Merge branch 'vendor/GREP'
[dragonfly.git] / contrib / hostapd / src / wps / wps_enrollee.c
1 /*
2  * Wi-Fi Protected Setup - Enrollee
3  * Copyright (c) 2008, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8
9 #include "includes.h"
10
11 #include "common.h"
12 #include "crypto/crypto.h"
13 #include "crypto/sha256.h"
14 #include "crypto/random.h"
15 #include "wps_i.h"
16 #include "wps_dev_attr.h"
17
18
19 static int wps_build_wps_state(struct wps_data *wps, struct wpabuf *msg)
20 {
21         u8 state;
22         if (wps->wps->ap)
23                 state = wps->wps->wps_state;
24         else
25                 state = WPS_STATE_NOT_CONFIGURED;
26         wpa_printf(MSG_DEBUG, "WPS:  * Wi-Fi Protected Setup State (%d)",
27                    state);
28         wpabuf_put_be16(msg, ATTR_WPS_STATE);
29         wpabuf_put_be16(msg, 1);
30         wpabuf_put_u8(msg, state);
31         return 0;
32 }
33
34
35 static int wps_build_e_hash(struct wps_data *wps, struct wpabuf *msg)
36 {
37         u8 *hash;
38         const u8 *addr[4];
39         size_t len[4];
40
41         if (random_get_bytes(wps->snonce, 2 * WPS_SECRET_NONCE_LEN) < 0)
42                 return -1;
43         wpa_hexdump(MSG_DEBUG, "WPS: E-S1", wps->snonce, WPS_SECRET_NONCE_LEN);
44         wpa_hexdump(MSG_DEBUG, "WPS: E-S2",
45                     wps->snonce + WPS_SECRET_NONCE_LEN, WPS_SECRET_NONCE_LEN);
46
47         if (wps->dh_pubkey_e == NULL || wps->dh_pubkey_r == NULL) {
48                 wpa_printf(MSG_DEBUG, "WPS: DH public keys not available for "
49                            "E-Hash derivation");
50                 return -1;
51         }
52
53         wpa_printf(MSG_DEBUG, "WPS:  * E-Hash1");
54         wpabuf_put_be16(msg, ATTR_E_HASH1);
55         wpabuf_put_be16(msg, SHA256_MAC_LEN);
56         hash = wpabuf_put(msg, SHA256_MAC_LEN);
57         /* E-Hash1 = HMAC_AuthKey(E-S1 || PSK1 || PK_E || PK_R) */
58         addr[0] = wps->snonce;
59         len[0] = WPS_SECRET_NONCE_LEN;
60         addr[1] = wps->psk1;
61         len[1] = WPS_PSK_LEN;
62         addr[2] = wpabuf_head(wps->dh_pubkey_e);
63         len[2] = wpabuf_len(wps->dh_pubkey_e);
64         addr[3] = wpabuf_head(wps->dh_pubkey_r);
65         len[3] = wpabuf_len(wps->dh_pubkey_r);
66         hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
67         wpa_hexdump(MSG_DEBUG, "WPS: E-Hash1", hash, SHA256_MAC_LEN);
68
69         wpa_printf(MSG_DEBUG, "WPS:  * E-Hash2");
70         wpabuf_put_be16(msg, ATTR_E_HASH2);
71         wpabuf_put_be16(msg, SHA256_MAC_LEN);
72         hash = wpabuf_put(msg, SHA256_MAC_LEN);
73         /* E-Hash2 = HMAC_AuthKey(E-S2 || PSK2 || PK_E || PK_R) */
74         addr[0] = wps->snonce + WPS_SECRET_NONCE_LEN;
75         addr[1] = wps->psk2;
76         hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
77         wpa_hexdump(MSG_DEBUG, "WPS: E-Hash2", hash, SHA256_MAC_LEN);
78
79         return 0;
80 }
81
82
83 static int wps_build_e_snonce1(struct wps_data *wps, struct wpabuf *msg)
84 {
85         wpa_printf(MSG_DEBUG, "WPS:  * E-SNonce1");
86         wpabuf_put_be16(msg, ATTR_E_SNONCE1);
87         wpabuf_put_be16(msg, WPS_SECRET_NONCE_LEN);
88         wpabuf_put_data(msg, wps->snonce, WPS_SECRET_NONCE_LEN);
89         return 0;
90 }
91
92
93 static int wps_build_e_snonce2(struct wps_data *wps, struct wpabuf *msg)
94 {
95         wpa_printf(MSG_DEBUG, "WPS:  * E-SNonce2");
96         wpabuf_put_be16(msg, ATTR_E_SNONCE2);
97         wpabuf_put_be16(msg, WPS_SECRET_NONCE_LEN);
98         wpabuf_put_data(msg, wps->snonce + WPS_SECRET_NONCE_LEN,
99                         WPS_SECRET_NONCE_LEN);
100         return 0;
101 }
102
103
104 static struct wpabuf * wps_build_m1(struct wps_data *wps)
105 {
106         struct wpabuf *msg;
107         u16 config_methods;
108
109         if (random_get_bytes(wps->nonce_e, WPS_NONCE_LEN) < 0)
110                 return NULL;
111         wpa_hexdump(MSG_DEBUG, "WPS: Enrollee Nonce",
112                     wps->nonce_e, WPS_NONCE_LEN);
113
114         wpa_printf(MSG_DEBUG, "WPS: Building Message M1");
115         msg = wpabuf_alloc(1000);
116         if (msg == NULL)
117                 return NULL;
118
119         config_methods = wps->wps->config_methods;
120         if (wps->wps->ap && !wps->pbc_in_m1 &&
121             (wps->dev_password_len != 0 ||
122              (config_methods & WPS_CONFIG_DISPLAY))) {
123                 /*
124                  * These are the methods that the AP supports as an Enrollee
125                  * for adding external Registrars, so remove PushButton.
126                  *
127                  * As a workaround for Windows 7 mechanism for probing WPS
128                  * capabilities from M1, leave PushButton option if no PIN
129                  * method is available or if WPS configuration enables PBC
130                  * workaround.
131                  */
132                 config_methods &= ~WPS_CONFIG_PUSHBUTTON;
133 #ifdef CONFIG_WPS2
134                 config_methods &= ~(WPS_CONFIG_VIRT_PUSHBUTTON |
135                                     WPS_CONFIG_PHY_PUSHBUTTON);
136 #endif /* CONFIG_WPS2 */
137         }
138
139         if (wps_build_version(msg) ||
140             wps_build_msg_type(msg, WPS_M1) ||
141             wps_build_uuid_e(msg, wps->uuid_e) ||
142             wps_build_mac_addr(msg, wps->mac_addr_e) ||
143             wps_build_enrollee_nonce(wps, msg) ||
144             wps_build_public_key(wps, msg) ||
145             wps_build_auth_type_flags(wps, msg) ||
146             wps_build_encr_type_flags(wps, msg) ||
147             wps_build_conn_type_flags(wps, msg) ||
148             wps_build_config_methods(msg, config_methods) ||
149             wps_build_wps_state(wps, msg) ||
150             wps_build_device_attrs(&wps->wps->dev, msg) ||
151             wps_build_rf_bands(&wps->wps->dev, msg,
152                                wps->wps->rf_band_cb(wps->wps->cb_ctx)) ||
153             wps_build_assoc_state(wps, msg) ||
154             wps_build_dev_password_id(msg, wps->dev_pw_id) ||
155             wps_build_config_error(msg, WPS_CFG_NO_ERROR) ||
156             wps_build_os_version(&wps->wps->dev, msg) ||
157             wps_build_wfa_ext(msg, 0, NULL, 0) ||
158             wps_build_vendor_ext_m1(&wps->wps->dev, msg)) {
159                 wpabuf_free(msg);
160                 return NULL;
161         }
162
163         wps->state = RECV_M2;
164         return msg;
165 }
166
167
168 static struct wpabuf * wps_build_m3(struct wps_data *wps)
169 {
170         struct wpabuf *msg;
171
172         wpa_printf(MSG_DEBUG, "WPS: Building Message M3");
173
174         if (wps->dev_password == NULL) {
175                 wpa_printf(MSG_DEBUG, "WPS: No Device Password available");
176                 return NULL;
177         }
178         wps_derive_psk(wps, wps->dev_password, wps->dev_password_len);
179
180         msg = wpabuf_alloc(1000);
181         if (msg == NULL)
182                 return NULL;
183
184         if (wps_build_version(msg) ||
185             wps_build_msg_type(msg, WPS_M3) ||
186             wps_build_registrar_nonce(wps, msg) ||
187             wps_build_e_hash(wps, msg) ||
188             wps_build_wfa_ext(msg, 0, NULL, 0) ||
189             wps_build_authenticator(wps, msg)) {
190                 wpabuf_free(msg);
191                 return NULL;
192         }
193
194         wps->state = RECV_M4;
195         return msg;
196 }
197
198
199 static struct wpabuf * wps_build_m5(struct wps_data *wps)
200 {
201         struct wpabuf *msg, *plain;
202
203         wpa_printf(MSG_DEBUG, "WPS: Building Message M5");
204
205         plain = wpabuf_alloc(200);
206         if (plain == NULL)
207                 return NULL;
208
209         msg = wpabuf_alloc(1000);
210         if (msg == NULL) {
211                 wpabuf_free(plain);
212                 return NULL;
213         }
214
215         if (wps_build_version(msg) ||
216             wps_build_msg_type(msg, WPS_M5) ||
217             wps_build_registrar_nonce(wps, msg) ||
218             wps_build_e_snonce1(wps, plain) ||
219             wps_build_key_wrap_auth(wps, plain) ||
220             wps_build_encr_settings(wps, msg, plain) ||
221             wps_build_wfa_ext(msg, 0, NULL, 0) ||
222             wps_build_authenticator(wps, msg)) {
223                 wpabuf_free(plain);
224                 wpabuf_free(msg);
225                 return NULL;
226         }
227         wpabuf_free(plain);
228
229         wps->state = RECV_M6;
230         return msg;
231 }
232
233
234 static int wps_build_cred_ssid(struct wps_data *wps, struct wpabuf *msg)
235 {
236         wpa_printf(MSG_DEBUG, "WPS:  * SSID");
237         wpabuf_put_be16(msg, ATTR_SSID);
238         wpabuf_put_be16(msg, wps->wps->ssid_len);
239         wpabuf_put_data(msg, wps->wps->ssid, wps->wps->ssid_len);
240         return 0;
241 }
242
243
244 static int wps_build_cred_auth_type(struct wps_data *wps, struct wpabuf *msg)
245 {
246         u16 auth_type = wps->wps->auth_types;
247
248         /* Select the best authentication type */
249         if (auth_type & WPS_AUTH_WPA2PSK)
250                 auth_type = WPS_AUTH_WPA2PSK;
251         else if (auth_type & WPS_AUTH_WPAPSK)
252                 auth_type = WPS_AUTH_WPAPSK;
253         else if (auth_type & WPS_AUTH_OPEN)
254                 auth_type = WPS_AUTH_OPEN;
255         else if (auth_type & WPS_AUTH_SHARED)
256                 auth_type = WPS_AUTH_SHARED;
257
258         wpa_printf(MSG_DEBUG, "WPS:  * Authentication Type (0x%x)", auth_type);
259         wpabuf_put_be16(msg, ATTR_AUTH_TYPE);
260         wpabuf_put_be16(msg, 2);
261         wpabuf_put_be16(msg, auth_type);
262         return 0;
263 }
264
265
266 static int wps_build_cred_encr_type(struct wps_data *wps, struct wpabuf *msg)
267 {
268         u16 encr_type = wps->wps->encr_types;
269
270         /* Select the best encryption type */
271         if (wps->wps->auth_types & (WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK)) {
272                 if (encr_type & WPS_ENCR_AES)
273                         encr_type = WPS_ENCR_AES;
274                 else if (encr_type & WPS_ENCR_TKIP)
275                         encr_type = WPS_ENCR_TKIP;
276         } else {
277                 if (encr_type & WPS_ENCR_WEP)
278                         encr_type = WPS_ENCR_WEP;
279                 else if (encr_type & WPS_ENCR_NONE)
280                         encr_type = WPS_ENCR_NONE;
281         }
282
283         wpa_printf(MSG_DEBUG, "WPS:  * Encryption Type (0x%x)", encr_type);
284         wpabuf_put_be16(msg, ATTR_ENCR_TYPE);
285         wpabuf_put_be16(msg, 2);
286         wpabuf_put_be16(msg, encr_type);
287         return 0;
288 }
289
290
291 static int wps_build_cred_network_key(struct wps_data *wps, struct wpabuf *msg)
292 {
293         wpa_printf(MSG_DEBUG, "WPS:  * Network Key");
294         wpabuf_put_be16(msg, ATTR_NETWORK_KEY);
295         wpabuf_put_be16(msg, wps->wps->network_key_len);
296         wpabuf_put_data(msg, wps->wps->network_key, wps->wps->network_key_len);
297         return 0;
298 }
299
300
301 static int wps_build_cred_mac_addr(struct wps_data *wps, struct wpabuf *msg)
302 {
303         wpa_printf(MSG_DEBUG, "WPS:  * MAC Address (AP BSSID)");
304         wpabuf_put_be16(msg, ATTR_MAC_ADDR);
305         wpabuf_put_be16(msg, ETH_ALEN);
306         wpabuf_put_data(msg, wps->wps->dev.mac_addr, ETH_ALEN);
307         return 0;
308 }
309
310
311 static int wps_build_ap_settings(struct wps_data *wps, struct wpabuf *plain)
312 {
313         if (wps->wps->ap_settings) {
314                 wpa_printf(MSG_DEBUG, "WPS:  * AP Settings (pre-configured)");
315                 wpabuf_put_data(plain, wps->wps->ap_settings,
316                                 wps->wps->ap_settings_len);
317                 return 0;
318         }
319
320         return wps_build_cred_ssid(wps, plain) ||
321                 wps_build_cred_mac_addr(wps, plain) ||
322                 wps_build_cred_auth_type(wps, plain) ||
323                 wps_build_cred_encr_type(wps, plain) ||
324                 wps_build_cred_network_key(wps, plain);
325 }
326
327
328 static struct wpabuf * wps_build_m7(struct wps_data *wps)
329 {
330         struct wpabuf *msg, *plain;
331
332         wpa_printf(MSG_DEBUG, "WPS: Building Message M7");
333
334         plain = wpabuf_alloc(500 + wps->wps->ap_settings_len);
335         if (plain == NULL)
336                 return NULL;
337
338         msg = wpabuf_alloc(1000 + wps->wps->ap_settings_len);
339         if (msg == NULL) {
340                 wpabuf_free(plain);
341                 return NULL;
342         }
343
344         if (wps_build_version(msg) ||
345             wps_build_msg_type(msg, WPS_M7) ||
346             wps_build_registrar_nonce(wps, msg) ||
347             wps_build_e_snonce2(wps, plain) ||
348             (wps->wps->ap && wps_build_ap_settings(wps, plain)) ||
349             wps_build_key_wrap_auth(wps, plain) ||
350             wps_build_encr_settings(wps, msg, plain) ||
351             wps_build_wfa_ext(msg, 0, NULL, 0) ||
352             wps_build_authenticator(wps, msg)) {
353                 wpabuf_free(plain);
354                 wpabuf_free(msg);
355                 return NULL;
356         }
357         wpabuf_free(plain);
358
359         if (wps->wps->ap && wps->wps->registrar) {
360                 /*
361                  * If the Registrar is only learning our current configuration,
362                  * it may not continue protocol run to successful completion.
363                  * Store information here to make sure it remains available.
364                  */
365                 wps_device_store(wps->wps->registrar, &wps->peer_dev,
366                                  wps->uuid_r);
367         }
368
369         wps->state = RECV_M8;
370         return msg;
371 }
372
373
374 static struct wpabuf * wps_build_wsc_done(struct wps_data *wps)
375 {
376         struct wpabuf *msg;
377
378         wpa_printf(MSG_DEBUG, "WPS: Building Message WSC_Done");
379
380         msg = wpabuf_alloc(1000);
381         if (msg == NULL)
382                 return NULL;
383
384         if (wps_build_version(msg) ||
385             wps_build_msg_type(msg, WPS_WSC_DONE) ||
386             wps_build_enrollee_nonce(wps, msg) ||
387             wps_build_registrar_nonce(wps, msg) ||
388             wps_build_wfa_ext(msg, 0, NULL, 0)) {
389                 wpabuf_free(msg);
390                 return NULL;
391         }
392
393         if (wps->wps->ap)
394                 wps->state = RECV_ACK;
395         else {
396                 wps_success_event(wps->wps, wps->peer_dev.mac_addr);
397                 wps->state = WPS_FINISHED;
398         }
399         return msg;
400 }
401
402
403 struct wpabuf * wps_enrollee_get_msg(struct wps_data *wps,
404                                      enum wsc_op_code *op_code)
405 {
406         struct wpabuf *msg;
407
408         switch (wps->state) {
409         case SEND_M1:
410                 msg = wps_build_m1(wps);
411                 *op_code = WSC_MSG;
412                 break;
413         case SEND_M3:
414                 msg = wps_build_m3(wps);
415                 *op_code = WSC_MSG;
416                 break;
417         case SEND_M5:
418                 msg = wps_build_m5(wps);
419                 *op_code = WSC_MSG;
420                 break;
421         case SEND_M7:
422                 msg = wps_build_m7(wps);
423                 *op_code = WSC_MSG;
424                 break;
425         case RECEIVED_M2D:
426                 if (wps->wps->ap) {
427                         msg = wps_build_wsc_nack(wps);
428                         *op_code = WSC_NACK;
429                         break;
430                 }
431                 msg = wps_build_wsc_ack(wps);
432                 *op_code = WSC_ACK;
433                 if (msg) {
434                         /* Another M2/M2D may be received */
435                         wps->state = RECV_M2;
436                 }
437                 break;
438         case SEND_WSC_NACK:
439                 msg = wps_build_wsc_nack(wps);
440                 *op_code = WSC_NACK;
441                 break;
442         case WPS_MSG_DONE:
443                 msg = wps_build_wsc_done(wps);
444                 *op_code = WSC_Done;
445                 break;
446         default:
447                 wpa_printf(MSG_DEBUG, "WPS: Unsupported state %d for building "
448                            "a message", wps->state);
449                 msg = NULL;
450                 break;
451         }
452
453         if (*op_code == WSC_MSG && msg) {
454                 /* Save a copy of the last message for Authenticator derivation
455                  */
456                 wpabuf_free(wps->last_msg);
457                 wps->last_msg = wpabuf_dup(msg);
458         }
459
460         return msg;
461 }
462
463
464 static int wps_process_registrar_nonce(struct wps_data *wps, const u8 *r_nonce)
465 {
466         if (r_nonce == NULL) {
467                 wpa_printf(MSG_DEBUG, "WPS: No Registrar Nonce received");
468                 return -1;
469         }
470
471         os_memcpy(wps->nonce_r, r_nonce, WPS_NONCE_LEN);
472         wpa_hexdump(MSG_DEBUG, "WPS: Registrar Nonce",
473                     wps->nonce_r, WPS_NONCE_LEN);
474
475         return 0;
476 }
477
478
479 static int wps_process_enrollee_nonce(struct wps_data *wps, const u8 *e_nonce)
480 {
481         if (e_nonce == NULL) {
482                 wpa_printf(MSG_DEBUG, "WPS: No Enrollee Nonce received");
483                 return -1;
484         }
485
486         if (os_memcmp(wps->nonce_e, e_nonce, WPS_NONCE_LEN) != 0) {
487                 wpa_printf(MSG_DEBUG, "WPS: Invalid Enrollee Nonce received");
488                 return -1;
489         }
490
491         return 0;
492 }
493
494
495 static int wps_process_uuid_r(struct wps_data *wps, const u8 *uuid_r)
496 {
497         if (uuid_r == NULL) {
498                 wpa_printf(MSG_DEBUG, "WPS: No UUID-R received");
499                 return -1;
500         }
501
502         os_memcpy(wps->uuid_r, uuid_r, WPS_UUID_LEN);
503         wpa_hexdump(MSG_DEBUG, "WPS: UUID-R", wps->uuid_r, WPS_UUID_LEN);
504
505         return 0;
506 }
507
508
509 static int wps_process_pubkey(struct wps_data *wps, const u8 *pk,
510                               size_t pk_len)
511 {
512         if (pk == NULL || pk_len == 0) {
513                 wpa_printf(MSG_DEBUG, "WPS: No Public Key received");
514                 return -1;
515         }
516
517         if (wps->peer_pubkey_hash_set) {
518                 u8 hash[WPS_HASH_LEN];
519                 sha256_vector(1, &pk, &pk_len, hash);
520                 if (os_memcmp(hash, wps->peer_pubkey_hash,
521                               WPS_OOB_PUBKEY_HASH_LEN) != 0) {
522                         wpa_printf(MSG_ERROR, "WPS: Public Key hash mismatch");
523                         wpa_hexdump(MSG_DEBUG, "WPS: Received public key",
524                                     pk, pk_len);
525                         wpa_hexdump(MSG_DEBUG, "WPS: Calculated public key "
526                                     "hash", hash, WPS_OOB_PUBKEY_HASH_LEN);
527                         wpa_hexdump(MSG_DEBUG, "WPS: Expected public key hash",
528                                     wps->peer_pubkey_hash,
529                                     WPS_OOB_PUBKEY_HASH_LEN);
530                         wps->config_error = WPS_CFG_PUBLIC_KEY_HASH_MISMATCH;
531                         return -1;
532                 }
533         }
534
535         wpabuf_free(wps->dh_pubkey_r);
536         wps->dh_pubkey_r = wpabuf_alloc_copy(pk, pk_len);
537         if (wps->dh_pubkey_r == NULL)
538                 return -1;
539
540         if (wps_derive_keys(wps) < 0)
541                 return -1;
542
543         return 0;
544 }
545
546
547 static int wps_process_r_hash1(struct wps_data *wps, const u8 *r_hash1)
548 {
549         if (r_hash1 == NULL) {
550                 wpa_printf(MSG_DEBUG, "WPS: No R-Hash1 received");
551                 return -1;
552         }
553
554         os_memcpy(wps->peer_hash1, r_hash1, WPS_HASH_LEN);
555         wpa_hexdump(MSG_DEBUG, "WPS: R-Hash1", wps->peer_hash1, WPS_HASH_LEN);
556
557         return 0;
558 }
559
560
561 static int wps_process_r_hash2(struct wps_data *wps, const u8 *r_hash2)
562 {
563         if (r_hash2 == NULL) {
564                 wpa_printf(MSG_DEBUG, "WPS: No R-Hash2 received");
565                 return -1;
566         }
567
568         os_memcpy(wps->peer_hash2, r_hash2, WPS_HASH_LEN);
569         wpa_hexdump(MSG_DEBUG, "WPS: R-Hash2", wps->peer_hash2, WPS_HASH_LEN);
570
571         return 0;
572 }
573
574
575 static int wps_process_r_snonce1(struct wps_data *wps, const u8 *r_snonce1)
576 {
577         u8 hash[SHA256_MAC_LEN];
578         const u8 *addr[4];
579         size_t len[4];
580
581         if (r_snonce1 == NULL) {
582                 wpa_printf(MSG_DEBUG, "WPS: No R-SNonce1 received");
583                 return -1;
584         }
585
586         wpa_hexdump_key(MSG_DEBUG, "WPS: R-SNonce1", r_snonce1,
587                         WPS_SECRET_NONCE_LEN);
588
589         /* R-Hash1 = HMAC_AuthKey(R-S1 || PSK1 || PK_E || PK_R) */
590         addr[0] = r_snonce1;
591         len[0] = WPS_SECRET_NONCE_LEN;
592         addr[1] = wps->psk1;
593         len[1] = WPS_PSK_LEN;
594         addr[2] = wpabuf_head(wps->dh_pubkey_e);
595         len[2] = wpabuf_len(wps->dh_pubkey_e);
596         addr[3] = wpabuf_head(wps->dh_pubkey_r);
597         len[3] = wpabuf_len(wps->dh_pubkey_r);
598         hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
599
600         if (os_memcmp(wps->peer_hash1, hash, WPS_HASH_LEN) != 0) {
601                 wpa_printf(MSG_DEBUG, "WPS: R-Hash1 derived from R-S1 does "
602                            "not match with the pre-committed value");
603                 wps->config_error = WPS_CFG_DEV_PASSWORD_AUTH_FAILURE;
604                 wps_pwd_auth_fail_event(wps->wps, 1, 1, wps->peer_dev.mac_addr);
605                 return -1;
606         }
607
608         wpa_printf(MSG_DEBUG, "WPS: Registrar proved knowledge of the first "
609                    "half of the device password");
610
611         return 0;
612 }
613
614
615 static int wps_process_r_snonce2(struct wps_data *wps, const u8 *r_snonce2)
616 {
617         u8 hash[SHA256_MAC_LEN];
618         const u8 *addr[4];
619         size_t len[4];
620
621         if (r_snonce2 == NULL) {
622                 wpa_printf(MSG_DEBUG, "WPS: No R-SNonce2 received");
623                 return -1;
624         }
625
626         wpa_hexdump_key(MSG_DEBUG, "WPS: R-SNonce2", r_snonce2,
627                         WPS_SECRET_NONCE_LEN);
628
629         /* R-Hash2 = HMAC_AuthKey(R-S2 || PSK2 || PK_E || PK_R) */
630         addr[0] = r_snonce2;
631         len[0] = WPS_SECRET_NONCE_LEN;
632         addr[1] = wps->psk2;
633         len[1] = WPS_PSK_LEN;
634         addr[2] = wpabuf_head(wps->dh_pubkey_e);
635         len[2] = wpabuf_len(wps->dh_pubkey_e);
636         addr[3] = wpabuf_head(wps->dh_pubkey_r);
637         len[3] = wpabuf_len(wps->dh_pubkey_r);
638         hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 4, addr, len, hash);
639
640         if (os_memcmp(wps->peer_hash2, hash, WPS_HASH_LEN) != 0) {
641                 wpa_printf(MSG_DEBUG, "WPS: R-Hash2 derived from R-S2 does "
642                            "not match with the pre-committed value");
643                 wps->config_error = WPS_CFG_DEV_PASSWORD_AUTH_FAILURE;
644                 wps_pwd_auth_fail_event(wps->wps, 1, 2, wps->peer_dev.mac_addr);
645                 return -1;
646         }
647
648         wpa_printf(MSG_DEBUG, "WPS: Registrar proved knowledge of the second "
649                    "half of the device password");
650
651         return 0;
652 }
653
654
655 static int wps_process_cred_e(struct wps_data *wps, const u8 *cred,
656                               size_t cred_len, int wps2)
657 {
658         struct wps_parse_attr attr;
659         struct wpabuf msg;
660         int ret = 0;
661
662         wpa_printf(MSG_DEBUG, "WPS: Received Credential");
663         os_memset(&wps->cred, 0, sizeof(wps->cred));
664         wpabuf_set(&msg, cred, cred_len);
665         if (wps_parse_msg(&msg, &attr) < 0 ||
666             wps_process_cred(&attr, &wps->cred))
667                 return -1;
668
669         if (os_memcmp(wps->cred.mac_addr, wps->wps->dev.mac_addr, ETH_ALEN) !=
670             0) {
671                 wpa_printf(MSG_DEBUG, "WPS: MAC Address in the Credential ("
672                            MACSTR ") does not match with own address (" MACSTR
673                            ")", MAC2STR(wps->cred.mac_addr),
674                            MAC2STR(wps->wps->dev.mac_addr));
675                 /*
676                  * In theory, this could be consider fatal error, but there are
677                  * number of deployed implementations using other address here
678                  * due to unclarity in the specification. For interoperability
679                  * reasons, allow this to be processed since we do not really
680                  * use the MAC Address information for anything.
681                  */
682 #ifdef CONFIG_WPS_STRICT
683                 if (wps2) {
684                         wpa_printf(MSG_INFO, "WPS: Do not accept incorrect "
685                                    "MAC Address in AP Settings");
686                         return -1;
687                 }
688 #endif /* CONFIG_WPS_STRICT */
689         }
690
691 #ifdef CONFIG_WPS2
692         if (!(wps->cred.encr_type &
693               (WPS_ENCR_NONE | WPS_ENCR_TKIP | WPS_ENCR_AES))) {
694                 if (wps->cred.encr_type & WPS_ENCR_WEP) {
695                         wpa_printf(MSG_INFO, "WPS: Reject Credential "
696                                    "due to WEP configuration");
697                         wps->error_indication = WPS_EI_SECURITY_WEP_PROHIBITED;
698                         return -2;
699                 }
700
701                 wpa_printf(MSG_INFO, "WPS: Reject Credential due to "
702                            "invalid encr_type 0x%x", wps->cred.encr_type);
703                 return -1;
704         }
705 #endif /* CONFIG_WPS2 */
706
707         if (wps->wps->cred_cb) {
708                 wps->cred.cred_attr = cred - 4;
709                 wps->cred.cred_attr_len = cred_len + 4;
710                 ret = wps->wps->cred_cb(wps->wps->cb_ctx, &wps->cred);
711                 wps->cred.cred_attr = NULL;
712                 wps->cred.cred_attr_len = 0;
713         }
714
715         return ret;
716 }
717
718
719 static int wps_process_creds(struct wps_data *wps, const u8 *cred[],
720                              size_t cred_len[], size_t num_cred, int wps2)
721 {
722         size_t i;
723         int ok = 0;
724
725         if (wps->wps->ap)
726                 return 0;
727
728         if (num_cred == 0) {
729                 wpa_printf(MSG_DEBUG, "WPS: No Credential attributes "
730                            "received");
731                 return -1;
732         }
733
734         for (i = 0; i < num_cred; i++) {
735                 int res;
736                 res = wps_process_cred_e(wps, cred[i], cred_len[i], wps2);
737                 if (res == 0)
738                         ok++;
739                 else if (res == -2)
740                         wpa_printf(MSG_DEBUG, "WPS: WEP credential skipped");
741                 else
742                         return -1;
743         }
744
745         if (ok == 0) {
746                 wpa_printf(MSG_DEBUG, "WPS: No valid Credential attribute "
747                            "received");
748                 return -1;
749         }
750
751         return 0;
752 }
753
754
755 static int wps_process_ap_settings_e(struct wps_data *wps,
756                                      struct wps_parse_attr *attr,
757                                      struct wpabuf *attrs, int wps2)
758 {
759         struct wps_credential cred;
760
761         if (!wps->wps->ap)
762                 return 0;
763
764         if (wps_process_ap_settings(attr, &cred) < 0)
765                 return -1;
766
767         wpa_printf(MSG_INFO, "WPS: Received new AP configuration from "
768                    "Registrar");
769
770         if (os_memcmp(cred.mac_addr, wps->wps->dev.mac_addr, ETH_ALEN) !=
771             0) {
772                 wpa_printf(MSG_DEBUG, "WPS: MAC Address in the AP Settings ("
773                            MACSTR ") does not match with own address (" MACSTR
774                            ")", MAC2STR(cred.mac_addr),
775                            MAC2STR(wps->wps->dev.mac_addr));
776                 /*
777                  * In theory, this could be consider fatal error, but there are
778                  * number of deployed implementations using other address here
779                  * due to unclarity in the specification. For interoperability
780                  * reasons, allow this to be processed since we do not really
781                  * use the MAC Address information for anything.
782                  */
783 #ifdef CONFIG_WPS_STRICT
784                 if (wps2) {
785                         wpa_printf(MSG_INFO, "WPS: Do not accept incorrect "
786                                    "MAC Address in AP Settings");
787                         return -1;
788                 }
789 #endif /* CONFIG_WPS_STRICT */
790         }
791
792 #ifdef CONFIG_WPS2
793         if (!(cred.encr_type & (WPS_ENCR_NONE | WPS_ENCR_TKIP | WPS_ENCR_AES)))
794         {
795                 if (cred.encr_type & WPS_ENCR_WEP) {
796                         wpa_printf(MSG_INFO, "WPS: Reject new AP settings "
797                                    "due to WEP configuration");
798                         wps->error_indication = WPS_EI_SECURITY_WEP_PROHIBITED;
799                         return -1;
800                 }
801
802                 wpa_printf(MSG_INFO, "WPS: Reject new AP settings due to "
803                            "invalid encr_type 0x%x", cred.encr_type);
804                 return -1;
805         }
806 #endif /* CONFIG_WPS2 */
807
808 #ifdef CONFIG_WPS_STRICT
809         if (wps2) {
810                 if ((cred.encr_type & (WPS_ENCR_TKIP | WPS_ENCR_AES)) ==
811                     WPS_ENCR_TKIP ||
812                     (cred.auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) ==
813                     WPS_AUTH_WPAPSK) {
814                         wpa_printf(MSG_INFO, "WPS-STRICT: Invalid WSC 2.0 "
815                                    "AP Settings: WPA-Personal/TKIP only");
816                         wps->error_indication =
817                                 WPS_EI_SECURITY_TKIP_ONLY_PROHIBITED;
818                         return -1;
819                 }
820         }
821 #endif /* CONFIG_WPS_STRICT */
822
823 #ifdef CONFIG_WPS2
824         if ((cred.encr_type & (WPS_ENCR_TKIP | WPS_ENCR_AES)) == WPS_ENCR_TKIP)
825         {
826                 wpa_printf(MSG_DEBUG, "WPS: Upgrade encr_type TKIP -> "
827                            "TKIP+AES");
828                 cred.encr_type |= WPS_ENCR_AES;
829         }
830
831         if ((cred.auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK)) ==
832             WPS_AUTH_WPAPSK) {
833                 wpa_printf(MSG_DEBUG, "WPS: Upgrade auth_type WPAPSK -> "
834                            "WPAPSK+WPA2PSK");
835                 cred.auth_type |= WPS_AUTH_WPA2PSK;
836         }
837 #endif /* CONFIG_WPS2 */
838
839         if (wps->wps->cred_cb) {
840                 cred.cred_attr = wpabuf_head(attrs);
841                 cred.cred_attr_len = wpabuf_len(attrs);
842                 wps->wps->cred_cb(wps->wps->cb_ctx, &cred);
843         }
844
845         return 0;
846 }
847
848
849 static int wps_process_dev_pw_id(struct wps_data *wps, const u8 *dev_pw_id)
850 {
851         u16 id;
852
853         if (dev_pw_id == NULL) {
854                 wpa_printf(MSG_DEBUG, "WPS: Device Password ID");
855                 return -1;
856         }
857
858         id = WPA_GET_BE16(dev_pw_id);
859         if (wps->dev_pw_id == id) {
860                 wpa_printf(MSG_DEBUG, "WPS: Device Password ID %u", id);
861                 return 0;
862         }
863
864 #ifdef CONFIG_P2P
865         if ((id == DEV_PW_DEFAULT &&
866              wps->dev_pw_id == DEV_PW_REGISTRAR_SPECIFIED) ||
867             (id == DEV_PW_REGISTRAR_SPECIFIED &&
868              wps->dev_pw_id == DEV_PW_DEFAULT)) {
869                 /*
870                  * Common P2P use cases indicate whether the PIN is from the
871                  * client or GO using Device Password Id in M1/M2 in a way that
872                  * does not look fully compliant with WSC specification. Anyway,
873                  * this is deployed and needs to be allowed, so ignore changes
874                  * between Registrar-Specified and Default PIN.
875                  */
876                 wpa_printf(MSG_DEBUG, "WPS: Allow PIN Device Password ID "
877                            "change");
878                 return 0;
879         }
880 #endif /* CONFIG_P2P */
881
882         wpa_printf(MSG_DEBUG, "WPS: Registrar trying to change Device Password "
883                    "ID from %u to %u", wps->dev_pw_id, id);
884
885         if (wps->dev_pw_id == DEV_PW_PUSHBUTTON && id == DEV_PW_DEFAULT) {
886                 wpa_printf(MSG_DEBUG,
887                            "WPS: Workaround - ignore PBC-to-PIN change");
888                 return 0;
889         }
890
891         if (wps->alt_dev_password && wps->alt_dev_pw_id == id) {
892                 wpa_printf(MSG_DEBUG, "WPS: Found a matching Device Password");
893                 os_free(wps->dev_password);
894                 wps->dev_pw_id = wps->alt_dev_pw_id;
895                 wps->dev_password = wps->alt_dev_password;
896                 wps->dev_password_len = wps->alt_dev_password_len;
897                 wps->alt_dev_password = NULL;
898                 wps->alt_dev_password_len = 0;
899                 return 0;
900         }
901
902         return -1;
903 }
904
905
906 static enum wps_process_res wps_process_m2(struct wps_data *wps,
907                                            const struct wpabuf *msg,
908                                            struct wps_parse_attr *attr)
909 {
910         wpa_printf(MSG_DEBUG, "WPS: Received M2");
911
912         if (wps->state != RECV_M2) {
913                 wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
914                            "receiving M2", wps->state);
915                 wps->state = SEND_WSC_NACK;
916                 return WPS_CONTINUE;
917         }
918
919         if (wps_process_registrar_nonce(wps, attr->registrar_nonce) ||
920             wps_process_enrollee_nonce(wps, attr->enrollee_nonce) ||
921             wps_process_uuid_r(wps, attr->uuid_r) ||
922             wps_process_dev_pw_id(wps, attr->dev_password_id)) {
923                 wps->state = SEND_WSC_NACK;
924                 return WPS_CONTINUE;
925         }
926
927         /*
928          * Stop here on an AP as an Enrollee if AP Setup is locked unless the
929          * special locked mode is used to allow protocol run up to M7 in order
930          * to support external Registrars that only learn the current AP
931          * configuration without changing it.
932          */
933         if (wps->wps->ap &&
934             ((wps->wps->ap_setup_locked && wps->wps->ap_setup_locked != 2) ||
935              wps->dev_password == NULL)) {
936                 wpa_printf(MSG_DEBUG, "WPS: AP Setup is locked - refuse "
937                            "registration of a new Registrar");
938                 wps->config_error = WPS_CFG_SETUP_LOCKED;
939                 wps->state = SEND_WSC_NACK;
940                 return WPS_CONTINUE;
941         }
942
943         if (wps_process_pubkey(wps, attr->public_key, attr->public_key_len) ||
944             wps_process_authenticator(wps, attr->authenticator, msg) ||
945             wps_process_device_attrs(&wps->peer_dev, attr)) {
946                 wps->state = SEND_WSC_NACK;
947                 return WPS_CONTINUE;
948         }
949
950 #ifdef CONFIG_WPS_NFC
951         if (wps->peer_pubkey_hash_set) {
952                 struct wpabuf *decrypted;
953                 struct wps_parse_attr eattr;
954
955                 decrypted = wps_decrypt_encr_settings(wps, attr->encr_settings,
956                                                       attr->encr_settings_len);
957                 if (decrypted == NULL) {
958                         wpa_printf(MSG_DEBUG, "WPS: Failed to decrypt "
959                                    "Encrypted Settings attribute");
960                         wps->state = SEND_WSC_NACK;
961                         return WPS_CONTINUE;
962                 }
963
964                 wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted "
965                            "Settings attribute");
966                 if (wps_parse_msg(decrypted, &eattr) < 0 ||
967                     wps_process_key_wrap_auth(wps, decrypted,
968                                               eattr.key_wrap_auth) ||
969                     wps_process_creds(wps, eattr.cred, eattr.cred_len,
970                                       eattr.num_cred, attr->version2 != NULL)) {
971                         wpabuf_free(decrypted);
972                         wps->state = SEND_WSC_NACK;
973                         return WPS_CONTINUE;
974                 }
975                 wpabuf_free(decrypted);
976
977                 wps->state = WPS_MSG_DONE;
978                 return WPS_CONTINUE;
979         }
980 #endif /* CONFIG_WPS_NFC */
981
982         wps->state = SEND_M3;
983         return WPS_CONTINUE;
984 }
985
986
987 static enum wps_process_res wps_process_m2d(struct wps_data *wps,
988                                             struct wps_parse_attr *attr)
989 {
990         wpa_printf(MSG_DEBUG, "WPS: Received M2D");
991
992         if (wps->state != RECV_M2) {
993                 wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
994                            "receiving M2D", wps->state);
995                 wps->state = SEND_WSC_NACK;
996                 return WPS_CONTINUE;
997         }
998
999         wpa_hexdump_ascii(MSG_DEBUG, "WPS: Manufacturer",
1000                           attr->manufacturer, attr->manufacturer_len);
1001         wpa_hexdump_ascii(MSG_DEBUG, "WPS: Model Name",
1002                           attr->model_name, attr->model_name_len);
1003         wpa_hexdump_ascii(MSG_DEBUG, "WPS: Model Number",
1004                           attr->model_number, attr->model_number_len);
1005         wpa_hexdump_ascii(MSG_DEBUG, "WPS: Serial Number",
1006                           attr->serial_number, attr->serial_number_len);
1007         wpa_hexdump_ascii(MSG_DEBUG, "WPS: Device Name",
1008                           attr->dev_name, attr->dev_name_len);
1009
1010         if (wps->wps->event_cb) {
1011                 union wps_event_data data;
1012                 struct wps_event_m2d *m2d = &data.m2d;
1013                 os_memset(&data, 0, sizeof(data));
1014                 if (attr->config_methods)
1015                         m2d->config_methods =
1016                                 WPA_GET_BE16(attr->config_methods);
1017                 m2d->manufacturer = attr->manufacturer;
1018                 m2d->manufacturer_len = attr->manufacturer_len;
1019                 m2d->model_name = attr->model_name;
1020                 m2d->model_name_len = attr->model_name_len;
1021                 m2d->model_number = attr->model_number;
1022                 m2d->model_number_len = attr->model_number_len;
1023                 m2d->serial_number = attr->serial_number;
1024                 m2d->serial_number_len = attr->serial_number_len;
1025                 m2d->dev_name = attr->dev_name;
1026                 m2d->dev_name_len = attr->dev_name_len;
1027                 m2d->primary_dev_type = attr->primary_dev_type;
1028                 if (attr->config_error)
1029                         m2d->config_error =
1030                                 WPA_GET_BE16(attr->config_error);
1031                 if (attr->dev_password_id)
1032                         m2d->dev_password_id =
1033                                 WPA_GET_BE16(attr->dev_password_id);
1034                 wps->wps->event_cb(wps->wps->cb_ctx, WPS_EV_M2D, &data);
1035         }
1036
1037         wps->state = RECEIVED_M2D;
1038         return WPS_CONTINUE;
1039 }
1040
1041
1042 static enum wps_process_res wps_process_m4(struct wps_data *wps,
1043                                            const struct wpabuf *msg,
1044                                            struct wps_parse_attr *attr)
1045 {
1046         struct wpabuf *decrypted;
1047         struct wps_parse_attr eattr;
1048
1049         wpa_printf(MSG_DEBUG, "WPS: Received M4");
1050
1051         if (wps->state != RECV_M4) {
1052                 wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
1053                            "receiving M4", wps->state);
1054                 wps->state = SEND_WSC_NACK;
1055                 return WPS_CONTINUE;
1056         }
1057
1058         if (wps_process_enrollee_nonce(wps, attr->enrollee_nonce) ||
1059             wps_process_authenticator(wps, attr->authenticator, msg) ||
1060             wps_process_r_hash1(wps, attr->r_hash1) ||
1061             wps_process_r_hash2(wps, attr->r_hash2)) {
1062                 wps->state = SEND_WSC_NACK;
1063                 return WPS_CONTINUE;
1064         }
1065
1066         decrypted = wps_decrypt_encr_settings(wps, attr->encr_settings,
1067                                               attr->encr_settings_len);
1068         if (decrypted == NULL) {
1069                 wpa_printf(MSG_DEBUG, "WPS: Failed to decrypted Encrypted "
1070                            "Settings attribute");
1071                 wps->state = SEND_WSC_NACK;
1072                 return WPS_CONTINUE;
1073         }
1074
1075         if (wps_validate_m4_encr(decrypted, attr->version2 != NULL) < 0) {
1076                 wpabuf_free(decrypted);
1077                 wps->state = SEND_WSC_NACK;
1078                 return WPS_CONTINUE;
1079         }
1080
1081         wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted Settings "
1082                    "attribute");
1083         if (wps_parse_msg(decrypted, &eattr) < 0 ||
1084             wps_process_key_wrap_auth(wps, decrypted, eattr.key_wrap_auth) ||
1085             wps_process_r_snonce1(wps, eattr.r_snonce1)) {
1086                 wpabuf_free(decrypted);
1087                 wps->state = SEND_WSC_NACK;
1088                 return WPS_CONTINUE;
1089         }
1090         wpabuf_free(decrypted);
1091
1092         wps->state = SEND_M5;
1093         return WPS_CONTINUE;
1094 }
1095
1096
1097 static enum wps_process_res wps_process_m6(struct wps_data *wps,
1098                                            const struct wpabuf *msg,
1099                                            struct wps_parse_attr *attr)
1100 {
1101         struct wpabuf *decrypted;
1102         struct wps_parse_attr eattr;
1103
1104         wpa_printf(MSG_DEBUG, "WPS: Received M6");
1105
1106         if (wps->state != RECV_M6) {
1107                 wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
1108                            "receiving M6", wps->state);
1109                 wps->state = SEND_WSC_NACK;
1110                 return WPS_CONTINUE;
1111         }
1112
1113         if (wps_process_enrollee_nonce(wps, attr->enrollee_nonce) ||
1114             wps_process_authenticator(wps, attr->authenticator, msg)) {
1115                 wps->state = SEND_WSC_NACK;
1116                 return WPS_CONTINUE;
1117         }
1118
1119         decrypted = wps_decrypt_encr_settings(wps, attr->encr_settings,
1120                                               attr->encr_settings_len);
1121         if (decrypted == NULL) {
1122                 wpa_printf(MSG_DEBUG, "WPS: Failed to decrypted Encrypted "
1123                            "Settings attribute");
1124                 wps->state = SEND_WSC_NACK;
1125                 return WPS_CONTINUE;
1126         }
1127
1128         if (wps_validate_m6_encr(decrypted, attr->version2 != NULL) < 0) {
1129                 wpabuf_free(decrypted);
1130                 wps->state = SEND_WSC_NACK;
1131                 return WPS_CONTINUE;
1132         }
1133
1134         wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted Settings "
1135                    "attribute");
1136         if (wps_parse_msg(decrypted, &eattr) < 0 ||
1137             wps_process_key_wrap_auth(wps, decrypted, eattr.key_wrap_auth) ||
1138             wps_process_r_snonce2(wps, eattr.r_snonce2)) {
1139                 wpabuf_free(decrypted);
1140                 wps->state = SEND_WSC_NACK;
1141                 return WPS_CONTINUE;
1142         }
1143         wpabuf_free(decrypted);
1144
1145         if (wps->wps->ap)
1146                 wps->wps->event_cb(wps->wps->cb_ctx, WPS_EV_AP_PIN_SUCCESS,
1147                                    NULL);
1148
1149         wps->state = SEND_M7;
1150         return WPS_CONTINUE;
1151 }
1152
1153
1154 static enum wps_process_res wps_process_m8(struct wps_data *wps,
1155                                            const struct wpabuf *msg,
1156                                            struct wps_parse_attr *attr)
1157 {
1158         struct wpabuf *decrypted;
1159         struct wps_parse_attr eattr;
1160
1161         wpa_printf(MSG_DEBUG, "WPS: Received M8");
1162
1163         if (wps->state != RECV_M8) {
1164                 wpa_printf(MSG_DEBUG, "WPS: Unexpected state (%d) for "
1165                            "receiving M8", wps->state);
1166                 wps->state = SEND_WSC_NACK;
1167                 return WPS_CONTINUE;
1168         }
1169
1170         if (wps_process_enrollee_nonce(wps, attr->enrollee_nonce) ||
1171             wps_process_authenticator(wps, attr->authenticator, msg)) {
1172                 wps->state = SEND_WSC_NACK;
1173                 return WPS_CONTINUE;
1174         }
1175
1176         if (wps->wps->ap && wps->wps->ap_setup_locked) {
1177                 /*
1178                  * Stop here if special ap_setup_locked == 2 mode allowed the
1179                  * protocol to continue beyond M2. This allows ER to learn the
1180                  * current AP settings without changing them.
1181                  */
1182                 wpa_printf(MSG_DEBUG, "WPS: AP Setup is locked - refuse "
1183                            "registration of a new Registrar");
1184                 wps->config_error = WPS_CFG_SETUP_LOCKED;
1185                 wps->state = SEND_WSC_NACK;
1186                 return WPS_CONTINUE;
1187         }
1188
1189         decrypted = wps_decrypt_encr_settings(wps, attr->encr_settings,
1190                                               attr->encr_settings_len);
1191         if (decrypted == NULL) {
1192                 wpa_printf(MSG_DEBUG, "WPS: Failed to decrypted Encrypted "
1193                            "Settings attribute");
1194                 wps->state = SEND_WSC_NACK;
1195                 return WPS_CONTINUE;
1196         }
1197
1198         if (wps_validate_m8_encr(decrypted, wps->wps->ap,
1199                                  attr->version2 != NULL) < 0) {
1200                 wpabuf_free(decrypted);
1201                 wps->state = SEND_WSC_NACK;
1202                 return WPS_CONTINUE;
1203         }
1204
1205         wpa_printf(MSG_DEBUG, "WPS: Processing decrypted Encrypted Settings "
1206                    "attribute");
1207         if (wps_parse_msg(decrypted, &eattr) < 0 ||
1208             wps_process_key_wrap_auth(wps, decrypted, eattr.key_wrap_auth) ||
1209             wps_process_creds(wps, eattr.cred, eattr.cred_len,
1210                               eattr.num_cred, attr->version2 != NULL) ||
1211             wps_process_ap_settings_e(wps, &eattr, decrypted,
1212                                       attr->version2 != NULL)) {
1213                 wpabuf_free(decrypted);
1214                 wps->state = SEND_WSC_NACK;
1215                 return WPS_CONTINUE;
1216         }
1217         wpabuf_free(decrypted);
1218
1219         wps->state = WPS_MSG_DONE;
1220         return WPS_CONTINUE;
1221 }
1222
1223
1224 static enum wps_process_res wps_process_wsc_msg(struct wps_data *wps,
1225                                                 const struct wpabuf *msg)
1226 {
1227         struct wps_parse_attr attr;
1228         enum wps_process_res ret = WPS_CONTINUE;
1229
1230         wpa_printf(MSG_DEBUG, "WPS: Received WSC_MSG");
1231
1232         if (wps_parse_msg(msg, &attr) < 0)
1233                 return WPS_FAILURE;
1234
1235         if (attr.enrollee_nonce == NULL ||
1236             os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
1237                 wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
1238                 return WPS_FAILURE;
1239         }
1240
1241         if (attr.msg_type == NULL) {
1242                 wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute");
1243                 wps->state = SEND_WSC_NACK;
1244                 return WPS_CONTINUE;
1245         }
1246
1247         switch (*attr.msg_type) {
1248         case WPS_M2:
1249                 if (wps_validate_m2(msg) < 0)
1250                         return WPS_FAILURE;
1251                 ret = wps_process_m2(wps, msg, &attr);
1252                 break;
1253         case WPS_M2D:
1254                 if (wps_validate_m2d(msg) < 0)
1255                         return WPS_FAILURE;
1256                 ret = wps_process_m2d(wps, &attr);
1257                 break;
1258         case WPS_M4:
1259                 if (wps_validate_m4(msg) < 0)
1260                         return WPS_FAILURE;
1261                 ret = wps_process_m4(wps, msg, &attr);
1262                 if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK)
1263                         wps_fail_event(wps->wps, WPS_M4, wps->config_error,
1264                                        wps->error_indication,
1265                                        wps->peer_dev.mac_addr);
1266                 break;
1267         case WPS_M6:
1268                 if (wps_validate_m6(msg) < 0)
1269                         return WPS_FAILURE;
1270                 ret = wps_process_m6(wps, msg, &attr);
1271                 if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK)
1272                         wps_fail_event(wps->wps, WPS_M6, wps->config_error,
1273                                        wps->error_indication,
1274                                        wps->peer_dev.mac_addr);
1275                 break;
1276         case WPS_M8:
1277                 if (wps_validate_m8(msg) < 0)
1278                         return WPS_FAILURE;
1279                 ret = wps_process_m8(wps, msg, &attr);
1280                 if (ret == WPS_FAILURE || wps->state == SEND_WSC_NACK)
1281                         wps_fail_event(wps->wps, WPS_M8, wps->config_error,
1282                                        wps->error_indication,
1283                                        wps->peer_dev.mac_addr);
1284                 break;
1285         default:
1286                 wpa_printf(MSG_DEBUG, "WPS: Unsupported Message Type %d",
1287                            *attr.msg_type);
1288                 return WPS_FAILURE;
1289         }
1290
1291         /*
1292          * Save a copy of the last message for Authenticator derivation if we
1293          * are continuing. However, skip M2D since it is not authenticated and
1294          * neither is the ACK/NACK response frame. This allows the possibly
1295          * following M2 to be processed correctly by using the previously sent
1296          * M1 in Authenticator derivation.
1297          */
1298         if (ret == WPS_CONTINUE && *attr.msg_type != WPS_M2D) {
1299                 /* Save a copy of the last message for Authenticator derivation
1300                  */
1301                 wpabuf_free(wps->last_msg);
1302                 wps->last_msg = wpabuf_dup(msg);
1303         }
1304
1305         return ret;
1306 }
1307
1308
1309 static enum wps_process_res wps_process_wsc_ack(struct wps_data *wps,
1310                                                 const struct wpabuf *msg)
1311 {
1312         struct wps_parse_attr attr;
1313
1314         wpa_printf(MSG_DEBUG, "WPS: Received WSC_ACK");
1315
1316         if (wps_parse_msg(msg, &attr) < 0)
1317                 return WPS_FAILURE;
1318
1319         if (attr.msg_type == NULL) {
1320                 wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute");
1321                 return WPS_FAILURE;
1322         }
1323
1324         if (*attr.msg_type != WPS_WSC_ACK) {
1325                 wpa_printf(MSG_DEBUG, "WPS: Invalid Message Type %d",
1326                            *attr.msg_type);
1327                 return WPS_FAILURE;
1328         }
1329
1330         if (attr.registrar_nonce == NULL ||
1331             os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN) != 0)
1332         {
1333                 wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
1334                 return WPS_FAILURE;
1335         }
1336
1337         if (attr.enrollee_nonce == NULL ||
1338             os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
1339                 wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
1340                 return WPS_FAILURE;
1341         }
1342
1343         if (wps->state == RECV_ACK && wps->wps->ap) {
1344                 wpa_printf(MSG_DEBUG, "WPS: External Registrar registration "
1345                            "completed successfully");
1346                 wps_success_event(wps->wps, wps->peer_dev.mac_addr);
1347                 wps->state = WPS_FINISHED;
1348                 return WPS_DONE;
1349         }
1350
1351         return WPS_FAILURE;
1352 }
1353
1354
1355 static enum wps_process_res wps_process_wsc_nack(struct wps_data *wps,
1356                                                  const struct wpabuf *msg)
1357 {
1358         struct wps_parse_attr attr;
1359         u16 config_error;
1360
1361         wpa_printf(MSG_DEBUG, "WPS: Received WSC_NACK");
1362
1363         if (wps_parse_msg(msg, &attr) < 0)
1364                 return WPS_FAILURE;
1365
1366         if (attr.msg_type == NULL) {
1367                 wpa_printf(MSG_DEBUG, "WPS: No Message Type attribute");
1368                 return WPS_FAILURE;
1369         }
1370
1371         if (*attr.msg_type != WPS_WSC_NACK) {
1372                 wpa_printf(MSG_DEBUG, "WPS: Invalid Message Type %d",
1373                            *attr.msg_type);
1374                 return WPS_FAILURE;
1375         }
1376
1377         if (attr.registrar_nonce == NULL ||
1378             os_memcmp(wps->nonce_r, attr.registrar_nonce, WPS_NONCE_LEN) != 0)
1379         {
1380                 wpa_printf(MSG_DEBUG, "WPS: Mismatch in registrar nonce");
1381                 wpa_hexdump(MSG_DEBUG, "WPS: Received Registrar Nonce",
1382                             attr.registrar_nonce, WPS_NONCE_LEN);
1383                 wpa_hexdump(MSG_DEBUG, "WPS: Expected Registrar Nonce",
1384                             wps->nonce_r, WPS_NONCE_LEN);
1385                 return WPS_FAILURE;
1386         }
1387
1388         if (attr.enrollee_nonce == NULL ||
1389             os_memcmp(wps->nonce_e, attr.enrollee_nonce, WPS_NONCE_LEN) != 0) {
1390                 wpa_printf(MSG_DEBUG, "WPS: Mismatch in enrollee nonce");
1391                 wpa_hexdump(MSG_DEBUG, "WPS: Received Enrollee Nonce",
1392                             attr.enrollee_nonce, WPS_NONCE_LEN);
1393                 wpa_hexdump(MSG_DEBUG, "WPS: Expected Enrollee Nonce",
1394                             wps->nonce_e, WPS_NONCE_LEN);
1395                 return WPS_FAILURE;
1396         }
1397
1398         if (attr.config_error == NULL) {
1399                 wpa_printf(MSG_DEBUG, "WPS: No Configuration Error attribute "
1400                            "in WSC_NACK");
1401                 return WPS_FAILURE;
1402         }
1403
1404         config_error = WPA_GET_BE16(attr.config_error);
1405         wpa_printf(MSG_DEBUG, "WPS: Registrar terminated negotiation with "
1406                    "Configuration Error %d", config_error);
1407
1408         switch (wps->state) {
1409         case RECV_M4:
1410                 wps_fail_event(wps->wps, WPS_M3, config_error,
1411                                wps->error_indication, wps->peer_dev.mac_addr);
1412                 break;
1413         case RECV_M6:
1414                 wps_fail_event(wps->wps, WPS_M5, config_error,
1415                                wps->error_indication, wps->peer_dev.mac_addr);
1416                 break;
1417         case RECV_M8:
1418                 wps_fail_event(wps->wps, WPS_M7, config_error,
1419                                wps->error_indication, wps->peer_dev.mac_addr);
1420                 break;
1421         default:
1422                 break;
1423         }
1424
1425         /* Followed by NACK if Enrollee is Supplicant or EAP-Failure if
1426          * Enrollee is Authenticator */
1427         wps->state = SEND_WSC_NACK;
1428
1429         return WPS_FAILURE;
1430 }
1431
1432
1433 enum wps_process_res wps_enrollee_process_msg(struct wps_data *wps,
1434                                               enum wsc_op_code op_code,
1435                                               const struct wpabuf *msg)
1436 {
1437
1438         wpa_printf(MSG_DEBUG, "WPS: Processing received message (len=%lu "
1439                    "op_code=%d)",
1440                    (unsigned long) wpabuf_len(msg), op_code);
1441
1442         if (op_code == WSC_UPnP) {
1443                 /* Determine the OpCode based on message type attribute */
1444                 struct wps_parse_attr attr;
1445                 if (wps_parse_msg(msg, &attr) == 0 && attr.msg_type) {
1446                         if (*attr.msg_type == WPS_WSC_ACK)
1447                                 op_code = WSC_ACK;
1448                         else if (*attr.msg_type == WPS_WSC_NACK)
1449                                 op_code = WSC_NACK;
1450                 }
1451         }
1452
1453         switch (op_code) {
1454         case WSC_MSG:
1455         case WSC_UPnP:
1456                 return wps_process_wsc_msg(wps, msg);
1457         case WSC_ACK:
1458                 if (wps_validate_wsc_ack(msg) < 0)
1459                         return WPS_FAILURE;
1460                 return wps_process_wsc_ack(wps, msg);
1461         case WSC_NACK:
1462                 if (wps_validate_wsc_nack(msg) < 0)
1463                         return WPS_FAILURE;
1464                 return wps_process_wsc_nack(wps, msg);
1465         default:
1466                 wpa_printf(MSG_DEBUG, "WPS: Unsupported op_code %d", op_code);
1467                 return WPS_FAILURE;
1468         }
1469 }