diff options
author | Jouni Malinen <j@w1.fi> | 2012-06-28 19:43:29 +0300 |
---|---|---|
committer | Jouni Malinen <j@w1.fi> | 2012-06-28 19:43:29 +0300 |
commit | ffdaa05a6b1b59c4b2e50f9b7fef82769fc2d3fe (patch) | |
tree | 6929645e340769e4acfd2b56fd165abc75ce1ccb /src/ap | |
parent | e484e927a6754557599d07b84944a748e77ef85c (diff) | |
download | external_wpa_supplicant_8_ti-ffdaa05a6b1b59c4b2e50f9b7fef82769fc2d3fe.zip external_wpa_supplicant_8_ti-ffdaa05a6b1b59c4b2e50f9b7fef82769fc2d3fe.tar.gz external_wpa_supplicant_8_ti-ffdaa05a6b1b59c4b2e50f9b7fef82769fc2d3fe.tar.bz2 |
WPS: Add support for NCF password token from AP
The new hostapd ctrl_iface command WPS_NFC_TOKEN can now be used to
manage AP-as-Enrollee operations with NFC password token. WPS/NDEF
parameters to this command can be used to generate a new NFC password
token. enable/disable parameters can be used to enable/disable use of
NFC password token (instead of AP PIN) for external Registrars.
A preconfigured NFS password token can be used by providing its
parameters with new hostapd.conf fields wps_nfc_dev_pw_id,
wps_nfc_dh_pubkey, wps_nfc_dh_privkey, and wps_nfc_dev_pw. This use
will also depend on WPS_NFC_TOKEN enable/disable commands, i.e., the
configured NFS password token is disabled by default.
Signed-hostap: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/ap')
-rw-r--r-- | src/ap/ap_config.c | 3 | ||||
-rw-r--r-- | src/ap/ap_config.h | 4 | ||||
-rw-r--r-- | src/ap/wps_hostapd.c | 99 | ||||
-rw-r--r-- | src/ap/wps_hostapd.h | 3 |
4 files changed, 109 insertions, 0 deletions
diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c index d8f55a2..2c633d9 100644 --- a/src/ap/ap_config.c +++ b/src/ap/ap_config.c @@ -491,6 +491,9 @@ static void hostapd_config_free_bss(struct hostapd_bss_config *conf) os_free(conf->model_description); os_free(conf->model_url); os_free(conf->upc); + wpabuf_free(conf->wps_nfc_dh_pubkey); + wpabuf_free(conf->wps_nfc_dh_privkey); + wpabuf_free(conf->wps_nfc_dev_pw); #endif /* CONFIG_WPS */ os_free(conf->roaming_consortium); diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h index 1f35f72..73b200c 100644 --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h @@ -344,6 +344,10 @@ struct hostapd_bss_config { char *model_url; char *upc; struct wpabuf *wps_vendor_ext[MAX_WPS_VENDOR_EXTENSIONS]; + int wps_nfc_dev_pw_id; + struct wpabuf *wps_nfc_dh_pubkey; + struct wpabuf *wps_nfc_dh_privkey; + struct wpabuf *wps_nfc_dev_pw; #endif /* CONFIG_WPS */ int pbc_in_m1; diff --git a/src/ap/wps_hostapd.c b/src/ap/wps_hostapd.c index b95b617..0b1fa30 100644 --- a/src/ap/wps_hostapd.c +++ b/src/ap/wps_hostapd.c @@ -12,6 +12,8 @@ #include "utils/eloop.h" #include "utils/uuid.h" #include "crypto/dh_groups.h" +#include "crypto/dh_group5.h" +#include "crypto/random.h" #include "common/wpa_ctrl.h" #include "common/ieee802_11_defs.h" #include "common/ieee802_11_common.h" @@ -992,6 +994,20 @@ int hostapd_init_wps_complete(struct hostapd_data *hapd) } +static void hostapd_wps_nfc_clear(struct wps_context *wps) +{ +#ifdef CONFIG_WPS_NFC + wps->ap_nfc_dev_pw_id = 0; + wpabuf_free(wps->ap_nfc_dh_pubkey); + wps->ap_nfc_dh_pubkey = NULL; + wpabuf_free(wps->ap_nfc_dh_privkey); + wps->ap_nfc_dh_privkey = NULL; + wpabuf_free(wps->ap_nfc_dev_pw); + wps->ap_nfc_dev_pw = NULL; +#endif /* CONFIG_WPS_NFC */ +} + + void hostapd_deinit_wps(struct hostapd_data *hapd) { eloop_cancel_timeout(hostapd_wps_reenable_ap_pin, hapd, NULL); @@ -1009,6 +1025,7 @@ void hostapd_deinit_wps(struct hostapd_data *hapd) wpabuf_free(hapd->wps->oob_conf.pubkey_hash); wpabuf_free(hapd->wps->oob_conf.dev_password); wps_free_pending_msgs(hapd->wps->upnp_msgs); + hostapd_wps_nfc_clear(hapd->wps); os_free(hapd->wps); hapd->wps = NULL; hostapd_wps_clear_ies(hapd); @@ -1606,4 +1623,86 @@ struct wpabuf * hostapd_wps_nfc_config_token(struct hostapd_data *hapd, return ret; } + +struct wpabuf * hostapd_wps_nfc_token_gen(struct hostapd_data *hapd, int ndef) +{ + struct wpabuf *priv = NULL, *pub = NULL, *pw; + void *dh_ctx; + struct wpabuf *ret; + + pw = wpabuf_alloc(WPS_OOB_DEVICE_PASSWORD_LEN); + if (pw == NULL) + return NULL; + + if (random_get_bytes(wpabuf_put(pw, WPS_OOB_DEVICE_PASSWORD_LEN), + WPS_OOB_DEVICE_PASSWORD_LEN)) { + wpabuf_free(pw); + return NULL; + } + + dh_ctx = dh5_init(&priv, &pub); + if (dh_ctx == NULL) { + wpabuf_free(pw); + return NULL; + } + dh5_free(dh_ctx); + + hapd->conf->wps_nfc_dev_pw_id = 0x10 + os_random() % 0xfff0; + wpabuf_free(hapd->conf->wps_nfc_dh_pubkey); + hapd->conf->wps_nfc_dh_pubkey = pub; + wpabuf_free(hapd->conf->wps_nfc_dh_privkey); + hapd->conf->wps_nfc_dh_privkey = priv; + wpabuf_free(hapd->conf->wps_nfc_dev_pw); + hapd->conf->wps_nfc_dev_pw = pw; + + ret = wps_build_nfc_pw_token(hapd->conf->wps_nfc_dev_pw_id, + hapd->conf->wps_nfc_dh_pubkey, + hapd->conf->wps_nfc_dev_pw); + if (ndef && ret) { + struct wpabuf *tmp; + tmp = ndef_build_wifi(ret); + wpabuf_free(ret); + if (tmp == NULL) + return NULL; + ret = tmp; + } + + return ret; +} + + +int hostapd_wps_nfc_token_enable(struct hostapd_data *hapd) +{ + struct wps_context *wps = hapd->wps; + + if (wps == NULL) + return -1; + + if (!hapd->conf->wps_nfc_dh_pubkey || + !hapd->conf->wps_nfc_dh_privkey || + !hapd->conf->wps_nfc_dev_pw || + !hapd->conf->wps_nfc_dev_pw_id) + return -1; + + hostapd_wps_nfc_clear(wps); + wps->ap_nfc_dev_pw_id = hapd->conf->wps_nfc_dev_pw_id; + wps->ap_nfc_dh_pubkey = wpabuf_dup(hapd->conf->wps_nfc_dh_pubkey); + wps->ap_nfc_dh_privkey = wpabuf_dup(hapd->conf->wps_nfc_dh_privkey); + wps->ap_nfc_dev_pw = wpabuf_dup(hapd->conf->wps_nfc_dev_pw); + + if (!wps->ap_nfc_dh_pubkey || !wps->ap_nfc_dh_privkey || + !wps->ap_nfc_dev_pw) { + hostapd_wps_nfc_clear(wps); + return -1; + } + + return 0; +} + + +void hostapd_wps_nfc_token_disable(struct hostapd_data *hapd) +{ + hostapd_wps_nfc_clear(hapd->wps); +} + #endif /* CONFIG_WPS_NFC */ diff --git a/src/ap/wps_hostapd.h b/src/ap/wps_hostapd.h index 8256c06..f968e15 100644 --- a/src/ap/wps_hostapd.h +++ b/src/ap/wps_hostapd.h @@ -37,6 +37,9 @@ int hostapd_wps_nfc_tag_read(struct hostapd_data *hapd, const struct wpabuf *data); struct wpabuf * hostapd_wps_nfc_config_token(struct hostapd_data *hapd, int ndef); +struct wpabuf * hostapd_wps_nfc_token_gen(struct hostapd_data *hapd, int ndef); +int hostapd_wps_nfc_token_enable(struct hostapd_data *hapd); +void hostapd_wps_nfc_token_disable(struct hostapd_data *hapd); #else /* CONFIG_WPS */ |