Commit graph

103 commits

Author SHA1 Message Date
Jouni Malinen
3cc002ff97 WPS: Ignore PBC session overlap if a specific Enrollee is selected
This allows the user to complete WPS provisioning using PBC by
selected a specific Enrollee even if there are other Enrollees
in active PBC mode at the same time. The other Enrollees will be
rejected should they try to connect at the same time.
2011-03-10 18:51:00 +02:00
Jouni Malinen
80e75578c4 WPS: Show the received UUID-E from Probe Request in debug log
This makes it easier to debug PBC session overlap issues.
2011-03-10 18:38:16 +02:00
Jouni Malinen
b0dc4155c3 WPS: Use only UUID-E in PBC session overlap detection on Registrar
Ignore possible mismatches in the source address of the frame and only
use UUID-E to check whether a Probe Request or M1 is from the same
Enrollee when figuring out whether there is PBC session overlap. This
is needed to avoid potential issues with Enrollee devices that may have
multiple interfaces indicating active PBC state.
2011-03-10 18:33:53 +02:00
Jouni Malinen
d601247ca9 P2P: Allow WPS_PBC command on GO to select on P2P Device Address
An optional parameter, p2p_dev_addr, can now be given to WPS_PBC
command on P2P GO to indicate that only the P2P device with the
specified P2P Device Address is allowed to connect using PBC. If
any other device tries to use PBC, a session overlap is indicated
and the negotiation is rejected with M2D. The command format for
specifying the address is "WPS_PBC p2p_dev_addr=<address>", e.g.,
WPS_PBC p2p_dev_addr=02:03:04:05:06:07

In addition, show the PBC session overlap indication as a WPS failure
event on an AP/GO interface. This particular new case shows up as
"WPS-FAIL msg=4 config_error=12".
2011-02-07 18:28:36 +02:00
Chao-Wen Yang
c5cf0a18f1 WPS: Add mechanism for indicating non-standard WPS errors
Previously, only the Configuration Error values were indicated in
WPS-FAIL events. Since those values are defined in the specification
it is not feasible to extend them for indicating other errors. Add
a new error indication value that is internal to wpa_supplicant and
hostapd to allow other errors to be indicated.

Use the new mechanism to indicate if negotiation fails because of
WEP or TKIP-only configurations being disallows by WPS 2.0.
2011-01-13 17:50:59 +02:00
Jouni Malinen
3642c4313a Annotate places depending on strong random numbers
This commit adds a new wrapper, random_get_bytes(), that is currently
defined to use os_get_random() as is. The places using
random_get_bytes() depend on the returned value being strong random
number, i.e., something that is infeasible for external device to
figure out. These values are used either directly as a key or as
nonces/challenges that are used as input for key derivation or
authentication.

The remaining direct uses of os_get_random() do not need as strong
random numbers to function correctly.
2010-11-24 01:05:20 +02:00
Jouni Malinen
9dd7d6b09c WPS: Add special AP Setup Locked mode to allow read only ER
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change then.
In other words, the protocol is allowed to continue past M2, but
is stopped at M7 when AP is in this mode. WPS IE does not
advertise AP Setup Locked in this case to avoid interoperability
issues.

In wpa_supplicant, use ap_setup_locked=2 by default. Since the AP PIN
is disabled by default, this does not enable any new functionality
automatically. To allow the read-only ER to go through the protocol,
wps_ap_pin command needs to be used to enable the AP PIN.
2010-11-17 16:48:39 +02:00
Jouni Malinen
22a062815d WPS: Add wildcard AuthorizedMACs entry for PBC 2010-11-09 11:24:06 +02:00
Jouni Malinen
ccb7e5ee59 WPS: Send WSC_NACK if message without Message Type is received 2010-11-04 18:17:00 +02:00
Jouni Malinen
4a64a51b63 WPS: Share common function for building WSC ACK/NACK
These are identical functions in Enrollee and Registrar and there
is no need to maintain two copies of the same functionality.
2010-11-04 18:16:14 +02:00
Jouni Malinen
450eddcfae hostapd: Add wps_config ctrl_interface command for configuring AP
This command can be used to configure the AP using the internal
WPS registrar. It works in the same way as new AP settings received
from an ER.
2010-10-21 16:49:41 +03:00
Jouni Malinen
81611b95ff WPS: Add Config Error into WPS-FAIL events
This makes it easier to figure out what could have failed in the
WPS protocol and potentially provide more information for the
user on how to resolve the issue.
2010-10-14 20:49:54 +03:00
Jouni Malinen
a9d69254e3 WPS ER: Make sure PIN timeout does not interrupt PBC operation
We need to clear the selected registrar timeout from wps_er_learn
when stopping the protocol run at M7 (previously, this was done only
when WSC_Done was being processed). In addition, we need to cancel
the timeout when a new PBC operation is started.
2010-09-23 14:45:55 -07:00
Jouni Malinen
7d698c4ec7 WPS: Add more debug details for Credential building 2010-09-22 19:20:01 -07:00
Jouni Malinen
3237bfb1a3 WPS: Fix strict validation of encrypted data for WSC 2.0-only case
Need to figure out whether the message is from a WSC 2.0 -based
device based on the unencrypted attributes, not the contents of the
encrypted data since the Version2 subelement is only included in the
unencrypted area.
2010-09-22 19:17:13 -07:00
Jouni Malinen
b4e34f2fdf WPS: Make testing operations configurable at runtime
Instead of build time options (CONFIG_WPS_TESTING_EXTRA_CRED and
CONFIG_WPS_EXTENSIBILITY_TESTING), use a single build option
(CONFIG_WPS_TESTING) and runtime configuration of which testing
operations are enabled. This allows a single binary to be used
for various tests.

The runtime configuration can be done through control interface
with wpa_cli/hostapd_cli commands:
Enable extensibility tests:
set wps_version_number 0x57
Disable extensibility tests (WPS2 build):
set wps_version_number 0x20
Enable extra credential tests:
set wps_testing_dummy_cred 1
Disable extra credential tests:
set wps_testing_dummy_cred 0
2010-09-21 19:51:23 -07:00
Jouni Malinen
3379a3a795 WPS: Fix Beacon WPS IE on concurrent dualband AP in PBC mode
The Beacon frame must include UUID-E and RF Bands attributes when
in active PBC mode to allow stations to figure out that two BSSes in
PBC mode is not a PBC session overlap.
2010-09-20 15:32:29 -07:00
Ardong Chen
2f9929ffcc WPS: Allow pending WPS operation to be cancelled
A new ctrl_interface command, WPS_CANCEL, can now be used to cancel
a pending or ongoing WPS operation. For now, this is only available
with wpa_supplicant (either in station or AP mode). Similar
functionality should be added for hostapd, too.
2010-09-10 10:30:25 -07:00
Jouni Malinen
62281bc690 P2P: Do no process Probe Request with P2P wildcard SSID in WPS
The Probe Request frames used in P2P Device Discovery should not be
processed by the WPS implementation.
2010-09-09 07:17:16 -07:00
Jouni Malinen
63675def6e P2P: Add Device Name into WPS IE in Probe Request frames 2010-09-09 07:17:16 -07:00
Jouni Malinen
fdc9eeb175 WPS 2.0: Convert new attributes into WFA vendor extension
The WSC 2.0 specification moved to use another design for the new
attributes to avoid backwards compatibility issues with some
deployed implementations.
2010-09-09 06:07:49 -07:00
Jouni Malinen
ecece754db WPS: Add more debug prints for authorized MACs operations 2010-09-09 06:07:49 -07:00
Jouni Malinen
498cdee0c7 WPS ER: Use PBC overlap detection
ER should follow same rules as internal Registrar in an AP for
session overlap detection.
2010-09-09 06:07:49 -07:00
Jouni Malinen
ad4741183f WPS 2.0: Make sure PHY/VIRT flag gets set for PBC 2010-09-09 06:07:48 -07:00
Jouni Malinen
545ee4fd3d WPS 2.0: Add wildcard AuthorizedMACs if Enrollee address is not known 2010-09-09 06:07:48 -07:00
Jouni Malinen
53587ec183 WPS 2.0: Make WSC 2.0 support to be build option (CONFIG_WPS2)
For now, the default build will only include WSC 1.0 support.
CONFIG_WPS2=y can be used to add support for WSC 2.0.
2010-09-09 06:07:48 -07:00
Jouni Malinen
4a34969824 WPS: Add a test mechanism for adding an extra credential into M8
This can be used to build a test version of ER that adds an extra
Credential attribute into M8.
2010-09-09 06:07:48 -07:00
Jouni Malinen
54f489be45 WPS 2.0: Validate WPS attributes in management frames and WSC messages
If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and
reject the frames if any of the mandatory attributes is missing or if an
included attribute uses an invalid value. In addition, verify that all
mandatory attributes are included and have valid values in the WSC
messages.
2010-09-09 06:07:48 -07:00
Jouni Malinen
6b633b4da7 WPS 2.0: Fix Probe Request WPS IE building to be able to fragment data
If all the device information attributes use their maximum lengths,
a single WPS IE is not enough to fit in all the data and as such,
we must be able to fragment the data. In addition, the wpabuf needs
to be allocated larger to fit in maximum data.
2010-09-09 06:07:47 -07:00
Jouni Malinen
dcc4d8be75 WPS 2.0: Disable WPS workarounds if CONFIG_WPS_STRICT is defined 2010-09-09 06:07:47 -07:00
Jouni Malinen
6a857074f4 WPS 2.0: Add virtual/physical display and pushbutton config methods 2010-09-09 06:07:47 -07:00
Jouni Malinen
31fcea931d WPS 2.0: Add support for AuthorizedMACs attribute
Advertize list of authorized enrollee MAC addresses in Beacon and
Probe Response frames and use these when selecting the AP. In order
to provide the list, the enrollee MAC address should be specified
whenever adding a new PIN. In addition, add UUID-R into
SetSelectedRegistrar action to make it potentially easier for an AP
to figure out which ER sent the action should there be multiple ERs
using the same IP address.
2010-09-09 06:07:47 -07:00
Jouni Malinen
f439079e93 WPS 2.0: Add new attributes and update version negotiation
This adds definitions and parsing of the new attributes that were added
in WPS 2.0. In addition, the version negotiation is updated to use the
new mechanism, i.e., accept everything received and use the new Version2
attribute in transmitted messages.
2010-09-09 06:07:47 -07:00
Jouni Malinen
2f1ce78bf7 WPS: Add a workaround for OS X 10.6.3 and .4 (use PSK, not passphrase)
It looks like 10.6.3 and 10.6.4 do not like to receive Network Key
with WPA passphrase while PSK format still works. Use peer information
from M1 to figure out whether the Enrollee is likely to be OS X and
if so, force PSK format to be used for Network Key.
2010-07-05 15:37:47 -07:00
Jouni Malinen
ed7a09f914 Add WPS IE into (Re)Association Response frame if WPS is used
If the associating station indicates that it is intents to use WPS
by including WPS IE in (Re)Association Request frame, include WPS IE
in (Re)Association Response frame.
2010-05-26 18:46:08 +03:00
Jouni Malinen
11356a2ab5 WPS: Fix PBC session overlap detection to use Device Password Id
Active PBC mode is indicated by Device Password Id == 4, not Config Methods
attribute.
2010-04-04 08:13:59 +03:00
Jouni Malinen
bdda27eb17 Fix WPS IE in Probe Response frame to include proper Config Methods values
This attribute is supposed to indicate which methods the AP supports as
an Enrollee for adding external Registrars. It was left to 0 when the
AP code did not yet support external Registrars and was forgotten when
the ER support was added.
2010-03-13 13:39:22 +02:00
Jouni Malinen
e0b3b3cb77 WPS: Fix AP operation with internal Registrar when ER is also active
Ignore the pending WPS message from ER (PutWLANReseponse action) if the
internal Registrar has already sent out M2.
2010-02-12 12:38:14 +02:00
Jouni Malinen
dc5a08c053 WPS: Fix Probe Request processing to handle missing attribute
WPS IE parsing for PBC mode did not check whether the UUID-E attribute
was included before dereferencing the pointer. This could result in the
AP crashing when processing and invalid Probe Request frame.
2010-01-01 23:38:51 +02:00
Jouni Malinen
c2f5126941 WPS: Add Enrollee-seen event message and wpa_gui-qt4 Peers entry
This can be used to show active Enrollees in AP mode to make it
easier to provision a new device.
2009-12-28 16:24:04 +02:00
Jouni Malinen
9fdeaf8f3a WPS: Fix a memory leak if set_ie_cb() is not set
Skip WPS IE building for Beacon and Probe Response frames is set_ie_cb()
is not set. This fixes a memory leak and optimizes operations by not
allocating memory and building the WPS IEs unnecessarily.
2009-12-25 01:29:59 +02:00
Jouni Malinen
14f7938660 Merge driver ops set_wps_beacon_ie and set_wps_probe_resp_ie
set_ap_wps_ie() is not used to set WPS IE for both Beacon and Probe
Response frames with a single call. In addition, struct wpabuf is used
instead of separate u8* and length fields. This avoids duplicated
allocation of the IEs and simplifies code in general.
2009-12-24 19:46:06 +02:00
Jouni Malinen
b64576fcf5 WPS: Prefer PSK format if Enrollee does not advertise Display
Since an Enrollee that does not advertise display as one of the
Config Methods is unlikely to be able to show the ASCII passphrase
to the user, prefer PSK format with such an Enrollee to reduce key
derivation time. This can help with some low-powered devices that
would take long time to derive the PSK from the passphrase.
2009-12-21 12:58:02 +02:00
Jouni Malinen
f3f2eeba01 WPS: Add option for forcing Registrar to use PSK format in Credential
The use_psk_key parameter can now be used to force the Registrar to
use PSK format instead of ASCII passphrase when building a Credential
for the Enrollee. For now, this is not enabled, but it could be enabled
either based on external (to WPS) configuration or automatically set
based on some WPS attribute values from the Enrollee.
2009-12-21 12:46:19 +02:00
Jouni Malinen
187533a4c5 WPS: Convert Registrar PIN list to use struct dl_list 2009-12-19 22:26:55 +02:00
Jouni Malinen
ec32c29471 WPS: Convert struct subscription to use struct dl_list 2009-12-19 14:15:43 +02:00
Jouni Malinen
f98b440c47 WPS: Convert struct subscr_addr to use dl_list 2009-12-19 13:47:00 +02:00
Jouni Malinen
7e683ceeb4 WPS: Handle Selected Registrar as a union of info from all Registrars
Instead of using the latest selected registrar change, collect selected
registrar information separately from all registrars and use the union
of this information when building the WPS IE for Beacon and Probe
Response frames.

Note: SetSelectedRegistrar UPnP action does not include a unique
identifier, so the ER matching routine is based only on the IP address
of the ER. In theory, there could be multiple ERs using the same IP
address (but different port or URL), so there may be some corner cases
that would not always match the correct ER entry at the AP. Anyway, this
is not really expected to occur in normal use cases and even if it did
happen, the selected registrar information is not any worse than it was
before when only the last change from any registrar for being
advertized.
2009-12-12 16:54:59 +02:00
Jouni Malinen
03da66bd59 Remove src/crypto from default include path
In addition, start ordering header file includes to be in more
consistent order: system header files, src/utils, src/*, same
directory as the *.c file.
2009-11-29 23:04:43 +02:00
Jouni Malinen
90973fb2fd Remove src/common from default header file path
This makes it clearer which files are including header from src/common.
Some of these cases should probably be cleaned up in the future not to
do that.

In addition, src/common/nl80211_copy.h and wireless_copy.h were moved
into src/drivers since they are only used by driver wrappers and do not
need to live in src/common.
2009-11-29 17:51:55 +02:00