Commit graph

31 commits

Author SHA1 Message Date
Davina Lu
66819b07b5 hostapd: Support Multi-AP backhaul STA onboarding with WPS
The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a
backhaul STA through WPS. To enable this, the WPS Registrar offers a
different set of credentials (backhaul credentials instead of fronthaul
credentials) when the Multi-AP subelement is present in the WFA vendor
extension element of the WSC M1 message.

Add new configuration options to specify the backhaul credentials for
the hostapd internal registrar: multi_ap_backhaul_ssid,
multi_ap_backhaul_wpa_psk, multi_ap_backhaul_wpa_passphrase. These are
only relevant for a fronthaul SSID, i.e., where multi_ap is set to 2 or
3. When these options are set, pass the backhaul credentials instead of
the normal credentials when the Multi-AP subelement is present.

Ignore the Multi-AP subelement if the backhaul config options are not
set. Note that for an SSID which is fronthaul and backhaul at the same
time (i.e., multi_ap == 3), this results in the correct credentials
being sent anyway.

The security to be used for the backaul BSS is fixed to WPA2PSK. The
Multi-AP Specification only allows Open and WPA2PSK networks to be
configured. Although not stated explicitly, the backhaul link is
intended to be always encrypted, hence WPA2PSK.

To build the credentials, the credential-building code is essentially
copied and simplified. Indeed, the backhaul credentials are always
WPA2PSK and never use per-device PSK. All the options set for the
fronthaul BSS WPS are simply ignored.

Signed-off-by: Davina Lu <ylu@quantenna.com>
Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
2019-02-18 22:35:41 +02:00
Jouni Malinen
625745c297 WPS: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-18 11:37:47 +03:00
Jouni Malinen
ca68a8b561 WPS: Explicitly reject Public Key attribute with unexpected length
There is no need to try to derive DH shared key with a peer that tries
to use too short or too long DH Public Key. Previously, such cases ended
up implicitly getting rejected by the DH operations failing to produce
matching results. That is unnecessarily, so simply reject the message
completely if it does not have a Public Key with valid length. Accept
couple of octets shorter value to be used to avoid interoperability
issues if there are implementations that do not use zero-padding
properly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-04-22 22:05:12 +03:00
Jouni Malinen
6b94f71dcd WPS: Truncate variable length string attributes to maximum length
This enforces variable length strings Manufacturer, Model Name, Model
Number, and Serial Number to be within the maximum length defined in the
WSC specification. While none of the existing users for these within
hostapd/wpa_supplicant had problems with longer strings, it is good to
ensure the strings are not longer to avoid potential issues at higher
layer components.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-04-22 22:05:12 +03:00
Jouni Malinen
5a041acc0a WPS: Ignore too long SSID attribute
While it looks like all the users of this parsed attribute were able to
handle longer SSID values, there is no valid use case for these and to
avoid any potential future issues, enforce maximum length (32 bytes) on
the SSID during parsing.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-04-22 11:44:19 +03:00
Jouni Malinen
65b10253d6 WPS: Ignore too long Device Name attribute
While it looks like all the users of this parsed attribute were able to
handle longer Device Name values, there is no valid use case for these
and to avoid any potential issues in upper layer components, enforce
maximum length (32 bytes) on the Device Name during parsing.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-04-22 11:44:18 +03:00
Rahul Jain
8714caa1c2 WPS: Parse Registrar Configuration Methods
This new subelement was added into the WFA Vendor Extension.

Signed-off-by: Rahul Jain <rahul.jain@samsung.com>
2014-03-05 23:26:16 +02:00
Jouni Malinen
da179bd0e1 WPS: Fix parsing of 0-length WFA vendor extension subelement
The previous parser would have skipped a WFA vendor extension attribute
that includes only a single zero-length subelement. No such subelement
has been defined so far, so this does not really affect any
functionality, but better make the parser address this correctly should
such an element ever be added.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-21 13:08:08 +02:00
Jouni Malinen
1536cb5756 WPS: Remove unused 802.1X attribute parsing and processing
This is not really used in practice and there is no need to maintain
unsed code that would only print debug log entries.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-02-04 13:23:35 +02:00
Jouni Malinen
975491793b WPS NFC: Update NFC connection handover design
The new Device Password ID 7 is used to indicate that NFC connection
handover is used with DH public key hash from both devices being
exchanged over the NFC connection handover messages. This allows an
abbreviated M1-M2 handshake to be used since Device Password does not
need to be used when DH is authenticated with the out-of-band
information (validation of the public key against the hash).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
bd3a373767 WPS: Use AP Channel attribute in credential to speed up scan
When WPS is used with NFC connection handover, the AP may indicate its
operating channel within the credential information. Use this
informatiom, if present, to speed up the scan process.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-28 18:02:04 +02:00
Jouni Malinen
6b5a0c9466 WPS: Move attribute parser definitions into a new header file
This allows wps/wps_attr_parse.h to be included into files outside
src/wps.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
4e0131d351 WPS: Add support for OOB dev password lengths 16..31
Previously, only the maximum length 32 octets for OOB device password
was accepted. Since the specification allows a shorter password to be
used with limited OOB mechanism (e.g., small NFC tag), we should accept
lengths 16..32.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Jouni Malinen
46eeedac61 Remove unused variables 2011-10-23 12:42:55 +03:00
Jouni Malinen
c8d88a145b WPS: Fix off-by-one check in vendor extension parsing 2011-04-14 20:02:31 +03:00
Jean-Michel Bachot
6f2c060711 P2P: Keep track of peer WPS vendor extensions
Make the P2P code keep track of WPS vendor extensions received from
peers so they can be exposed via DBus later.

Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-19 12:22:21 +02:00
Jean-Michel Bachot
e57ae6e19e P2P: Keep track of secondary device types for peers
Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-17 11:45:46 +02:00
Jouni Malinen
68d6fe5693 WPS: Workaround broken Credential encoding from some D-Link APs
At least D-Link DIR-600 and DIR-825 have been reported to include
an extra octet after the Network Key attribute within a Credential
attribute. This can happen at least when they are provisioning an
open network.

Add a workaround to detect this incorrectly encoded attribute and
to skip the extra octet when parsing such a Credential.
2010-10-11 16:07:49 +03:00
Jouni Malinen
370cb2a9ce WPS: Making some parsing messages use excessive debug level
This makes it easier to read -dd debug logs in environments that
have multiple WPS or P2P devices.
2010-09-22 11:39:58 -07:00
Jouni Malinen
935a948f97 P2P: Enable use of WPS Requested Device Type without WPS 2.0 2010-09-09 07:17:16 -07:00
Jouni Malinen
fdc9eeb175 WPS 2.0: Convert new attributes into WFA vendor extension
The WSC 2.0 specification moved to use another design for the new
attributes to avoid backwards compatibility issues with some
deployed implementations.
2010-09-09 06:07:49 -07:00
Jouni Malinen
53587ec183 WPS 2.0: Make WSC 2.0 support to be build option (CONFIG_WPS2)
For now, the default build will only include WSC 1.0 support.
CONFIG_WPS2=y can be used to add support for WSC 2.0.
2010-09-09 06:07:48 -07:00
Jouni Malinen
dcc4d8be75 WPS 2.0: Disable WPS workarounds if CONFIG_WPS_STRICT is defined 2010-09-09 06:07:47 -07:00
Jouni Malinen
f439079e93 WPS 2.0: Add new attributes and update version negotiation
This adds definitions and parsing of the new attributes that were added
in WPS 2.0. In addition, the version negotiation is updated to use the
new mechanism, i.e., accept everything received and use the new Version2
attribute in transmitted messages.
2010-09-09 06:07:47 -07:00
Jouni Malinen
612e9160e2 WPS: Add a workaround for parsing M1 from OS X 10.6
It looks like Mac OS X adds unexpected 0x00 padding to the end of M1.
Skip that padding to avoid interop issues.
2010-07-05 13:04:54 -07:00
Jouni Malinen
99e437ad52 Fix WPS attribute parser to use correct pointer for Response Type 2010-05-26 17:12:30 +03:00
Jouni Malinen
96750ea5e5 WPS: Clean up Primary Device Type handling
Use shared functions for converting Primary Device Type between binary
and string formats. In addition, use array of eight octets instead of a
specific structure with multiple fields to reduce code complexity.
2009-11-26 11:39:29 +02:00
Jouni Malinen
e9a2bca6f5 WPS: Add parsing of AP Setup Locked attribute 2009-09-11 17:13:59 +03:00
Masashi Honma
46bdb83acd WPS: Add UFD support (USBA out-of-band mechanism)
This patch is only for the following use case:
- Enrollee = wpa_supplicant
- Registrar = hostapd internal Registrar

Following UFD methods can be used:
- Enrollee PIN with UFD
- Registrar PIN with UFD
- unencrypted credential with UFD

Encrypted credentials are not supported.

Enrollee side operation:
wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method>
    oob method = pin-e/pin-r/cred

wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r

Registrar side operation:
./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method>
    oob method = pin-e/pin-r/cred

hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
2009-02-26 21:57:38 +02:00
Jouni Malinen
7d7b8e960a WPS: Split wps_common.c into parts
To make it easier to find various functions, attribute functions were
split into wps_attr_{build,parse,process}.c.
2008-11-29 13:16:26 +02:00