From 2a5a0680862b7e1b4af75c5d10276298edc3b6a6 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 24 Mar 2019 22:17:49 +0200 Subject: [PATCH] DPP2: wpa_supplicant as TCP initiator A DPP TCP connection can now be initiated directly from wpa_supplicant with the new new tcp_port and tcp_addr parameters to the DPP_AUTH_INIT control interface command. This initiates DPP Authentication exchange over TCP with the specified Controller instead of using DPP Public Action frames over WLAN. Signed-off-by: Jouni Malinen --- wpa_supplicant/dpp_supplicant.c | 70 +++++++++++++++++++++++++++------ 1 file changed, 57 insertions(+), 13 deletions(-) diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c index c808f2ce4..1532bbce8 100644 --- a/wpa_supplicant/dpp_supplicant.c +++ b/wpa_supplicant/dpp_supplicant.c @@ -434,8 +434,15 @@ int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd) { const char *pos; struct dpp_bootstrap_info *peer_bi, *own_bi = NULL; + struct dpp_authentication *auth; u8 allowed_roles = DPP_CAPAB_CONFIGURATOR; unsigned int neg_freq = 0; + int tcp = 0; +#ifdef CONFIG_DPP2 + int tcp_port = DPP_TCP_PORT; + struct hostapd_ip_addr ipaddr; + char *addr; +#endif /* CONFIG_DPP2 */ wpa_s->dpp_gas_client = 0; @@ -450,6 +457,25 @@ int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd) return -1; } +#ifdef CONFIG_DPP2 + pos = os_strstr(cmd, " tcp_port="); + if (pos) { + pos += 10; + tcp_port = atoi(pos); + } + + addr = get_param(cmd, " tcp_addr="); + if (addr) { + int res; + + res = hostapd_parse_ip_addr(addr, &ipaddr); + os_free(addr); + if (res) + return -1; + tcp = 1; + } +#endif /* CONFIG_DPP2 */ + pos = os_strstr(cmd, " own="); if (pos) { pos += 5; @@ -492,32 +518,37 @@ int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd) if (pos) neg_freq = atoi(pos + 10); - if (wpa_s->dpp_auth) { + if (!tcp && wpa_s->dpp_auth) { eloop_cancel_timeout(wpas_dpp_init_timeout, wpa_s, NULL); eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL); eloop_cancel_timeout(wpas_dpp_auth_resp_retry_timeout, wpa_s, NULL); offchannel_send_action_done(wpa_s); dpp_auth_deinit(wpa_s->dpp_auth); - } - wpa_s->dpp_auth = dpp_auth_init(wpa_s, peer_bi, own_bi, allowed_roles, - neg_freq, - wpa_s->hw.modes, wpa_s->hw.num_modes); - if (!wpa_s->dpp_auth) - goto fail; - wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth); - if (dpp_set_configurator(wpa_s->dpp, wpa_s, wpa_s->dpp_auth, cmd) < 0) { - dpp_auth_deinit(wpa_s->dpp_auth); wpa_s->dpp_auth = NULL; + } + + auth = dpp_auth_init(wpa_s, peer_bi, own_bi, allowed_roles, neg_freq, + wpa_s->hw.modes, wpa_s->hw.num_modes); + if (!auth) + goto fail; + wpas_dpp_set_testing_options(wpa_s, auth); + if (dpp_set_configurator(wpa_s->dpp, wpa_s, auth, cmd) < 0) { + dpp_auth_deinit(auth); goto fail; } - wpa_s->dpp_auth->neg_freq = neg_freq; + auth->neg_freq = neg_freq; if (!is_zero_ether_addr(peer_bi->mac_addr)) - os_memcpy(wpa_s->dpp_auth->peer_mac_addr, peer_bi->mac_addr, - ETH_ALEN); + os_memcpy(auth->peer_mac_addr, peer_bi->mac_addr, ETH_ALEN); +#ifdef CONFIG_DPP2 + if (tcp) + return dpp_tcp_init(wpa_s->dpp, auth, &ipaddr, tcp_port); +#endif /* CONFIG_DPP2 */ + + wpa_s->dpp_auth = auth; return wpas_dpp_auth_init_next(wpa_s); fail: return -1; @@ -1273,6 +1304,15 @@ static void wpas_dpp_rx_conf_result(struct wpa_supplicant *wpa_s, const u8 *src, eloop_cancel_timeout(wpas_dpp_config_result_wait_timeout, wpa_s, NULL); } + +static int wpas_dpp_process_conf_obj(void *ctx, + struct dpp_authentication *auth) +{ + struct wpa_supplicant *wpa_s = ctx; + + return wpas_dpp_handle_config_obj(wpa_s, auth); +} + #endif /* CONFIG_DPP2 */ @@ -2213,6 +2253,10 @@ int wpas_dpp_init(struct wpa_supplicant *wpa_s) os_memset(&config, 0, sizeof(config)); config.msg_ctx = wpa_s; + config.cb_ctx = wpa_s; +#ifdef CONFIG_DPP2 + config.process_conf_obj = wpas_dpp_process_conf_obj; +#endif /* CONFIG_DPP2 */ wpa_s->dpp = dpp_global_init(&config); return wpa_s->dpp ? 0 : -1; }