bi ||
5503 	     (unsigned int) peer != auth->peer_bi->id) &&
5504 	    (!auth->tmp_peer_bi ||
5505 	     (unsigned int) peer != auth->tmp_peer_bi->id)) {
5506 		wpa_printf(MSG_DEBUG, "DPP: Peer mismatch");
5507 		return -1;
5508 	}
5509 
5510 	pos = os_strstr(cmd, " value=");
5511 	if (!pos)
5512 		return -1;
5513 	value = pos + 7;
5514 
5515 	pos = os_strstr(cmd, " name=");
5516 	if (!pos)
5517 		return -1;
5518 	pos += 6;
5519 
5520 	if (os_strncmp(pos, "status ", 7) == 0) {
5521 		auth->force_conf_resp_status = atoi(value);
5522 		return wpas_dpp_build_conf_resp(wpa_s, auth, tcp);
5523 	}
5524 
5525 	if (os_strncmp(pos, "trustedEapServerName ", 21) == 0) {
5526 		os_free(auth->trusted_eap_server_name);
5527 		auth->trusted_eap_server_name = os_strdup(value);
5528 		return auth->trusted_eap_server_name ? 0 : -1;
5529 	}
5530 
5531 	bin = base64_decode(value, os_strlen(value), &bin_len);
5532 	if (!bin)
5533 		return -1;
5534 	buf = wpabuf_alloc_copy(bin, bin_len);
5535 	os_free(bin);
5536 
5537 	if (os_strncmp(pos, "caCert ", 7) == 0) {
5538 		wpabuf_free(auth->cacert);
5539 		auth->cacert = buf;
5540 		return 0;
5541 	}
5542 
5543 	if (os_strncmp(pos, "certBag ", 8) == 0) {
5544 		wpabuf_free(auth->certbag);
5545 		auth->certbag = buf;
5546 		return wpas_dpp_build_conf_resp(wpa_s, auth, tcp);
5547 	}
5548 
5549 	wpabuf_free(buf);
5550 	return -1;
5551 }
5552 
5553 #endif /* CONFIG_DPP2 */
5554 
5555 
5556 #ifdef CONFIG_DPP3
5557 
5558 #define DPP_PB_ANNOUNCE_PER_CHAN 3
5559 
5560 static int wpas_dpp_pb_announce(struct wpa_supplicant *wpa_s, int freq);
5561 
5562 
wpas_dpp_pb_tx_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)5563 static void wpas_dpp_pb_tx_status(struct wpa_supplicant *wpa_s,
5564 				  unsigned int freq, const u8 *dst,
5565 				  const u8 *src, const u8 *bssid,
5566 				  const u8 *data, size_t data_len,
5567 				  enum offchannel_send_action_result result)
5568 {
5569 	if (result == OFFCHANNEL_SEND_ACTION_FAILED) {
5570 		wpa_printf(MSG_DEBUG,
5571 			   "DPP: Failed to send push button announcement on %d MHz",
5572 			   freq);
5573 		if (eloop_register_timeout(0, 0, wpas_dpp_pb_next,
5574 					   wpa_s, NULL) < 0)
5575 			wpas_dpp_push_button_stop(wpa_s);
5576 		return;
5577 	}
5578 
5579 	wpa_printf(MSG_DEBUG, "DPP: Push button announcement on %d MHz sent",
5580 		   freq);
5581 	if (wpa_s->dpp_pb_discovery_done) {
5582 		wpa_s->dpp_pb_announce_count = 0;
5583 		wpa_printf(MSG_DEBUG,
5584 			   "DPP: Wait for push button announcement response and PKEX on %d MHz",
5585 			   freq);
5586 		if (eloop_register_timeout(0, 500000, wpas_dpp_pb_next,
5587 					   wpa_s, NULL) < 0)
5588 			wpas_dpp_push_button_stop(wpa_s);
5589 		return;
5590 	} else if (wpa_s->dpp_pb_announce_count >= DPP_PB_ANNOUNCE_PER_CHAN) {
5591 		wpa_printf(MSG_DEBUG,
5592 			   "DPP: Wait for push button announcement response on %d MHz",
5593 			   freq);
5594 		if (eloop_register_timeout(0, 50000, wpas_dpp_pb_next,
5595 					   wpa_s, NULL) < 0)
5596 			wpas_dpp_push_button_stop(wpa_s);
5597 		return;
5598 	}
5599 
5600 	if (wpas_dpp_pb_announce(wpa_s, freq) < 0)
5601 		wpas_dpp_push_button_stop(wpa_s);
5602 }
5603 
5604 
wpas_dpp_pb_announce(struct wpa_supplicant * wpa_s,int freq)5605 static int wpas_dpp_pb_announce(struct wpa_supplicant *wpa_s, int freq)
5606 {
5607 	struct wpabuf *msg;
5608 	int type;
5609 
5610 	msg = wpa_s->dpp_pb_announcement;
5611 	if (!msg)
5612 		return -1;
5613 
5614 	wpa_s->dpp_pb_announce_count++;
5615 	wpa_printf(MSG_DEBUG,
5616 		   "DPP: Send push button announcement %d/%d (%d MHz)",
5617 		   wpa_s->dpp_pb_announce_count, DPP_PB_ANNOUNCE_PER_CHAN,
5618 		   freq);
5619 
5620 	type = DPP_PA_PB_PRESENCE_ANNOUNCEMENT;
5621 	if (wpa_s->dpp_pb_announce_count == 1)
5622 		wpa_msg(wpa_s, MSG_INFO,
5623 			DPP_EVENT_TX "dst=" MACSTR " freq=%u type=%d",
5624 			MAC2STR(broadcast), freq, type);
5625 	if (offchannel_send_action(
5626 		    wpa_s, freq, broadcast, wpa_s->own_addr, broadcast,
5627 		    wpabuf_head(msg), wpabuf_len(msg),
5628 		    1000, wpas_dpp_pb_tx_status, 0) < 0)
5629 		return -1;
5630 
5631 	return 0;
5632 }
5633 
5634 
wpas_dpp_pb_next(void * eloop_ctx,void * timeout_ctx)5635 static void wpas_dpp_pb_next(void *eloop_ctx, void *timeout_ctx)
5636 {
5637 	struct wpa_supplicant *wpa_s = eloop_ctx;
5638 	struct os_reltime now;
5639 	int freq;
5640 
5641 	if (!wpa_s->dpp_pb_freqs)
5642 		return;
5643 
5644 	os_get_reltime(&now);
5645 	offchannel_send_action_done(wpa_s);
5646 
5647 	if (os_reltime_expired(&now, &wpa_s->dpp_pb_time, 100)) {
5648 		wpa_printf(MSG_DEBUG, "DPP: Push button wait time expired");
5649 		wpas_dpp_push_button_stop(wpa_s);
5650 		return;
5651 	}
5652 
5653 	if (wpa_s->dpp_pb_freq_idx >= int_array_len(wpa_s->dpp_pb_freqs)) {
5654 		wpa_printf(MSG_DEBUG,
5655 			   "DPP: Completed push button announcement round");
5656 		wpa_s->dpp_pb_freq_idx = 0;
5657 		if (wpa_s->dpp_pb_stop_iter > 0) {
5658 			wpa_s->dpp_pb_stop_iter--;
5659 
5660 			if (wpa_s->dpp_pb_stop_iter == 1) {
5661 				wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_STATUS
5662 					"wait for AP/Configurator to allow PKEX to be initiated");
5663 				if (eloop_register_timeout(10, 0,
5664 							   wpas_dpp_pb_next,
5665 							   wpa_s, NULL) < 0) {
5666 					wpas_dpp_push_button_stop(wpa_s);
5667 					return;
5668 				}
5669 				return;
5670 			}
5671 
5672 			if (wpa_s->dpp_pb_stop_iter == 0) {
5673 				wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_STATUS
5674 					"start push button PKEX responder on the discovered channel (%d MHz)",
5675 					wpa_s->dpp_pb_resp_freq);
5676 				wpa_s->dpp_pb_discovery_done = true;
5677 
5678 				wpa_s->dpp_pkex_bi = wpa_s->dpp_pb_bi;
5679 
5680 				os_free(wpa_s->dpp_pkex_code);
5681 				wpa_s->dpp_pkex_code = os_memdup(
5682 					wpa_s->dpp_pb_c_nonce,
5683 					wpa_s->dpp_pb_c_nonce_len);
5684 				wpa_s->dpp_pkex_code_len =
5685 					wpa_s->dpp_pb_c_nonce_len;
5686 
5687 				os_free(wpa_s->dpp_pkex_identifier);
5688 				wpa_s->dpp_pkex_identifier =
5689 					os_strdup("PBPKEX");
5690 
5691 				if (!wpa_s->dpp_pkex_code ||
5692 				    !wpa_s->dpp_pkex_identifier) {
5693 					wpas_dpp_push_button_stop(wpa_s);
5694 					return;
5695 				}
5696 
5697 				wpa_s->dpp_pkex_ver = PKEX_VER_ONLY_2;
5698 
5699 				os_free(wpa_s->dpp_pkex_auth_cmd);
5700 				wpa_s->dpp_pkex_auth_cmd = NULL;
5701 			}
5702 		}
5703 	}
5704 
5705 	if (wpa_s->dpp_pb_discovery_done)
5706 		freq = wpa_s->dpp_pb_resp_freq;
5707 	else
5708 		freq = wpa_s->dpp_pb_freqs[wpa_s->dpp_pb_freq_idx++];
5709 	wpa_s->dpp_pb_announce_count = 0;
5710 	if (!wpa_s->dpp_pb_announcement) {
5711 		wpa_printf(MSG_DEBUG, "DPP: Push button announcements stopped");
5712 		return;
5713 	}
5714 	if (wpas_dpp_pb_announce(wpa_s, freq) < 0) {
5715 		wpas_dpp_push_button_stop(wpa_s);
5716 		return;
5717 	}
5718 }
5719 
5720 
wpas_dpp_push_button_expire(void * eloop_ctx,void * timeout_ctx)5721 static void wpas_dpp_push_button_expire(void *eloop_ctx, void *timeout_ctx)
5722 {
5723 	struct wpa_supplicant *wpa_s = eloop_ctx;
5724 
5725 	wpa_printf(MSG_DEBUG,
5726 		   "DPP: Active push button Configurator mode expired");
5727 	wpas_dpp_push_button_stop(wpa_s);
5728 }
5729 
5730 
wpas_dpp_push_button_configurator(struct wpa_supplicant * wpa_s,const char * cmd)5731 static int wpas_dpp_push_button_configurator(struct wpa_supplicant *wpa_s,
5732 					     const char *cmd)
5733 {
5734 	wpa_s->dpp_pb_configurator = true;
5735 	wpa_s->dpp_pb_announce_time.sec = 0;
5736 	wpa_s->dpp_pb_announce_time.usec = 0;
5737 	str_clear_free(wpa_s->dpp_pb_cmd);
5738 	wpa_s->dpp_pb_cmd = NULL;
5739 	if (cmd) {
5740 		wpa_s->dpp_pb_cmd = os_strdup(cmd);
5741 		if (!wpa_s->dpp_pb_cmd)
5742 			return -1;
5743 	}
5744 	eloop_register_timeout(100, 0, wpas_dpp_push_button_expire,
5745 			       wpa_s, NULL);
5746 
5747 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_STATUS "started");
5748 	return 0;
5749 }
5750 
5751 
wpas_dpp_pb_scan_res_handler(struct wpa_supplicant * wpa_s,struct wpa_scan_results * scan_res)5752 static void wpas_dpp_pb_scan_res_handler(struct wpa_supplicant *wpa_s,
5753 					 struct wpa_scan_results *scan_res)
5754 {
5755 	if (!wpa_s->dpp_pb_time.sec && !wpa_s->dpp_pb_time.usec)
5756 		return;
5757 
5758 	os_free(wpa_s->dpp_pb_freqs);
5759 	wpa_s->dpp_pb_freqs = wpas_dpp_presence_ann_channels(wpa_s, NULL);
5760 
5761 	wpa_printf(MSG_DEBUG, "DPP: Scan completed for PB discovery");
5762 	if (!wpa_s->dpp_pb_freqs ||
5763 	    eloop_register_timeout(0, 0, wpas_dpp_pb_next, wpa_s, NULL) < 0)
5764 		wpas_dpp_push_button_stop(wpa_s);
5765 }
5766 
5767 
wpas_dpp_push_button(struct wpa_supplicant * wpa_s,const char * cmd)5768 int wpas_dpp_push_button(struct wpa_supplicant *wpa_s, const char *cmd)
5769 {
5770 	int res;
5771 
5772 	if (!wpa_s->dpp)
5773 		return -1;
5774 	wpas_dpp_push_button_stop(wpa_s);
5775 	wpas_dpp_stop(wpa_s);
5776 	wpas_dpp_chirp_stop(wpa_s);
5777 
5778 	os_get_reltime(&wpa_s->dpp_pb_time);
5779 
5780 	if (cmd &&
5781 	    (os_strstr(cmd, " role=configurator") ||
5782 	     os_strstr(cmd, " conf=")))
5783 		return wpas_dpp_push_button_configurator(wpa_s, cmd);
5784 
5785 	wpa_s->dpp_pb_configurator = false;
5786 
5787 	wpa_s->dpp_pb_freq_idx = 0;
5788 
5789 	res = dpp_bootstrap_gen(wpa_s->dpp, "type=pkex");
5790 	if (res < 0)
5791 		return -1;
5792 	wpa_s->dpp_pb_bi = dpp_bootstrap_get_id(wpa_s->dpp, res);
5793 	if (!wpa_s->dpp_pb_bi)
5794 		return -1;
5795 
5796 	wpa_s->dpp_allowed_roles = DPP_CAPAB_ENROLLEE;
5797 	wpa_s->dpp_netrole = DPP_NETROLE_STA;
5798 	wpa_s->dpp_qr_mutual = 0;
5799 	wpa_s->dpp_pb_announcement =
5800 		dpp_build_pb_announcement(wpa_s->dpp_pb_bi);
5801 	if (!wpa_s->dpp_pb_announcement)
5802 		return -1;
5803 
5804 	wpa_printf(MSG_DEBUG,
5805 		   "DPP: Scan to create channel list for PB discovery");
5806 	wpa_s->scan_req = MANUAL_SCAN_REQ;
5807 	wpa_s->scan_res_handler = wpas_dpp_pb_scan_res_handler;
5808 	wpa_supplicant_req_scan(wpa_s, 0, 0);
5809 	wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_STATUS "started");
5810 	return 0;
5811 }
5812 
5813 
wpas_dpp_push_button_stop(struct wpa_supplicant * wpa_s)5814 void wpas_dpp_push_button_stop(struct wpa_supplicant *wpa_s)
5815 {
5816 	if (!wpa_s->dpp)
5817 		return;
5818 	os_free(wpa_s->dpp_pb_freqs);
5819 	wpa_s->dpp_pb_freqs = NULL;
5820 	wpabuf_free(wpa_s->dpp_pb_announcement);
5821 	wpa_s->dpp_pb_announcement = NULL;
5822 	if (wpa_s->dpp_pb_bi) {
5823 		char id[20];
5824 
5825 		if (wpa_s->dpp_pb_bi == wpa_s->dpp_pkex_bi)
5826 			wpa_s->dpp_pkex_bi = NULL;
5827 		os_snprintf(id, sizeof(id), "%u", wpa_s->dpp_pb_bi->id);
5828 		dpp_bootstrap_remove(wpa_s->dpp, id);
5829 		wpa_s->dpp_pb_bi = NULL;
5830 		if (!wpa_s->dpp_pb_result_indicated) {
5831 			wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT "failed");
5832 			wpa_s->dpp_pb_result_indicated = true;
5833 		}
5834 	}
5835 
5836 	wpa_s->dpp_pb_resp_freq = 0;
5837 	wpa_s->dpp_pb_stop_iter = 0;
5838 	wpa_s->dpp_pb_discovery_done = false;
5839 	os_free(wpa_s->dpp_pb_cmd);
5840 	wpa_s->dpp_pb_cmd = NULL;
5841 
5842 	eloop_cancel_timeout(wpas_dpp_pb_next, wpa_s, NULL);
5843 	eloop_cancel_timeout(wpas_dpp_push_button_expire, wpa_s, NULL);
5844 	if (wpas_dpp_pb_active(wpa_s)) {
5845 		wpa_printf(MSG_DEBUG, "DPP: Stop active push button mode");
5846 		if (!wpa_s->dpp_pb_result_indicated)
5847 			wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PB_RESULT "failed");
5848 	}
5849 	wpa_s->dpp_pb_time.sec = 0;
5850 	wpa_s->dpp_pb_time.usec = 0;
5851 	dpp_pkex_free(wpa_s->dpp_pkex);
5852 	wpa_s->dpp_pkex = NULL;
5853 	os_free(wpa_s->dpp_pkex_auth_cmd);
5854 	wpa_s->dpp_pkex_auth_cmd = NULL;
5855 
5856 	wpa_s->dpp_pb_result_indicated = false;
5857 
5858 	str_clear_free(wpa_s->dpp_pb_cmd);
5859 	wpa_s->dpp_pb_cmd = NULL;
5860 
5861 	if (wpa_s->scan_res_handler == wpas_dpp_pb_scan_res_handler) {
5862 		wpas_abort_ongoing_scan(wpa_s);
5863 		wpa_s->scan_res_handler = NULL;
5864 	}
5865 }
5866 
5867 #endif /* CONFIG_DPP3 */
5868