Commit graph

178 commits

Author SHA1 Message Date
Jouni Malinen
6366a17ce3 WPS: Add a workaround for PBC session overlap detection
Some deployed station implementations implement WPS incorrectly and
end up causing PBC session overlap issues by indicating active PBC
mode in a scan after the WPS provisioning step. Work around this by
ignoring active PBC indication in a Probe Request from a station that
completed PBC provisioning during the last five seconds.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-15 19:59:04 +02:00
Jouni Malinen
207fb86411 WPS: Remove deprecated UFD config method and OOB ctrl_iface
The UFD (USB flash drive) configuration method was deprecated in WSC
2.0. Since this is not known to be used, remove the UFD implementation
from hostapd and wpa_supplicant to allow the WPS implementation to be
cleaned up. This removes the now unused OOB operations and ctrl_iface
commands that had already been deprecated by the new NFC operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-11 13:01:06 +02:00
Jouni Malinen
3a643324c6 WPS: Limit number of active wildcard PINs to one
Previously, WPS Registrar allowed multiple wildcard PINs to be
configured. This can get confusing since these PINs get assigned to any
Enrollee that does not have a specific PIN and as such, cannot really be
used with different PIN values in reasonable ways. To avoid confusion
with multiple enabled PINs, invalidate any previously configured
wildcard PIN whenever adding a new one.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-10 17:38:06 +03:00
Eyal Shapira
b4e9e2659b WPS: Fix nonce comparisons
Multiple memcmps of nonces were actually comparing only the first byte
instead of all 16 bytes. [Bug 462]

Signed-hostap: Eyal Shapira <eyal@wizery.com>
intended-for: hostap-1
2012-08-13 19:50:33 +03:00
Jouni Malinen
0e3c16546b WPS: Use separate list of NFC Password Tokens in the Registrar
This adds a cleaner mechanism for handling NFC Password Tokens in the
WPS Registrar. There could be more than one active NFC Password Token in
use and as such, a list of tokens needs to be maintained. The old
WPS_OOB interface is still using the old mechanism that supports only a
single active NFC Password Token.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 22:15:55 +03:00
Jouni Malinen
bb45b6d79a WPS: Add new mechanism for communicating NFC tag read events
hostapd ctrl_iface can now be used to deliver payload from read
operation of an NFC tag. This allows operations without having to have
low-level NFC code within hostapd. For now, the new wps_nfc_tag_read
command can be used with NFC password tokens for the case where the AP
has an NFC device that is used to read an NFC tag from the station
Enrollee.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:13 +03:00
Yoni Divinsky
9148ae58d0 hostapd: Fix PBC config method of WSC IE in Beacon/Probe Response
In AP which supports WPSv2 with only virtual push button, when PBC is
called, the WSC IE should include Selected Registrar Configuration
Methods attribute with the bit of the physical push button not set.

Signed-hostap: Yoni Divinsky <yoni.divinsky@ti.com>
2012-06-25 12:20:37 +03:00
Jouni Malinen
1affa36cb5 WPS: Invalidate wildcard PIN on other radios after successful use
If a wildcard PIN is used on any of the radios that hostapd is
controlling, invalidate the matching PIN on all the other radios
to avoid multiple uses of the same PIN.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-29 20:42:48 +02:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Ganesh Prasadh
84751b98c1 WPS: Allow wildcard UUID PIN to be used twice
Previously, PINs that are added with a wildcard UUID were allowed to
be used only by a single Enrollee. However, there may be more than one
Enrollee trying to connect when an AP indicates that active Registrar
is present. As a minimal workaround, allow two Enrollees to try to use
the wildcard PIN. More complete extension could use timeout and allow
larger set of Enrollees to try to connect (while still keeping in mind
PIN disabling requirement after 10 failed attempts).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-08 12:37:57 +02:00
Spencer Chang
62a8ea7d01 WPS: Cancel previous registered wps_registrar_pbc_timeout
Since wps_registrar_pbc_timeout is called to stop PBC, previously
registered wps_registrar_pbc_timeout must be canceled when canceling
the WPS operation.

Signed-off-by: Spencer Chang <jungwalk@gmail.com>
2011-12-29 21:32:06 +02:00
Vitaly Wool
c3daaf3325 Skip WPS PBC overlap detection if P2P address is the same
WPS overlap detection can detect false overlap if a P2P peer
changes UUID while authentication is ongoing. Changing UUID
is of course wrong but this is what some popular devices do
so we need to work around it in order to keep compatibility
with these devices. There already is a mechanism in WPS
registrar to skip overlap detection if P2P addresses of two
sessions match but it wasn't really triggered because the
address wasn't filled in in the caller function.

Let's fill in this address and also clean up WPS PBC sessions
on WSC process completion if UUID was changed.

Signed-hostap: Vitaly Wool<vitalywool@gmail.com>
2011-12-11 12:03:18 +02:00
Subrat Dash
910b482d9b WPS: Fix stopping of active WPS operation on dual concurrent AP
When hostapd controls multiple radios, WPS operations are started on
all interfaces. However, when the provisioning run had been completed
successfully, actiove WPS mode was stopped only a single interface. Fix
this to iterate through all interfaces so that this is handled
consistently with the starting of WPS operation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-11-30 16:48:14 +02:00
Jouni Malinen
d6d731b848 WPS ER: Fix segfault in some selected registrar change cases
Commit 628d54639a introduced number
of new WPS related ctrl_iface messages to hostapd. Some of these
were for ER events which do not make any sense to hostapd that
cannot operate as an ER. The WPS_EV_ER_SET_SELECTED_REGISTRAR one
from wps_registrar_sel_registrar_changed_event() was especially
problematic since it can cause wpa_supplicant ER code segfault due
to missing event data.

Revert all the ER specific changes from commit
628d54639a to get rid of the segfault
and undesired extra code in hostapd.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-11-30 14:44:23 +02:00
Olivier Sobrie
6f75536fc9 WPS: Send the credential when learning AP params in registrar role
When the supplicant acts as a registrar to learn the access point
parameters send the credentials to the wpa_cli interface after
receiving the 7th message. This is needed for proper behavior with
wps_cred_processing set to 1 or 2.

Without this patch, after the 7th message you got the WPS-CRED-RECEIVED
notification without the credentials. This was because the cred_attr and
cred_attr_len were not filled in in the wps structure.

Signed-off-by: Olivier Sobrie <olivier@sobrie.be>
2011-10-30 22:10:40 +02:00
Zhi Chen
56aa082a1d WPS: Send AP Settings as a wrapped Credential attribute to ctrl_iface
Wrap self-generated WPS credential for new AP settings and send that to
control interface to provide the needed information in
WPS-NEW-AP-SETTINGS for external processing.
2011-09-30 22:26:37 +03:00
Pavel Roskin
ffbf1eaa26 Fix typos found by codespell
Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-09-22 00:43:59 +03:00
Jouni Malinen
167dc97501 WPS: Fix M2/M2D Config Methods to include PushButton even if PBC not in use
The Config Methods attribute in M2 and M2D messages is supposed to
indicate which configuration methods are supported by the Registrar. As
such, it should not depend on whether PBC mode is currently active or
not. That will only affect the Selected Registrar Config Methods and
Device Password ID attributes.
2011-08-11 17:03:57 +03:00
Jouni Malinen
59639fa112 WPS: Fix default virt/phy pushbutton config method setting
Instead of always adding PHY PushButton config method, only add this
if neither virtual nor physical push button is advertised.
2011-08-11 16:51:40 +03:00
Anish Nataraj
628d54639a Dispatch more WPS events through hostapd ctrl_iface 2011-08-04 16:56:41 +03:00
Jean-Michel Bachot
4028a7fd43 WPS: Add support for adding WPS Vendor Extensions
This adds the ability to add WPS vendor extensions to an AP (or GO).
They will be added to the WSC IE(s) in Beacon and Probe Response frames.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-19 12:22:16 +02:00
Jouni Malinen
f3cb52fb90 WPS: Move P2P extension generation for WSC IE in Beacon frames
This cleans up debug log by keeping the WSC IE attributes for Beacon
frames before starting to build the Probe Response frame.
2011-03-19 12:22:09 +02:00
Jouni Malinen
f2b3c6bc9c WPS: Add more debug information to PBC session overlap check 2011-03-17 18:04:56 +02:00
Jouni Malinen
0439b08d3d WPS: Fix active PBC session removal to ignore MAC address
Use only the UUID-E to remove active PBC session(s) at the completion of
successful PBC protocol run. This fixes potential issues with Enrollees
that use multiple MAC addresses and as such, can get multiple entries in
the PBC session list.
2011-03-17 18:03:20 +02:00
Chao-Wen Yang
3152ff421e WPS: Indicate PBC session overlap in wps_pbc return value
Use a specific return value, WPS-PBC-OVERLAP, to indicate a reason
for rejecting a wps_pbc command in wpa_supplicant AP mode if the
PBC mode cannot be started due to PBC session overlap having been
detected during monitor time.
2011-03-10 18:59:51 +02:00
Jouni Malinen
3cc002ff97 WPS: Ignore PBC session overlap if a specific Enrollee is selected
This allows the user to complete WPS provisioning using PBC by
selected a specific Enrollee even if there are other Enrollees
in active PBC mode at the same time. The other Enrollees will be
rejected should they try to connect at the same time.
2011-03-10 18:51:00 +02:00
Jouni Malinen
80e75578c4 WPS: Show the received UUID-E from Probe Request in debug log
This makes it easier to debug PBC session overlap issues.
2011-03-10 18:38:16 +02:00
Jouni Malinen
b0dc4155c3 WPS: Use only UUID-E in PBC session overlap detection on Registrar
Ignore possible mismatches in the source address of the frame and only
use UUID-E to check whether a Probe Request or M1 is from the same
Enrollee when figuring out whether there is PBC session overlap. This
is needed to avoid potential issues with Enrollee devices that may have
multiple interfaces indicating active PBC state.
2011-03-10 18:33:53 +02:00
Jouni Malinen
d601247ca9 P2P: Allow WPS_PBC command on GO to select on P2P Device Address
An optional parameter, p2p_dev_addr, can now be given to WPS_PBC
command on P2P GO to indicate that only the P2P device with the
specified P2P Device Address is allowed to connect using PBC. If
any other device tries to use PBC, a session overlap is indicated
and the negotiation is rejected with M2D. The command format for
specifying the address is "WPS_PBC p2p_dev_addr=<address>", e.g.,
WPS_PBC p2p_dev_addr=02:03:04:05:06:07

In addition, show the PBC session overlap indication as a WPS failure
event on an AP/GO interface. This particular new case shows up as
"WPS-FAIL msg=4 config_error=12".
2011-02-07 18:28:36 +02:00
Chao-Wen Yang
c5cf0a18f1 WPS: Add mechanism for indicating non-standard WPS errors
Previously, only the Configuration Error values were indicated in
WPS-FAIL events. Since those values are defined in the specification
it is not feasible to extend them for indicating other errors. Add
a new error indication value that is internal to wpa_supplicant and
hostapd to allow other errors to be indicated.

Use the new mechanism to indicate if negotiation fails because of
WEP or TKIP-only configurations being disallows by WPS 2.0.
2011-01-13 17:50:59 +02:00
Jouni Malinen
3642c4313a Annotate places depending on strong random numbers
This commit adds a new wrapper, random_get_bytes(), that is currently
defined to use os_get_random() as is. The places using
random_get_bytes() depend on the returned value being strong random
number, i.e., something that is infeasible for external device to
figure out. These values are used either directly as a key or as
nonces/challenges that are used as input for key derivation or
authentication.

The remaining direct uses of os_get_random() do not need as strong
random numbers to function correctly.
2010-11-24 01:05:20 +02:00
Jouni Malinen
9dd7d6b09c WPS: Add special AP Setup Locked mode to allow read only ER
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change then.
In other words, the protocol is allowed to continue past M2, but
is stopped at M7 when AP is in this mode. WPS IE does not
advertise AP Setup Locked in this case to avoid interoperability
issues.

In wpa_supplicant, use ap_setup_locked=2 by default. Since the AP PIN
is disabled by default, this does not enable any new functionality
automatically. To allow the read-only ER to go through the protocol,
wps_ap_pin command needs to be used to enable the AP PIN.
2010-11-17 16:48:39 +02:00
Jouni Malinen
22a062815d WPS: Add wildcard AuthorizedMACs entry for PBC 2010-11-09 11:24:06 +02:00
Jouni Malinen
ccb7e5ee59 WPS: Send WSC_NACK if message without Message Type is received 2010-11-04 18:17:00 +02:00
Jouni Malinen
4a64a51b63 WPS: Share common function for building WSC ACK/NACK
These are identical functions in Enrollee and Registrar and there
is no need to maintain two copies of the same functionality.
2010-11-04 18:16:14 +02:00
Jouni Malinen
450eddcfae hostapd: Add wps_config ctrl_interface command for configuring AP
This command can be used to configure the AP using the internal
WPS registrar. It works in the same way as new AP settings received
from an ER.
2010-10-21 16:49:41 +03:00
Jouni Malinen
81611b95ff WPS: Add Config Error into WPS-FAIL events
This makes it easier to figure out what could have failed in the
WPS protocol and potentially provide more information for the
user on how to resolve the issue.
2010-10-14 20:49:54 +03:00
Jouni Malinen
a9d69254e3 WPS ER: Make sure PIN timeout does not interrupt PBC operation
We need to clear the selected registrar timeout from wps_er_learn
when stopping the protocol run at M7 (previously, this was done only
when WSC_Done was being processed). In addition, we need to cancel
the timeout when a new PBC operation is started.
2010-09-23 14:45:55 -07:00
Jouni Malinen
7d698c4ec7 WPS: Add more debug details for Credential building 2010-09-22 19:20:01 -07:00
Jouni Malinen
3237bfb1a3 WPS: Fix strict validation of encrypted data for WSC 2.0-only case
Need to figure out whether the message is from a WSC 2.0 -based
device based on the unencrypted attributes, not the contents of the
encrypted data since the Version2 subelement is only included in the
unencrypted area.
2010-09-22 19:17:13 -07:00
Jouni Malinen
b4e34f2fdf WPS: Make testing operations configurable at runtime
Instead of build time options (CONFIG_WPS_TESTING_EXTRA_CRED and
CONFIG_WPS_EXTENSIBILITY_TESTING), use a single build option
(CONFIG_WPS_TESTING) and runtime configuration of which testing
operations are enabled. This allows a single binary to be used
for various tests.

The runtime configuration can be done through control interface
with wpa_cli/hostapd_cli commands:
Enable extensibility tests:
set wps_version_number 0x57
Disable extensibility tests (WPS2 build):
set wps_version_number 0x20
Enable extra credential tests:
set wps_testing_dummy_cred 1
Disable extra credential tests:
set wps_testing_dummy_cred 0
2010-09-21 19:51:23 -07:00
Jouni Malinen
3379a3a795 WPS: Fix Beacon WPS IE on concurrent dualband AP in PBC mode
The Beacon frame must include UUID-E and RF Bands attributes when
in active PBC mode to allow stations to figure out that two BSSes in
PBC mode is not a PBC session overlap.
2010-09-20 15:32:29 -07:00
Ardong Chen
2f9929ffcc WPS: Allow pending WPS operation to be cancelled
A new ctrl_interface command, WPS_CANCEL, can now be used to cancel
a pending or ongoing WPS operation. For now, this is only available
with wpa_supplicant (either in station or AP mode). Similar
functionality should be added for hostapd, too.
2010-09-10 10:30:25 -07:00
Jouni Malinen
62281bc690 P2P: Do no process Probe Request with P2P wildcard SSID in WPS
The Probe Request frames used in P2P Device Discovery should not be
processed by the WPS implementation.
2010-09-09 07:17:16 -07:00
Jouni Malinen
63675def6e P2P: Add Device Name into WPS IE in Probe Request frames 2010-09-09 07:17:16 -07:00
Jouni Malinen
fdc9eeb175 WPS 2.0: Convert new attributes into WFA vendor extension
The WSC 2.0 specification moved to use another design for the new
attributes to avoid backwards compatibility issues with some
deployed implementations.
2010-09-09 06:07:49 -07:00
Jouni Malinen
ecece754db WPS: Add more debug prints for authorized MACs operations 2010-09-09 06:07:49 -07:00
Jouni Malinen
498cdee0c7 WPS ER: Use PBC overlap detection
ER should follow same rules as internal Registrar in an AP for
session overlap detection.
2010-09-09 06:07:49 -07:00
Jouni Malinen
ad4741183f WPS 2.0: Make sure PHY/VIRT flag gets set for PBC 2010-09-09 06:07:48 -07:00
Jouni Malinen
545ee4fd3d WPS 2.0: Add wildcard AuthorizedMACs if Enrollee address is not known 2010-09-09 06:07:48 -07:00
Jouni Malinen
53587ec183 WPS 2.0: Make WSC 2.0 support to be build option (CONFIG_WPS2)
For now, the default build will only include WSC 1.0 support.
CONFIG_WPS2=y can be used to add support for WSC 2.0.
2010-09-09 06:07:48 -07:00
Jouni Malinen
4a34969824 WPS: Add a test mechanism for adding an extra credential into M8
This can be used to build a test version of ER that adds an extra
Credential attribute into M8.
2010-09-09 06:07:48 -07:00
Jouni Malinen
54f489be45 WPS 2.0: Validate WPS attributes in management frames and WSC messages
If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and
reject the frames if any of the mandatory attributes is missing or if an
included attribute uses an invalid value. In addition, verify that all
mandatory attributes are included and have valid values in the WSC
messages.
2010-09-09 06:07:48 -07:00
Jouni Malinen
6b633b4da7 WPS 2.0: Fix Probe Request WPS IE building to be able to fragment data
If all the device information attributes use their maximum lengths,
a single WPS IE is not enough to fit in all the data and as such,
we must be able to fragment the data. In addition, the wpabuf needs
to be allocated larger to fit in maximum data.
2010-09-09 06:07:47 -07:00
Jouni Malinen
dcc4d8be75 WPS 2.0: Disable WPS workarounds if CONFIG_WPS_STRICT is defined 2010-09-09 06:07:47 -07:00
Jouni Malinen
6a857074f4 WPS 2.0: Add virtual/physical display and pushbutton config methods 2010-09-09 06:07:47 -07:00
Jouni Malinen
31fcea931d WPS 2.0: Add support for AuthorizedMACs attribute
Advertize list of authorized enrollee MAC addresses in Beacon and
Probe Response frames and use these when selecting the AP. In order
to provide the list, the enrollee MAC address should be specified
whenever adding a new PIN. In addition, add UUID-R into
SetSelectedRegistrar action to make it potentially easier for an AP
to figure out which ER sent the action should there be multiple ERs
using the same IP address.
2010-09-09 06:07:47 -07:00
Jouni Malinen
f439079e93 WPS 2.0: Add new attributes and update version negotiation
This adds definitions and parsing of the new attributes that were added
in WPS 2.0. In addition, the version negotiation is updated to use the
new mechanism, i.e., accept everything received and use the new Version2
attribute in transmitted messages.
2010-09-09 06:07:47 -07:00
Jouni Malinen
2f1ce78bf7 WPS: Add a workaround for OS X 10.6.3 and .4 (use PSK, not passphrase)
It looks like 10.6.3 and 10.6.4 do not like to receive Network Key
with WPA passphrase while PSK format still works. Use peer information
from M1 to figure out whether the Enrollee is likely to be OS X and
if so, force PSK format to be used for Network Key.
2010-07-05 15:37:47 -07:00
Jouni Malinen
ed7a09f914 Add WPS IE into (Re)Association Response frame if WPS is used
If the associating station indicates that it is intents to use WPS
by including WPS IE in (Re)Association Request frame, include WPS IE
in (Re)Association Response frame.
2010-05-26 18:46:08 +03:00
Jouni Malinen
11356a2ab5 WPS: Fix PBC session overlap detection to use Device Password Id
Active PBC mode is indicated by Device Password Id == 4, not Config Methods
attribute.
2010-04-04 08:13:59 +03:00
Jouni Malinen
bdda27eb17 Fix WPS IE in Probe Response frame to include proper Config Methods values
This attribute is supposed to indicate which methods the AP supports as
an Enrollee for adding external Registrars. It was left to 0 when the
AP code did not yet support external Registrars and was forgotten when
the ER support was added.
2010-03-13 13:39:22 +02:00
Jouni Malinen
e0b3b3cb77 WPS: Fix AP operation with internal Registrar when ER is also active
Ignore the pending WPS message from ER (PutWLANReseponse action) if the
internal Registrar has already sent out M2.
2010-02-12 12:38:14 +02:00
Jouni Malinen
dc5a08c053 WPS: Fix Probe Request processing to handle missing attribute
WPS IE parsing for PBC mode did not check whether the UUID-E attribute
was included before dereferencing the pointer. This could result in the
AP crashing when processing and invalid Probe Request frame.
2010-01-01 23:38:51 +02:00
Jouni Malinen
c2f5126941 WPS: Add Enrollee-seen event message and wpa_gui-qt4 Peers entry
This can be used to show active Enrollees in AP mode to make it
easier to provision a new device.
2009-12-28 16:24:04 +02:00
Jouni Malinen
9fdeaf8f3a WPS: Fix a memory leak if set_ie_cb() is not set
Skip WPS IE building for Beacon and Probe Response frames is set_ie_cb()
is not set. This fixes a memory leak and optimizes operations by not
allocating memory and building the WPS IEs unnecessarily.
2009-12-25 01:29:59 +02:00
Jouni Malinen
14f7938660 Merge driver ops set_wps_beacon_ie and set_wps_probe_resp_ie
set_ap_wps_ie() is not used to set WPS IE for both Beacon and Probe
Response frames with a single call. In addition, struct wpabuf is used
instead of separate u8* and length fields. This avoids duplicated
allocation of the IEs and simplifies code in general.
2009-12-24 19:46:06 +02:00
Jouni Malinen
b64576fcf5 WPS: Prefer PSK format if Enrollee does not advertise Display
Since an Enrollee that does not advertise display as one of the
Config Methods is unlikely to be able to show the ASCII passphrase
to the user, prefer PSK format with such an Enrollee to reduce key
derivation time. This can help with some low-powered devices that
would take long time to derive the PSK from the passphrase.
2009-12-21 12:58:02 +02:00
Jouni Malinen
f3f2eeba01 WPS: Add option for forcing Registrar to use PSK format in Credential
The use_psk_key parameter can now be used to force the Registrar to
use PSK format instead of ASCII passphrase when building a Credential
for the Enrollee. For now, this is not enabled, but it could be enabled
either based on external (to WPS) configuration or automatically set
based on some WPS attribute values from the Enrollee.
2009-12-21 12:46:19 +02:00
Jouni Malinen
187533a4c5 WPS: Convert Registrar PIN list to use struct dl_list 2009-12-19 22:26:55 +02:00
Jouni Malinen
ec32c29471 WPS: Convert struct subscription to use struct dl_list 2009-12-19 14:15:43 +02:00
Jouni Malinen
f98b440c47 WPS: Convert struct subscr_addr to use dl_list 2009-12-19 13:47:00 +02:00
Jouni Malinen
7e683ceeb4 WPS: Handle Selected Registrar as a union of info from all Registrars
Instead of using the latest selected registrar change, collect selected
registrar information separately from all registrars and use the union
of this information when building the WPS IE for Beacon and Probe
Response frames.

Note: SetSelectedRegistrar UPnP action does not include a unique
identifier, so the ER matching routine is based only on the IP address
of the ER. In theory, there could be multiple ERs using the same IP
address (but different port or URL), so there may be some corner cases
that would not always match the correct ER entry at the AP. Anyway, this
is not really expected to occur in normal use cases and even if it did
happen, the selected registrar information is not any worse than it was
before when only the last change from any registrar for being
advertized.
2009-12-12 16:54:59 +02:00
Jouni Malinen
03da66bd59 Remove src/crypto from default include path
In addition, start ordering header file includes to be in more
consistent order: system header files, src/utils, src/*, same
directory as the *.c file.
2009-11-29 23:04:43 +02:00
Jouni Malinen
90973fb2fd Remove src/common from default header file path
This makes it clearer which files are including header from src/common.
Some of these cases should probably be cleaned up in the future not to
do that.

In addition, src/common/nl80211_copy.h and wireless_copy.h were moved
into src/drivers since they are only used by driver wrappers and do not
need to live in src/common.
2009-11-29 17:51:55 +02:00
Jouni Malinen
96750ea5e5 WPS: Clean up Primary Device Type handling
Use shared functions for converting Primary Device Type between binary
and string formats. In addition, use array of eight octets instead of a
specific structure with multiple fields to reduce code complexity.
2009-11-26 11:39:29 +02:00
Jouni Malinen
8e2c104fa1 Resolve some sparse warnings
Mainly, this is including header files to get definitions for functions
which is good to verify that the parameters match. None of these are
issues that would have shown as incorrect behavior of the program.
2009-11-25 00:57:00 +02:00
Jouni Malinen
4bdd556886 WPS: Fix MAC Address inside Credential be that of Enrollee's
The WPS 1.0h specification is quite unclear on what exactly should be
used as the MAC Address value in the Credential and AP Settings. It
looks like this should after all be the MAC Address of the Enrollee,
so change Registrar implementation to use that address instead of the
AP BSSID.

In addition, add validation code to the Enrollee implementation to
check the MAC Address value inside Credential (and also inside AP Settings)
to make sure it matches with the Enrollee's own address. However, since
there are deployed implementations that do not follow this interpretation
of the spec, only show the mismatch in debug information to avoid breaking
interoperability with existing devices.
2009-11-19 00:31:57 +02:00
Jouni Malinen
cef4652f2c WPS ER: Use learnt AP settings to build credentials for an Enrollee 2009-11-15 22:46:30 +02:00
Jouni Malinen
e64dcfd54b WPS ER: Add command for fetching current AP settings 2009-11-15 22:27:06 +02:00
Jouni Malinen
f6d23cfd9e WPS ER: Do not try to process AP Settings in proxied M7 to ER
In this case, the Enrollee is not an AP, so do not try to process
AP Settings in M7.
2009-11-15 18:54:37 +02:00
Jouni Malinen
ed835e539b WPS: Fix AP to proxy WSC_NACK to ER 2009-11-13 22:40:07 +02:00
Jouni Malinen
04f5d74077 WPS: Fix OpCode when proxying WSC_ACK or WSC_NACK from ER
Previously, WSC_MSG was hardcoded for every message from ER, but
this needs to be changed based on message type to send a valid
message to the Enrollee via EAP transport.
2009-11-13 22:29:31 +02:00
Jouni Malinen
72df2f5fc6 WPS ER: Add PIN configuration and SetSelectedRegistrar call
New PINs can now be added to WPS ER. This results in the ER code
using SetSelectedRegistrar to modify AP state so that Enrollees
will be able to notice the actice registrar more easily.
2009-11-13 22:07:11 +02:00
Andriy Tkachuk
72ffc08242 WPS: SelectedRegistrar expiration for internal PIN registrar
Though we have such a timeout when handling SetSelectedRegistrar UPnP
message from an external registrar, it looks like we don't have one when
the internal registrar is activated for PIN connection. Thus we set the
SelectedRegistrar flag when AP is activated for PIN connection but we
never reset it - not by some timeout, nor when registration succeeds.
This lead to situations where AP everlastingly declare that it is
activated for WPS PIN connection when in reality it is not.

Use the same timeout (and also success with PIN) to clear the selected
registrar flag when using internal registrar, too.
2009-11-01 22:19:02 +02:00
Jouni Malinen
2e71444516 WPS: Abort ongoing PBC protocol run if session overlap is detected
If PBC session overlap is detected during an ongoing PBC protocol run,
reject the run (if M8, i.e., credentials, have not yet been sent). This
provides a bit longer monitoring time at the Registrar for PBC mode to
catch some cases where two Enrollees in PBC mode try to enroll
credentials at about the same time.
2009-11-01 21:59:30 +02:00
Oleg Kravtsov
63330c6832 WPS: Add PBC overlap and timeout events from WPS module
This provides information about PBC mode result from the WPS Registrar
module. This could be used, e.g., to provide a user notification on the
AP UI on PBC failures.
2009-11-01 21:26:13 +02:00
Jouni Malinen
7e3a67514f WPS: Use Config Error 12 to indicate PBC overlap in M2D
If PBC session overlap is detected between button press on the registrar
and M1 is reception, report session overlap with the Config Error
attribute in M2D to the Enrollee.
2009-11-01 20:57:36 +02:00
Jouni Malinen
2678509dec WPS: Store device info and make it available through AP ctrl_iface
Store a copy of device attributes during WPS protocol run and make it
available for external programs via the control interface STA MIB
command for associated stations. This gives access to device name and
type which can be useful when showing user information about associated
stations.
2009-09-07 22:09:13 +03:00
Jouni Malinen
52eb293dd2 WPS: Add support for AP reconfiguration with wps_reg
wpa_supplicant can now reconfigure the AP by acting as an External
Registrar with the wps_reg command. Previously, this was only used
to fetch the current AP settings, but now the wps_reg command has
optional arguments which can be used to provide the new AP
configuration. When the new parameters are set, the WPS protocol run
is allowed to continue through M8 to reconfigure the AP instead of
stopping at M7.
2009-09-06 13:58:15 +03:00
Jouni Malinen
4625a47f4b WPS: Change wpa_supplicant wps_reg to not send out M8
Since we do not currently support changing the AP settings received
from M7, there is no point in actually sending out the M8 that would
likely trigger the AP to reconfigure itself and potentially reboot.
For now, we just receive the AP settings in M7 and add a local network
configuration block based on those, but NACK the message. This makes
wps_reg work like wps_pin, but by using the AP PIN instead of a client
PIN.
2009-06-10 15:53:35 +03:00
Jouni Malinen
077a781f7a WPS: Add support for setting timeout for PIN
hostapd_cli wps_pin command can now have an optional timeout
parameter that sets the PIN lifetime in seconds. This can be used
to reduce the likelihood of someone else using the PIN should an
active PIN be left in the Registrar.
2009-05-26 17:44:44 +03:00
Jouni Malinen
826fff182f WPS: Add a workaround for auth/encr type flags mismatches
Some deployed implementations seem to advertise incorrect information
in this attribute. For example, Linksys WRT350N seems to have a
byteorder bug that breaks this negotiation. In order to interoperate
with existing implementations, assume that the Enrollee supports
everything we do.
2009-05-06 10:56:18 +03:00
Jouni Malinen
73267b9ca4 WPS: Fix local configuration update after AP configuration
Update credential to only include a single authentication and
encryption type in case the AP configuration includes more than one
option. Without this, the credential would be rejected if the AP was
configured to allow more than one authentication type.
2009-03-30 19:00:55 +03:00
Jouni Malinen
9f98c48315 Fix doxygen function comment 2009-03-19 21:42:15 +02:00
Jouni Malinen
143a4bf632 WPS: Add a workaround for static WEP with Windows network probe
Windows XP and Vista clients can get confused about EAP-Identity/Request
when they probe the network with EAPOL-Start. In such a case, they may
assume the network is using IEEE 802.1X and prompt user for a
certificate while the correct (non-WPS) behavior would be to ask for the
static WEP key. As a workaround, use Microsoft Provisioning IE to
advertise that legacy 802.1X is not supported.

This seems to make Windows ask for a static WEP key when adding a new
network, but at least Windows XP SP3 was still marking IEEE 802.1X
enabled for the network. Anyway, this is better than just leaving the
network configured with IEEE 802.1X and automatic WEP key distribution.
2009-03-08 19:36:02 +02:00
Jouni Malinen
116f7bb0a3 WPS UFD: Build OOB functionality only if UFD is enabled 2009-02-26 22:10:21 +02:00
Masashi Honma
46bdb83acd WPS: Add UFD support (USBA out-of-band mechanism)
This patch is only for the following use case:
- Enrollee = wpa_supplicant
- Registrar = hostapd internal Registrar

Following UFD methods can be used:
- Enrollee PIN with UFD
- Registrar PIN with UFD
- unencrypted credential with UFD

Encrypted credentials are not supported.

Enrollee side operation:
wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method>
    oob method = pin-e/pin-r/cred

wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r

Registrar side operation:
./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method>
    oob method = pin-e/pin-r/cred

hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
2009-02-26 21:57:38 +02:00
Masashi Honma
363a9e2434 WPS: Set correct Selected Registrar Config Methods attribute
I tried PBC with the hostapd registrar.
I pushed the button with "hostap_cli WPS_PBC".
But hostapd registrar always sends Selected Registrar Config Methods
attribute=0x0000 in beacon/probe response.
2009-02-09 19:50:52 +02:00
Jouni Malinen
915c1ba3c5 WPS UPnP: Added support for multiple external Registrars
Allow more than one pending PutWLANMessage data to be stored (M2/M2D
from multiple external Registrars) and drop pending M2/M2D messages when
the Enrollee replies with M3.
2009-02-06 21:39:32 +02:00