1 /*
2 * DPP over TCP
3 * Copyright (c) 2019-2020, The Linux Foundation
4 * Copyright (c) 2021-2022, Qualcomm Innovation Center, Inc.
5 *
6 * This software may be distributed under the terms of the BSD license.
7 * See README for more details.
8 */
9
10 #include "utils/includes.h"
11 #include <fcntl.h>
12
13 #include "utils/common.h"
14 #include "utils/ip_addr.h"
15 #include "utils/eloop.h"
16 #include "common/ieee802_11_common.h"
17 #include "common/wpa_ctrl.h"
18 #include "dpp.h"
19 #include "dpp_i.h"
20
21 #ifdef CONFIG_DPP2
22
23 struct dpp_connection {
24 struct dl_list list;
25 struct dpp_controller *ctrl;
26 struct dpp_relay_controller *relay;
27 struct dpp_global *global;
28 struct dpp_pkex *pkex;
29 struct dpp_authentication *auth;
30 void *msg_ctx;
31 void *cb_ctx;
32 int (*process_conf_obj)(void *ctx, struct dpp_authentication *auth);
33 int (*pkex_done)(void *ctx, void *conn, struct dpp_bootstrap_info *bi);
34 bool (*tcp_msg_sent)(void *ctx, struct dpp_authentication *auth);
35 int sock;
36 u8 mac_addr[ETH_ALEN];
37 unsigned int freq;
38 u8 msg_len[4];
39 size_t msg_len_octets;
40 struct wpabuf *msg;
41 struct wpabuf *msg_out;
42 size_t msg_out_pos;
43 unsigned int read_eloop:1;
44 unsigned int write_eloop:1;
45 unsigned int on_tcp_tx_complete_gas_done:1;
46 unsigned int on_tcp_tx_complete_remove:1;
47 unsigned int on_tcp_tx_complete_auth_ok:1;
48 unsigned int gas_comeback_in_progress:1;
49 u8 gas_dialog_token;
50 char *name;
51 char *mud_url;
52 char *extra_conf_req_name;
53 char *extra_conf_req_value;
54 enum dpp_netrole netrole;
55 };
56
57 /* Remote Controller */
58 struct dpp_relay_controller {
59 struct dl_list list;
60 struct dpp_global *global;
61 u8 pkhash[SHA256_MAC_LEN];
62 struct hostapd_ip_addr ipaddr;
63 void *msg_ctx;
64 void *cb_ctx;
65 void (*tx)(void *ctx, const u8 *addr, unsigned int freq, const u8 *msg,
66 size_t len);
67 void (*gas_resp_tx)(void *ctx, const u8 *addr, u8 dialog_token,
68 int prot, struct wpabuf *buf);
69 struct dl_list conn; /* struct dpp_connection */
70 };
71
72 /* Local Controller */
73 struct dpp_controller {
74 struct dpp_global *global;
75 u8 allowed_roles;
76 int qr_mutual;
77 int sock;
78 struct dl_list conn; /* struct dpp_connection */
79 char *configurator_params;
80 enum dpp_netrole netrole;
81 struct dpp_bootstrap_info *pkex_bi;
82 char *pkex_code;
83 char *pkex_identifier;
84 void *msg_ctx;
85 void *cb_ctx;
86 int (*process_conf_obj)(void *ctx, struct dpp_authentication *auth);
87 bool (*tcp_msg_sent)(void *ctx, struct dpp_authentication *auth);
88 };
89
90 static void dpp_controller_rx(int sd, void *eloop_ctx, void *sock_ctx);
91 static void dpp_conn_tx_ready(int sock, void *eloop_ctx, void *sock_ctx);
92 static void dpp_controller_auth_success(struct dpp_connection *conn,
93 int initiator);
94 static void dpp_tcp_build_csr(void *eloop_ctx, void *timeout_ctx);
95 #ifdef CONFIG_DPP3
96 static void dpp_tcp_build_new_key(void *eloop_ctx, void *timeout_ctx);
97 #endif /* CONFIG_DPP3 */
98 static void dpp_tcp_gas_query_comeback(void *eloop_ctx, void *timeout_ctx);
99 static void dpp_relay_conn_timeout(void *eloop_ctx, void *timeout_ctx);
100
101
dpp_connection_free(struct dpp_connection * conn)102 static void dpp_connection_free(struct dpp_connection *conn)
103 {
104 if (conn->sock >= 0) {
105 wpa_printf(MSG_DEBUG, "DPP: Close Controller socket %d",
106 conn->sock);
107 eloop_unregister_sock(conn->sock, EVENT_TYPE_READ);
108 eloop_unregister_sock(conn->sock, EVENT_TYPE_WRITE);
109 close(conn->sock);
110 }
111 eloop_cancel_timeout(dpp_controller_conn_status_result_wait_timeout,
112 conn, NULL);
113 eloop_cancel_timeout(dpp_tcp_build_csr, conn, NULL);
114 eloop_cancel_timeout(dpp_tcp_gas_query_comeback, conn, NULL);
115 eloop_cancel_timeout(dpp_relay_conn_timeout, conn, NULL);
116 #ifdef CONFIG_DPP3
117 eloop_cancel_timeout(dpp_tcp_build_new_key, conn, NULL);
118 #endif /* CONFIG_DPP3 */
119 wpabuf_free(conn->msg);
120 wpabuf_free(conn->msg_out);
121 dpp_auth_deinit(conn->auth);
122 dpp_pkex_free(conn->pkex);
123 os_free(conn->name);
124 os_free(conn->mud_url);
125 os_free(conn->extra_conf_req_name);
126 os_free(conn->extra_conf_req_value);
127 os_free(conn);
128 }
129
130
dpp_connection_remove(struct dpp_connection * conn)131 static void dpp_connection_remove(struct dpp_connection *conn)
132 {
133 dl_list_del(&conn->list);
134 dpp_connection_free(conn);
135 }
136
137
dpp_relay_add_controller(struct dpp_global * dpp,struct dpp_relay_config * config)138 int dpp_relay_add_controller(struct dpp_global *dpp,
139 struct dpp_relay_config *config)
140 {
141 struct dpp_relay_controller *ctrl;
142 char txt[100];
143
144 if (!dpp)
145 return -1;
146
147 ctrl = os_zalloc(sizeof(*ctrl));
148 if (!ctrl)
149 return -1;
150 dl_list_init(&ctrl->conn);
151 ctrl->global = dpp;
152 os_memcpy(&ctrl->ipaddr, config->ipaddr, sizeof(*config->ipaddr));
153 os_memcpy(ctrl->pkhash, config->pkhash, SHA256_MAC_LEN);
154 ctrl->msg_ctx = config->msg_ctx;
155 ctrl->cb_ctx = config->cb_ctx;
156 ctrl->tx = config->tx;
157 ctrl->gas_resp_tx = config->gas_resp_tx;
158 wpa_printf(MSG_DEBUG, "DPP: Add Relay connection to Controller %s",
159 hostapd_ip_txt(&ctrl->ipaddr, txt, sizeof(txt)));
160 dl_list_add(&dpp->controllers, &ctrl->list);
161 return 0;
162 }
163
164
165 static struct dpp_relay_controller *
dpp_relay_controller_get(struct dpp_global * dpp,const u8 * pkhash)166 dpp_relay_controller_get(struct dpp_global *dpp, const u8 *pkhash)
167 {
168 struct dpp_relay_controller *ctrl;
169
170 if (!dpp)
171 return NULL;
172
173 dl_list_for_each(ctrl, &dpp->controllers, struct dpp_relay_controller,
174 list) {
175 if (os_memcmp(pkhash, ctrl->pkhash, SHA256_MAC_LEN) == 0)
176 return ctrl;
177 }
178
179 return NULL;
180 }
181
182
183 static struct dpp_relay_controller *
dpp_relay_controller_get_ctx(struct dpp_global * dpp,void * cb_ctx)184 dpp_relay_controller_get_ctx(struct dpp_global *dpp, void *cb_ctx)
185 {
186 struct dpp_relay_controller *ctrl;
187
188 if (!dpp)
189 return NULL;
190
191 dl_list_for_each(ctrl, &dpp->controllers, struct dpp_relay_controller,
192 list) {
193 if (cb_ctx == ctrl->cb_ctx)
194 return ctrl;
195 }
196
197 return NULL;
198 }
199
200
201 static struct dpp_relay_controller *
dpp_relay_controller_get_addr(struct dpp_global * dpp,const struct sockaddr_in * addr)202 dpp_relay_controller_get_addr(struct dpp_global *dpp,
203 const struct sockaddr_in *addr)
204 {
205 struct dpp_relay_controller *ctrl;
206
207 if (!dpp)
208 return NULL;
209
210 dl_list_for_each(ctrl, &dpp->controllers, struct dpp_relay_controller,
211 list) {
212 if (ctrl->ipaddr.af == AF_INET &&
213 addr->sin_addr.s_addr == ctrl->ipaddr.u.v4.s_addr)
214 return ctrl;
215 }
216
217 if (dpp->tmp_controller &&
218 dpp->tmp_controller->ipaddr.af == AF_INET &&
219 addr->sin_addr.s_addr == dpp->tmp_controller->ipaddr.u.v4.s_addr)
220 return dpp->tmp_controller;
221
222 return NULL;
223 }
224
225
dpp_controller_gas_done(struct dpp_connection * conn)226 static void dpp_controller_gas_done(struct dpp_connection *conn)
227 {
228 struct dpp_authentication *auth = conn->auth;
229
230 if (auth->waiting_csr) {
231 wpa_printf(MSG_DEBUG, "DPP: Waiting for CSR");
232 conn->on_tcp_tx_complete_gas_done = 0;
233 return;
234 }
235
236 #ifdef CONFIG_DPP3
237 if (auth->waiting_new_key) {
238 wpa_printf(MSG_DEBUG, "DPP: Waiting for a new key");
239 conn->on_tcp_tx_complete_gas_done = 0;
240 return;
241 }
242 #endif /* CONFIG_DPP3 */
243
244 if (auth->peer_version >= 2 &&
245 auth->conf_resp_status == DPP_STATUS_OK) {
246 wpa_printf(MSG_DEBUG, "DPP: Wait for Configuration Result");
247 auth->waiting_conf_result = 1;
248 return;
249 }
250
251 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_CONF_SENT "conf_status=%d",
252 auth->conf_resp_status);
253 dpp_connection_remove(conn);
254 }
255
256
dpp_tcp_send(struct dpp_connection * conn)257 static int dpp_tcp_send(struct dpp_connection *conn)
258 {
259 int res;
260
261 if (!conn->msg_out) {
262 eloop_unregister_sock(conn->sock, EVENT_TYPE_WRITE);
263 conn->write_eloop = 0;
264 return -1;
265 }
266 res = send(conn->sock,
267 wpabuf_head_u8(conn->msg_out) + conn->msg_out_pos,
268 wpabuf_len(conn->msg_out) - conn->msg_out_pos, 0);
269 if (res < 0) {
270 wpa_printf(MSG_DEBUG, "DPP: Failed to send buffer: %s",
271 strerror(errno));
272 dpp_connection_remove(conn);
273 return -1;
274 }
275
276 conn->msg_out_pos += res;
277 if (wpabuf_len(conn->msg_out) > conn->msg_out_pos) {
278 wpa_printf(MSG_DEBUG,
279 "DPP: %u/%u bytes of message sent to Controller",
280 (unsigned int) conn->msg_out_pos,
281 (unsigned int) wpabuf_len(conn->msg_out));
282 if (!conn->write_eloop &&
283 eloop_register_sock(conn->sock, EVENT_TYPE_WRITE,
284 dpp_conn_tx_ready, conn, NULL) == 0)
285 conn->write_eloop = 1;
286 return 1;
287 }
288
289 wpa_printf(MSG_DEBUG, "DPP: Full message sent over TCP");
290 wpabuf_free(conn->msg_out);
291 conn->msg_out = NULL;
292 conn->msg_out_pos = 0;
293 eloop_unregister_sock(conn->sock, EVENT_TYPE_WRITE);
294 conn->write_eloop = 0;
295 if (!conn->read_eloop &&
296 eloop_register_sock(conn->sock, EVENT_TYPE_READ,
297 dpp_controller_rx, conn, NULL) == 0)
298 conn->read_eloop = 1;
299 if (conn->on_tcp_tx_complete_remove) {
300 if (conn->auth && conn->auth->connect_on_tx_status &&
301 conn->tcp_msg_sent &&
302 conn->tcp_msg_sent(conn->cb_ctx, conn->auth))
303 return 0;
304 dpp_connection_remove(conn);
305 } else if (conn->auth && (conn->ctrl || conn->auth->configurator) &&
306 conn->on_tcp_tx_complete_gas_done) {
307 dpp_controller_gas_done(conn);
308 } else if (conn->on_tcp_tx_complete_auth_ok) {
309 conn->on_tcp_tx_complete_auth_ok = 0;
310 dpp_controller_auth_success(conn, 1);
311 }
312
313 return 0;
314 }
315
316
dpp_tcp_send_msg(struct dpp_connection * conn,const struct wpabuf * msg)317 static int dpp_tcp_send_msg(struct dpp_connection *conn,
318 const struct wpabuf *msg)
319 {
320 wpabuf_free(conn->msg_out);
321 conn->msg_out_pos = 0;
322 conn->msg_out = wpabuf_alloc(4 + wpabuf_len(msg) - 1);
323 if (!conn->msg_out)
324 return -1;
325 wpabuf_put_be32(conn->msg_out, wpabuf_len(msg) - 1);
326 wpabuf_put_data(conn->msg_out, wpabuf_head_u8(msg) + 1,
327 wpabuf_len(msg) - 1);
328
329 if (dpp_tcp_send(conn) == 1) {
330 if (!conn->write_eloop) {
331 if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE,
332 dpp_conn_tx_ready,
333 conn, NULL) < 0)
334 return -1;
335 conn->write_eloop = 1;
336 }
337 }
338
339 return 0;
340 }
341
342
dpp_controller_start_gas_client(struct dpp_connection * conn)343 static void dpp_controller_start_gas_client(struct dpp_connection *conn)
344 {
345 struct dpp_authentication *auth = conn->auth;
346 struct wpabuf *buf;
347 const char *dpp_name;
348
349 dpp_name = conn->name ? conn->name : "Test";
350 buf = dpp_build_conf_req_helper(auth, dpp_name, conn->netrole,
351 conn->mud_url, NULL,
352 conn->extra_conf_req_name,
353 conn->extra_conf_req_value);
354 if (!buf) {
355 wpa_printf(MSG_DEBUG,
356 "DPP: No configuration request data available");
357 return;
358 }
359
360 dpp_tcp_send_msg(conn, buf);
361 wpabuf_free(buf);
362 }
363
364
dpp_controller_auth_success(struct dpp_connection * conn,int initiator)365 static void dpp_controller_auth_success(struct dpp_connection *conn,
366 int initiator)
367 {
368 struct dpp_authentication *auth = conn->auth;
369
370 if (!auth)
371 return;
372
373 wpa_printf(MSG_DEBUG, "DPP: Authentication succeeded");
374 dpp_notify_auth_success(auth, initiator);
375 #ifdef CONFIG_TESTING_OPTIONS
376 if (dpp_test == DPP_TEST_STOP_AT_AUTH_CONF) {
377 wpa_printf(MSG_INFO,
378 "DPP: TESTING - stop at Authentication Confirm");
379 if (auth->configurator) {
380 /* Prevent GAS response */
381 auth->auth_success = 0;
382 }
383 return;
384 }
385 #endif /* CONFIG_TESTING_OPTIONS */
386
387 if (!auth->configurator)
388 dpp_controller_start_gas_client(conn);
389 }
390
391
dpp_conn_tx_ready(int sock,void * eloop_ctx,void * sock_ctx)392 static void dpp_conn_tx_ready(int sock, void *eloop_ctx, void *sock_ctx)
393 {
394 struct dpp_connection *conn = eloop_ctx;
395
396 wpa_printf(MSG_DEBUG, "DPP: TCP socket %d ready for TX", sock);
397 dpp_tcp_send(conn);
398 }
399
400
dpp_ipaddr_to_sockaddr(struct sockaddr * addr,socklen_t * addrlen,const struct hostapd_ip_addr * ipaddr,int port)401 static int dpp_ipaddr_to_sockaddr(struct sockaddr *addr, socklen_t *addrlen,
402 const struct hostapd_ip_addr *ipaddr,
403 int port)
404 {
405 struct sockaddr_in *dst;
406 #ifdef CONFIG_IPV6
407 struct sockaddr_in6 *dst6;
408 #endif /* CONFIG_IPV6 */
409
410 switch (ipaddr->af) {
411 case AF_INET:
412 dst = (struct sockaddr_in *) addr;
413 os_memset(dst, 0, sizeof(*dst));
414 dst->sin_family = AF_INET;
415 dst->sin_addr.s_addr = ipaddr->u.v4.s_addr;
416 dst->sin_port = htons(port);
417 *addrlen = sizeof(*dst);
418 break;
419 #ifdef CONFIG_IPV6
420 case AF_INET6:
421 dst6 = (struct sockaddr_in6 *) addr;
422 os_memset(dst6, 0, sizeof(*dst6));
423 dst6->sin6_family = AF_INET6;
424 os_memcpy(&dst6->sin6_addr, &ipaddr->u.v6,
425 sizeof(struct in6_addr));
426 dst6->sin6_port = htons(port);
427 *addrlen = sizeof(*dst6);
428 break;
429 #endif /* CONFIG_IPV6 */
430 default:
431 return -1;
432 }
433
434 return 0;
435 }
436
437
dpp_relay_conn_timeout(void * eloop_ctx,void * timeout_ctx)438 static void dpp_relay_conn_timeout(void *eloop_ctx, void *timeout_ctx)
439 {
440 struct dpp_connection *conn = eloop_ctx;
441
442 wpa_printf(MSG_DEBUG,
443 "DPP: Timeout while waiting for relayed connection to complete");
444 dpp_connection_remove(conn);
445 }
446
447
448 static struct dpp_connection *
dpp_relay_new_conn(struct dpp_relay_controller * ctrl,const u8 * src,unsigned int freq)449 dpp_relay_new_conn(struct dpp_relay_controller *ctrl, const u8 *src,
450 unsigned int freq)
451 {
452 struct dpp_connection *conn;
453 struct sockaddr_storage addr;
454 socklen_t addrlen;
455 char txt[100];
456
457 if (dl_list_len(&ctrl->conn) >= 15) {
458 wpa_printf(MSG_DEBUG,
459 "DPP: Too many ongoing Relay connections to the Controller - cannot start a new one");
460 return NULL;
461 }
462
463 if (dpp_ipaddr_to_sockaddr((struct sockaddr *) &addr, &addrlen,
464 &ctrl->ipaddr, DPP_TCP_PORT) < 0)
465 return NULL;
466
467 conn = os_zalloc(sizeof(*conn));
468 if (!conn)
469 return NULL;
470
471 conn->global = ctrl->global;
472 conn->relay = ctrl;
473 conn->msg_ctx = ctrl->msg_ctx;
474 conn->cb_ctx = ctrl->global->cb_ctx;
475 os_memcpy(conn->mac_addr, src, ETH_ALEN);
476 conn->freq = freq;
477
478 conn->sock = socket(AF_INET, SOCK_STREAM, 0);
479 if (conn->sock < 0)
480 goto fail;
481 wpa_printf(MSG_DEBUG, "DPP: TCP relay socket %d connection to %s",
482 conn->sock, hostapd_ip_txt(&ctrl->ipaddr, txt, sizeof(txt)));
483
484 if (fcntl(conn->sock, F_SETFL, O_NONBLOCK) != 0) {
485 wpa_printf(MSG_DEBUG, "DPP: fnctl(O_NONBLOCK) failed: %s",
486 strerror(errno));
487 goto fail;
488 }
489
490 if (connect(conn->sock, (struct sockaddr *) &addr, addrlen) < 0) {
491 if (errno != EINPROGRESS) {
492 wpa_printf(MSG_DEBUG, "DPP: Failed to connect: %s",
493 strerror(errno));
494 goto fail;
495 }
496
497 /*
498 * Continue connecting in the background; eloop will call us
499 * once the connection is ready (or failed).
500 */
501 }
502
503 if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE,
504 dpp_conn_tx_ready, conn, NULL) < 0)
505 goto fail;
506 conn->write_eloop = 1;
507
508 eloop_cancel_timeout(dpp_relay_conn_timeout, conn, NULL);
509 eloop_register_timeout(20, 0, dpp_relay_conn_timeout, conn, NULL);
510
511 dl_list_add(&ctrl->conn, &conn->list);
512 return conn;
513 fail:
514 dpp_connection_free(conn);
515 return NULL;
516 }
517
518
dpp_tcp_encaps(const u8 * hdr,const u8 * buf,size_t len)519 static struct wpabuf * dpp_tcp_encaps(const u8 *hdr, const u8 *buf, size_t len)
520 {
521 struct wpabuf *msg;
522
523 msg = wpabuf_alloc(4 + 1 + DPP_HDR_LEN + len);
524 if (!msg)
525 return NULL;
526 wpabuf_put_be32(msg, 1 + DPP_HDR_LEN + len);
527 wpabuf_put_u8(msg, WLAN_PA_VENDOR_SPECIFIC);
528 wpabuf_put_data(msg, hdr, DPP_HDR_LEN);
529 wpabuf_put_data(msg, buf, len);
530 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", msg);
531 return msg;
532 }
533
534
dpp_relay_tx(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)535 static int dpp_relay_tx(struct dpp_connection *conn, const u8 *hdr,
536 const u8 *buf, size_t len)
537 {
538 u8 type = hdr[DPP_HDR_LEN - 1];
539
540 wpa_printf(MSG_DEBUG,
541 "DPP: Continue already established Relay/Controller connection for this session");
542 wpabuf_free(conn->msg_out);
543 conn->msg_out_pos = 0;
544 conn->msg_out = dpp_tcp_encaps(hdr, buf, len);
545 if (!conn->msg_out) {
546 dpp_connection_remove(conn);
547 return -1;
548 }
549
550 /* TODO: for proto ver 1, need to do remove connection based on GAS Resp
551 * TX status */
552 if (type == DPP_PA_CONFIGURATION_RESULT)
553 conn->on_tcp_tx_complete_remove = 1;
554 dpp_tcp_send(conn);
555 return 0;
556 }
557
558
559 static struct dpp_connection *
dpp_relay_match_ctrl(struct dpp_relay_controller * ctrl,const u8 * src,unsigned int freq,u8 type)560 dpp_relay_match_ctrl(struct dpp_relay_controller *ctrl, const u8 *src,
561 unsigned int freq, u8 type)
562 {
563 struct dpp_connection *conn;
564
565 dl_list_for_each(conn, &ctrl->conn, struct dpp_connection, list) {
566 if (ether_addr_equal(src, conn->mac_addr))
567 return conn;
568 if ((type == DPP_PA_PKEX_EXCHANGE_RESP ||
569 type == DPP_PA_AUTHENTICATION_RESP) &&
570 conn->freq == 0 &&
571 is_broadcast_ether_addr(conn->mac_addr)) {
572 wpa_printf(MSG_DEBUG,
573 "DPP: Associate this peer to the new Controller initiated connection");
574 os_memcpy(conn->mac_addr, src, ETH_ALEN);
575 conn->freq = freq;
576 return conn;
577 }
578 }
579
580 return NULL;
581 }
582
583
dpp_relay_rx_action(struct dpp_global * dpp,const u8 * src,const u8 * hdr,const u8 * buf,size_t len,unsigned int freq,const u8 * i_bootstrap,const u8 * r_bootstrap,void * cb_ctx)584 int dpp_relay_rx_action(struct dpp_global *dpp, const u8 *src, const u8 *hdr,
585 const u8 *buf, size_t len, unsigned int freq,
586 const u8 *i_bootstrap, const u8 *r_bootstrap,
587 void *cb_ctx)
588 {
589 struct dpp_relay_controller *ctrl;
590 struct dpp_connection *conn;
591 u8 type = hdr[DPP_HDR_LEN - 1];
592
593 /* Check if there is an already started session for this peer and if so,
594 * continue that session (send this over TCP) and return 0.
595 */
596 if (type != DPP_PA_PEER_DISCOVERY_REQ &&
597 type != DPP_PA_PEER_DISCOVERY_RESP &&
598 type != DPP_PA_PRESENCE_ANNOUNCEMENT &&
599 type != DPP_PA_RECONFIG_ANNOUNCEMENT) {
600 dl_list_for_each(ctrl, &dpp->controllers,
601 struct dpp_relay_controller, list) {
602 conn = dpp_relay_match_ctrl(ctrl, src, freq, type);
603 if (conn)
604 return dpp_relay_tx(conn, hdr, buf, len);
605 }
606
607 if (dpp->tmp_controller) {
608 conn = dpp_relay_match_ctrl(dpp->tmp_controller, src,
609 freq, type);
610 if (conn)
611 return dpp_relay_tx(conn, hdr, buf, len);
612 }
613 }
614
615 if (type == DPP_PA_PRESENCE_ANNOUNCEMENT ||
616 type == DPP_PA_RECONFIG_ANNOUNCEMENT) {
617 /* TODO: Could send this to all configured Controllers. For now,
618 * only the first Controller is supported. */
619 ctrl = dpp_relay_controller_get_ctx(dpp, cb_ctx);
620 } else if (type == DPP_PA_PKEX_EXCHANGE_REQ) {
621 ctrl = dpp_relay_controller_get_ctx(dpp, cb_ctx);
622 } else {
623 if (!r_bootstrap)
624 return -1;
625 ctrl = dpp_relay_controller_get(dpp, r_bootstrap);
626 }
627 if (!ctrl)
628 return -1;
629
630 if (type == DPP_PA_PRESENCE_ANNOUNCEMENT ||
631 type == DPP_PA_RECONFIG_ANNOUNCEMENT) {
632 conn = dpp_relay_match_ctrl(ctrl, src, freq, type);
633 if (conn &&
634 (!conn->auth || conn->auth->waiting_auth_resp)) {
635 wpa_printf(MSG_DEBUG,
636 "DPP: Use existing TCP connection to Controller since no Auth Resp seen on it yet");
637 return dpp_relay_tx(conn, hdr, buf, len);
638 }
639 }
640
641 wpa_printf(MSG_DEBUG,
642 "DPP: Authentication Request for a configured Controller");
643 conn = dpp_relay_new_conn(ctrl, src, freq);
644 if (!conn)
645 return -1;
646
647 conn->msg_out = dpp_tcp_encaps(hdr, buf, len);
648 if (!conn->msg_out) {
649 dpp_connection_remove(conn);
650 return -1;
651 }
652 /* Message will be sent in dpp_conn_tx_ready() */
653
654 return 0;
655 }
656
657
658 static struct dpp_connection *
dpp_relay_find_conn(struct dpp_relay_controller * ctrl,const u8 * src)659 dpp_relay_find_conn(struct dpp_relay_controller *ctrl, const u8 *src)
660 {
661 struct dpp_connection *conn;
662
663 dl_list_for_each(conn, &ctrl->conn, struct dpp_connection, list) {
664 if (ether_addr_equal(src, conn->mac_addr))
665 return conn;
666 }
667
668 return NULL;
669 }
670
671
dpp_relay_rx_gas_req(struct dpp_global * dpp,const u8 * src,const u8 * data,size_t data_len)672 int dpp_relay_rx_gas_req(struct dpp_global *dpp, const u8 *src, const u8 *data,
673 size_t data_len)
674 {
675 struct dpp_relay_controller *ctrl;
676 struct dpp_connection *conn = NULL;
677 struct wpabuf *msg;
678
679 /* Check if there is a successfully completed authentication for this
680 * and if so, continue that session (send this over TCP) and return 0.
681 */
682 dl_list_for_each(ctrl, &dpp->controllers,
683 struct dpp_relay_controller, list) {
684 conn = dpp_relay_find_conn(ctrl, src);
685 if (conn)
686 break;
687 }
688
689 if (!conn && dpp->tmp_controller)
690 conn = dpp_relay_find_conn(dpp->tmp_controller, src);
691
692 if (!conn)
693 return -1;
694
695 msg = wpabuf_alloc(4 + 1 + data_len);
696 if (!msg)
697 return -1;
698 wpabuf_put_be32(msg, 1 + data_len);
699 wpabuf_put_u8(msg, WLAN_PA_GAS_INITIAL_REQ);
700 wpabuf_put_data(msg, data, data_len);
701 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", msg);
702
703 wpabuf_free(conn->msg_out);
704 conn->msg_out_pos = 0;
705 conn->msg_out = msg;
706 dpp_tcp_send(conn);
707 return 0;
708 }
709
710
dpp_relay_controller_available(struct dpp_global * dpp)711 bool dpp_relay_controller_available(struct dpp_global *dpp)
712 {
713 return dpp && dl_list_len(&dpp->controllers) > 0;
714 }
715
716
dpp_controller_free(struct dpp_controller * ctrl)717 static void dpp_controller_free(struct dpp_controller *ctrl)
718 {
719 struct dpp_connection *conn, *tmp;
720
721 if (!ctrl)
722 return;
723
724 dl_list_for_each_safe(conn, tmp, &ctrl->conn, struct dpp_connection,
725 list)
726 dpp_connection_remove(conn);
727
728 if (ctrl->sock >= 0) {
729 close(ctrl->sock);
730 eloop_unregister_sock(ctrl->sock, EVENT_TYPE_READ);
731 }
732 os_free(ctrl->configurator_params);
733 os_free(ctrl->pkex_code);
734 os_free(ctrl->pkex_identifier);
735 os_free(ctrl);
736 }
737
738
dpp_controller_rx_auth_req(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)739 static int dpp_controller_rx_auth_req(struct dpp_connection *conn,
740 const u8 *hdr, const u8 *buf, size_t len)
741 {
742 const u8 *r_bootstrap, *i_bootstrap;
743 u16 r_bootstrap_len, i_bootstrap_len;
744 struct dpp_bootstrap_info *own_bi = NULL, *peer_bi = NULL;
745
746 if (!conn->ctrl)
747 return 0;
748
749 wpa_printf(MSG_DEBUG, "DPP: Authentication Request");
750
751 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
752 &r_bootstrap_len);
753 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
754 wpa_printf(MSG_INFO,
755 "Missing or invalid required Responder Bootstrapping Key Hash attribute");
756 return -1;
757 }
758 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
759 r_bootstrap, r_bootstrap_len);
760
761 i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
762 &i_bootstrap_len);
763 if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) {
764 wpa_printf(MSG_INFO,
765 "Missing or invalid required Initiator Bootstrapping Key Hash attribute");
766 return -1;
767 }
768 wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Bootstrapping Key Hash",
769 i_bootstrap, i_bootstrap_len);
770
771 /* Try to find own and peer bootstrapping key matches based on the
772 * received hash values */
773 dpp_bootstrap_find_pair(conn->ctrl->global, i_bootstrap, r_bootstrap,
774 &own_bi, &peer_bi);
775 if (!own_bi) {
776 wpa_printf(MSG_INFO,
777 "No matching own bootstrapping key found - ignore message");
778 return -1;
779 }
780
781 if (conn->auth) {
782 wpa_printf(MSG_INFO,
783 "Already in DPP authentication exchange - ignore new one");
784 return 0;
785 }
786
787 conn->auth = dpp_auth_req_rx(conn->ctrl->global, conn->msg_ctx,
788 conn->ctrl->allowed_roles,
789 conn->ctrl->qr_mutual,
790 peer_bi, own_bi, -1, hdr, buf, len);
791 if (!conn->auth) {
792 wpa_printf(MSG_DEBUG, "DPP: No response generated");
793 return -1;
794 }
795
796 if (dpp_set_configurator(conn->auth,
797 conn->ctrl->configurator_params) < 0)
798 return -1;
799
800 return dpp_tcp_send_msg(conn, conn->auth->resp_msg);
801 }
802
803
dpp_controller_rx_auth_resp(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)804 static int dpp_controller_rx_auth_resp(struct dpp_connection *conn,
805 const u8 *hdr, const u8 *buf, size_t len)
806 {
807 struct dpp_authentication *auth = conn->auth;
808 struct wpabuf *msg;
809 int res;
810
811 if (!auth)
812 return -1;
813
814 wpa_printf(MSG_DEBUG, "DPP: Authentication Response");
815
816 msg = dpp_auth_resp_rx(auth, hdr, buf, len);
817 if (!msg) {
818 if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) {
819 wpa_printf(MSG_DEBUG,
820 "DPP: Start wait for full response");
821 return 0;
822 }
823 wpa_printf(MSG_DEBUG, "DPP: No confirm generated");
824 return -1;
825 }
826
827 conn->on_tcp_tx_complete_auth_ok = 1;
828 res = dpp_tcp_send_msg(conn, msg);
829 wpabuf_free(msg);
830 return res;
831 }
832
833
dpp_controller_rx_auth_conf(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)834 static int dpp_controller_rx_auth_conf(struct dpp_connection *conn,
835 const u8 *hdr, const u8 *buf, size_t len)
836 {
837 struct dpp_authentication *auth = conn->auth;
838
839 wpa_printf(MSG_DEBUG, "DPP: Authentication Confirmation");
840
841 if (!auth) {
842 wpa_printf(MSG_DEBUG,
843 "DPP: No DPP Authentication in progress - drop");
844 return -1;
845 }
846
847 if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) {
848 wpa_printf(MSG_DEBUG, "DPP: Authentication failed");
849 return -1;
850 }
851
852 dpp_controller_auth_success(conn, 0);
853 return 0;
854 }
855
856
dpp_controller_conn_status_result_wait_timeout(void * eloop_ctx,void * timeout_ctx)857 void dpp_controller_conn_status_result_wait_timeout(void *eloop_ctx,
858 void *timeout_ctx)
859 {
860 struct dpp_connection *conn = eloop_ctx;
861
862 if (!conn->auth->waiting_conf_result)
863 return;
864
865 wpa_printf(MSG_DEBUG,
866 "DPP: Timeout while waiting for Connection Status Result");
867 wpa_msg(conn->msg_ctx, MSG_INFO,
868 DPP_EVENT_CONN_STATUS_RESULT "timeout");
869 dpp_connection_remove(conn);
870 }
871
872
dpp_controller_rx_conf_result(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)873 static int dpp_controller_rx_conf_result(struct dpp_connection *conn,
874 const u8 *hdr, const u8 *buf,
875 size_t len)
876 {
877 struct dpp_authentication *auth = conn->auth;
878 enum dpp_status_error status;
879 void *msg_ctx = conn->msg_ctx;
880
881 if (!conn->ctrl && (!auth || !auth->configurator))
882 return 0;
883
884 wpa_printf(MSG_DEBUG, "DPP: Configuration Result");
885
886 if (!auth || !auth->waiting_conf_result) {
887 wpa_printf(MSG_DEBUG,
888 "DPP: No DPP Configuration waiting for result - drop");
889 return -1;
890 }
891
892 status = dpp_conf_result_rx(auth, hdr, buf, len);
893 if (status == DPP_STATUS_OK && auth->send_conn_status) {
894 wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_CONF_SENT
895 "wait_conn_status=1 conf_resp_status=%d",
896 auth->conf_resp_status);
897 wpa_printf(MSG_DEBUG, "DPP: Wait for Connection Status Result");
898 auth->waiting_conn_status_result = 1;
899 eloop_cancel_timeout(
900 dpp_controller_conn_status_result_wait_timeout,
901 conn, NULL);
902 eloop_register_timeout(
903 16, 0, dpp_controller_conn_status_result_wait_timeout,
904 conn, NULL);
905 return 0;
906 }
907 if (status == DPP_STATUS_OK)
908 wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_CONF_SENT
909 "conf_resp_status=%d", auth->conf_resp_status);
910 else
911 wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_CONF_FAILED);
912 return -1; /* to remove the completed connection */
913 }
914
915
dpp_controller_rx_conn_status_result(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)916 static int dpp_controller_rx_conn_status_result(struct dpp_connection *conn,
917 const u8 *hdr, const u8 *buf,
918 size_t len)
919 {
920 struct dpp_authentication *auth = conn->auth;
921 enum dpp_status_error status;
922 u8 ssid[SSID_MAX_LEN];
923 size_t ssid_len = 0;
924 char *channel_list = NULL;
925
926 if (!conn->ctrl)
927 return 0;
928
929 wpa_printf(MSG_DEBUG, "DPP: Connection Status Result");
930
931 if (!auth || !auth->waiting_conn_status_result) {
932 wpa_printf(MSG_DEBUG,
933 "DPP: No DPP Configuration waiting for connection status result - drop");
934 return -1;
935 }
936
937 status = dpp_conn_status_result_rx(auth, hdr, buf, len,
938 ssid, &ssid_len, &channel_list);
939 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_CONN_STATUS_RESULT
940 "result=%d ssid=%s channel_list=%s",
941 status, wpa_ssid_txt(ssid, ssid_len),
942 channel_list ? channel_list : "N/A");
943 os_free(channel_list);
944 return -1; /* to remove the completed connection */
945 }
946
947
dpp_controller_rx_presence_announcement(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)948 static int dpp_controller_rx_presence_announcement(struct dpp_connection *conn,
949 const u8 *hdr, const u8 *buf,
950 size_t len)
951 {
952 const u8 *r_bootstrap;
953 u16 r_bootstrap_len;
954 struct dpp_bootstrap_info *peer_bi;
955 struct dpp_authentication *auth;
956 struct dpp_global *dpp = conn->ctrl->global;
957
958 wpa_printf(MSG_DEBUG, "DPP: Presence Announcement");
959
960 r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
961 &r_bootstrap_len);
962 if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
963 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
964 "Missing or invalid required Responder Bootstrapping Key Hash attribute");
965 return -1;
966 }
967 wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Bootstrapping Key Hash",
968 r_bootstrap, r_bootstrap_len);
969 peer_bi = dpp_bootstrap_find_chirp(dpp, r_bootstrap);
970 if (!peer_bi) {
971 wpa_printf(MSG_DEBUG,
972 "DPP: No matching bootstrapping information found");
973 return -1;
974 }
975
976 if (conn->auth) {
977 wpa_printf(MSG_DEBUG,
978 "DPP: Ignore Presence Announcement during ongoing Authentication");
979 return 0;
980 }
981
982 auth = dpp_auth_init(dpp, conn->msg_ctx, peer_bi, NULL,
983 DPP_CAPAB_CONFIGURATOR, -1, NULL, 0);
984 if (!auth)
985 return -1;
986 if (dpp_set_configurator(auth, conn->ctrl->configurator_params) < 0) {
987 dpp_auth_deinit(auth);
988 return -1;
989 }
990
991 conn->auth = auth;
992 return dpp_tcp_send_msg(conn, conn->auth->req_msg);
993 }
994
995
dpp_controller_rx_reconfig_announcement(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)996 static int dpp_controller_rx_reconfig_announcement(struct dpp_connection *conn,
997 const u8 *hdr, const u8 *buf,
998 size_t len)
999 {
1000 const u8 *csign_hash, *fcgroup, *a_nonce, *e_id;
1001 u16 csign_hash_len, fcgroup_len, a_nonce_len, e_id_len;
1002 struct dpp_configurator *conf;
1003 struct dpp_global *dpp = conn->ctrl->global;
1004 struct dpp_authentication *auth;
1005 u16 group;
1006
1007 if (conn->auth) {
1008 wpa_printf(MSG_DEBUG,
1009 "DPP: Ignore Reconfig Announcement during ongoing Authentication");
1010 return -1;
1011 }
1012
1013 wpa_printf(MSG_DEBUG, "DPP: Reconfig Announcement");
1014
1015 csign_hash = dpp_get_attr(buf, len, DPP_ATTR_C_SIGN_KEY_HASH,
1016 &csign_hash_len);
1017 if (!csign_hash || csign_hash_len != SHA256_MAC_LEN) {
1018 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
1019 "Missing or invalid required Configurator C-sign key Hash attribute");
1020 return -1;
1021 }
1022 wpa_hexdump(MSG_MSGDUMP, "DPP: Configurator C-sign key Hash (kid)",
1023 csign_hash, csign_hash_len);
1024 conf = dpp_configurator_find_kid(dpp, csign_hash);
1025 if (!conf) {
1026 wpa_printf(MSG_DEBUG,
1027 "DPP: No matching Configurator information found");
1028 return -1;
1029 }
1030
1031 fcgroup = dpp_get_attr(buf, len, DPP_ATTR_FINITE_CYCLIC_GROUP,
1032 &fcgroup_len);
1033 if (!fcgroup || fcgroup_len != 2) {
1034 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
1035 "Missing or invalid required Finite Cyclic Group attribute");
1036 return -1;
1037 }
1038 group = WPA_GET_LE16(fcgroup);
1039 wpa_printf(MSG_DEBUG, "DPP: Enrollee finite cyclic group: %u", group);
1040
1041 a_nonce = dpp_get_attr(buf, len, DPP_ATTR_A_NONCE, &a_nonce_len);
1042 e_id = dpp_get_attr(buf, len, DPP_ATTR_E_PRIME_ID, &e_id_len);
1043
1044 auth = dpp_reconfig_init(dpp, conn->msg_ctx, conf, 0, group,
1045 a_nonce, a_nonce_len, e_id, e_id_len);
1046 if (!auth)
1047 return -1;
1048 if (dpp_set_configurator(auth, conn->ctrl->configurator_params) < 0) {
1049 dpp_auth_deinit(auth);
1050 return -1;
1051 }
1052
1053 conn->auth = auth;
1054 return dpp_tcp_send_msg(conn, auth->reconfig_req_msg);
1055 }
1056
1057
dpp_controller_rx_reconfig_auth_resp(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)1058 static int dpp_controller_rx_reconfig_auth_resp(struct dpp_connection *conn,
1059 const u8 *hdr, const u8 *buf,
1060 size_t len)
1061 {
1062 struct dpp_authentication *auth = conn->auth;
1063 struct wpabuf *conf;
1064 int res;
1065
1066 wpa_printf(MSG_DEBUG, "DPP: Reconfig Authentication Response");
1067
1068 if (!auth || !auth->reconfig || !auth->configurator) {
1069 wpa_printf(MSG_DEBUG,
1070 "DPP: No DPP Reconfig Authentication in progress - drop");
1071 return -1;
1072 }
1073
1074 conf = dpp_reconfig_auth_resp_rx(auth, hdr, buf, len);
1075 if (!conf)
1076 return -1;
1077
1078 res = dpp_tcp_send_msg(conn, conf);
1079 wpabuf_free(conf);
1080 return res;
1081 }
1082
1083
dpp_controller_rx_pkex_exchange_req(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)1084 static int dpp_controller_rx_pkex_exchange_req(struct dpp_connection *conn,
1085 const u8 *hdr, const u8 *buf,
1086 size_t len)
1087 {
1088 struct dpp_controller *ctrl = conn->ctrl;
1089
1090 if (!ctrl)
1091 return 0;
1092
1093 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request");
1094
1095 /* TODO: Support multiple PKEX codes by iterating over all the enabled
1096 * values here */
1097
1098 if (!ctrl->pkex_code || !ctrl->pkex_bi) {
1099 wpa_printf(MSG_DEBUG,
1100 "DPP: No PKEX code configured - ignore request");
1101 return 0;
1102 }
1103
1104 if (conn->pkex || conn->auth) {
1105 wpa_printf(MSG_DEBUG,
1106 "DPP: Already in PKEX/Authentication session - ignore new PKEX request");
1107 return 0;
1108 }
1109
1110 conn->pkex = dpp_pkex_rx_exchange_req(conn->msg_ctx, ctrl->pkex_bi,
1111 NULL, NULL,
1112 ctrl->pkex_identifier,
1113 ctrl->pkex_code,
1114 os_strlen(ctrl->pkex_code),
1115 buf, len, true);
1116 if (!conn->pkex) {
1117 wpa_printf(MSG_DEBUG,
1118 "DPP: Failed to process the request");
1119 return -1;
1120 }
1121
1122 return dpp_tcp_send_msg(conn, conn->pkex->exchange_resp);
1123 }
1124
1125
dpp_controller_rx_pkex_exchange_resp(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)1126 static int dpp_controller_rx_pkex_exchange_resp(struct dpp_connection *conn,
1127 const u8 *hdr, const u8 *buf,
1128 size_t len)
1129 {
1130 struct dpp_pkex *pkex = conn->pkex;
1131 struct wpabuf *msg;
1132 int res;
1133
1134 wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Response");
1135
1136 if (!pkex || !pkex->initiator || pkex->exchange_done) {
1137 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
1138 return 0;
1139 }
1140
1141 msg = dpp_pkex_rx_exchange_resp(pkex, NULL, buf, len);
1142 if (!msg) {
1143 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
1144 return -1;
1145 }
1146
1147 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Request");
1148 res = dpp_tcp_send_msg(conn, msg);
1149 wpabuf_free(msg);
1150 return res;
1151 }
1152
1153
dpp_controller_rx_pkex_commit_reveal_req(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)1154 static int dpp_controller_rx_pkex_commit_reveal_req(struct dpp_connection *conn,
1155 const u8 *hdr,
1156 const u8 *buf, size_t len)
1157 {
1158 struct dpp_pkex *pkex = conn->pkex;
1159 struct wpabuf *msg;
1160 int res;
1161 struct dpp_bootstrap_info *bi;
1162
1163 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Request");
1164
1165 if (!pkex || pkex->initiator || !pkex->exchange_done) {
1166 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
1167 return 0;
1168 }
1169
1170 msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
1171 if (!msg) {
1172 wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
1173 return -1;
1174 }
1175
1176 wpa_printf(MSG_DEBUG, "DPP: Send PKEX Commit-Reveal Response");
1177 res = dpp_tcp_send_msg(conn, msg);
1178 wpabuf_free(msg);
1179 if (res < 0)
1180 return res;
1181 bi = dpp_pkex_finish(conn->global, pkex, NULL, 0);
1182 if (!bi)
1183 return -1;
1184 conn->pkex = NULL;
1185 return 0;
1186 }
1187
1188
1189 static int
dpp_controller_rx_pkex_commit_reveal_resp(struct dpp_connection * conn,const u8 * hdr,const u8 * buf,size_t len)1190 dpp_controller_rx_pkex_commit_reveal_resp(struct dpp_connection *conn,
1191 const u8 *hdr,
1192 const u8 *buf, size_t len)
1193 {
1194 struct dpp_pkex *pkex = conn->pkex;
1195 int res;
1196 struct dpp_bootstrap_info *bi;
1197
1198 wpa_printf(MSG_DEBUG, "DPP: PKEX Commit-Reveal Response");
1199
1200 if (!pkex || !pkex->initiator || !pkex->exchange_done) {
1201 wpa_printf(MSG_DEBUG, "DPP: No matching PKEX session");
1202 return 0;
1203 }
1204
1205 res = dpp_pkex_rx_commit_reveal_resp(pkex, hdr, buf, len);
1206 if (res < 0) {
1207 wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
1208 return res;
1209 }
1210
1211 bi = dpp_pkex_finish(conn->global, pkex, NULL, 0);
1212 if (!bi)
1213 return -1;
1214 conn->pkex = NULL;
1215
1216 if (!conn->pkex_done)
1217 return -1;
1218 return conn->pkex_done(conn->cb_ctx, conn, bi);
1219 }
1220
1221
dpp_controller_rx_action(struct dpp_connection * conn,const u8 * msg,size_t len)1222 static int dpp_controller_rx_action(struct dpp_connection *conn, const u8 *msg,
1223 size_t len)
1224 {
1225 const u8 *pos, *end;
1226 u8 type;
1227
1228 wpa_printf(MSG_DEBUG, "DPP: Received DPP Action frame over TCP");
1229 pos = msg;
1230 end = msg + len;
1231
1232 if (end - pos < DPP_HDR_LEN ||
1233 WPA_GET_BE24(pos) != OUI_WFA ||
1234 pos[3] != DPP_OUI_TYPE) {
1235 wpa_printf(MSG_DEBUG, "DPP: Unrecognized header");
1236 return -1;
1237 }
1238
1239 if (pos[4] != 1) {
1240 wpa_printf(MSG_DEBUG, "DPP: Unsupported Crypto Suite %u",
1241 pos[4]);
1242 return -1;
1243 }
1244 type = pos[5];
1245 wpa_printf(MSG_DEBUG, "DPP: Received message type %u", type);
1246 pos += DPP_HDR_LEN;
1247
1248 wpa_hexdump(MSG_MSGDUMP, "DPP: Received message attributes",
1249 pos, end - pos);
1250 if (dpp_check_attrs(pos, end - pos) < 0)
1251 return -1;
1252
1253 if (conn->relay) {
1254 wpa_printf(MSG_DEBUG, "DPP: Relay - send over WLAN");
1255 conn->relay->tx(conn->relay->cb_ctx, conn->mac_addr,
1256 conn->freq, msg, len);
1257 return 0;
1258 }
1259
1260 switch (type) {
1261 case DPP_PA_AUTHENTICATION_REQ:
1262 return dpp_controller_rx_auth_req(conn, msg, pos, end - pos);
1263 case DPP_PA_AUTHENTICATION_RESP:
1264 return dpp_controller_rx_auth_resp(conn, msg, pos, end - pos);
1265 case DPP_PA_AUTHENTICATION_CONF:
1266 return dpp_controller_rx_auth_conf(conn, msg, pos, end - pos);
1267 case DPP_PA_CONFIGURATION_RESULT:
1268 return dpp_controller_rx_conf_result(conn, msg, pos, end - pos);
1269 case DPP_PA_CONNECTION_STATUS_RESULT:
1270 return dpp_controller_rx_conn_status_result(conn, msg, pos,
1271 end - pos);
1272 case DPP_PA_PRESENCE_ANNOUNCEMENT:
1273 return dpp_controller_rx_presence_announcement(conn, msg, pos,
1274 end - pos);
1275 case DPP_PA_RECONFIG_ANNOUNCEMENT:
1276 return dpp_controller_rx_reconfig_announcement(conn, msg, pos,
1277 end - pos);
1278 case DPP_PA_RECONFIG_AUTH_RESP:
1279 return dpp_controller_rx_reconfig_auth_resp(conn, msg, pos,
1280 end - pos);
1281 case DPP_PA_PKEX_V1_EXCHANGE_REQ:
1282 wpa_printf(MSG_DEBUG,
1283 "DPP: Ignore PKEXv1 Exchange Request - not supported over TCP");
1284 return -1;
1285 case DPP_PA_PKEX_EXCHANGE_REQ:
1286 return dpp_controller_rx_pkex_exchange_req(conn, msg, pos,
1287 end - pos);
1288 case DPP_PA_PKEX_EXCHANGE_RESP:
1289 return dpp_controller_rx_pkex_exchange_resp(conn, msg, pos,
1290 end - pos);
1291 case DPP_PA_PKEX_COMMIT_REVEAL_REQ:
1292 return dpp_controller_rx_pkex_commit_reveal_req(conn, msg, pos,
1293 end - pos);
1294 case DPP_PA_PKEX_COMMIT_REVEAL_RESP:
1295 return dpp_controller_rx_pkex_commit_reveal_resp(conn, msg, pos,
1296 end - pos);
1297 default:
1298 /* TODO: missing messages types */
1299 wpa_printf(MSG_DEBUG,
1300 "DPP: Unsupported frame subtype %d", type);
1301 return -1;
1302 }
1303 }
1304
1305
dpp_tcp_send_comeback_delay(struct dpp_connection * conn,u8 action)1306 static int dpp_tcp_send_comeback_delay(struct dpp_connection *conn, u8 action)
1307 {
1308 struct wpabuf *buf;
1309 size_t len = 18;
1310
1311 if (action == WLAN_PA_GAS_COMEBACK_RESP)
1312 len++;
1313
1314 buf = wpabuf_alloc(4 + len);
1315 if (!buf)
1316 return -1;
1317
1318 wpabuf_put_be32(buf, len);
1319
1320 wpabuf_put_u8(buf, action);
1321 wpabuf_put_u8(buf, conn->gas_dialog_token);
1322 wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
1323 if (action == WLAN_PA_GAS_COMEBACK_RESP)
1324 wpabuf_put_u8(buf, 0);
1325 wpabuf_put_le16(buf, 500); /* GAS Comeback Delay */
1326
1327 dpp_write_adv_proto(buf);
1328 wpabuf_put_le16(buf, 0); /* Query Response Length */
1329
1330 /* Send Config Response over TCP */
1331 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", buf);
1332 wpabuf_free(conn->msg_out);
1333 conn->msg_out_pos = 0;
1334 conn->msg_out = buf;
1335 dpp_tcp_send(conn);
1336 return 0;
1337 }
1338
1339
dpp_tcp_send_gas_resp(struct dpp_connection * conn,u8 action,struct wpabuf * resp)1340 static int dpp_tcp_send_gas_resp(struct dpp_connection *conn, u8 action,
1341 struct wpabuf *resp)
1342 {
1343 struct wpabuf *buf;
1344 size_t len;
1345
1346 if (!resp)
1347 return -1;
1348
1349 len = 18 + wpabuf_len(resp);
1350 if (action == WLAN_PA_GAS_COMEBACK_RESP)
1351 len++;
1352
1353 buf = wpabuf_alloc(4 + len);
1354 if (!buf) {
1355 wpabuf_free(resp);
1356 return -1;
1357 }
1358
1359 wpabuf_put_be32(buf, len);
1360
1361 wpabuf_put_u8(buf, action);
1362 wpabuf_put_u8(buf, conn->gas_dialog_token);
1363 wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
1364 if (action == WLAN_PA_GAS_COMEBACK_RESP)
1365 wpabuf_put_u8(buf, 0);
1366 wpabuf_put_le16(buf, 0); /* GAS Comeback Delay */
1367
1368 dpp_write_adv_proto(buf);
1369 dpp_write_gas_query(buf, resp);
1370 wpabuf_free(resp);
1371
1372 /* Send Config Response over TCP; GAS fragmentation is taken care of by
1373 * the Relay */
1374 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", buf);
1375 wpabuf_free(conn->msg_out);
1376 conn->msg_out_pos = 0;
1377 conn->msg_out = buf;
1378 conn->on_tcp_tx_complete_gas_done = 1;
1379 dpp_tcp_send(conn);
1380 return 0;
1381 }
1382
1383
dpp_controller_rx_gas_req(struct dpp_connection * conn,const u8 * msg,size_t len)1384 static int dpp_controller_rx_gas_req(struct dpp_connection *conn, const u8 *msg,
1385 size_t len)
1386 {
1387 const u8 *pos, *end, *next;
1388 const u8 *adv_proto;
1389 u16 slen;
1390 struct wpabuf *resp;
1391 struct dpp_authentication *auth = conn->auth;
1392
1393 if (len < 1 + 2)
1394 return -1;
1395
1396 wpa_printf(MSG_DEBUG,
1397 "DPP: Received DPP Configuration Request over TCP");
1398
1399 if (!auth || (!conn->ctrl && !auth->configurator) ||
1400 (!auth->auth_success && !auth->reconfig_success)) {
1401 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
1402 return -1;
1403 }
1404
1405 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_CONF_REQ_RX);
1406
1407 pos = msg;
1408 end = msg + len;
1409
1410 conn->gas_dialog_token = *pos++;
1411 adv_proto = pos++;
1412 slen = *pos++;
1413 if (*adv_proto != WLAN_EID_ADV_PROTO ||
1414 slen > end - pos || slen < 2)
1415 return -1;
1416
1417 next = pos + slen;
1418 pos++; /* skip QueryRespLenLimit and PAME-BI */
1419
1420 if (slen != 8 || *pos != WLAN_EID_VENDOR_SPECIFIC ||
1421 pos[1] != 5 || WPA_GET_BE24(&pos[2]) != OUI_WFA ||
1422 pos[5] != DPP_OUI_TYPE || pos[6] != 0x01)
1423 return -1;
1424
1425 pos = next;
1426 /* Query Request */
1427 if (end - pos < 2)
1428 return -1;
1429 slen = WPA_GET_LE16(pos);
1430 pos += 2;
1431 if (slen > end - pos)
1432 return -1;
1433
1434 resp = dpp_conf_req_rx(auth, pos, slen);
1435 if (!resp && auth->waiting_cert) {
1436 wpa_printf(MSG_DEBUG, "DPP: Certificate not yet ready");
1437 conn->gas_comeback_in_progress = 1;
1438 return dpp_tcp_send_comeback_delay(conn,
1439 WLAN_PA_GAS_INITIAL_RESP);
1440 }
1441
1442 if (!resp && auth->waiting_config && auth->peer_bi) {
1443 char *buf = NULL, *name = "";
1444 char band[200], *b_pos, *b_end;
1445 int i, res, *opclass = auth->e_band_support;
1446 char *mud_url = "N/A";
1447
1448 wpa_printf(MSG_DEBUG, "DPP: Configuration not yet ready");
1449 if (auth->e_name) {
1450 size_t e_len = os_strlen(auth->e_name);
1451
1452 buf = os_malloc(e_len * 4 + 1);
1453 if (buf) {
1454 printf_encode(buf, len * 4 + 1,
1455 (const u8 *) auth->e_name, e_len);
1456 name = buf;
1457 }
1458 }
1459 band[0] = '\0';
1460 b_pos = band;
1461 b_end = band + sizeof(band);
1462 for (i = 0; opclass && opclass[i]; i++) {
1463 res = os_snprintf(b_pos, b_end - b_pos, "%s%d",
1464 b_pos == band ? "" : ",", opclass[i]);
1465 if (os_snprintf_error(b_end - b_pos, res)) {
1466 *b_pos = '\0';
1467 break;
1468 }
1469 b_pos += res;
1470 }
1471 if (auth->e_mud_url) {
1472 size_t e_len = os_strlen(auth->e_mud_url);
1473
1474 if (!has_ctrl_char((const u8 *) auth->e_mud_url, e_len))
1475 mud_url = auth->e_mud_url;
1476 }
1477 wpa_msg(conn->msg_ctx, MSG_INFO, DPP_EVENT_CONF_NEEDED
1478 "peer=%d net_role=%s name=\"%s\" opclass=%s mud_url=%s",
1479 auth->peer_bi->id, dpp_netrole_str(auth->e_netrole),
1480 name, band, mud_url);
1481 os_free(buf);
1482
1483 conn->gas_comeback_in_progress = 1;
1484 return dpp_tcp_send_comeback_delay(conn,
1485 WLAN_PA_GAS_INITIAL_RESP);
1486 }
1487
1488 return dpp_tcp_send_gas_resp(conn, WLAN_PA_GAS_INITIAL_RESP, resp);
1489 }
1490
1491
dpp_controller_rx_gas_comeback_req(struct dpp_connection * conn,const u8 * msg,size_t len)1492 static int dpp_controller_rx_gas_comeback_req(struct dpp_connection *conn,
1493 const u8 *msg, size_t len)
1494 {
1495 u8 dialog_token;
1496 struct dpp_authentication *auth = conn->auth;
1497 struct wpabuf *resp;
1498
1499 if (len < 1)
1500 return -1;
1501
1502 wpa_printf(MSG_DEBUG,
1503 "DPP: Received DPP Configuration Request over TCP (comeback)");
1504
1505 if (!auth || (!conn->ctrl && !auth->configurator) ||
1506 (!auth->auth_success && !auth->reconfig_success) ||
1507 !conn->gas_comeback_in_progress) {
1508 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
1509 return -1;
1510 }
1511
1512 dialog_token = msg[0];
1513 if (dialog_token != conn->gas_dialog_token) {
1514 wpa_printf(MSG_DEBUG, "DPP: Dialog token mismatch (%u != %u)",
1515 dialog_token, conn->gas_dialog_token);
1516 return -1;
1517 }
1518
1519 if (!auth->conf_resp_tcp) {
1520 wpa_printf(MSG_DEBUG, "DPP: Certificate not yet ready");
1521 return dpp_tcp_send_comeback_delay(conn,
1522 WLAN_PA_GAS_COMEBACK_RESP);
1523 }
1524
1525 wpa_printf(MSG_DEBUG,
1526 "DPP: Configuration response is ready to be sent out");
1527 resp = auth->conf_resp_tcp;
1528 auth->conf_resp_tcp = NULL;
1529 return dpp_tcp_send_gas_resp(conn, WLAN_PA_GAS_COMEBACK_RESP, resp);
1530 }
1531
1532
dpp_tcp_build_csr(void * eloop_ctx,void * timeout_ctx)1533 static void dpp_tcp_build_csr(void *eloop_ctx, void *timeout_ctx)
1534 {
1535 struct dpp_connection *conn = eloop_ctx;
1536 struct dpp_authentication *auth = conn->auth;
1537
1538 if (!auth || !auth->csrattrs)
1539 return;
1540
1541 wpa_printf(MSG_DEBUG, "DPP: Build CSR");
1542 wpabuf_free(auth->csr);
1543 /* TODO: Additional information needed for CSR based on csrAttrs */
1544 auth->csr = dpp_build_csr(auth, conn->name ? conn->name : "Test");
1545 if (!auth->csr) {
1546 dpp_connection_remove(conn);
1547 return;
1548 }
1549
1550 dpp_controller_start_gas_client(conn);
1551 }
1552
1553
1554 #ifdef CONFIG_DPP3
dpp_tcp_build_new_key(void * eloop_ctx,void * timeout_ctx)1555 static void dpp_tcp_build_new_key(void *eloop_ctx, void *timeout_ctx)
1556 {
1557 struct dpp_connection *conn = eloop_ctx;
1558 struct dpp_authentication *auth = conn->auth;
1559
1560 if (!auth || !auth->waiting_new_key)
1561 return;
1562
1563 wpa_printf(MSG_DEBUG, "DPP: Build config request with a new key");
1564 dpp_controller_start_gas_client(conn);
1565 }
1566 #endif /* CONFIG_DPP3 */
1567
1568
dpp_tcp_rx_gas_resp(struct dpp_connection * conn,struct wpabuf * resp)1569 static int dpp_tcp_rx_gas_resp(struct dpp_connection *conn, struct wpabuf *resp)
1570 {
1571 struct dpp_authentication *auth = conn->auth;
1572 int res;
1573 struct wpabuf *msg;
1574 enum dpp_status_error status;
1575
1576 wpa_printf(MSG_DEBUG,
1577 "DPP: Configuration Response for local stack from TCP");
1578
1579 if (auth)
1580 res = dpp_conf_resp_rx(auth, resp);
1581 else
1582 res = -1;
1583 wpabuf_free(resp);
1584 if (res == -2) {
1585 wpa_printf(MSG_DEBUG, "DPP: CSR needed");
1586 eloop_register_timeout(0, 0, dpp_tcp_build_csr, conn, NULL);
1587 return 0;
1588 }
1589 #ifdef CONFIG_DPP3
1590 if (res == -3) {
1591 wpa_printf(MSG_DEBUG, "DPP: New protocol key needed");
1592 eloop_register_timeout(0, 0, dpp_tcp_build_new_key, conn,
1593 NULL);
1594 return 0;
1595 }
1596 #endif /* CONFIG_DPP3 */
1597 if (res < 0) {
1598 wpa_printf(MSG_DEBUG, "DPP: Configuration attempt failed");
1599 return -1;
1600 }
1601
1602 if (conn->process_conf_obj)
1603 res = conn->process_conf_obj(conn->cb_ctx, auth);
1604 else
1605 res = 0;
1606
1607 if (auth->peer_version < 2 || auth->conf_resp_status != DPP_STATUS_OK)
1608 return -1;
1609
1610 wpa_printf(MSG_DEBUG, "DPP: Send DPP Configuration Result");
1611 status = res < 0 ? DPP_STATUS_CONFIG_REJECTED : DPP_STATUS_OK;
1612 msg = dpp_build_conf_result(auth, status);
1613 if (!msg)
1614 return -1;
1615
1616 conn->on_tcp_tx_complete_remove = 1;
1617 res = dpp_tcp_send_msg(conn, msg);
1618 wpabuf_free(msg);
1619
1620 /* This exchange will be terminated in the TX status handler */
1621
1622 return res;
1623 }
1624
1625
dpp_tcp_gas_query_comeback(void * eloop_ctx,void * timeout_ctx)1626 static void dpp_tcp_gas_query_comeback(void *eloop_ctx, void *timeout_ctx)
1627 {
1628 struct dpp_connection *conn = eloop_ctx;
1629 struct dpp_authentication *auth = conn->auth;
1630 struct wpabuf *msg;
1631
1632 if (!auth)
1633 return;
1634
1635 wpa_printf(MSG_DEBUG, "DPP: Send GAS Comeback Request");
1636 msg = wpabuf_alloc(4 + 2);
1637 if (!msg)
1638 return;
1639 wpabuf_put_be32(msg, 2);
1640 wpabuf_put_u8(msg, WLAN_PA_GAS_COMEBACK_REQ);
1641 wpabuf_put_u8(msg, conn->gas_dialog_token);
1642 wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Outgoing TCP message", msg);
1643
1644 wpabuf_free(conn->msg_out);
1645 conn->msg_out_pos = 0;
1646 conn->msg_out = msg;
1647 dpp_tcp_send(conn);
1648 }
1649
1650
dpp_rx_gas_resp(struct dpp_connection * conn,const u8 * msg,size_t len,bool comeback)1651 static int dpp_rx_gas_resp(struct dpp_connection *conn, const u8 *msg,
1652 size_t len, bool comeback)
1653 {
1654 struct wpabuf *buf;
1655 u8 dialog_token;
1656 const u8 *pos, *end, *next, *adv_proto;
1657 u16 status, slen, comeback_delay;
1658
1659 if (len < (size_t) (5 + 2 + (comeback ? 1 : 0)))
1660 return -1;
1661
1662 wpa_printf(MSG_DEBUG,
1663 "DPP: Received DPP Configuration Response over TCP");
1664
1665 pos = msg;
1666 end = msg + len;
1667
1668 dialog_token = *pos++;
1669 status = WPA_GET_LE16(pos);
1670 if (status != WLAN_STATUS_SUCCESS) {
1671 wpa_printf(MSG_DEBUG, "DPP: Unexpected Status Code %u", status);
1672 return -1;
1673 }
1674 pos += 2;
1675 if (comeback)
1676 pos++; /* ignore Fragment ID */
1677 comeback_delay = WPA_GET_LE16(pos);
1678 pos += 2;
1679
1680 adv_proto = pos++;
1681 slen = *pos++;
1682 if (*adv_proto != WLAN_EID_ADV_PROTO ||
1683 slen > end - pos || slen < 2)
1684 return -1;
1685
1686 next = pos + slen;
1687 pos++; /* skip QueryRespLenLimit and PAME-BI */
1688
1689 if (slen != 8 || *pos != WLAN_EID_VENDOR_SPECIFIC ||
1690 pos[1] != 5 || WPA_GET_BE24(&pos[2]) != OUI_WFA ||
1691 pos[5] != DPP_OUI_TYPE || pos[6] != 0x01)
1692 return -1;
1693
1694 pos = next;
1695 /* Query Response */
1696 if (end - pos < 2)
1697 return -1;
1698 slen = WPA_GET_LE16(pos);
1699 pos += 2;
1700 if (slen > end - pos)
1701 return -1;
1702
1703 if (comeback_delay) {
1704 unsigned int secs, usecs;
1705
1706 conn->gas_dialog_token = dialog_token;
1707 secs = (comeback_delay * 1024) / 1000000;
1708 usecs = comeback_delay * 1024 - secs * 1000000;
1709 wpa_printf(MSG_DEBUG, "DPP: Comeback delay: %u",
1710 comeback_delay);
1711 eloop_cancel_timeout(dpp_tcp_gas_query_comeback, conn, NULL);
1712 eloop_register_timeout(secs, usecs, dpp_tcp_gas_query_comeback,
1713 conn, NULL);
1714 return 0;
1715 }
1716
1717 buf = wpabuf_alloc(slen);
1718 if (!buf)
1719 return -1;
1720 wpabuf_put_data(buf, pos, slen);
1721
1722 if (!conn->relay &&
1723 (!conn->ctrl || (conn->ctrl->allowed_roles & DPP_CAPAB_ENROLLEE)))
1724 return dpp_tcp_rx_gas_resp(conn, buf);
1725
1726 if (!conn->relay) {
1727 wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress");
1728 wpabuf_free(buf);
1729 return -1;
1730 }
1731 wpa_printf(MSG_DEBUG, "DPP: Relay - send over WLAN");
1732 conn->relay->gas_resp_tx(conn->relay->cb_ctx, conn->mac_addr,
1733 dialog_token, 0, buf);
1734
1735 return 0;
1736 }
1737
1738
dpp_controller_rx(int sd,void * eloop_ctx,void * sock_ctx)1739 static void dpp_controller_rx(int sd, void *eloop_ctx, void *sock_ctx)
1740 {
1741 struct dpp_connection *conn = eloop_ctx;
1742 int res;
1743 const u8 *pos;
1744
1745 wpa_printf(MSG_DEBUG, "DPP: TCP data available for reading (sock %d)",
1746 sd);
1747
1748 if (conn->msg_len_octets < 4) {
1749 u32 msglen;
1750
1751 res = recv(sd, &conn->msg_len[conn->msg_len_octets],
1752 4 - conn->msg_len_octets, 0);
1753 if (res < 0) {
1754 wpa_printf(MSG_DEBUG, "DPP: recv failed: %s",
1755 strerror(errno));
1756 dpp_connection_remove(conn);
1757 return;
1758 }
1759 if (res == 0) {
1760 wpa_printf(MSG_DEBUG,
1761 "DPP: No more data available over TCP");
1762 dpp_connection_remove(conn);
1763 return;
1764 }
1765 wpa_printf(MSG_DEBUG,
1766 "DPP: Received %d/%d octet(s) of message length field",
1767 res, (int) (4 - conn->msg_len_octets));
1768 conn->msg_len_octets += res;
1769
1770 if (conn->msg_len_octets < 4) {
1771 wpa_printf(MSG_DEBUG,
1772 "DPP: Need %d more octets of message length field",
1773 (int) (4 - conn->msg_len_octets));
1774 return;
1775 }
1776
1777 msglen = WPA_GET_BE32(conn->msg_len);
1778 wpa_printf(MSG_DEBUG, "DPP: Message length: %u", msglen);
1779 if (msglen > 65535) {
1780 wpa_printf(MSG_INFO, "DPP: Unexpectedly long message");
1781 dpp_connection_remove(conn);
1782 return;
1783 }
1784
1785 wpabuf_free(conn->msg);
1786 conn->msg = wpabuf_alloc(msglen);
1787 }
1788
1789 if (!conn->msg) {
1790 wpa_printf(MSG_DEBUG,
1791 "DPP: No buffer available for receiving the message");
1792 dpp_connection_remove(conn);
1793 return;
1794 }
1795
1796 wpa_printf(MSG_DEBUG, "DPP: Need %u more octets of message payload",
1797 (unsigned int) wpabuf_tailroom(conn->msg));
1798
1799 res = recv(sd, wpabuf_put(conn->msg, 0), wpabuf_tailroom(conn->msg), 0);
1800 if (res < 0) {
1801 wpa_printf(MSG_DEBUG, "DPP: recv failed: %s", strerror(errno));
1802 dpp_connection_remove(conn);
1803 return;
1804 }
1805 if (res == 0) {
1806 wpa_printf(MSG_DEBUG, "DPP: No more data available over TCP");
1807 dpp_connection_remove(conn);
1808 return;
1809 }
1810 wpa_printf(MSG_DEBUG, "DPP: Received %d octets", res);
1811 wpabuf_put(conn->msg, res);
1812
1813 if (wpabuf_tailroom(conn->msg) > 0) {
1814 wpa_printf(MSG_DEBUG,
1815 "DPP: Need %u more octets of message payload",
1816 (unsigned int) wpabuf_tailroom(conn->msg));
1817 return;
1818 }
1819
1820 conn->msg_len_octets = 0;
1821 wpa_hexdump_buf(MSG_DEBUG, "DPP: Received TCP message", conn->msg);
1822 if (wpabuf_len(conn->msg) < 1) {
1823 dpp_connection_remove(conn);
1824 return;
1825 }
1826
1827 pos = wpabuf_head(conn->msg);
1828 switch (*pos) {
1829 case WLAN_PA_VENDOR_SPECIFIC:
1830 if (dpp_controller_rx_action(conn, pos + 1,
1831 wpabuf_len(conn->msg) - 1) < 0)
1832 dpp_connection_remove(conn);
1833 break;
1834 case WLAN_PA_GAS_INITIAL_REQ:
1835 if (dpp_controller_rx_gas_req(conn, pos + 1,
1836 wpabuf_len(conn->msg) - 1) < 0)
1837 dpp_connection_remove(conn);
1838 break;
1839 case WLAN_PA_GAS_INITIAL_RESP:
1840 case WLAN_PA_GAS_COMEBACK_RESP:
1841 if (dpp_rx_gas_resp(conn, pos + 1,
1842 wpabuf_len(conn->msg) - 1,
1843 *pos == WLAN_PA_GAS_COMEBACK_RESP) < 0)
1844 dpp_connection_remove(conn);
1845 break;
1846 case WLAN_PA_GAS_COMEBACK_REQ:
1847 if (dpp_controller_rx_gas_comeback_req(
1848 conn, pos + 1, wpabuf_len(conn->msg) - 1) < 0)
1849 dpp_connection_remove(conn);
1850 break;
1851 default:
1852 wpa_printf(MSG_DEBUG, "DPP: Ignore unsupported message type %u",
1853 *pos);
1854 break;
1855 }
1856 }
1857
1858
dpp_controller_tcp_cb(int sd,void * eloop_ctx,void * sock_ctx)1859 static void dpp_controller_tcp_cb(int sd, void *eloop_ctx, void *sock_ctx)
1860 {
1861 struct dpp_controller *ctrl = eloop_ctx;
1862 struct sockaddr_in addr;
1863 socklen_t addr_len = sizeof(addr);
1864 int fd;
1865 struct dpp_connection *conn;
1866
1867 wpa_printf(MSG_DEBUG, "DPP: New TCP connection");
1868
1869 fd = accept(ctrl->sock, (struct sockaddr *) &addr, &addr_len);
1870 if (fd < 0) {
1871 wpa_printf(MSG_DEBUG,
1872 "DPP: Failed to accept new connection: %s",
1873 strerror(errno));
1874 return;
1875 }
1876 wpa_printf(MSG_DEBUG, "DPP: Connection from %s:%d",
1877 inet_ntoa(addr.sin_addr), ntohs(addr.sin_port));
1878
1879 conn = os_zalloc(sizeof(*conn));
1880 if (!conn)
1881 goto fail;
1882
1883 conn->global = ctrl->global;
1884 conn->ctrl = ctrl;
1885 conn->msg_ctx = ctrl->msg_ctx;
1886 conn->cb_ctx = ctrl->cb_ctx;
1887 conn->process_conf_obj = ctrl->process_conf_obj;
1888 conn->tcp_msg_sent = ctrl->tcp_msg_sent;
1889 conn->sock = fd;
1890 conn->netrole = ctrl->netrole;
1891
1892 if (fcntl(conn->sock, F_SETFL, O_NONBLOCK) != 0) {
1893 wpa_printf(MSG_DEBUG, "DPP: fnctl(O_NONBLOCK) failed: %s",
1894 strerror(errno));
1895 goto fail;
1896 }
1897
1898 if (eloop_register_sock(conn->sock, EVENT_TYPE_READ,
1899 dpp_controller_rx, conn, NULL) < 0)
1900 goto fail;
1901 conn->read_eloop = 1;
1902
1903 /* TODO: eloop timeout to expire connections that do not complete in
1904 * reasonable time */
1905 dl_list_add(&ctrl->conn, &conn->list);
1906 return;
1907
1908 fail:
1909 close(fd);
1910 os_free(conn);
1911 }
1912
1913
dpp_tcp_pkex_init(struct dpp_global * dpp,struct dpp_pkex * pkex,const struct hostapd_ip_addr * addr,int port,void * msg_ctx,void * cb_ctx,int (* pkex_done)(void * ctx,void * conn,struct dpp_bootstrap_info * bi))1914 int dpp_tcp_pkex_init(struct dpp_global *dpp, struct dpp_pkex *pkex,
1915 const struct hostapd_ip_addr *addr, int port,
1916 void *msg_ctx, void *cb_ctx,
1917 int (*pkex_done)(void *ctx, void *conn,
1918 struct dpp_bootstrap_info *bi))
1919 {
1920 struct dpp_connection *conn;
1921 struct sockaddr_storage saddr;
1922 socklen_t addrlen;
1923 const u8 *hdr, *pos, *end;
1924 char txt[100];
1925
1926 wpa_printf(MSG_DEBUG, "DPP: Initialize TCP connection to %s port %d",
1927 hostapd_ip_txt(addr, txt, sizeof(txt)), port);
1928 if (dpp_ipaddr_to_sockaddr((struct sockaddr *) &saddr, &addrlen,
1929 addr, port) < 0) {
1930 dpp_pkex_free(pkex);
1931 return -1;
1932 }
1933
1934 conn = os_zalloc(sizeof(*conn));
1935 if (!conn) {
1936 dpp_pkex_free(pkex);
1937 return -1;
1938 }
1939
1940 conn->msg_ctx = msg_ctx;
1941 conn->cb_ctx = cb_ctx;
1942 conn->pkex_done = pkex_done;
1943 conn->global = dpp;
1944 conn->pkex = pkex;
1945 conn->sock = socket(AF_INET, SOCK_STREAM, 0);
1946 if (conn->sock < 0)
1947 goto fail;
1948
1949 if (fcntl(conn->sock, F_SETFL, O_NONBLOCK) != 0) {
1950 wpa_printf(MSG_DEBUG, "DPP: fnctl(O_NONBLOCK) failed: %s",
1951 strerror(errno));
1952 goto fail;
1953 }
1954
1955 if (connect(conn->sock, (struct sockaddr *) &saddr, addrlen) < 0) {
1956 if (errno != EINPROGRESS) {
1957 wpa_printf(MSG_DEBUG, "DPP: Failed to connect: %s",
1958 strerror(errno));
1959 goto fail;
1960 }
1961
1962 /*
1963 * Continue connecting in the background; eloop will call us
1964 * once the connection is ready (or failed).
1965 */
1966 }
1967
1968 if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE,
1969 dpp_conn_tx_ready, conn, NULL) < 0)
1970 goto fail;
1971 conn->write_eloop = 1;
1972
1973 hdr = wpabuf_head(pkex->exchange_req);
1974 end = hdr + wpabuf_len(pkex->exchange_req);
1975 hdr += 2; /* skip Category and Actiom */
1976 pos = hdr + DPP_HDR_LEN;
1977 conn->msg_out = dpp_tcp_encaps(hdr, pos, end - pos);
1978 if (!conn->msg_out)
1979 goto fail;
1980 /* Message will be sent in dpp_conn_tx_ready() */
1981
1982 /* TODO: eloop timeout to clear a connection if it does not complete
1983 * properly */
1984 dl_list_add(&dpp->tcp_init, &conn->list);
1985 return 0;
1986 fail:
1987 dpp_connection_free(conn);
1988 return -1;
1989 }
1990
1991
dpp_tcp_auth_start(struct dpp_connection * conn,struct dpp_authentication * auth)1992 static int dpp_tcp_auth_start(struct dpp_connection *conn,
1993 struct dpp_authentication *auth)
1994 {
1995 const u8 *hdr, *pos, *end;
1996
1997 hdr = wpabuf_head(auth->req_msg);
1998 end = hdr + wpabuf_len(auth->req_msg);
1999 hdr += 2; /* skip Category and Actiom */
2000 pos = hdr + DPP_HDR_LEN;
2001 conn->msg_out = dpp_tcp_encaps(hdr, pos, end - pos);
2002 if (!conn->msg_out)
2003 return -1;
2004 /* Message will be sent in dpp_conn_tx_ready() */
2005 return 0;
2006 }
2007
2008
dpp_tcp_init(struct dpp_global * dpp,struct dpp_authentication * auth,const struct hostapd_ip_addr * addr,int port,const char * name,enum dpp_netrole netrole,const char * mud_url,const char * extra_conf_req_name,const char * extra_conf_req_value,void * msg_ctx,void * cb_ctx,int (* process_conf_obj)(void * ctx,struct dpp_authentication * auth),bool (* tcp_msg_sent)(void * ctx,struct dpp_authentication * auth))2009 int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth,
2010 const struct hostapd_ip_addr *addr, int port, const char *name,
2011 enum dpp_netrole netrole, const char *mud_url,
2012 const char *extra_conf_req_name,
2013 const char *extra_conf_req_value,
2014 void *msg_ctx, void *cb_ctx,
2015 int (*process_conf_obj)(void *ctx,
2016 struct dpp_authentication *auth),
2017 bool (*tcp_msg_sent)(void *ctx,
2018 struct dpp_authentication *auth))
2019 {
2020 struct dpp_connection *conn;
2021 struct sockaddr_storage saddr;
2022 socklen_t addrlen;
2023 char txt[100];
2024
2025 wpa_printf(MSG_DEBUG, "DPP: Initialize TCP connection to %s port %d",
2026 hostapd_ip_txt(addr, txt, sizeof(txt)), port);
2027 if (dpp_ipaddr_to_sockaddr((struct sockaddr *) &saddr, &addrlen,
2028 addr, port) < 0) {
2029 dpp_auth_deinit(auth);
2030 return -1;
2031 }
2032
2033 conn = os_zalloc(sizeof(*conn));
2034 if (!conn) {
2035 dpp_auth_deinit(auth);
2036 return -1;
2037 }
2038
2039 conn->msg_ctx = msg_ctx;
2040 conn->cb_ctx = cb_ctx;
2041 conn->process_conf_obj = process_conf_obj;
2042 conn->tcp_msg_sent = tcp_msg_sent;
2043 conn->name = os_strdup(name ? name : "Test");
2044 if (mud_url)
2045 conn->mud_url = os_strdup(mud_url);
2046 if (extra_conf_req_name)
2047 conn->extra_conf_req_name = os_strdup(extra_conf_req_name);
2048 if (extra_conf_req_value)
2049 conn->extra_conf_req_value = os_strdup(extra_conf_req_value);
2050 conn->netrole = netrole;
2051 conn->global = dpp;
2052 conn->auth = auth;
2053 conn->sock = socket(AF_INET, SOCK_STREAM, 0);
2054 if (conn->sock < 0)
2055 goto fail;
2056
2057 if (fcntl(conn->sock, F_SETFL, O_NONBLOCK) != 0) {
2058 wpa_printf(MSG_DEBUG, "DPP: fnctl(O_NONBLOCK) failed: %s",
2059 strerror(errno));
2060 goto fail;
2061 }
2062
2063 if (connect(conn->sock, (struct sockaddr *) &saddr, addrlen) < 0) {
2064 if (errno != EINPROGRESS) {
2065 wpa_printf(MSG_DEBUG, "DPP: Failed to connect: %s",
2066 strerror(errno));
2067 goto fail;
2068 }
2069
2070 /*
2071 * Continue connecting in the background; eloop will call us
2072 * once the connection is ready (or failed).
2073 */
2074 }
2075
2076 if (eloop_register_sock(conn->sock, EVENT_TYPE_WRITE,
2077 dpp_conn_tx_ready, conn, NULL) < 0)
2078 goto fail;
2079 conn->write_eloop = 1;
2080
2081 if (dpp_tcp_auth_start(conn, auth) < 0)
2082 goto fail;
2083
2084 /* TODO: eloop timeout to clear a connection if it does not complete
2085 * properly */
2086 dl_list_add(&dpp->tcp_init, &conn->list);
2087 return 0;
2088 fail:
2089 dpp_connection_free(conn);
2090 return -1;
2091 }
2092
2093
dpp_tcp_auth(struct dpp_global * dpp,void * _conn,struct dpp_authentication * auth,const char * name,enum dpp_netrole netrole,const char * mud_url,const char * extra_conf_req_name,const char * extra_conf_req_value,int (* process_conf_obj)(void * ctx,struct dpp_authentication * auth),bool (* tcp_msg_sent)(void * ctx,struct dpp_authentication * auth))2094 int dpp_tcp_auth(struct dpp_global *dpp, void *_conn,
2095 struct dpp_authentication *auth, const char *name,
2096 enum dpp_netrole netrole, const char *mud_url,
2097 const char *extra_conf_req_name,
2098 const char *extra_conf_req_value,
2099 int (*process_conf_obj)(void *ctx,
2100 struct dpp_authentication *auth),
2101 bool (*tcp_msg_sent)(void *ctx,
2102 struct dpp_authentication *auth))
2103 {
2104 struct dpp_connection *conn = _conn;
2105
2106 /* Continue with Authentication exchange on an existing TCP connection.
2107 */
2108 conn->process_conf_obj = process_conf_obj;
2109 conn->tcp_msg_sent = tcp_msg_sent;
2110 os_free(conn->name);
2111 conn->name = os_strdup(name ? name : "Test");
2112 os_free(conn->mud_url);
2113 conn->mud_url = mud_url ? os_strdup(mud_url) : NULL;
2114 os_free(conn->extra_conf_req_name);
2115 conn->extra_conf_req_name = extra_conf_req_name ?
2116 os_strdup(extra_conf_req_name) : NULL;
2117 conn->extra_conf_req_value = extra_conf_req_value ?
2118 os_strdup(extra_conf_req_value) : NULL;
2119 conn->netrole = netrole;
2120 conn->auth = auth;
2121
2122 if (dpp_tcp_auth_start(conn, auth) < 0)
2123 return -1;
2124
2125 dpp_conn_tx_ready(conn->sock, conn, NULL);
2126 return 0;
2127 }
2128
2129
dpp_controller_start(struct dpp_global * dpp,struct dpp_controller_config * config)2130 int dpp_controller_start(struct dpp_global *dpp,
2131 struct dpp_controller_config *config)
2132 {
2133 struct dpp_controller *ctrl;
2134 int on = 1;
2135 struct sockaddr_in sin;
2136 int port;
2137
2138 if (!dpp || dpp->controller)
2139 return -1;
2140
2141 ctrl = os_zalloc(sizeof(*ctrl));
2142 if (!ctrl)
2143 return -1;
2144 ctrl->global = dpp;
2145 if (config->configurator_params)
2146 ctrl->configurator_params =
2147 os_strdup(config->configurator_params);
2148 dl_list_init(&ctrl->conn);
2149 ctrl->allowed_roles = config->allowed_roles;
2150 ctrl->qr_mutual = config->qr_mutual;
2151 ctrl->netrole = config->netrole;
2152 ctrl->msg_ctx = config->msg_ctx;
2153 ctrl->cb_ctx = config->cb_ctx;
2154 ctrl->process_conf_obj = config->process_conf_obj;
2155 ctrl->tcp_msg_sent = config->tcp_msg_sent;
2156
2157 ctrl->sock = socket(AF_INET, SOCK_STREAM, 0);
2158 if (ctrl->sock < 0)
2159 goto fail;
2160
2161 if (setsockopt(ctrl->sock, SOL_SOCKET, SO_REUSEADDR,
2162 &on, sizeof(on)) < 0) {
2163 wpa_printf(MSG_DEBUG,
2164 "DPP: setsockopt(SO_REUSEADDR) failed: %s",
2165 strerror(errno));
2166 /* try to continue anyway */
2167 }
2168
2169 if (fcntl(ctrl->sock, F_SETFL, O_NONBLOCK) < 0) {
2170 wpa_printf(MSG_INFO, "DPP: fnctl(O_NONBLOCK) failed: %s",
2171 strerror(errno));
2172 goto fail;
2173 }
2174
2175 /* TODO: IPv6 */
2176 os_memset(&sin, 0, sizeof(sin));
2177 sin.sin_family = AF_INET;
2178 sin.sin_addr.s_addr = INADDR_ANY;
2179 port = config->tcp_port ? config->tcp_port : DPP_TCP_PORT;
2180 sin.sin_port = htons(port);
2181 if (bind(ctrl->sock, (struct sockaddr *) &sin, sizeof(sin)) < 0) {
2182 wpa_printf(MSG_INFO,
2183 "DPP: Failed to bind Controller TCP port: %s",
2184 strerror(errno));
2185 goto fail;
2186 }
2187 if (listen(ctrl->sock, 10 /* max backlog */) < 0 ||
2188 fcntl(ctrl->sock, F_SETFL, O_NONBLOCK) < 0 ||
2189 eloop_register_sock(ctrl->sock, EVENT_TYPE_READ,
2190 dpp_controller_tcp_cb, ctrl, NULL))
2191 goto fail;
2192
2193 dpp->controller = ctrl;
2194 wpa_printf(MSG_DEBUG, "DPP: Controller started on TCP port %d", port);
2195 return 0;
2196 fail:
2197 dpp_controller_free(ctrl);
2198 return -1;
2199 }
2200
2201
dpp_controller_set_params(struct dpp_global * dpp,const char * configurator_params)2202 int dpp_controller_set_params(struct dpp_global *dpp,
2203 const char *configurator_params)
2204 {
2205
2206 if (!dpp || !dpp->controller)
2207 return -1;
2208
2209 if (configurator_params) {
2210 char *val = os_strdup(configurator_params);
2211
2212 if (!val)
2213 return -1;
2214 os_free(dpp->controller->configurator_params);
2215 dpp->controller->configurator_params = val;
2216 } else {
2217 os_free(dpp->controller->configurator_params);
2218 dpp->controller->configurator_params = NULL;
2219 }
2220
2221 return 0;
2222 }
2223
2224
dpp_controller_stop(struct dpp_global * dpp)2225 void dpp_controller_stop(struct dpp_global *dpp)
2226 {
2227 if (dpp) {
2228 dpp_controller_free(dpp->controller);
2229 dpp->controller = NULL;
2230 }
2231 }
2232
2233
dpp_controller_stop_for_ctx(struct dpp_global * dpp,void * cb_ctx)2234 void dpp_controller_stop_for_ctx(struct dpp_global *dpp, void *cb_ctx)
2235 {
2236 if (dpp && dpp->controller && dpp->controller->cb_ctx == cb_ctx)
2237 dpp_controller_stop(dpp);
2238 }
2239
2240
dpp_tcp_peer_id_match(struct dpp_authentication * auth,unsigned int id)2241 static bool dpp_tcp_peer_id_match(struct dpp_authentication *auth,
2242 unsigned int id)
2243 {
2244 return auth &&
2245 ((auth->peer_bi && auth->peer_bi->id == id) ||
2246 (auth->tmp_peer_bi && auth->tmp_peer_bi->id == id));
2247 }
2248
2249
dpp_tcp_get_auth(struct dpp_global * dpp,unsigned int id)2250 static struct dpp_authentication * dpp_tcp_get_auth(struct dpp_global *dpp,
2251 unsigned int id)
2252 {
2253 struct dpp_connection *conn;
2254
2255 dl_list_for_each(conn, &dpp->tcp_init, struct dpp_connection, list) {
2256 if (dpp_tcp_peer_id_match(conn->auth, id))
2257 return conn->auth;
2258 }
2259
2260 return NULL;
2261 }
2262
2263
dpp_controller_get_auth(struct dpp_global * dpp,unsigned int id)2264 struct dpp_authentication * dpp_controller_get_auth(struct dpp_global *dpp,
2265 unsigned int id)
2266 {
2267 struct dpp_controller *ctrl = dpp->controller;
2268 struct dpp_connection *conn;
2269
2270 if (!ctrl)
2271 return dpp_tcp_get_auth(dpp, id);
2272
2273 dl_list_for_each(conn, &ctrl->conn, struct dpp_connection, list) {
2274 if (dpp_tcp_peer_id_match(conn->auth, id))
2275 return conn->auth;
2276 }
2277
2278 return dpp_tcp_get_auth(dpp, id);
2279 }
2280
2281
dpp_controller_new_qr_code(struct dpp_global * dpp,struct dpp_bootstrap_info * bi)2282 void dpp_controller_new_qr_code(struct dpp_global *dpp,
2283 struct dpp_bootstrap_info *bi)
2284 {
2285 struct dpp_controller *ctrl = dpp->controller;
2286 struct dpp_connection *conn;
2287
2288 if (!ctrl)
2289 return;
2290
2291 dl_list_for_each(conn, &ctrl->conn, struct dpp_connection, list) {
2292 struct dpp_authentication *auth = conn->auth;
2293
2294 if (!auth->response_pending ||
2295 dpp_notify_new_qr_code(auth, bi) != 1)
2296 continue;
2297 wpa_printf(MSG_DEBUG,
2298 "DPP: Sending out pending authentication response");
2299 dpp_tcp_send_msg(conn, conn->auth->resp_msg);
2300 }
2301 }
2302
2303
dpp_controller_pkex_add(struct dpp_global * dpp,struct dpp_bootstrap_info * bi,const char * code,const char * identifier)2304 void dpp_controller_pkex_add(struct dpp_global *dpp,
2305 struct dpp_bootstrap_info *bi,
2306 const char *code, const char *identifier)
2307 {
2308 struct dpp_controller *ctrl = dpp->controller;
2309
2310 if (!ctrl)
2311 return;
2312
2313 ctrl->pkex_bi = bi;
2314 os_free(ctrl->pkex_code);
2315 ctrl->pkex_code = code ? os_strdup(code) : NULL;
2316 os_free(ctrl->pkex_identifier);
2317 ctrl->pkex_identifier = identifier ? os_strdup(identifier) : NULL;
2318 }
2319
2320
dpp_controller_is_own_pkex_req(struct dpp_global * dpp,const u8 * buf,size_t len)2321 bool dpp_controller_is_own_pkex_req(struct dpp_global *dpp,
2322 const u8 *buf, size_t len)
2323 {
2324 struct dpp_connection *conn;
2325 const u8 *attr_key = NULL;
2326 u16 attr_key_len = 0;
2327
2328 dl_list_for_each(conn, &dpp->tcp_init, struct dpp_connection, list) {
2329 if (!conn->pkex || !conn->pkex->enc_key)
2330 continue;
2331
2332 if (!attr_key) {
2333 attr_key = dpp_get_attr(buf, len,
2334 DPP_ATTR_ENCRYPTED_KEY,
2335 &attr_key_len);
2336 if (!attr_key)
2337 return false;
2338 }
2339
2340 if (attr_key_len == wpabuf_len(conn->pkex->enc_key) &&
2341 os_memcmp(attr_key, wpabuf_head(conn->pkex->enc_key),
2342 attr_key_len) == 0)
2343 return true;
2344 }
2345
2346 return false;
2347 }
2348
2349
dpp_tcp_init_flush(struct dpp_global * dpp)2350 void dpp_tcp_init_flush(struct dpp_global *dpp)
2351 {
2352 struct dpp_connection *conn, *tmp;
2353
2354 dl_list_for_each_safe(conn, tmp, &dpp->tcp_init, struct dpp_connection,
2355 list)
2356 dpp_connection_remove(conn);
2357 }
2358
2359
dpp_relay_controller_free(struct dpp_relay_controller * ctrl)2360 static void dpp_relay_controller_free(struct dpp_relay_controller *ctrl)
2361 {
2362 struct dpp_connection *conn, *tmp;
2363 char txt[100];
2364
2365 wpa_printf(MSG_DEBUG, "DPP: Remove Relay connection to Controller %s",
2366 hostapd_ip_txt(&ctrl->ipaddr, txt, sizeof(txt)));
2367
2368 dl_list_for_each_safe(conn, tmp, &ctrl->conn, struct dpp_connection,
2369 list)
2370 dpp_connection_remove(conn);
2371 os_free(ctrl);
2372 }
2373
2374
dpp_relay_flush_controllers(struct dpp_global * dpp)2375 void dpp_relay_flush_controllers(struct dpp_global *dpp)
2376 {
2377 struct dpp_relay_controller *ctrl, *tmp;
2378
2379 if (!dpp)
2380 return;
2381
2382 dl_list_for_each_safe(ctrl, tmp, &dpp->controllers,
2383 struct dpp_relay_controller, list) {
2384 dl_list_del(&ctrl->list);
2385 dpp_relay_controller_free(ctrl);
2386 }
2387
2388 if (dpp->tmp_controller) {
2389 dpp_relay_controller_free(dpp->tmp_controller);
2390 dpp->tmp_controller = NULL;
2391 }
2392 }
2393
2394
dpp_relay_remove_controller(struct dpp_global * dpp,const struct hostapd_ip_addr * addr)2395 void dpp_relay_remove_controller(struct dpp_global *dpp,
2396 const struct hostapd_ip_addr *addr)
2397 {
2398 struct dpp_relay_controller *ctrl;
2399
2400 if (!dpp)
2401 return;
2402
2403 dl_list_for_each(ctrl, &dpp->controllers, struct dpp_relay_controller,
2404 list) {
2405 if (hostapd_ip_equal(&ctrl->ipaddr, addr)) {
2406 dl_list_del(&ctrl->list);
2407 dpp_relay_controller_free(ctrl);
2408 return;
2409 }
2410 }
2411
2412 if (dpp->tmp_controller &&
2413 hostapd_ip_equal(&dpp->tmp_controller->ipaddr, addr)) {
2414 dpp_relay_controller_free(dpp->tmp_controller);
2415 dpp->tmp_controller = NULL;
2416 }
2417 }
2418
2419
dpp_relay_tcp_cb(int sd,void * eloop_ctx,void * sock_ctx)2420 static void dpp_relay_tcp_cb(int sd, void *eloop_ctx, void *sock_ctx)
2421 {
2422 struct dpp_global *dpp = eloop_ctx;
2423 struct sockaddr_in addr;
2424 socklen_t addr_len = sizeof(addr);
2425 int fd;
2426 struct dpp_relay_controller *ctrl;
2427 struct dpp_connection *conn = NULL;
2428
2429 wpa_printf(MSG_DEBUG, "DPP: New TCP connection (Relay)");
2430
2431 fd = accept(dpp->relay_sock, (struct sockaddr *) &addr, &addr_len);
2432 if (fd < 0) {
2433 wpa_printf(MSG_DEBUG,
2434 "DPP: Failed to accept new connection: %s",
2435 strerror(errno));
2436 return;
2437 }
2438 wpa_printf(MSG_DEBUG, "DPP: Connection from %s:%d",
2439 inet_ntoa(addr.sin_addr), ntohs(addr.sin_port));
2440
2441 ctrl = dpp_relay_controller_get_addr(dpp, &addr);
2442 if (!ctrl && dpp->tmp_controller &&
2443 dl_list_len(&dpp->tmp_controller->conn)) {
2444 char txt[100];
2445
2446 wpa_printf(MSG_DEBUG,
2447 "DPP: Remove a temporaty Controller entry for %s",
2448 hostapd_ip_txt(&dpp->tmp_controller->ipaddr,
2449 txt, sizeof(txt)));
2450 dpp_relay_controller_free(dpp->tmp_controller);
2451 dpp->tmp_controller = NULL;
2452 }
2453 if (!ctrl && !dpp->tmp_controller) {
2454 wpa_printf(MSG_DEBUG, "DPP: Add a temporary Controller entry");
2455 ctrl = os_zalloc(sizeof(*ctrl));
2456 if (!ctrl)
2457 goto fail;
2458 dl_list_init(&ctrl->conn);
2459 ctrl->global = dpp;
2460 ctrl->ipaddr.af = AF_INET;
2461 ctrl->ipaddr.u.v4.s_addr = addr.sin_addr.s_addr;
2462 ctrl->msg_ctx = dpp->relay_msg_ctx;
2463 ctrl->cb_ctx = dpp->relay_cb_ctx;
2464 ctrl->tx = dpp->relay_tx;
2465 ctrl->gas_resp_tx = dpp->relay_gas_resp_tx;
2466 dpp->tmp_controller = ctrl;
2467 }
2468 if (!ctrl) {
2469 wpa_printf(MSG_DEBUG,
2470 "DPP: No Controller found for that address");
2471 goto fail;
2472 }
2473
2474 if (dl_list_len(&ctrl->conn) >= 15) {
2475 wpa_printf(MSG_DEBUG,
2476 "DPP: Too many ongoing Relay connections to the Controller - cannot start a new one");
2477 goto fail;
2478 }
2479
2480 conn = os_zalloc(sizeof(*conn));
2481 if (!conn)
2482 goto fail;
2483
2484 conn->global = ctrl->global;
2485 conn->relay = ctrl;
2486 conn->msg_ctx = ctrl->msg_ctx;
2487 conn->cb_ctx = ctrl->global->cb_ctx;
2488 os_memset(conn->mac_addr, 0xff, ETH_ALEN);
2489 conn->sock = fd;
2490
2491 if (fcntl(conn->sock, F_SETFL, O_NONBLOCK) != 0) {
2492 wpa_printf(MSG_DEBUG, "DPP: fnctl(O_NONBLOCK) failed: %s",
2493 strerror(errno));
2494 goto fail;
2495 }
2496
2497 if (eloop_register_sock(conn->sock, EVENT_TYPE_READ,
2498 dpp_controller_rx, conn, NULL) < 0)
2499 goto fail;
2500 conn->read_eloop = 1;
2501
2502 /* TODO: eloop timeout to expire connections that do not complete in
2503 * reasonable time */
2504 dl_list_add(&ctrl->conn, &conn->list);
2505 return;
2506
2507 fail:
2508 close(fd);
2509 os_free(conn);
2510 }
2511
2512
dpp_relay_listen(struct dpp_global * dpp,int port,struct dpp_relay_config * config)2513 int dpp_relay_listen(struct dpp_global *dpp, int port,
2514 struct dpp_relay_config *config)
2515 {
2516 int s;
2517 int on = 1;
2518 struct sockaddr_in sin;
2519
2520 if (dpp->relay_sock >= 0) {
2521 wpa_printf(MSG_INFO, "DPP: %s(%d) - relay port already opened",
2522 __func__, port);
2523 return -1;
2524 }
2525
2526 s = socket(AF_INET, SOCK_STREAM, 0);
2527 if (s < 0) {
2528 wpa_printf(MSG_INFO,
2529 "DPP: socket(SOCK_STREAM) failed: %s",
2530 strerror(errno));
2531 return -1;
2532 }
2533
2534 if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0) {
2535 wpa_printf(MSG_DEBUG,
2536 "DPP: setsockopt(SO_REUSEADDR) failed: %s",
2537 strerror(errno));
2538 /* try to continue anyway */
2539 }
2540
2541 if (fcntl(s, F_SETFL, O_NONBLOCK) < 0) {
2542 wpa_printf(MSG_INFO, "DPP: fnctl(O_NONBLOCK) failed: %s",
2543 strerror(errno));
2544 close(s);
2545 return -1;
2546 }
2547
2548 /* TODO: IPv6 */
2549 os_memset(&sin, 0, sizeof(sin));
2550 sin.sin_family = AF_INET;
2551 sin.sin_addr.s_addr = INADDR_ANY;
2552 sin.sin_port = htons(port);
2553 if (bind(s, (struct sockaddr *) &sin, sizeof(sin)) < 0) {
2554 wpa_printf(MSG_INFO,
2555 "DPP: Failed to bind Relay TCP port: %s",
2556 strerror(errno));
2557 close(s);
2558 return -1;
2559 }
2560 if (listen(s, 10 /* max backlog */) < 0 ||
2561 fcntl(s, F_SETFL, O_NONBLOCK) < 0 ||
2562 eloop_register_sock(s, EVENT_TYPE_READ, dpp_relay_tcp_cb, dpp,
2563 NULL)) {
2564 close(s);
2565 return -1;
2566 }
2567
2568 dpp->relay_sock = s;
2569 dpp->relay_msg_ctx = config->msg_ctx;
2570 dpp->relay_cb_ctx = config->cb_ctx;
2571 dpp->relay_tx = config->tx;
2572 dpp->relay_gas_resp_tx = config->gas_resp_tx;
2573 wpa_printf(MSG_DEBUG, "DPP: Relay started on TCP port %d", port);
2574 return 0;
2575 }
2576
2577
dpp_relay_stop_listen(struct dpp_global * dpp)2578 void dpp_relay_stop_listen(struct dpp_global *dpp)
2579 {
2580 if (!dpp || dpp->relay_sock < 0)
2581 return;
2582 eloop_unregister_sock(dpp->relay_sock, EVENT_TYPE_READ);
2583 close(dpp->relay_sock);
2584 dpp->relay_sock = -1;
2585 }
2586
2587
dpp_tcp_conn_status_requested(struct dpp_global * dpp)2588 bool dpp_tcp_conn_status_requested(struct dpp_global *dpp)
2589 {
2590 struct dpp_connection *conn;
2591
2592 if (!dpp)
2593 return false;
2594
2595 dl_list_for_each(conn, &dpp->tcp_init, struct dpp_connection, list) {
2596 if (conn->auth && conn->auth->conn_status_requested)
2597 return true;
2598 }
2599
2600 return false;
2601 }
2602
2603
dpp_tcp_send_conn_status_msg(struct dpp_global * dpp,struct dpp_connection * conn,enum dpp_status_error result,const u8 * ssid,size_t ssid_len,const char * channel_list)2604 static void dpp_tcp_send_conn_status_msg(struct dpp_global *dpp,
2605 struct dpp_connection *conn,
2606 enum dpp_status_error result,
2607 const u8 *ssid, size_t ssid_len,
2608 const char *channel_list)
2609 {
2610 struct dpp_authentication *auth = conn->auth;
2611 int res;
2612 struct wpabuf *msg;
2613 struct dpp_connection *c;
2614
2615 auth->conn_status_requested = 0;
2616
2617 msg = dpp_build_conn_status_result(auth, result, ssid, ssid_len,
2618 channel_list);
2619 if (!msg) {
2620 dpp_connection_remove(conn);
2621 return;
2622 }
2623
2624 res = dpp_tcp_send_msg(conn, msg);
2625 wpabuf_free(msg);
2626
2627 if (res < 0) {
2628 dpp_connection_remove(conn);
2629 return;
2630 }
2631
2632 /* conn might have been removed during the dpp_tcp_send_msg() call, so
2633 * need to check that it is still present before modifying it. */
2634 dl_list_for_each(c, &dpp->tcp_init, struct dpp_connection, list) {
2635 if (conn == c) {
2636 /* This exchange will be terminated in the TX status
2637 * handler */
2638 conn->on_tcp_tx_complete_remove = 1;
2639 break;
2640 }
2641 }
2642 }
2643
2644
dpp_tcp_send_conn_status(struct dpp_global * dpp,enum dpp_status_error result,const u8 * ssid,size_t ssid_len,const char * channel_list)2645 void dpp_tcp_send_conn_status(struct dpp_global *dpp,
2646 enum dpp_status_error result,
2647 const u8 *ssid, size_t ssid_len,
2648 const char *channel_list)
2649 {
2650 struct dpp_connection *conn;
2651
2652 dl_list_for_each(conn, &dpp->tcp_init, struct dpp_connection, list) {
2653 if (conn->auth && conn->auth->conn_status_requested) {
2654 dpp_tcp_send_conn_status_msg(dpp, conn, result, ssid,
2655 ssid_len, channel_list);
2656 break;
2657 }
2658 }
2659 }
2660
2661 #endif /* CONFIG_DPP2 */
2662