1/*
2 * Wi-Fi Protected Setup - attribute building
3 * Copyright (c) 2008-2016, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "includes.h"
10
11#include "common.h"
12#include "crypto/aes_wrap.h"
13#include "crypto/crypto.h"
14#include "crypto/dh_group5.h"
15#include "crypto/sha256.h"
16#include "crypto/random.h"
17#include "common/ieee802_11_defs.h"
18#include "wps_i.h"
19
20
21int wps_build_public_key(struct wps_data *wps, struct wpabuf *msg)
22{
23	struct wpabuf *pubkey = NULL;
24
25	wpa_printf(MSG_DEBUG, "WPS:  * Public Key");
26	wpabuf_clear_free(wps->dh_privkey);
27	wps->dh_privkey = NULL;
28	if (wps->dev_pw_id != DEV_PW_DEFAULT && wps->wps->dh_privkey &&
29	    wps->wps->dh_ctx) {
30		wpa_printf(MSG_DEBUG, "WPS: Using pre-configured DH keys");
31		if (wps->wps->dh_pubkey == NULL) {
32			wpa_printf(MSG_DEBUG,
33				   "WPS: wps->wps->dh_pubkey == NULL");
34			return -1;
35		}
36		wps->dh_privkey = wpabuf_dup(wps->wps->dh_privkey);
37		wps->dh_ctx = wps->wps->dh_ctx;
38		wps->wps->dh_ctx = NULL;
39		pubkey = wpabuf_dup(wps->wps->dh_pubkey);
40#ifdef CONFIG_WPS_NFC
41	} else if ((wps->dev_pw_id >= 0x10 ||
42		    wps->dev_pw_id == DEV_PW_NFC_CONNECTION_HANDOVER) &&
43		   (wps->wps->ap ||
44		    (wps->wps->ap_nfc_dh_pubkey &&
45		     wps->wps->ap_nfc_dev_pw_id ==
46		     DEV_PW_NFC_CONNECTION_HANDOVER &&
47		     wps->dev_pw_id == DEV_PW_NFC_CONNECTION_HANDOVER)) &&
48		   (wps->dev_pw_id == wps->wps->ap_nfc_dev_pw_id ||
49		    wps->wps->ap_nfc_dh_pubkey)) {
50		wpa_printf(MSG_DEBUG, "WPS: Using NFC password token DH keys");
51		if (wps->wps->ap_nfc_dh_privkey == NULL) {
52			wpa_printf(MSG_DEBUG,
53				   "WPS: wps->wps->ap_nfc_dh_privkey == NULL");
54			return -1;
55		}
56		if (wps->wps->ap_nfc_dh_pubkey == NULL) {
57			wpa_printf(MSG_DEBUG,
58				   "WPS: wps->wps->ap_nfc_dh_pubkey == NULL");
59			return -1;
60		}
61		wps->dh_privkey = wpabuf_dup(wps->wps->ap_nfc_dh_privkey);
62		pubkey = wpabuf_dup(wps->wps->ap_nfc_dh_pubkey);
63		if (wps->dh_privkey && pubkey)
64			wps->dh_ctx = dh5_init_fixed(wps->dh_privkey, pubkey);
65#endif /* CONFIG_WPS_NFC */
66	} else {
67		wpa_printf(MSG_DEBUG, "WPS: Generate new DH keys");
68		dh5_free(wps->dh_ctx);
69		wps->dh_ctx = dh5_init(&wps->dh_privkey, &pubkey);
70		pubkey = wpabuf_zeropad(pubkey, 192);
71	}
72	if (wps->dh_ctx == NULL || wps->dh_privkey == NULL || pubkey == NULL) {
73		wpa_printf(MSG_DEBUG, "WPS: Failed to initialize "
74			   "Diffie-Hellman handshake");
75		wpabuf_free(pubkey);
76		return -1;
77	}
78	wpa_hexdump_buf_key(MSG_DEBUG, "WPS: DH Private Key", wps->dh_privkey);
79	wpa_hexdump_buf(MSG_DEBUG, "WPS: DH own Public Key", pubkey);
80
81	wpabuf_put_be16(msg, ATTR_PUBLIC_KEY);
82	wpabuf_put_be16(msg, wpabuf_len(pubkey));
83	wpabuf_put_buf(msg, pubkey);
84
85	if (wps->registrar) {
86		wpabuf_free(wps->dh_pubkey_r);
87		wps->dh_pubkey_r = pubkey;
88	} else {
89		wpabuf_free(wps->dh_pubkey_e);
90		wps->dh_pubkey_e = pubkey;
91	}
92
93	return 0;
94}
95
96
97int wps_build_req_type(struct wpabuf *msg, enum wps_request_type type)
98{
99	wpa_printf(MSG_DEBUG, "WPS:  * Request Type");
100	wpabuf_put_be16(msg, ATTR_REQUEST_TYPE);
101	wpabuf_put_be16(msg, 1);
102	wpabuf_put_u8(msg, type);
103	return 0;
104}
105
106
107int wps_build_resp_type(struct wpabuf *msg, enum wps_response_type type)
108{
109	wpa_printf(MSG_DEBUG, "WPS:  * Response Type (%d)", type);
110	wpabuf_put_be16(msg, ATTR_RESPONSE_TYPE);
111	wpabuf_put_be16(msg, 1);
112	wpabuf_put_u8(msg, type);
113	return 0;
114}
115
116
117int wps_build_config_methods(struct wpabuf *msg, u16 methods)
118{
119	wpa_printf(MSG_DEBUG, "WPS:  * Config Methods (%x)", methods);
120	wpabuf_put_be16(msg, ATTR_CONFIG_METHODS);
121	wpabuf_put_be16(msg, 2);
122	wpabuf_put_be16(msg, methods);
123	return 0;
124}
125
126
127int wps_build_uuid_e(struct wpabuf *msg, const u8 *uuid)
128{
129	if (wpabuf_tailroom(msg) < 4 + WPS_UUID_LEN)
130		return -1;
131	wpa_printf(MSG_DEBUG, "WPS:  * UUID-E");
132	wpabuf_put_be16(msg, ATTR_UUID_E);
133	wpabuf_put_be16(msg, WPS_UUID_LEN);
134	wpabuf_put_data(msg, uuid, WPS_UUID_LEN);
135	return 0;
136}
137
138
139int wps_build_dev_password_id(struct wpabuf *msg, u16 id)
140{
141	wpa_printf(MSG_DEBUG, "WPS:  * Device Password ID (%d)", id);
142	wpabuf_put_be16(msg, ATTR_DEV_PASSWORD_ID);
143	wpabuf_put_be16(msg, 2);
144	wpabuf_put_be16(msg, id);
145	return 0;
146}
147
148
149int wps_build_config_error(struct wpabuf *msg, u16 err)
150{
151	wpa_printf(MSG_DEBUG, "WPS:  * Configuration Error (%d)", err);
152	wpabuf_put_be16(msg, ATTR_CONFIG_ERROR);
153	wpabuf_put_be16(msg, 2);
154	wpabuf_put_be16(msg, err);
155	return 0;
156}
157
158
159int wps_build_authenticator(struct wps_data *wps, struct wpabuf *msg)
160{
161	u8 hash[SHA256_MAC_LEN];
162	const u8 *addr[2];
163	size_t len[2];
164
165	if (wps->last_msg == NULL) {
166		wpa_printf(MSG_DEBUG, "WPS: Last message not available for "
167			   "building authenticator");
168		return -1;
169	}
170
171	/* Authenticator = HMAC-SHA256_AuthKey(M_prev || M_curr*)
172	 * (M_curr* is M_curr without the Authenticator attribute)
173	 */
174	addr[0] = wpabuf_head(wps->last_msg);
175	len[0] = wpabuf_len(wps->last_msg);
176	addr[1] = wpabuf_head(msg);
177	len[1] = wpabuf_len(msg);
178	if (hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len,
179			       hash) < 0)
180		return -1;
181
182	wpa_printf(MSG_DEBUG, "WPS:  * Authenticator");
183	wpabuf_put_be16(msg, ATTR_AUTHENTICATOR);
184	wpabuf_put_be16(msg, WPS_AUTHENTICATOR_LEN);
185	wpabuf_put_data(msg, hash, WPS_AUTHENTICATOR_LEN);
186
187	return 0;
188}
189
190
191int wps_build_version(struct wpabuf *msg)
192{
193	/*
194	 * Note: This attribute is deprecated and set to hardcoded 0x10 for
195	 * backwards compatibility reasons. The real version negotiation is
196	 * done with Version2.
197	 */
198	if (wpabuf_tailroom(msg) < 5)
199		return -1;
200	wpa_printf(MSG_DEBUG, "WPS:  * Version (hardcoded 0x10)");
201	wpabuf_put_be16(msg, ATTR_VERSION);
202	wpabuf_put_be16(msg, 1);
203	wpabuf_put_u8(msg, 0x10);
204	return 0;
205}
206
207
208int wps_build_wfa_ext(struct wpabuf *msg, int req_to_enroll,
209		      const u8 *auth_macs, size_t auth_macs_count,
210		      u8 multi_ap_subelem)
211{
212	u8 *len;
213
214#ifdef CONFIG_WPS_TESTING
215	if (WPS_VERSION == 0x10)
216		return 0;
217#endif /* CONFIG_WPS_TESTING */
218
219	if (wpabuf_tailroom(msg) <
220	    7 + 3 + (req_to_enroll ? 3 : 0) +
221	    (auth_macs ? 2 + auth_macs_count * ETH_ALEN : 0))
222		return -1;
223	wpabuf_put_be16(msg, ATTR_VENDOR_EXT);
224	len = wpabuf_put(msg, 2); /* to be filled */
225	wpabuf_put_be24(msg, WPS_VENDOR_ID_WFA);
226
227	wpa_printf(MSG_DEBUG, "WPS:  * Version2 (0x%x)", WPS_VERSION);
228	wpabuf_put_u8(msg, WFA_ELEM_VERSION2);
229	wpabuf_put_u8(msg, 1);
230	wpabuf_put_u8(msg, WPS_VERSION);
231
232	if (req_to_enroll) {
233		wpa_printf(MSG_DEBUG, "WPS:  * Request to Enroll (1)");
234		wpabuf_put_u8(msg, WFA_ELEM_REQUEST_TO_ENROLL);
235		wpabuf_put_u8(msg, 1);
236		wpabuf_put_u8(msg, 1);
237	}
238
239	if (auth_macs && auth_macs_count) {
240		size_t i;
241		wpa_printf(MSG_DEBUG, "WPS:  * AuthorizedMACs (count=%d)",
242			   (int) auth_macs_count);
243		wpabuf_put_u8(msg, WFA_ELEM_AUTHORIZEDMACS);
244		wpabuf_put_u8(msg, auth_macs_count * ETH_ALEN);
245		wpabuf_put_data(msg, auth_macs, auth_macs_count * ETH_ALEN);
246		for (i = 0; i < auth_macs_count; i++)
247			wpa_printf(MSG_DEBUG, "WPS:    AuthorizedMAC: " MACSTR,
248				   MAC2STR(&auth_macs[i * ETH_ALEN]));
249	}
250
251	if (multi_ap_subelem) {
252		wpa_printf(MSG_DEBUG, "WPS:  * Multi-AP (0x%x)",
253			   multi_ap_subelem);
254		wpabuf_put_u8(msg, WFA_ELEM_MULTI_AP);
255		wpabuf_put_u8(msg, 1); /* length */
256		wpabuf_put_u8(msg, multi_ap_subelem);
257	}
258
259	WPA_PUT_BE16(len, (u8 *) wpabuf_put(msg, 0) - len - 2);
260
261#ifdef CONFIG_WPS_TESTING
262	if (WPS_VERSION > 0x20) {
263		if (wpabuf_tailroom(msg) < 5)
264			return -1;
265		wpa_printf(MSG_DEBUG, "WPS:  * Extensibility Testing - extra "
266			   "attribute");
267		wpabuf_put_be16(msg, ATTR_EXTENSIBILITY_TEST);
268		wpabuf_put_be16(msg, 1);
269		wpabuf_put_u8(msg, 42);
270	}
271#endif /* CONFIG_WPS_TESTING */
272	return 0;
273}
274
275
276int wps_build_msg_type(struct wpabuf *msg, enum wps_msg_type msg_type)
277{
278	wpa_printf(MSG_DEBUG, "WPS:  * Message Type (%d)", msg_type);
279	wpabuf_put_be16(msg, ATTR_MSG_TYPE);
280	wpabuf_put_be16(msg, 1);
281	wpabuf_put_u8(msg, msg_type);
282	return 0;
283}
284
285
286int wps_build_enrollee_nonce(struct wps_data *wps, struct wpabuf *msg)
287{
288	wpa_printf(MSG_DEBUG, "WPS:  * Enrollee Nonce");
289	wpabuf_put_be16(msg, ATTR_ENROLLEE_NONCE);
290	wpabuf_put_be16(msg, WPS_NONCE_LEN);
291	wpabuf_put_data(msg, wps->nonce_e, WPS_NONCE_LEN);
292	return 0;
293}
294
295
296int wps_build_registrar_nonce(struct wps_data *wps, struct wpabuf *msg)
297{
298	wpa_printf(MSG_DEBUG, "WPS:  * Registrar Nonce");
299	wpabuf_put_be16(msg, ATTR_REGISTRAR_NONCE);
300	wpabuf_put_be16(msg, WPS_NONCE_LEN);
301	wpabuf_put_data(msg, wps->nonce_r, WPS_NONCE_LEN);
302	return 0;
303}
304
305
306int wps_build_auth_type_flags(struct wps_data *wps, struct wpabuf *msg)
307{
308	u16 auth_types = WPS_AUTH_TYPES;
309	/* WPA/WPA2-Enterprise enrollment not supported through WPS */
310	auth_types &= ~WPS_AUTH_WPA;
311	auth_types &= ~WPS_AUTH_WPA2;
312	auth_types &= ~WPS_AUTH_SHARED;
313#ifdef CONFIG_NO_TKIP
314	auth_types &= ~WPS_AUTH_WPAPSK;
315#endif /* CONFIG_NO_TKIP */
316#ifdef CONFIG_WPS_TESTING
317	if (wps_force_auth_types_in_use) {
318		wpa_printf(MSG_DEBUG,
319			   "WPS: Testing - replace auth type 0x%x with 0x%x",
320			   auth_types, wps_force_auth_types);
321		auth_types = wps_force_auth_types;
322	}
323#endif /* CONFIG_WPS_TESTING */
324	wpa_printf(MSG_DEBUG, "WPS:  * Authentication Type Flags (0x%x)",
325		   auth_types);
326	wpabuf_put_be16(msg, ATTR_AUTH_TYPE_FLAGS);
327	wpabuf_put_be16(msg, 2);
328	wpabuf_put_be16(msg, auth_types);
329	return 0;
330}
331
332
333int wps_build_encr_type_flags(struct wps_data *wps, struct wpabuf *msg)
334{
335	u16 encr_types = WPS_ENCR_TYPES;
336	encr_types &= ~WPS_ENCR_WEP;
337#ifdef CONFIG_NO_TKIP
338	encr_types &= ~WPS_ENCR_TKIP;
339#endif /* CONFIG_NO_TKIP */
340#ifdef CONFIG_WPS_TESTING
341	if (wps_force_encr_types_in_use) {
342		wpa_printf(MSG_DEBUG,
343			   "WPS: Testing - replace encr type 0x%x with 0x%x",
344			   encr_types, wps_force_encr_types);
345		encr_types = wps_force_encr_types;
346	}
347#endif /* CONFIG_WPS_TESTING */
348	wpa_printf(MSG_DEBUG, "WPS:  * Encryption Type Flags (0x%x)",
349		   encr_types);
350	wpabuf_put_be16(msg, ATTR_ENCR_TYPE_FLAGS);
351	wpabuf_put_be16(msg, 2);
352	wpabuf_put_be16(msg, encr_types);
353	return 0;
354}
355
356
357int wps_build_conn_type_flags(struct wps_data *wps, struct wpabuf *msg)
358{
359	wpa_printf(MSG_DEBUG, "WPS:  * Connection Type Flags");
360	wpabuf_put_be16(msg, ATTR_CONN_TYPE_FLAGS);
361	wpabuf_put_be16(msg, 1);
362	wpabuf_put_u8(msg, WPS_CONN_ESS);
363	return 0;
364}
365
366
367int wps_build_assoc_state(struct wps_data *wps, struct wpabuf *msg)
368{
369	wpa_printf(MSG_DEBUG, "WPS:  * Association State");
370	wpabuf_put_be16(msg, ATTR_ASSOC_STATE);
371	wpabuf_put_be16(msg, 2);
372	wpabuf_put_be16(msg, WPS_ASSOC_NOT_ASSOC);
373	return 0;
374}
375
376
377int wps_build_key_wrap_auth(struct wps_data *wps, struct wpabuf *msg)
378{
379	u8 hash[SHA256_MAC_LEN];
380
381	wpa_printf(MSG_DEBUG, "WPS:  * Key Wrap Authenticator");
382	if (hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, wpabuf_head(msg),
383			wpabuf_len(msg), hash) < 0)
384		return -1;
385
386	wpabuf_put_be16(msg, ATTR_KEY_WRAP_AUTH);
387	wpabuf_put_be16(msg, WPS_KWA_LEN);
388	wpabuf_put_data(msg, hash, WPS_KWA_LEN);
389	return 0;
390}
391
392
393int wps_build_encr_settings(struct wps_data *wps, struct wpabuf *msg,
394			    struct wpabuf *plain)
395{
396	size_t pad_len;
397	const size_t block_size = 16;
398	u8 *iv, *data;
399
400	wpa_printf(MSG_DEBUG, "WPS:  * Encrypted Settings");
401
402	/* PKCS#5 v2.0 pad */
403	pad_len = block_size - wpabuf_len(plain) % block_size;
404	os_memset(wpabuf_put(plain, pad_len), pad_len, pad_len);
405
406	wpabuf_put_be16(msg, ATTR_ENCR_SETTINGS);
407	wpabuf_put_be16(msg, block_size + wpabuf_len(plain));
408
409	iv = wpabuf_put(msg, block_size);
410	if (random_get_bytes(iv, block_size) < 0)
411		return -1;
412
413	data = wpabuf_put(msg, 0);
414	wpabuf_put_buf(msg, plain);
415	if (aes_128_cbc_encrypt(wps->keywrapkey, iv, data, wpabuf_len(plain)))
416		return -1;
417
418	return 0;
419}
420
421
422#ifdef CONFIG_WPS_OOB
423int wps_build_oob_dev_pw(struct wpabuf *msg, u16 dev_pw_id,
424			 const struct wpabuf *pubkey, const u8 *dev_pw,
425			 size_t dev_pw_len)
426{
427	size_t hash_len;
428	const u8 *addr[1];
429	u8 pubkey_hash[WPS_HASH_LEN];
430
431	wpa_printf(MSG_DEBUG, "WPS:  * OOB Device Password (dev_pw_id=%u)",
432		   dev_pw_id);
433	addr[0] = wpabuf_head(pubkey);
434	hash_len = wpabuf_len(pubkey);
435	if (sha256_vector(1, addr, &hash_len, pubkey_hash) < 0)
436		return -1;
437#ifdef CONFIG_WPS_TESTING
438	if (wps_corrupt_pkhash) {
439		wpa_hexdump(MSG_DEBUG, "WPS: Real Public Key Hash",
440			    pubkey_hash, WPS_OOB_PUBKEY_HASH_LEN);
441		wpa_printf(MSG_INFO, "WPS: Testing - corrupt public key hash");
442		pubkey_hash[WPS_OOB_PUBKEY_HASH_LEN - 2]++;
443	}
444#endif /* CONFIG_WPS_TESTING */
445
446	wpabuf_put_be16(msg, ATTR_OOB_DEVICE_PASSWORD);
447	wpabuf_put_be16(msg, WPS_OOB_PUBKEY_HASH_LEN + 2 + dev_pw_len);
448	wpa_hexdump(MSG_DEBUG, "WPS: Public Key Hash",
449		    pubkey_hash, WPS_OOB_PUBKEY_HASH_LEN);
450	wpabuf_put_data(msg, pubkey_hash, WPS_OOB_PUBKEY_HASH_LEN);
451	wpabuf_put_be16(msg, dev_pw_id);
452	if (dev_pw) {
453		wpa_hexdump_key(MSG_DEBUG, "WPS: OOB Device Password",
454				dev_pw, dev_pw_len);
455		wpabuf_put_data(msg, dev_pw, dev_pw_len);
456	}
457
458	return 0;
459}
460#endif /* CONFIG_WPS_OOB */
461
462
463/* Encapsulate WPS IE data with one (or more, if needed) IE headers */
464struct wpabuf * wps_ie_encapsulate(struct wpabuf *data)
465{
466	struct wpabuf *ie;
467	const u8 *pos, *end;
468
469	ie = wpabuf_alloc(wpabuf_len(data) + 100);
470	if (ie == NULL) {
471		wpabuf_free(data);
472		return NULL;
473	}
474
475	pos = wpabuf_head(data);
476	end = pos + wpabuf_len(data);
477
478	while (end > pos) {
479		size_t frag_len = end - pos;
480		if (frag_len > 251)
481			frag_len = 251;
482		wpabuf_put_u8(ie, WLAN_EID_VENDOR_SPECIFIC);
483		wpabuf_put_u8(ie, 4 + frag_len);
484		wpabuf_put_be32(ie, WPS_DEV_OUI_WFA);
485		wpabuf_put_data(ie, pos, frag_len);
486		pos += frag_len;
487	}
488
489	wpabuf_free(data);
490
491	return ie;
492}
493
494
495int wps_build_mac_addr(struct wpabuf *msg, const u8 *addr)
496{
497	wpa_printf(MSG_DEBUG, "WPS:  * MAC Address (" MACSTR ")",
498		   MAC2STR(addr));
499	wpabuf_put_be16(msg, ATTR_MAC_ADDR);
500	wpabuf_put_be16(msg, ETH_ALEN);
501	wpabuf_put_data(msg, addr, ETH_ALEN);
502	return 0;
503}
504
505
506int wps_build_rf_bands_attr(struct wpabuf *msg, u8 rf_bands)
507{
508	wpa_printf(MSG_DEBUG, "WPS:  * RF Bands (%x)", rf_bands);
509	wpabuf_put_be16(msg, ATTR_RF_BANDS);
510	wpabuf_put_be16(msg, 1);
511	wpabuf_put_u8(msg, rf_bands);
512	return 0;
513}
514
515
516int wps_build_ap_channel(struct wpabuf *msg, u16 ap_channel)
517{
518	wpa_printf(MSG_DEBUG, "WPS:  * AP Channel (%u)", ap_channel);
519	wpabuf_put_be16(msg, ATTR_AP_CHANNEL);
520	wpabuf_put_be16(msg, 2);
521	wpabuf_put_be16(msg, ap_channel);
522	return 0;
523}
524