• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Wi-Fi Protected Setup
3  * Copyright (c) 2007-2009, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "includes.h"
10 
11 #include "common.h"
12 #include "crypto/dh_group5.h"
13 #include "common/ieee802_11_defs.h"
14 #include "wps_i.h"
15 #include "wps_dev_attr.h"
16 
17 
18 #ifdef CONFIG_WPS_TESTING
19 int wps_version_number = 0x20;
20 int wps_testing_dummy_cred = 0;
21 #endif /* CONFIG_WPS_TESTING */
22 
23 
24 /**
25  * wps_init - Initialize WPS Registration protocol data
26  * @cfg: WPS configuration
27  * Returns: Pointer to allocated data or %NULL on failure
28  *
29  * This function is used to initialize WPS data for a registration protocol
30  * instance (i.e., each run of registration protocol as a Registrar of
31  * Enrollee. The caller is responsible for freeing this data after the
32  * registration run has been completed by calling wps_deinit().
33  */
wps_init(const struct wps_config * cfg)34 struct wps_data * wps_init(const struct wps_config *cfg)
35 {
36 	struct wps_data *data = os_zalloc(sizeof(*data));
37 	if (data == NULL)
38 		return NULL;
39 	data->wps = cfg->wps;
40 	data->registrar = cfg->registrar;
41 	if (cfg->registrar) {
42 		os_memcpy(data->uuid_r, cfg->wps->uuid, WPS_UUID_LEN);
43 	} else {
44 		os_memcpy(data->mac_addr_e, cfg->wps->dev.mac_addr, ETH_ALEN);
45 		os_memcpy(data->uuid_e, cfg->wps->uuid, WPS_UUID_LEN);
46 	}
47 	if (cfg->pin) {
48 		data->dev_pw_id = cfg->dev_pw_id;
49 		data->dev_password = os_malloc(cfg->pin_len);
50 		if (data->dev_password == NULL) {
51 			os_free(data);
52 			return NULL;
53 		}
54 		os_memcpy(data->dev_password, cfg->pin, cfg->pin_len);
55 		data->dev_password_len = cfg->pin_len;
56 		wpa_hexdump_key(MSG_DEBUG, "WPS: AP PIN dev_password",
57 				data->dev_password, data->dev_password_len);
58 	}
59 
60 #ifdef CONFIG_WPS_NFC
61 	if (cfg->wps->ap && !cfg->registrar && cfg->wps->ap_nfc_dev_pw_id) {
62 		/* Keep AP PIN as alternative Device Password */
63 		data->alt_dev_pw_id = data->dev_pw_id;
64 		data->alt_dev_password = data->dev_password;
65 		data->alt_dev_password_len = data->dev_password_len;
66 
67 		data->dev_pw_id = cfg->wps->ap_nfc_dev_pw_id;
68 		data->dev_password =
69 			os_malloc(wpabuf_len(cfg->wps->ap_nfc_dev_pw));
70 		if (data->dev_password == NULL) {
71 			os_free(data);
72 			return NULL;
73 		}
74 		os_memcpy(data->dev_password,
75 			  wpabuf_head(cfg->wps->ap_nfc_dev_pw),
76 			  wpabuf_len(cfg->wps->ap_nfc_dev_pw));
77 		data->dev_password_len = wpabuf_len(cfg->wps->ap_nfc_dev_pw);
78 		wpa_hexdump_key(MSG_DEBUG, "WPS: NFC dev_password",
79 			    data->dev_password, data->dev_password_len);
80 	}
81 #endif /* CONFIG_WPS_NFC */
82 
83 	data->pbc = cfg->pbc;
84 	if (cfg->pbc) {
85 		/* Use special PIN '00000000' for PBC */
86 		data->dev_pw_id = DEV_PW_PUSHBUTTON;
87 		os_free(data->dev_password);
88 		data->dev_password = (u8 *) os_strdup("00000000");
89 		if (data->dev_password == NULL) {
90 			os_free(data);
91 			return NULL;
92 		}
93 		data->dev_password_len = 8;
94 	}
95 
96 	data->state = data->registrar ? RECV_M1 : SEND_M1;
97 
98 	if (cfg->assoc_wps_ie) {
99 		struct wps_parse_attr attr;
100 		wpa_hexdump_buf(MSG_DEBUG, "WPS: WPS IE from (Re)AssocReq",
101 				cfg->assoc_wps_ie);
102 		if (wps_parse_msg(cfg->assoc_wps_ie, &attr) < 0) {
103 			wpa_printf(MSG_DEBUG, "WPS: Failed to parse WPS IE "
104 				   "from (Re)AssocReq");
105 		} else if (attr.request_type == NULL) {
106 			wpa_printf(MSG_DEBUG, "WPS: No Request Type attribute "
107 				   "in (Re)AssocReq WPS IE");
108 		} else {
109 			wpa_printf(MSG_DEBUG, "WPS: Request Type (from WPS IE "
110 				   "in (Re)AssocReq WPS IE): %d",
111 				   *attr.request_type);
112 			data->request_type = *attr.request_type;
113 		}
114 	}
115 
116 	if (cfg->new_ap_settings) {
117 		data->new_ap_settings =
118 			os_malloc(sizeof(*data->new_ap_settings));
119 		if (data->new_ap_settings == NULL) {
120 			os_free(data->dev_password);
121 			os_free(data);
122 			return NULL;
123 		}
124 		os_memcpy(data->new_ap_settings, cfg->new_ap_settings,
125 			  sizeof(*data->new_ap_settings));
126 	}
127 
128 	if (cfg->peer_addr)
129 		os_memcpy(data->peer_dev.mac_addr, cfg->peer_addr, ETH_ALEN);
130 	if (cfg->p2p_dev_addr)
131 		os_memcpy(data->p2p_dev_addr, cfg->p2p_dev_addr, ETH_ALEN);
132 
133 	data->use_psk_key = cfg->use_psk_key;
134 	data->pbc_in_m1 = cfg->pbc_in_m1;
135 
136 	return data;
137 }
138 
139 
140 /**
141  * wps_deinit - Deinitialize WPS Registration protocol data
142  * @data: WPS Registration protocol data from wps_init()
143  */
wps_deinit(struct wps_data * data)144 void wps_deinit(struct wps_data *data)
145 {
146 #ifdef CONFIG_WPS_NFC
147 	if (data->registrar && data->nfc_pw_token)
148 		wps_registrar_remove_nfc_pw_token(data->wps->registrar,
149 						  data->nfc_pw_token);
150 #endif /* CONFIG_WPS_NFC */
151 
152 	if (data->wps_pin_revealed) {
153 		wpa_printf(MSG_DEBUG, "WPS: Full PIN information revealed and "
154 			   "negotiation failed");
155 		if (data->registrar)
156 			wps_registrar_invalidate_pin(data->wps->registrar,
157 						     data->uuid_e);
158 	} else if (data->registrar)
159 		wps_registrar_unlock_pin(data->wps->registrar, data->uuid_e);
160 
161 	wpabuf_free(data->dh_privkey);
162 	wpabuf_free(data->dh_pubkey_e);
163 	wpabuf_free(data->dh_pubkey_r);
164 	wpabuf_free(data->last_msg);
165 	os_free(data->dev_password);
166 	os_free(data->alt_dev_password);
167 	os_free(data->new_psk);
168 	wps_device_data_free(&data->peer_dev);
169 	os_free(data->new_ap_settings);
170 	dh5_free(data->dh_ctx);
171 	os_free(data->nfc_pw_token);
172 	os_free(data);
173 }
174 
175 
176 /**
177  * wps_process_msg - Process a WPS message
178  * @wps: WPS Registration protocol data from wps_init()
179  * @op_code: Message OP Code
180  * @msg: Message data
181  * Returns: Processing result
182  *
183  * This function is used to process WPS messages with OP Codes WSC_ACK,
184  * WSC_NACK, WSC_MSG, and WSC_Done. The caller (e.g., EAP server/peer) is
185  * responsible for reassembling the messages before calling this function.
186  * Response to this message is built by calling wps_get_msg().
187  */
wps_process_msg(struct wps_data * wps,enum wsc_op_code op_code,const struct wpabuf * msg)188 enum wps_process_res wps_process_msg(struct wps_data *wps,
189 				     enum wsc_op_code op_code,
190 				     const struct wpabuf *msg)
191 {
192 	if (wps->registrar)
193 		return wps_registrar_process_msg(wps, op_code, msg);
194 	else
195 		return wps_enrollee_process_msg(wps, op_code, msg);
196 }
197 
198 
199 /**
200  * wps_get_msg - Build a WPS message
201  * @wps: WPS Registration protocol data from wps_init()
202  * @op_code: Buffer for returning message OP Code
203  * Returns: The generated WPS message or %NULL on failure
204  *
205  * This function is used to build a response to a message processed by calling
206  * wps_process_msg(). The caller is responsible for freeing the buffer.
207  */
wps_get_msg(struct wps_data * wps,enum wsc_op_code * op_code)208 struct wpabuf * wps_get_msg(struct wps_data *wps, enum wsc_op_code *op_code)
209 {
210 	if (wps->registrar)
211 		return wps_registrar_get_msg(wps, op_code);
212 	else
213 		return wps_enrollee_get_msg(wps, op_code);
214 }
215 
216 
217 /**
218  * wps_is_selected_pbc_registrar - Check whether WPS IE indicates active PBC
219  * @msg: WPS IE contents from Beacon or Probe Response frame
220  * Returns: 1 if PBC Registrar is active, 0 if not
221  */
wps_is_selected_pbc_registrar(const struct wpabuf * msg)222 int wps_is_selected_pbc_registrar(const struct wpabuf *msg)
223 {
224 	struct wps_parse_attr attr;
225 
226 	/*
227 	 * In theory, this could also verify that attr.sel_reg_config_methods
228 	 * includes WPS_CONFIG_PUSHBUTTON, but some deployed AP implementations
229 	 * do not set Selected Registrar Config Methods attribute properly, so
230 	 * it is safer to just use Device Password ID here.
231 	 */
232 
233 	if (wps_parse_msg(msg, &attr) < 0 ||
234 	    !attr.selected_registrar || *attr.selected_registrar == 0 ||
235 	    !attr.dev_password_id ||
236 	    WPA_GET_BE16(attr.dev_password_id) != DEV_PW_PUSHBUTTON)
237 		return 0;
238 
239 #ifdef CONFIG_WPS_STRICT
240 	if (!attr.sel_reg_config_methods ||
241 	    !(WPA_GET_BE16(attr.sel_reg_config_methods) &
242 	      WPS_CONFIG_PUSHBUTTON))
243 		return 0;
244 #endif /* CONFIG_WPS_STRICT */
245 
246 	return 1;
247 }
248 
249 
is_selected_pin_registrar(struct wps_parse_attr * attr)250 static int is_selected_pin_registrar(struct wps_parse_attr *attr)
251 {
252 	/*
253 	 * In theory, this could also verify that attr.sel_reg_config_methods
254 	 * includes WPS_CONFIG_LABEL, WPS_CONFIG_DISPLAY, or WPS_CONFIG_KEYPAD,
255 	 * but some deployed AP implementations do not set Selected Registrar
256 	 * Config Methods attribute properly, so it is safer to just use
257 	 * Device Password ID here.
258 	 */
259 
260 	if (!attr->selected_registrar || *attr->selected_registrar == 0)
261 		return 0;
262 
263 	if (attr->dev_password_id != NULL &&
264 	    WPA_GET_BE16(attr->dev_password_id) == DEV_PW_PUSHBUTTON)
265 		return 0;
266 
267 #ifdef CONFIG_WPS_STRICT
268 	if (!attr->sel_reg_config_methods ||
269 	    !(WPA_GET_BE16(attr->sel_reg_config_methods) &
270 	      (WPS_CONFIG_LABEL | WPS_CONFIG_DISPLAY | WPS_CONFIG_KEYPAD)))
271 		return 0;
272 #endif /* CONFIG_WPS_STRICT */
273 
274 	return 1;
275 }
276 
277 
278 /**
279  * wps_is_selected_pin_registrar - Check whether WPS IE indicates active PIN
280  * @msg: WPS IE contents from Beacon or Probe Response frame
281  * Returns: 1 if PIN Registrar is active, 0 if not
282  */
wps_is_selected_pin_registrar(const struct wpabuf * msg)283 int wps_is_selected_pin_registrar(const struct wpabuf *msg)
284 {
285 	struct wps_parse_attr attr;
286 
287 	if (wps_parse_msg(msg, &attr) < 0)
288 		return 0;
289 
290 	return is_selected_pin_registrar(&attr);
291 }
292 
293 
294 /**
295  * wps_is_addr_authorized - Check whether WPS IE authorizes MAC address
296  * @msg: WPS IE contents from Beacon or Probe Response frame
297  * @addr: MAC address to search for
298  * @ver1_compat: Whether to use version 1 compatibility mode
299  * Returns: 2 if the specified address is explicit authorized, 1 if address is
300  * authorized (broadcast), 0 if not
301  */
wps_is_addr_authorized(const struct wpabuf * msg,const u8 * addr,int ver1_compat)302 int wps_is_addr_authorized(const struct wpabuf *msg, const u8 *addr,
303 			   int ver1_compat)
304 {
305 	struct wps_parse_attr attr;
306 	unsigned int i;
307 	const u8 *pos;
308 	const u8 bcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
309 
310 	if (wps_parse_msg(msg, &attr) < 0)
311 		return 0;
312 
313 	if (!attr.version2 && ver1_compat) {
314 		/*
315 		 * Version 1.0 AP - AuthorizedMACs not used, so revert back to
316 		 * old mechanism of using SelectedRegistrar.
317 		 */
318 		return is_selected_pin_registrar(&attr);
319 	}
320 
321 	if (!attr.authorized_macs)
322 		return 0;
323 
324 	pos = attr.authorized_macs;
325 	for (i = 0; i < attr.authorized_macs_len / ETH_ALEN; i++) {
326 		if (os_memcmp(pos, addr, ETH_ALEN) == 0)
327 			return 2;
328 		if (os_memcmp(pos, bcast, ETH_ALEN) == 0)
329 			return 1;
330 		pos += ETH_ALEN;
331 	}
332 
333 	return 0;
334 }
335 
336 
337 /**
338  * wps_ap_priority_compar - Prioritize WPS IE from two APs
339  * @wps_a: WPS IE contents from Beacon or Probe Response frame
340  * @wps_b: WPS IE contents from Beacon or Probe Response frame
341  * Returns: 1 if wps_b is considered more likely selection for WPS
342  * provisioning, -1 if wps_a is considered more like, or 0 if no preference
343  */
wps_ap_priority_compar(const struct wpabuf * wps_a,const struct wpabuf * wps_b)344 int wps_ap_priority_compar(const struct wpabuf *wps_a,
345 			   const struct wpabuf *wps_b)
346 {
347 	struct wps_parse_attr attr_a, attr_b;
348 	int sel_a, sel_b;
349 
350 	if (wps_a == NULL || wps_parse_msg(wps_a, &attr_a) < 0)
351 		return 1;
352 	if (wps_b == NULL || wps_parse_msg(wps_b, &attr_b) < 0)
353 		return -1;
354 
355 	sel_a = attr_a.selected_registrar && *attr_a.selected_registrar != 0;
356 	sel_b = attr_b.selected_registrar && *attr_b.selected_registrar != 0;
357 
358 	if (sel_a && !sel_b)
359 		return -1;
360 	if (!sel_a && sel_b)
361 		return 1;
362 
363 	return 0;
364 }
365 
366 
367 /**
368  * wps_get_uuid_e - Get UUID-E from WPS IE
369  * @msg: WPS IE contents from Beacon or Probe Response frame
370  * Returns: Pointer to UUID-E or %NULL if not included
371  *
372  * The returned pointer is to the msg contents and it remains valid only as
373  * long as the msg buffer is valid.
374  */
wps_get_uuid_e(const struct wpabuf * msg)375 const u8 * wps_get_uuid_e(const struct wpabuf *msg)
376 {
377 	struct wps_parse_attr attr;
378 
379 	if (wps_parse_msg(msg, &attr) < 0)
380 		return NULL;
381 	return attr.uuid_e;
382 }
383 
384 
385 /**
386  * wps_is_20 - Check whether WPS attributes claim support for WPS 2.0
387  */
wps_is_20(const struct wpabuf * msg)388 int wps_is_20(const struct wpabuf *msg)
389 {
390 	struct wps_parse_attr attr;
391 
392 	if (msg == NULL || wps_parse_msg(msg, &attr) < 0)
393 		return 0;
394 	return attr.version2 != NULL;
395 }
396 
397 
398 /**
399  * wps_build_assoc_req_ie - Build WPS IE for (Re)Association Request
400  * @req_type: Value for Request Type attribute
401  * Returns: WPS IE or %NULL on failure
402  *
403  * The caller is responsible for freeing the buffer.
404  */
wps_build_assoc_req_ie(enum wps_request_type req_type)405 struct wpabuf * wps_build_assoc_req_ie(enum wps_request_type req_type)
406 {
407 	struct wpabuf *ie;
408 	u8 *len;
409 
410 	wpa_printf(MSG_DEBUG, "WPS: Building WPS IE for (Re)Association "
411 		   "Request");
412 	ie = wpabuf_alloc(100);
413 	if (ie == NULL)
414 		return NULL;
415 
416 	wpabuf_put_u8(ie, WLAN_EID_VENDOR_SPECIFIC);
417 	len = wpabuf_put(ie, 1);
418 	wpabuf_put_be32(ie, WPS_DEV_OUI_WFA);
419 
420 	if (wps_build_version(ie) ||
421 	    wps_build_req_type(ie, req_type) ||
422 	    wps_build_wfa_ext(ie, 0, NULL, 0)) {
423 		wpabuf_free(ie);
424 		return NULL;
425 	}
426 
427 	*len = wpabuf_len(ie) - 2;
428 
429 	return ie;
430 }
431 
432 
433 /**
434  * wps_build_assoc_resp_ie - Build WPS IE for (Re)Association Response
435  * Returns: WPS IE or %NULL on failure
436  *
437  * The caller is responsible for freeing the buffer.
438  */
wps_build_assoc_resp_ie(void)439 struct wpabuf * wps_build_assoc_resp_ie(void)
440 {
441 	struct wpabuf *ie;
442 	u8 *len;
443 
444 	wpa_printf(MSG_DEBUG, "WPS: Building WPS IE for (Re)Association "
445 		   "Response");
446 	ie = wpabuf_alloc(100);
447 	if (ie == NULL)
448 		return NULL;
449 
450 	wpabuf_put_u8(ie, WLAN_EID_VENDOR_SPECIFIC);
451 	len = wpabuf_put(ie, 1);
452 	wpabuf_put_be32(ie, WPS_DEV_OUI_WFA);
453 
454 	if (wps_build_version(ie) ||
455 	    wps_build_resp_type(ie, WPS_RESP_AP) ||
456 	    wps_build_wfa_ext(ie, 0, NULL, 0)) {
457 		wpabuf_free(ie);
458 		return NULL;
459 	}
460 
461 	*len = wpabuf_len(ie) - 2;
462 
463 	return ie;
464 }
465 
466 
467 /**
468  * wps_build_probe_req_ie - Build WPS IE for Probe Request
469  * @pw_id: Password ID (DEV_PW_PUSHBUTTON for active PBC and DEV_PW_DEFAULT for
470  * most other use cases)
471  * @dev: Device attributes
472  * @uuid: Own UUID
473  * @req_type: Value for Request Type attribute
474  * @num_req_dev_types: Number of requested device types
475  * @req_dev_types: Requested device types (8 * num_req_dev_types octets) or
476  *	%NULL if none
477  * Returns: WPS IE or %NULL on failure
478  *
479  * The caller is responsible for freeing the buffer.
480  */
wps_build_probe_req_ie(u16 pw_id,struct wps_device_data * dev,const u8 * uuid,enum wps_request_type req_type,unsigned int num_req_dev_types,const u8 * req_dev_types)481 struct wpabuf * wps_build_probe_req_ie(u16 pw_id, struct wps_device_data *dev,
482 				       const u8 *uuid,
483 				       enum wps_request_type req_type,
484 				       unsigned int num_req_dev_types,
485 				       const u8 *req_dev_types)
486 {
487 	struct wpabuf *ie;
488 
489 	wpa_printf(MSG_DEBUG, "WPS: Building WPS IE for Probe Request");
490 
491 	ie = wpabuf_alloc(500);
492 	if (ie == NULL)
493 		return NULL;
494 
495 	if (wps_build_version(ie) ||
496 	    wps_build_req_type(ie, req_type) ||
497 	    wps_build_config_methods(ie, dev->config_methods) ||
498 	    wps_build_uuid_e(ie, uuid) ||
499 	    wps_build_primary_dev_type(dev, ie) ||
500 	    wps_build_rf_bands(dev, ie, 0) ||
501 	    wps_build_assoc_state(NULL, ie) ||
502 	    wps_build_config_error(ie, WPS_CFG_NO_ERROR) ||
503 	    wps_build_dev_password_id(ie, pw_id) ||
504 #ifdef CONFIG_WPS2
505 	    wps_build_manufacturer(dev, ie) ||
506 	    wps_build_model_name(dev, ie) ||
507 	    wps_build_model_number(dev, ie) ||
508 	    wps_build_dev_name(dev, ie) ||
509 	    wps_build_wfa_ext(ie, req_type == WPS_REQ_ENROLLEE, NULL, 0) ||
510 #endif /* CONFIG_WPS2 */
511 	    wps_build_req_dev_type(dev, ie, num_req_dev_types, req_dev_types)
512 	    ||
513 	    wps_build_secondary_dev_type(dev, ie)
514 		) {
515 		wpabuf_free(ie);
516 		return NULL;
517 	}
518 
519 #ifndef CONFIG_WPS2
520 	if (dev->p2p && wps_build_dev_name(dev, ie)) {
521 		wpabuf_free(ie);
522 		return NULL;
523 	}
524 #endif /* CONFIG_WPS2 */
525 
526 	return wps_ie_encapsulate(ie);
527 }
528 
529 
wps_free_pending_msgs(struct upnp_pending_message * msgs)530 void wps_free_pending_msgs(struct upnp_pending_message *msgs)
531 {
532 	struct upnp_pending_message *p, *prev;
533 	p = msgs;
534 	while (p) {
535 		prev = p;
536 		p = p->next;
537 		wpabuf_free(prev->msg);
538 		os_free(prev);
539 	}
540 }
541 
542 
wps_attr_text(struct wpabuf * data,char * buf,char * end)543 int wps_attr_text(struct wpabuf *data, char *buf, char *end)
544 {
545 	struct wps_parse_attr attr;
546 	char *pos = buf;
547 	int ret;
548 
549 	if (wps_parse_msg(data, &attr) < 0)
550 		return -1;
551 
552 	if (attr.wps_state) {
553 		if (*attr.wps_state == WPS_STATE_NOT_CONFIGURED)
554 			ret = os_snprintf(pos, end - pos,
555 					  "wps_state=unconfigured\n");
556 		else if (*attr.wps_state == WPS_STATE_CONFIGURED)
557 			ret = os_snprintf(pos, end - pos,
558 					  "wps_state=configured\n");
559 		else
560 			ret = 0;
561 		if (ret < 0 || ret >= end - pos)
562 			return pos - buf;
563 		pos += ret;
564 	}
565 
566 	if (attr.ap_setup_locked && *attr.ap_setup_locked) {
567 		ret = os_snprintf(pos, end - pos,
568 				  "wps_ap_setup_locked=1\n");
569 		if (ret < 0 || ret >= end - pos)
570 			return pos - buf;
571 		pos += ret;
572 	}
573 
574 	if (attr.selected_registrar && *attr.selected_registrar) {
575 		ret = os_snprintf(pos, end - pos,
576 				  "wps_selected_registrar=1\n");
577 		if (ret < 0 || ret >= end - pos)
578 			return pos - buf;
579 		pos += ret;
580 	}
581 
582 	if (attr.dev_password_id) {
583 		ret = os_snprintf(pos, end - pos,
584 				  "wps_device_password_id=%u\n",
585 				  WPA_GET_BE16(attr.dev_password_id));
586 		if (ret < 0 || ret >= end - pos)
587 			return pos - buf;
588 		pos += ret;
589 	}
590 
591 	if (attr.sel_reg_config_methods) {
592 		ret = os_snprintf(pos, end - pos,
593 				  "wps_selected_registrar_config_methods="
594 				  "0x%04x\n",
595 				  WPA_GET_BE16(attr.sel_reg_config_methods));
596 		if (ret < 0 || ret >= end - pos)
597 			return pos - buf;
598 		pos += ret;
599 	}
600 
601 	if (attr.primary_dev_type) {
602 		char devtype[WPS_DEV_TYPE_BUFSIZE];
603 		ret = os_snprintf(pos, end - pos,
604 				  "wps_primary_device_type=%s\n",
605 				  wps_dev_type_bin2str(attr.primary_dev_type,
606 						       devtype,
607 						       sizeof(devtype)));
608 		if (ret < 0 || ret >= end - pos)
609 			return pos - buf;
610 		pos += ret;
611 	}
612 
613 	if (attr.dev_name) {
614 		char *str = os_malloc(attr.dev_name_len + 1);
615 		size_t i;
616 		if (str == NULL)
617 			return pos - buf;
618 		for (i = 0; i < attr.dev_name_len; i++) {
619 			if (attr.dev_name[i] < 32)
620 				str[i] = '_';
621 			else
622 				str[i] = attr.dev_name[i];
623 		}
624 		str[i] = '\0';
625 		ret = os_snprintf(pos, end - pos, "wps_device_name=%s\n", str);
626 		os_free(str);
627 		if (ret < 0 || ret >= end - pos)
628 			return pos - buf;
629 		pos += ret;
630 	}
631 
632 	if (attr.config_methods) {
633 		ret = os_snprintf(pos, end - pos,
634 				  "wps_config_methods=0x%04x\n",
635 				  WPA_GET_BE16(attr.config_methods));
636 		if (ret < 0 || ret >= end - pos)
637 			return pos - buf;
638 		pos += ret;
639 	}
640 
641 	return pos - buf;
642 }
643 
644 
wps_ei_str(enum wps_error_indication ei)645 const char * wps_ei_str(enum wps_error_indication ei)
646 {
647 	switch (ei) {
648 	case WPS_EI_NO_ERROR:
649 		return "No Error";
650 	case WPS_EI_SECURITY_TKIP_ONLY_PROHIBITED:
651 		return "TKIP Only Prohibited";
652 	case WPS_EI_SECURITY_WEP_PROHIBITED:
653 		return "WEP Prohibited";
654 	case WPS_EI_AUTH_FAILURE:
655 		return "Authentication Failure";
656 	default:
657 		return "Unknown";
658 	}
659 }
660