search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
hostapd: Update vendor branch to 0.6.10
[dragonfly.git] / contrib / hostapd / src / eap_server / eap_wsc.c
blob3c17577889b745be366f9c47842f7b33360292a3
1 /*
2 * EAP-WSC server for Wi-Fi Protected Setup
3 * Copyright (c) 2007-2008, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15 #include "includes.h"
16
17 #include "common.h"
18 #include "eloop.h"
19 #include "eap_i.h"
20 #include "eap_common/eap_wsc_common.h"
21 #include "wps/wps.h"
22
23
24 struct eap_wsc_data {
25 enum { START, MSG, FRAG_ACK, WAIT_FRAG_ACK, DONE, FAIL } state;
26 int registrar;
27 struct wpabuf *in_buf;
28 struct wpabuf *out_buf;
29 enum wsc_op_code in_op_code, out_op_code;
30 size_t out_used;
31 size_t fragment_size;
32 struct wps_data *wps;
33 int ext_reg_timeout;
34 };
35
36
37 static const char * eap_wsc_state_txt(int state)
38 {
39 switch (state) {
40 case START:
41 return "START";
42 case MSG:
43 return "MSG";
44 case FRAG_ACK:
45 return "FRAG_ACK";
46 case WAIT_FRAG_ACK:
47 return "WAIT_FRAG_ACK";
48 case DONE:
49 return "DONE";
50 case FAIL:
51 return "FAIL";
52 default:
53 return "?";
54 }
55 }
56
57
58 static void eap_wsc_state(struct eap_wsc_data *data, int state)
59 {
60 wpa_printf(MSG_DEBUG, "EAP-WSC: %s -> %s",
61 eap_wsc_state_txt(data->state),
62 eap_wsc_state_txt(state));
63 data->state = state;
64 }
65
66
67 static void eap_wsc_ext_reg_timeout(void *eloop_ctx, void *timeout_ctx)
68 {
69 struct eap_sm *sm = eloop_ctx;
70 struct eap_wsc_data *data = timeout_ctx;
71
72 if (sm->method_pending != METHOD_PENDING_WAIT)
73 return;
74
75 wpa_printf(MSG_DEBUG, "EAP-WSC: Timeout while waiting for an External "
76 "Registrar");
77 data->ext_reg_timeout = 1;
78 eap_sm_pending_cb(sm);
79 }
80
81
82 static void * eap_wsc_init(struct eap_sm *sm)
83 {
84 struct eap_wsc_data *data;
85 int registrar;
86 struct wps_config cfg;
87
88 if (sm->identity && sm->identity_len == WSC_ID_REGISTRAR_LEN &&
89 os_memcmp(sm->identity, WSC_ID_REGISTRAR, WSC_ID_REGISTRAR_LEN) ==
90 0)
91 registrar = 0; /* Supplicant is Registrar */
92 else if (sm->identity && sm->identity_len == WSC_ID_ENROLLEE_LEN &&
93 os_memcmp(sm->identity, WSC_ID_ENROLLEE, WSC_ID_ENROLLEE_LEN)
94 == 0)
95 registrar = 1; /* Supplicant is Enrollee */
96 else {
97 wpa_hexdump_ascii(MSG_INFO, "EAP-WSC: Unexpected identity",
98 sm->identity, sm->identity_len);
99 return NULL;
100 }
101
102 data = os_zalloc(sizeof(*data));
103 if (data == NULL)
104 return NULL;
105 data->state = registrar ? START : MSG;
106 data->registrar = registrar;
107
108 os_memset(&cfg, 0, sizeof(cfg));
109 cfg.wps = sm->wps;
110 cfg.registrar = registrar;
111 if (registrar) {
112 if (sm->wps == NULL || sm->wps->registrar == NULL) {
113 wpa_printf(MSG_INFO, "EAP-WSC: WPS Registrar not "
114 "initialized");
115 os_free(data);
116 return NULL;
117 }
118 } else {
119 if (sm->user == NULL || sm->user->password == NULL) {
120 wpa_printf(MSG_INFO, "EAP-WSC: No AP PIN (password) "
121 "configured for Enrollee functionality");
122 os_free(data);
123 return NULL;
124 }
125 cfg.pin = sm->user->password;
126 cfg.pin_len = sm->user->password_len;
127 }
128 cfg.assoc_wps_ie = sm->assoc_wps_ie;
129 data->wps = wps_init(&cfg);
130 if (data->wps == NULL) {
131 os_free(data);
132 return NULL;
133 }
134 data->fragment_size = WSC_FRAGMENT_SIZE;
135
136 return data;
137 }
138
139
140 static void eap_wsc_reset(struct eap_sm *sm, void *priv)
141 {
142 struct eap_wsc_data *data = priv;
143 eloop_cancel_timeout(eap_wsc_ext_reg_timeout, sm, data);
144 wpabuf_free(data->in_buf);
145 wpabuf_free(data->out_buf);
146 wps_deinit(data->wps);
147 os_free(data);
148 }
149
150
151 static struct wpabuf * eap_wsc_build_start(struct eap_sm *sm,
152 struct eap_wsc_data *data, u8 id)
153 {
154 struct wpabuf *req;
155
156 req = eap_msg_alloc(EAP_VENDOR_WFA, EAP_VENDOR_TYPE_WSC, 2,
157 EAP_CODE_REQUEST, id);
158 if (req == NULL) {
159 wpa_printf(MSG_ERROR, "EAP-WSC: Failed to allocate memory for "
160 "request");
161 return NULL;
162 }
163
164 wpa_printf(MSG_DEBUG, "EAP-WSC: Send WSC/Start");
165 wpabuf_put_u8(req, WSC_Start); /* Op-Code */
166 wpabuf_put_u8(req, 0); /* Flags */
167
168 return req;
169 }
170
171
172 static struct wpabuf * eap_wsc_build_msg(struct eap_wsc_data *data, u8 id)
173 {
174 struct wpabuf *req;
175 u8 flags;
176 size_t send_len, plen;
177
178 flags = 0;
179 send_len = wpabuf_len(data->out_buf) - data->out_used;
180 if (2 + send_len > data->fragment_size) {
181 send_len = data->fragment_size - 2;
182 flags |= WSC_FLAGS_MF;
183 if (data->out_used == 0) {
184 flags |= WSC_FLAGS_LF;
185 send_len -= 2;
186 }
187 }
188 plen = 2 + send_len;
189 if (flags & WSC_FLAGS_LF)
190 plen += 2;
191 req = eap_msg_alloc(EAP_VENDOR_WFA, EAP_VENDOR_TYPE_WSC, plen,
192 EAP_CODE_REQUEST, id);
193 if (req == NULL) {
194 wpa_printf(MSG_ERROR, "EAP-WSC: Failed to allocate memory for "
195 "request");
196 return NULL;
197 }
198
199 wpabuf_put_u8(req, data->out_op_code); /* Op-Code */
200 wpabuf_put_u8(req, flags); /* Flags */
201 if (flags & WSC_FLAGS_LF)
202 wpabuf_put_be16(req, wpabuf_len(data->out_buf));
203
204 wpabuf_put_data(req, wpabuf_head_u8(data->out_buf) + data->out_used,
205 send_len);
206 data->out_used += send_len;
207
208 if (data->out_used == wpabuf_len(data->out_buf)) {
209 wpa_printf(MSG_DEBUG, "EAP-WSC: Sending out %lu bytes "
210 "(message sent completely)",
211 (unsigned long) send_len);
212 wpabuf_free(data->out_buf);
213 data->out_buf = NULL;
214 data->out_used = 0;
215 eap_wsc_state(data, MSG);
216 } else {
217 wpa_printf(MSG_DEBUG, "EAP-WSC: Sending out %lu bytes "
218 "(%lu more to send)", (unsigned long) send_len,
219 (unsigned long) wpabuf_len(data->out_buf) -
220 data->out_used);
221 eap_wsc_state(data, WAIT_FRAG_ACK);
222 }
223
224 return req;
225 }
226
227
228 static struct wpabuf * eap_wsc_buildReq(struct eap_sm *sm, void *priv, u8 id)
229 {
230 struct eap_wsc_data *data = priv;
231
232 switch (data->state) {
233 case START:
234 return eap_wsc_build_start(sm, data, id);
235 case MSG:
236 if (data->out_buf == NULL) {
237 data->out_buf = wps_get_msg(data->wps,
238 &data->out_op_code);
239 if (data->out_buf == NULL) {
240 wpa_printf(MSG_DEBUG, "EAP-WSC: Failed to "
241 "receive message from WPS");
242 return NULL;
243 }
244 data->out_used = 0;
245 }
246 /* pass through */
247 case WAIT_FRAG_ACK:
248 return eap_wsc_build_msg(data, id);
249 case FRAG_ACK:
250 return eap_wsc_build_frag_ack(id, EAP_CODE_REQUEST);
251 default:
252 wpa_printf(MSG_DEBUG, "EAP-WSC: Unexpected state %d in "
253 "buildReq", data->state);
254 return NULL;
255 }
256 }
257
258
259 static Boolean eap_wsc_check(struct eap_sm *sm, void *priv,
260 struct wpabuf *respData)
261 {
262 const u8 *pos;
263 size_t len;
264
265 pos = eap_hdr_validate(EAP_VENDOR_WFA, EAP_VENDOR_TYPE_WSC,
266 respData, &len);
267 if (pos == NULL || len < 2) {
268 wpa_printf(MSG_INFO, "EAP-WSC: Invalid frame");
269 return TRUE;
270 }
271
272 return FALSE;
273 }
274
275
276 static int eap_wsc_process_cont(struct eap_wsc_data *data,
277 const u8 *buf, size_t len, u8 op_code)
278 {
279 /* Process continuation of a pending message */
280 if (op_code != data->in_op_code) {
281 wpa_printf(MSG_DEBUG, "EAP-WSC: Unexpected Op-Code %d in "
282 "fragment (expected %d)",
283 op_code, data->in_op_code);
284 eap_wsc_state(data, FAIL);
285 return -1;
286 }
287
288 if (len > wpabuf_tailroom(data->in_buf)) {
289 wpa_printf(MSG_DEBUG, "EAP-WSC: Fragment overflow");
290 eap_wsc_state(data, FAIL);
291 return -1;
292 }
293
294 wpabuf_put_data(data->in_buf, buf, len);
295 wpa_printf(MSG_DEBUG, "EAP-WSC: Received %lu bytes, waiting for %lu "
296 "bytes more", (unsigned long) len,
297 (unsigned long) wpabuf_tailroom(data->in_buf));
298
299 return 0;
300 }
301
302
303 static int eap_wsc_process_fragment(struct eap_wsc_data *data,
304 u8 flags, u8 op_code, u16 message_length,
305 const u8 *buf, size_t len)
306 {
307 /* Process a fragment that is not the last one of the message */
308 if (data->in_buf == NULL && !(flags & WSC_FLAGS_LF)) {
309 wpa_printf(MSG_DEBUG, "EAP-WSC: No Message Length "
310 "field in a fragmented packet");
311 return -1;
312 }
313
314 if (data->in_buf == NULL) {
315 /* First fragment of the message */
316 data->in_buf = wpabuf_alloc(message_length);
317 if (data->in_buf == NULL) {
318 wpa_printf(MSG_DEBUG, "EAP-WSC: No memory for "
319 "message");
320 return -1;
321 }
322 data->in_op_code = op_code;
323 wpabuf_put_data(data->in_buf, buf, len);
324 wpa_printf(MSG_DEBUG, "EAP-WSC: Received %lu bytes in "
325 "first fragment, waiting for %lu bytes more",
326 (unsigned long) len,
327 (unsigned long) wpabuf_tailroom(data->in_buf));
328 }
329
330 return 0;
331 }
332
333
334 static void eap_wsc_process(struct eap_sm *sm, void *priv,
335 struct wpabuf *respData)
336 {
337 struct eap_wsc_data *data = priv;
338 const u8 *start, *pos, *end;
339 size_t len;
340 u8 op_code, flags;
341 u16 message_length = 0;
342 enum wps_process_res res;
343 struct wpabuf tmpbuf;
344
345 eloop_cancel_timeout(eap_wsc_ext_reg_timeout, sm, data);
346 if (data->ext_reg_timeout) {
347 eap_wsc_state(data, FAIL);
348 return;
349 }
350
351 pos = eap_hdr_validate(EAP_VENDOR_WFA, EAP_VENDOR_TYPE_WSC,
352 respData, &len);
353 if (pos == NULL || len < 2)
354 return; /* Should not happen; message already verified */
355
356 start = pos;
357 end = start + len;
358
359 op_code = *pos++;
360 flags = *pos++;
361 if (flags & WSC_FLAGS_LF) {
362 if (end - pos < 2) {
363 wpa_printf(MSG_DEBUG, "EAP-WSC: Message underflow");
364 return;
365 }
366 message_length = WPA_GET_BE16(pos);
367 pos += 2;
368
369 if (message_length < end - pos) {
370 wpa_printf(MSG_DEBUG, "EAP-WSC: Invalid Message "
371 "Length");
372 return;
373 }
374 }
375
376 wpa_printf(MSG_DEBUG, "EAP-WSC: Received packet: Op-Code %d "
377 "Flags 0x%x Message Length %d",
378 op_code, flags, message_length);
379
380 if (data->state == WAIT_FRAG_ACK) {
381 if (op_code != WSC_FRAG_ACK) {
382 wpa_printf(MSG_DEBUG, "EAP-WSC: Unexpected Op-Code %d "
383 "in WAIT_FRAG_ACK state", op_code);
384 eap_wsc_state(data, FAIL);
385 return;
386 }
387 wpa_printf(MSG_DEBUG, "EAP-WSC: Fragment acknowledged");
388 eap_wsc_state(data, MSG);
389 return;
390 }
391
392 if (op_code != WSC_ACK && op_code != WSC_NACK && op_code != WSC_MSG &&
393 op_code != WSC_Done) {
394 wpa_printf(MSG_DEBUG, "EAP-WSC: Unexpected Op-Code %d",
395 op_code);
396 eap_wsc_state(data, FAIL);
397 return;
398 }
399
400 if (data->in_buf &&
401 eap_wsc_process_cont(data, pos, end - pos, op_code) < 0) {
402 eap_wsc_state(data, FAIL);
403 return;
404 }
405
406 if (flags & WSC_FLAGS_MF) {
407 if (eap_wsc_process_fragment(data, flags, op_code,
408 message_length, pos, end - pos) <
409 0)
410 eap_wsc_state(data, FAIL);
411 else
412 eap_wsc_state(data, FRAG_ACK);
413 return;
414 }
415
416 if (data->in_buf == NULL) {
417 /* Wrap unfragmented messages as wpabuf without extra copy */
418 wpabuf_set(&tmpbuf, pos, end - pos);
419 data->in_buf = &tmpbuf;
420 }
421
422 res = wps_process_msg(data->wps, op_code, data->in_buf);
423 switch (res) {
424 case WPS_DONE:
425 wpa_printf(MSG_DEBUG, "EAP-WSC: WPS processing completed "
426 "successfully - report EAP failure");
427 eap_wsc_state(data, FAIL);
428 break;
429 case WPS_CONTINUE:
430 eap_wsc_state(data, MSG);
431 break;
432 case WPS_FAILURE:
433 wpa_printf(MSG_DEBUG, "EAP-WSC: WPS processing failed");
434 eap_wsc_state(data, FAIL);
435 break;
436 case WPS_PENDING:
437 eap_wsc_state(data, MSG);
438 sm->method_pending = METHOD_PENDING_WAIT;
439 eloop_cancel_timeout(eap_wsc_ext_reg_timeout, sm, data);
440 eloop_register_timeout(5, 0, eap_wsc_ext_reg_timeout,
441 sm, data);
442 break;
443 }
444
445 if (data->in_buf != &tmpbuf)
446 wpabuf_free(data->in_buf);
447 data->in_buf = NULL;
448 }
449
450
451 static Boolean eap_wsc_isDone(struct eap_sm *sm, void *priv)
452 {
453 struct eap_wsc_data *data = priv;
454 return data->state == FAIL;
455 }
456
457
458 static Boolean eap_wsc_isSuccess(struct eap_sm *sm, void *priv)
459 {
460 /* EAP-WSC will always result in EAP-Failure */
461 return FALSE;
462 }
463
464
465 static int eap_wsc_getTimeout(struct eap_sm *sm, void *priv)
466 {
467 /* Recommended retransmit times: retransmit timeout 5 seconds,
468 * per-message timeout 15 seconds, i.e., 3 tries. */
469 sm->MaxRetrans = 2; /* total 3 attempts */
470 return 5;
471 }
472
473
474 int eap_server_wsc_register(void)
475 {
476 struct eap_method *eap;
477 int ret;
478
479 eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
480 EAP_VENDOR_WFA, EAP_VENDOR_TYPE_WSC,
481 "WSC");
482 if (eap == NULL)
483 return -1;
484
485 eap->init = eap_wsc_init;
486 eap->reset = eap_wsc_reset;
487 eap->buildReq = eap_wsc_buildReq;
488 eap->check = eap_wsc_check;
489 eap->process = eap_wsc_process;
490 eap->isDone = eap_wsc_isDone;
491 eap->isSuccess = eap_wsc_isSuccess;
492 eap->getTimeout = eap_wsc_getTimeout;
493
494 ret = eap_server_method_register(eap);
495 if (ret)
496 eap_server_method_free(eap);
497 return ret;
498 }
DragonFly BSD