/* * Wi-Fi Protected Setup - Strict protocol validation routines * Copyright (c) 2010, Atheros Communications, Inc. * * This software may be distributed under the terms of the BSD license. * See README for more details. */ #include "utils/includes.h" #include "utils/common.h" #include "wps/wps_i.h" #include "wps/wps.h" #ifdef CONFIG_WPS_STRICT #ifndef WPS_STRICT_ALL #define WPS_STRICT_WPS2 #endif /* WPS_STRICT_ALL */ static int wps_validate_version(const u8 *version, int mandatory) { if (version == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Version attribute " "missing"); return -1; } return 0; } if (*version != 0x10) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Version attribute " "value 0x%x", *version); return -1; } return 0; } static int wps_validate_version2(const u8 *version2, int mandatory) { if (version2 == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Version2 attribute " "missing"); return -1; } return 0; } if (*version2 < 0x20) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Version2 attribute " "value 0x%x", *version2); return -1; } return 0; } static int wps_validate_request_type(const u8 *request_type, int mandatory) { if (request_type == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Request Type " "attribute missing"); return -1; } return 0; } if (*request_type > 0x03) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Request Type " "attribute value 0x%x", *request_type); return -1; } return 0; } static int wps_validate_response_type(const u8 *response_type, int mandatory) { if (response_type == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Response Type " "attribute missing"); return -1; } return 0; } if (*response_type > 0x03) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Response Type " "attribute value 0x%x", *response_type); return -1; } return 0; } static int valid_config_methods(u16 val, int wps2) { if (wps2) { if (!(val & 0x6000) && (val & WPS_CONFIG_DISPLAY)) { wpa_printf(MSG_INFO, "WPS-STRICT: Display flag " "without Physical/Virtual Display flag"); return 0; } if (!(val & 0x0600) && (val & WPS_CONFIG_PUSHBUTTON)) { wpa_printf(MSG_INFO, "WPS-STRICT: PushButton flag " "without Physical/Virtual PushButton flag"); return 0; } } return 1; } static int wps_validate_config_methods(const u8 *config_methods, int wps2, int mandatory) { u16 val; if (config_methods == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Configuration " "Methods attribute missing"); return -1; } return 0; } val = WPA_GET_BE16(config_methods); if (!valid_config_methods(val, wps2)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Configuration " "Methods attribute value 0x%04x", val); return -1; } return 0; } static int wps_validate_ap_config_methods(const u8 *config_methods, int wps2, int mandatory) { u16 val; if (wps_validate_config_methods(config_methods, wps2, mandatory) < 0) return -1; if (config_methods == NULL) return 0; val = WPA_GET_BE16(config_methods); if (val & WPS_CONFIG_PUSHBUTTON) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Configuration " "Methods attribute value 0x%04x in AP info " "(PushButton not allowed for registering new ER)", val); return -1; } return 0; } static int wps_validate_uuid_e(const u8 *uuid_e, int mandatory) { if (uuid_e == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: UUID-E " "attribute missing"); return -1; } return 0; } return 0; } static int wps_validate_uuid_r(const u8 *uuid_r, int mandatory) { if (uuid_r == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: UUID-R " "attribute missing"); return -1; } return 0; } return 0; } static int wps_validate_primary_dev_type(const u8 *primary_dev_type, int mandatory) { if (primary_dev_type == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Primary Device Type " "attribute missing"); return -1; } return 0; } return 0; } static int wps_validate_rf_bands(const u8 *rf_bands, int mandatory) { if (rf_bands == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: RF Bands " "attribute missing"); return -1; } return 0; } if (*rf_bands != WPS_RF_24GHZ && *rf_bands != WPS_RF_50GHZ && *rf_bands != (WPS_RF_24GHZ | WPS_RF_50GHZ)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Rf Bands " "attribute value 0x%x", *rf_bands); return -1; } return 0; } static int wps_validate_assoc_state(const u8 *assoc_state, int mandatory) { u16 val; if (assoc_state == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Association State " "attribute missing"); return -1; } return 0; } val = WPA_GET_BE16(assoc_state); if (val > 4) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Association State " "attribute value 0x%04x", val); return -1; } return 0; } static int wps_validate_config_error(const u8 *config_error, int mandatory) { u16 val; if (config_error == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Configuration Error " "attribute missing"); return -1; } return 0; } val = WPA_GET_BE16(config_error); if (val > 18) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Configuration Error " "attribute value 0x%04x", val); return -1; } return 0; } static int wps_validate_dev_password_id(const u8 *dev_password_id, int mandatory) { u16 val; if (dev_password_id == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Device Password ID " "attribute missing"); return -1; } return 0; } val = WPA_GET_BE16(dev_password_id); if (val >= 0x0006 && val <= 0x000f) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Device Password ID " "attribute value 0x%04x", val); return -1; } return 0; } static int wps_validate_manufacturer(const u8 *manufacturer, size_t len, int mandatory) { if (manufacturer == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Manufacturer " "attribute missing"); return -1; } return 0; } if (len > 0 && manufacturer[len - 1] == 0) { wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid Manufacturer " "attribute value", manufacturer, len); return -1; } return 0; } static int wps_validate_model_name(const u8 *model_name, size_t len, int mandatory) { if (model_name == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Model Name " "attribute missing"); return -1; } return 0; } if (len > 0 && model_name[len - 1] == 0) { wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid Model Name " "attribute value", model_name, len); return -1; } return 0; } static int wps_validate_model_number(const u8 *model_number, size_t len, int mandatory) { if (model_number == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Model Number " "attribute missing"); return -1; } return 0; } if (len > 0 && model_number[len - 1] == 0) { wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid Model Number " "attribute value", model_number, len); return -1; } return 0; } static int wps_validate_serial_number(const u8 *serial_number, size_t len, int mandatory) { if (serial_number == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Serial Number " "attribute missing"); return -1; } return 0; } if (len > 0 && serial_number[len - 1] == 0) { wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid Serial " "Number attribute value", serial_number, len); return -1; } return 0; } static int wps_validate_dev_name(const u8 *dev_name, size_t len, int mandatory) { if (dev_name == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Device Name " "attribute missing"); return -1; } return 0; } if (len > 0 && dev_name[len - 1] == 0) { wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid Device Name " "attribute value", dev_name, len); return -1; } return 0; } static int wps_validate_request_to_enroll(const u8 *request_to_enroll, int mandatory) { if (request_to_enroll == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Request to Enroll " "attribute missing"); return -1; } return 0; } if (*request_to_enroll > 0x01) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Request to Enroll " "attribute value 0x%x", *request_to_enroll); return -1; } return 0; } static int wps_validate_req_dev_type(const u8 *req_dev_type[], size_t num, int mandatory) { if (num == 0) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Requested Device " "Type attribute missing"); return -1; } return 0; } return 0; } static int wps_validate_wps_state(const u8 *wps_state, int mandatory) { if (wps_state == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Wi-Fi Protected " "Setup State attribute missing"); return -1; } return 0; } if (*wps_state != WPS_STATE_NOT_CONFIGURED && *wps_state != WPS_STATE_CONFIGURED) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Wi-Fi Protected " "Setup State attribute value 0x%x", *wps_state); return -1; } return 0; } static int wps_validate_ap_setup_locked(const u8 *ap_setup_locked, int mandatory) { if (ap_setup_locked == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: AP Setup Locked " "attribute missing"); return -1; } return 0; } if (*ap_setup_locked > 1) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid AP Setup Locked " "attribute value 0x%x", *ap_setup_locked); return -1; } return 0; } static int wps_validate_selected_registrar(const u8 *selected_registrar, int mandatory) { if (selected_registrar == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Selected Registrar " "attribute missing"); return -1; } return 0; } if (*selected_registrar > 1) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Selected Registrar " "attribute value 0x%x", *selected_registrar); return -1; } return 0; } static int wps_validate_sel_reg_config_methods(const u8 *config_methods, int wps2, int mandatory) { u16 val; if (config_methods == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Selected Registrar " "Configuration Methods attribute missing"); return -1; } return 0; } val = WPA_GET_BE16(config_methods); if (!valid_config_methods(val, wps2)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Selected Registrar " "Configuration Methods attribute value 0x%04x", val); return -1; } return 0; } static int wps_validate_authorized_macs(const u8 *authorized_macs, size_t len, int mandatory) { if (authorized_macs == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Authorized MACs " "attribute missing"); return -1; } return 0; } if (len > 30 && (len % ETH_ALEN) != 0) { wpa_hexdump(MSG_INFO, "WPS-STRICT: Invalid Authorized " "MACs attribute value", authorized_macs, len); return -1; } return 0; } static int wps_validate_msg_type(const u8 *msg_type, int mandatory) { if (msg_type == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Message Type " "attribute missing"); return -1; } return 0; } if (*msg_type < WPS_Beacon || *msg_type > WPS_WSC_DONE) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Message Type " "attribute value 0x%x", *msg_type); return -1; } return 0; } static int wps_validate_mac_addr(const u8 *mac_addr, int mandatory) { if (mac_addr == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: MAC Address " "attribute missing"); return -1; } return 0; } if (mac_addr[0] & 0x01) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid MAC Address " "attribute value " MACSTR, MAC2STR(mac_addr)); return -1; } return 0; } static int wps_validate_enrollee_nonce(const u8 *enrollee_nonce, int mandatory) { if (enrollee_nonce == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Enrollee Nonce " "attribute missing"); return -1; } return 0; } return 0; } static int wps_validate_registrar_nonce(const u8 *registrar_nonce, int mandatory) { if (registrar_nonce == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Registrar Nonce " "attribute missing"); return -1; } return 0; } return 0; } static int wps_validate_public_key(const u8 *public_key, size_t len, int mandatory) { if (public_key == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Public Key " "attribute missing"); return -1; } return 0; } if (len != 192) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Public Key " "attribute length %d", (int) len); return -1; } return 0; } static int num_bits_set(u16 val) { int c; for (c = 0; val; c++) val &= val - 1; return c; } static int wps_validate_auth_type_flags(const u8 *flags, int mandatory) { u16 val; if (flags == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Authentication Type " "Flags attribute missing"); return -1; } return 0; } val = WPA_GET_BE16(flags); if ((val & ~WPS_AUTH_TYPES) || !(val & WPS_AUTH_WPA2PSK)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Authentication Type " "Flags attribute value 0x%04x", val); return -1; } return 0; } static int wps_validate_auth_type(const u8 *type, int mandatory) { u16 val; if (type == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Authentication Type " "attribute missing"); return -1; } return 0; } val = WPA_GET_BE16(type); if ((val & ~WPS_AUTH_TYPES) || val == 0 || (num_bits_set(val) > 1 && val != (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK))) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Authentication Type " "attribute value 0x%04x", val); return -1; } return 0; } static int wps_validate_encr_type_flags(const u8 *flags, int mandatory) { u16 val; if (flags == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Encryption Type " "Flags attribute missing"); return -1; } return 0; } val = WPA_GET_BE16(flags); if ((val & ~WPS_ENCR_TYPES) || !(val & WPS_ENCR_AES)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Encryption Type " "Flags attribute value 0x%04x", val); return -1; } return 0; } static int wps_validate_encr_type(const u8 *type, int mandatory) { u16 val; if (type == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Encryption Type " "attribute missing"); return -1; } return 0; } val = WPA_GET_BE16(type); if ((val & ~WPS_ENCR_TYPES) || val == 0 || (num_bits_set(val) > 1 && val != (WPS_ENCR_TKIP | WPS_ENCR_AES))) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Encryption Type " "attribute value 0x%04x", val); return -1; } return 0; } static int wps_validate_conn_type_flags(const u8 *flags, int mandatory) { if (flags == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Connection Type " "Flags attribute missing"); return -1; } return 0; } if ((*flags & ~(WPS_CONN_ESS | WPS_CONN_IBSS)) || !(*flags & WPS_CONN_ESS)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Connection Type " "Flags attribute value 0x%02x", *flags); return -1; } return 0; } static int wps_validate_os_version(const u8 *os_version, int mandatory) { if (os_version == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: OS Version " "attribute missing"); return -1; } return 0; } return 0; } static int wps_validate_authenticator(const u8 *authenticator, int mandatory) { if (authenticator == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Authenticator " "attribute missing"); return -1; } return 0; } return 0; } static int wps_validate_e_hash1(const u8 *hash, int mandatory) { if (hash == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: E-Hash1 " "attribute missing"); return -1; } return 0; } return 0; } static int wps_validate_e_hash2(const u8 *hash, int mandatory) { if (hash == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: E-Hash2 " "attribute missing"); return -1; } return 0; } return 0; } static int wps_validate_r_hash1(const u8 *hash, int mandatory) { if (hash == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: R-Hash1 " "attribute missing"); return -1; } return 0; } return 0; } static int wps_validate_r_hash2(const u8 *hash, int mandatory) { if (hash == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: R-Hash2 " "attribute missing"); return -1; } return 0; } return 0; } static int wps_validate_encr_settings(const u8 *encr_settings, size_t len, int mandatory) { if (encr_settings == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Encrypted Settings " "attribute missing"); return -1; } return 0; } if (len < 16) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Encrypted Settings " "attribute length %d", (int) len); return -1; } return 0; } static int wps_validate_settings_delay_time(const u8 *delay, int mandatory) { if (delay == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Settings Delay Time " "attribute missing"); return -1; } return 0; } return 0; } static int wps_validate_r_snonce1(const u8 *nonce, int mandatory) { if (nonce == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: R-SNonce1 " "attribute missing"); return -1; } return 0; } return 0; } static int wps_validate_r_snonce2(const u8 *nonce, int mandatory) { if (nonce == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: R-SNonce2 " "attribute missing"); return -1; } return 0; } return 0; } static int wps_validate_e_snonce1(const u8 *nonce, int mandatory) { if (nonce == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: E-SNonce1 " "attribute missing"); return -1; } return 0; } return 0; } static int wps_validate_e_snonce2(const u8 *nonce, int mandatory) { if (nonce == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: E-SNonce2 " "attribute missing"); return -1; } return 0; } return 0; } static int wps_validate_key_wrap_auth(const u8 *auth, int mandatory) { if (auth == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Key Wrap " "Authenticator attribute missing"); return -1; } return 0; } return 0; } static int wps_validate_ssid(const u8 *ssid, size_t ssid_len, int mandatory) { if (ssid == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: SSID " "attribute missing"); return -1; } return 0; } if (ssid_len == 0 || ssid[ssid_len - 1] == 0) { wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid SSID " "attribute value", ssid, ssid_len); return -1; } return 0; } static int wps_validate_network_key_index(const u8 *idx, int mandatory) { if (idx == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Network Key Index " "attribute missing"); return -1; } return 0; } return 0; } static int wps_validate_network_idx(const u8 *idx, int mandatory) { if (idx == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Network Index " "attribute missing"); return -1; } return 0; } return 0; } static int wps_validate_network_key(const u8 *key, size_t key_len, const u8 *encr_type, int mandatory) { if (key == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Network Key " "attribute missing"); return -1; } return 0; } if (((encr_type == NULL || WPA_GET_BE16(encr_type) != WPS_ENCR_WEP) && key_len > 8 && key_len < 64 && key[key_len - 1] == 0) || key_len > 64) { wpa_hexdump_ascii_key(MSG_INFO, "WPS-STRICT: Invalid Network " "Key attribute value", key, key_len); return -1; } return 0; } static int wps_validate_network_key_shareable(const u8 *val, int mandatory) { if (val == NULL) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Network Key " "Shareable attribute missing"); return -1; } return 0; } if (*val > 1) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Network Key " "Shareable attribute value 0x%x", *val); return -1; } return 0; } static int wps_validate_cred(const u8 *cred, size_t len) { struct wps_parse_attr *attr; struct wpabuf buf; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (cred == NULL) { ret = -1; goto _out; } wpabuf_set(&buf, cred, len); if (wps_parse_msg(&buf, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse Credential"); ret = -1; goto _out; } if (wps_validate_network_idx(attr->network_idx, 1) || wps_validate_ssid(attr->ssid, attr->ssid_len, 1) || wps_validate_auth_type(attr->auth_type, 1) || wps_validate_encr_type(attr->encr_type, 1) || wps_validate_network_key_index(attr->network_key_idx, 0) || wps_validate_network_key(attr->network_key, attr->network_key_len, attr->encr_type, 1) || wps_validate_mac_addr(attr->mac_addr, 1) || wps_validate_network_key_shareable(attr->network_key_shareable, 0)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Credential"); ret = -1; goto _out; } ret = 0; _out: if (attr) os_free(attr); return ret; } static int wps_validate_credential(const u8 *cred[], size_t len[], size_t num, int mandatory) { size_t i; if (num == 0) { if (mandatory) { wpa_printf(MSG_INFO, "WPS-STRICT: Credential " "attribute missing"); return -1; } return 0; } for (i = 0; i < num; i++) { if (wps_validate_cred(cred[i], len[i]) < 0) return -1; } return 0; } int wps_validate_beacon(const struct wpabuf *wps_ie) { struct wps_parse_attr *attr; int wps2, sel_reg; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (wps_ie == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No WPS IE in Beacon frame"); ret = -1; goto _out; } if (wps_parse_msg(wps_ie, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse WPS IE in " "Beacon frame"); ret = -1; goto _out; } wps2 = attr->version2 != NULL; sel_reg = attr->selected_registrar != NULL && *attr->selected_registrar != 0; if (wps_validate_version(attr->version, 1) || wps_validate_wps_state(attr->wps_state, 1) || wps_validate_ap_setup_locked(attr->ap_setup_locked, 0) || wps_validate_selected_registrar(attr->selected_registrar, 0) || wps_validate_dev_password_id(attr->dev_password_id, sel_reg) || wps_validate_sel_reg_config_methods(attr->sel_reg_config_methods, wps2, sel_reg) || wps_validate_uuid_e(attr->uuid_e, 0) || wps_validate_rf_bands(attr->rf_bands, 0) || wps_validate_version2(attr->version2, wps2) || wps_validate_authorized_macs(attr->authorized_macs, attr->authorized_macs_len, 0)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Beacon frame"); ret = -1; goto _out; } ret = 0; _out: if (attr) os_free(attr); return ret; } int wps_validate_beacon_probe_resp(const struct wpabuf *wps_ie, int probe, const u8 *addr) { struct wps_parse_attr *attr; int wps2, sel_reg; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (wps_ie == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No WPS IE in " "%sProbe Response frame", probe ? "" : "Beacon/"); ret = -1; goto _out; } if (wps_parse_msg(wps_ie, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse WPS IE in " "%sProbe Response frame", probe ? "" : "Beacon/"); ret = -1; goto _out; } wps2 = attr->version2 != NULL; sel_reg = attr->selected_registrar != NULL && *attr->selected_registrar != 0; if (wps_validate_version(attr->version, 1) || wps_validate_wps_state(attr->wps_state, 1) || wps_validate_ap_setup_locked(attr->ap_setup_locked, 0) || wps_validate_selected_registrar(attr->selected_registrar, 0) || wps_validate_dev_password_id(attr->dev_password_id, sel_reg) || wps_validate_sel_reg_config_methods(attr->sel_reg_config_methods, wps2, sel_reg) || wps_validate_response_type(attr->response_type, probe) || wps_validate_uuid_e(attr->uuid_e, probe) || wps_validate_manufacturer(attr->manufacturer, attr->manufacturer_len, probe) || wps_validate_model_name(attr->model_name, attr->model_name_len, probe) || wps_validate_model_number(attr->model_number, attr->model_number_len, probe) || wps_validate_serial_number(attr->serial_number, attr->serial_number_len, probe) || wps_validate_primary_dev_type(attr->primary_dev_type, probe) || wps_validate_dev_name(attr->dev_name, attr->dev_name_len, probe) || wps_validate_ap_config_methods(attr->config_methods, wps2, probe) || wps_validate_rf_bands(attr->rf_bands, 0) || wps_validate_version2(attr->version2, wps2) || wps_validate_authorized_macs(attr->authorized_macs, attr->authorized_macs_len, 0)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid %sProbe Response " "frame from " MACSTR, probe ? "" : "Beacon/", MAC2STR(addr)); #ifdef WPS_STRICT_WPS2 if (wps2) { ret = -1; goto _out; } #else /* WPS_STRICT_WPS2 */ ret = -1; goto _out; #endif /* WPS_STRICT_WPS2 */ } ret = 0; _out: if (attr) os_free(attr); return ret; } int wps_validate_probe_req(const struct wpabuf *wps_ie, const u8 *addr) { struct wps_parse_attr *attr; int wps2; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (wps_ie == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No WPS IE in " "Probe Request frame"); ret = -1; goto _out; } if (wps_parse_msg(wps_ie, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse WPS IE in " "Probe Request frame"); ret = -1; goto _out; } wps2 = attr->version2 != NULL; if (wps_validate_version(attr->version, 1) || wps_validate_request_type(attr->request_type, 1) || wps_validate_config_methods(attr->config_methods, wps2, 1) || wps_validate_uuid_e(attr->uuid_e, attr->uuid_r == NULL) || wps_validate_uuid_r(attr->uuid_r, attr->uuid_e == NULL) || wps_validate_primary_dev_type(attr->primary_dev_type, 1) || wps_validate_rf_bands(attr->rf_bands, 1) || wps_validate_assoc_state(attr->assoc_state, 1) || wps_validate_config_error(attr->config_error, 1) || wps_validate_dev_password_id(attr->dev_password_id, 1) || wps_validate_version2(attr->version2, wps2) || wps_validate_manufacturer(attr->manufacturer, attr->manufacturer_len, wps2) || wps_validate_model_name(attr->model_name, attr->model_name_len, wps2) || wps_validate_model_number(attr->model_number, attr->model_number_len, wps2) || wps_validate_dev_name(attr->dev_name, attr->dev_name_len, wps2) || wps_validate_request_to_enroll(attr->request_to_enroll, 0) || wps_validate_req_dev_type(attr->req_dev_type, attr->num_req_dev_type, 0)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Probe Request " "frame from " MACSTR, MAC2STR(addr)); ret = -1; goto _out; } ret = 0; _out: if (attr) os_free(attr); return ret; } int wps_validate_assoc_req(const struct wpabuf *wps_ie) { struct wps_parse_attr *attr; int wps2; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (wps_ie == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No WPS IE in " "(Re)Association Request frame"); ret = -1; goto _out; } if (wps_parse_msg(wps_ie, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse WPS IE in " "(Re)Association Request frame"); ret = -1; goto _out; } wps2 = attr->version2 != NULL; if (wps_validate_version(attr->version, 1) || wps_validate_request_type(attr->request_type, 1) || wps_validate_version2(attr->version2, wps2)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid (Re)Association " "Request frame"); ret = -1; goto _out; } ret = 0; _out: if (attr) os_free(attr); return ret; } int wps_validate_assoc_resp(const struct wpabuf *wps_ie) { struct wps_parse_attr *attr; int wps2; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (wps_ie == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No WPS IE in " "(Re)Association Response frame"); ret = -1; goto _out; } if (wps_parse_msg(wps_ie, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse WPS IE in " "(Re)Association Response frame"); ret = -1; goto _out; } wps2 = attr->version2 != NULL; if (wps_validate_version(attr->version, 1) || wps_validate_response_type(attr->response_type, 1) || wps_validate_version2(attr->version2, wps2)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid (Re)Association " "Response frame"); ret = -1; goto _out; } ret = 0; _out: if(attr) os_free(attr); return ret; } int wps_validate_m1(const struct wpabuf *tlvs) { struct wps_parse_attr *attr; int wps2; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (tlvs == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M1"); ret = -1; goto _out; } if (wps_parse_msg(tlvs, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes " "in M1"); ret = -1; goto _out; } wps2 = attr->version2 != NULL; if (wps_validate_version(attr->version, 1) || wps_validate_msg_type(attr->msg_type, 1) || wps_validate_uuid_e(attr->uuid_e, 1) || wps_validate_mac_addr(attr->mac_addr, 1) || wps_validate_enrollee_nonce(attr->enrollee_nonce, 1) || wps_validate_public_key(attr->public_key, attr->public_key_len, 1) || wps_validate_auth_type_flags(attr->auth_type_flags, 1) || wps_validate_encr_type_flags(attr->encr_type_flags, 1) || wps_validate_conn_type_flags(attr->conn_type_flags, 1) || wps_validate_config_methods(attr->config_methods, wps2, 1) || wps_validate_wps_state(attr->wps_state, 1) || wps_validate_manufacturer(attr->manufacturer, attr->manufacturer_len, 1) || wps_validate_model_name(attr->model_name, attr->model_name_len, 1) || wps_validate_model_number(attr->model_number, attr->model_number_len, 1) || wps_validate_serial_number(attr->serial_number, attr->serial_number_len, 1) || wps_validate_primary_dev_type(attr->primary_dev_type, 1) || wps_validate_dev_name(attr->dev_name, attr->dev_name_len, 1) || wps_validate_rf_bands(attr->rf_bands, 1) || wps_validate_assoc_state(attr->assoc_state, 1) || wps_validate_dev_password_id(attr->dev_password_id, 1) || wps_validate_config_error(attr->config_error, 1) || wps_validate_os_version(attr->os_version, 1) || wps_validate_version2(attr->version2, wps2) || wps_validate_request_to_enroll(attr->request_to_enroll, 0)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M1"); #ifdef WPS_STRICT_WPS2 if (wps2) { ret = -1; goto _out; } #else /* WPS_STRICT_WPS2 */ ret = -1; goto _out; #endif /* WPS_STRICT_WPS2 */ } ret = 0; _out: if (attr) os_free(attr); return ret; } int wps_validate_m2(const struct wpabuf *tlvs) { struct wps_parse_attr *attr; int wps2; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (tlvs == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M2"); ret = -1; goto _out; } if (wps_parse_msg(tlvs, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes " "in M2"); ret = -1; goto _out; } wps2 = attr->version2 != NULL; if (wps_validate_version(attr->version, 1) || wps_validate_msg_type(attr->msg_type, 1) || wps_validate_enrollee_nonce(attr->enrollee_nonce, 1) || wps_validate_registrar_nonce(attr->registrar_nonce, 1) || wps_validate_uuid_r(attr->uuid_r, 1) || wps_validate_public_key(attr->public_key, attr->public_key_len, 1) || wps_validate_auth_type_flags(attr->auth_type_flags, 1) || wps_validate_encr_type_flags(attr->encr_type_flags, 1) || wps_validate_conn_type_flags(attr->conn_type_flags, 1) || wps_validate_config_methods(attr->config_methods, wps2, 1) || wps_validate_manufacturer(attr->manufacturer, attr->manufacturer_len, 1) || wps_validate_model_name(attr->model_name, attr->model_name_len, 1) || wps_validate_model_number(attr->model_number, attr->model_number_len, 1) || wps_validate_serial_number(attr->serial_number, attr->serial_number_len, 1) || wps_validate_primary_dev_type(attr->primary_dev_type, 1) || wps_validate_dev_name(attr->dev_name, attr->dev_name_len, 1) || wps_validate_rf_bands(attr->rf_bands, 1) || wps_validate_assoc_state(attr->assoc_state, 1) || wps_validate_config_error(attr->config_error, 1) || wps_validate_dev_password_id(attr->dev_password_id, 1) || wps_validate_os_version(attr->os_version, 1) || wps_validate_version2(attr->version2, wps2) || wps_validate_authenticator(attr->authenticator, 1)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M2"); #ifdef WPS_STRICT_WPS2 if (wps2) { ret = -1; goto _out; } #else /* WPS_STRICT_WPS2 */ ret = -1; goto _out; #endif /* WPS_STRICT_WPS2 */ } ret = 0; _out: if (attr) os_free(attr); return ret; } int wps_validate_m2d(const struct wpabuf *tlvs) { struct wps_parse_attr *attr; int wps2; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (tlvs == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M2D"); ret = -1; goto _out; } if (wps_parse_msg(tlvs, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes " "in M2D"); ret = -1; goto _out; } wps2 = attr->version2 != NULL; if (wps_validate_version(attr->version, 1) || wps_validate_msg_type(attr->msg_type, 1) || wps_validate_enrollee_nonce(attr->enrollee_nonce, 1) || wps_validate_registrar_nonce(attr->registrar_nonce, 1) || wps_validate_uuid_r(attr->uuid_r, 1) || wps_validate_auth_type_flags(attr->auth_type_flags, 1) || wps_validate_encr_type_flags(attr->encr_type_flags, 1) || wps_validate_conn_type_flags(attr->conn_type_flags, 1) || wps_validate_config_methods(attr->config_methods, wps2, 1) || wps_validate_manufacturer(attr->manufacturer, attr->manufacturer_len, 1) || wps_validate_model_name(attr->model_name, attr->model_name_len, 1) || wps_validate_model_number(attr->model_number, attr->model_number_len, 1) || wps_validate_serial_number(attr->serial_number, attr->serial_number_len, 1) || wps_validate_primary_dev_type(attr->primary_dev_type, 1) || wps_validate_dev_name(attr->dev_name, attr->dev_name_len, 1) || wps_validate_rf_bands(attr->rf_bands, 1) || wps_validate_assoc_state(attr->assoc_state, 1) || wps_validate_config_error(attr->config_error, 1) || wps_validate_os_version(attr->os_version, 1) || wps_validate_version2(attr->version2, wps2)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M2D"); #ifdef WPS_STRICT_WPS2 if (wps2) { ret = -1; goto _out; } #else /* WPS_STRICT_WPS2 */ ret = -1; goto _out; #endif /* WPS_STRICT_WPS2 */ } ret = 0; _out: if (attr) os_free(attr); return ret; } int wps_validate_m3(const struct wpabuf *tlvs) { struct wps_parse_attr *attr; int wps2; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (tlvs == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M3"); ret = -1; goto _out; } if (wps_parse_msg(tlvs, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes " "in M3"); ret = -1; goto _out; } wps2 = attr->version2 != NULL; if (wps_validate_version(attr->version, 1) || wps_validate_msg_type(attr->msg_type, 1) || wps_validate_registrar_nonce(attr->registrar_nonce, 1) || wps_validate_e_hash1(attr->e_hash1, 1) || wps_validate_e_hash2(attr->e_hash2, 1) || wps_validate_version2(attr->version2, wps2) || wps_validate_authenticator(attr->authenticator, 1)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M3"); #ifdef WPS_STRICT_WPS2 if (wps2) { ret = -1; goto _out; } #else /* WPS_STRICT_WPS2 */ ret = -1; goto _out; #endif /* WPS_STRICT_WPS2 */ } ret = 0; _out: if (attr) os_free(attr); return ret; } int wps_validate_m4(const struct wpabuf *tlvs) { struct wps_parse_attr *attr; int wps2; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (tlvs == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M4"); ret = -1; goto _out; } if (wps_parse_msg(tlvs, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes " "in M4"); ret = -1; goto _out; } wps2 = attr->version2 != NULL; if (wps_validate_version(attr->version, 1) || wps_validate_msg_type(attr->msg_type, 1) || wps_validate_enrollee_nonce(attr->enrollee_nonce, 1) || wps_validate_r_hash1(attr->r_hash1, 1) || wps_validate_r_hash2(attr->r_hash2, 1) || wps_validate_encr_settings(attr->encr_settings, attr->encr_settings_len, 1) || wps_validate_version2(attr->version2, wps2) || wps_validate_authenticator(attr->authenticator, 1)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M4"); #ifdef WPS_STRICT_WPS2 if (wps2) { ret = -1; goto _out; } #else /* WPS_STRICT_WPS2 */ ret = -1; goto _out; #endif /* WPS_STRICT_WPS2 */ } ret = 0; _out: if (attr) os_free(attr); return ret; } int wps_validate_m4_encr(const struct wpabuf *tlvs, int wps2) { struct wps_parse_attr *attr; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (tlvs == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M4 encrypted " "settings"); ret = -1; goto _out; } if (wps_parse_msg(tlvs, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes " "in M4 encrypted settings"); ret = -1; goto _out; } if (wps_validate_r_snonce1(attr->r_snonce1, 1) || wps_validate_key_wrap_auth(attr->key_wrap_auth, 1)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M4 encrypted " "settings"); #ifdef WPS_STRICT_WPS2 if (wps2) { ret = -1; goto _out; } #else /* WPS_STRICT_WPS2 */ ret = -1; goto _out; #endif /* WPS_STRICT_WPS2 */ } ret = 0; _out: if (attr) os_free(attr); return ret; } int wps_validate_m5(const struct wpabuf *tlvs) { struct wps_parse_attr *attr; int wps2; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (tlvs == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M5"); ret = -1; goto _out; } if (wps_parse_msg(tlvs, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes " "in M5"); ret = -1; goto _out; } wps2 = attr->version2 != NULL; if (wps_validate_version(attr->version, 1) || wps_validate_msg_type(attr->msg_type, 1) || wps_validate_registrar_nonce(attr->registrar_nonce, 1) || wps_validate_encr_settings(attr->encr_settings, attr->encr_settings_len, 1) || wps_validate_version2(attr->version2, wps2) || wps_validate_authenticator(attr->authenticator, 1)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M5"); #ifdef WPS_STRICT_WPS2 if (wps2) { ret = -1; goto _out; } #else /* WPS_STRICT_WPS2 */ ret = -1; goto _out; #endif /* WPS_STRICT_WPS2 */ } ret = 0; _out: if (attr) os_free(attr); return ret; } int wps_validate_m5_encr(const struct wpabuf *tlvs, int wps2) { struct wps_parse_attr *attr; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (tlvs == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M5 encrypted " "settings"); ret = -1; goto _out; } if (wps_parse_msg(tlvs, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes " "in M5 encrypted settings"); ret = -1; goto _out; } if (wps_validate_e_snonce1(attr->e_snonce1, 1) || wps_validate_key_wrap_auth(attr->key_wrap_auth, 1)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M5 encrypted " "settings"); #ifdef WPS_STRICT_WPS2 if (wps2) { ret = -1; goto _out; } #else /* WPS_STRICT_WPS2 */ ret = -1; goto _out; #endif /* WPS_STRICT_WPS2 */ } ret = 0; _out: if (attr) os_free(attr); return ret; } int wps_validate_m6(const struct wpabuf *tlvs) { struct wps_parse_attr *attr; int wps2; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (tlvs == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M6"); ret = -1; goto _out; } if (wps_parse_msg(tlvs, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes " "in M6"); ret = -1; goto _out; } wps2 = attr->version2 != NULL; if (wps_validate_version(attr->version, 1) || wps_validate_msg_type(attr->msg_type, 1) || wps_validate_enrollee_nonce(attr->enrollee_nonce, 1) || wps_validate_encr_settings(attr->encr_settings, attr->encr_settings_len, 1) || wps_validate_version2(attr->version2, wps2) || wps_validate_authenticator(attr->authenticator, 1)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M6"); #ifdef WPS_STRICT_WPS2 if (wps2) { ret = -1; goto _out; } #else /* WPS_STRICT_WPS2 */ ret = -1; goto _out; #endif /* WPS_STRICT_WPS2 */ } ret = 0; _out: if (attr) os_free(attr); return ret; } int wps_validate_m6_encr(const struct wpabuf *tlvs, int wps2) { struct wps_parse_attr *attr; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (tlvs == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M6 encrypted " "settings"); ret = -1; goto _out; } if (wps_parse_msg(tlvs, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes " "in M6 encrypted settings"); ret = -1; goto _out; } if (wps_validate_r_snonce2(attr->r_snonce2, 1) || wps_validate_key_wrap_auth(attr->key_wrap_auth, 1)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M6 encrypted " "settings"); #ifdef WPS_STRICT_WPS2 if (wps2) { ret = -1; goto _out; } #else /* WPS_STRICT_WPS2 */ ret = -1; goto _out; #endif /* WPS_STRICT_WPS2 */ } ret = 0; _out: if (attr) os_free(attr); return ret; } int wps_validate_m7(const struct wpabuf *tlvs) { struct wps_parse_attr *attr; int wps2; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (tlvs == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M7"); ret = -1; goto _out; } if (wps_parse_msg(tlvs, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes " "in M7"); ret = -1; goto _out; } wps2 = attr->version2 != NULL; if (wps_validate_version(attr->version, 1) || wps_validate_msg_type(attr->msg_type, 1) || wps_validate_registrar_nonce(attr->registrar_nonce, 1) || wps_validate_encr_settings(attr->encr_settings, attr->encr_settings_len, 1) || wps_validate_settings_delay_time(attr->settings_delay_time, 0) || wps_validate_version2(attr->version2, wps2) || wps_validate_authenticator(attr->authenticator, 1)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M7"); #ifdef WPS_STRICT_WPS2 if (wps2) { ret = -1; goto _out; } #else /* WPS_STRICT_WPS2 */ ret = -1; goto _out; #endif /* WPS_STRICT_WPS2 */ } ret = 0; _out: if (attr) os_free(attr); return ret; } int wps_validate_m7_encr(const struct wpabuf *tlvs, int ap, int wps2) { struct wps_parse_attr *attr; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (tlvs == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M7 encrypted " "settings"); ret = -1; goto _out; } if (wps_parse_msg(tlvs, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes " "in M7 encrypted settings"); ret = -1; goto _out; } if (wps_validate_e_snonce2(attr->e_snonce2, 1) || wps_validate_ssid(attr->ssid, attr->ssid_len, !ap) || wps_validate_mac_addr(attr->mac_addr, !ap) || wps_validate_auth_type(attr->auth_type, !ap) || wps_validate_encr_type(attr->encr_type, !ap) || wps_validate_network_key_index(attr->network_key_idx, 0) || wps_validate_network_key(attr->network_key, attr->network_key_len, attr->encr_type, !ap) || wps_validate_key_wrap_auth(attr->key_wrap_auth, 1)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M7 encrypted " "settings"); #ifdef WPS_STRICT_WPS2 if (wps2) { ret = -1; goto _out; } #else /* WPS_STRICT_WPS2 */ ret = -1; goto _out; #endif /* WPS_STRICT_WPS2 */ } ret = 0; _out: if (attr) os_free(attr); return ret; } int wps_validate_m8(const struct wpabuf *tlvs) { struct wps_parse_attr *attr; int wps2; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (tlvs == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M8"); ret = -1; goto _out; } if (wps_parse_msg(tlvs, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes " "in M8"); ret = -1; goto _out; } wps2 = attr->version2 != NULL; if (wps_validate_version(attr->version, 1) || wps_validate_msg_type(attr->msg_type, 1) || wps_validate_enrollee_nonce(attr->enrollee_nonce, 1) || wps_validate_encr_settings(attr->encr_settings, attr->encr_settings_len, 1) || wps_validate_version2(attr->version2, wps2) || wps_validate_authenticator(attr->authenticator, 1)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M8"); #ifdef WPS_STRICT_WPS2 if (wps2) { ret = -1; goto _out; } #else /* WPS_STRICT_WPS2 */ ret = -1; goto _out; #endif /* WPS_STRICT_WPS2 */ } ret = 0; _out: if (attr) os_free(attr); return ret; } int wps_validate_m8_encr(const struct wpabuf *tlvs, int ap, int wps2) { struct wps_parse_attr *attr; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (tlvs == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M8 encrypted " "settings"); ret = -1; goto _out; } if (wps_parse_msg(tlvs, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes " "in M8 encrypted settings"); ret = -1; goto _out; } if (wps_validate_ssid(attr->ssid, attr->ssid_len, ap) || wps_validate_auth_type(attr->auth_type, ap) || wps_validate_encr_type(attr->encr_type, ap) || wps_validate_network_key_index(attr->network_key_idx, 0) || wps_validate_mac_addr(attr->mac_addr, ap) || wps_validate_credential(attr->cred, attr->cred_len, attr->num_cred, !ap) || wps_validate_key_wrap_auth(attr->key_wrap_auth, 1)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M8 encrypted " "settings"); #ifdef WPS_STRICT_WPS2 if (wps2) { ret = -1; goto _out; } #else /* WPS_STRICT_WPS2 */ ret = -1; goto _out; #endif /* WPS_STRICT_WPS2 */ } ret = 0; _out: if (attr) os_free(attr); return ret; } int wps_validate_wsc_ack(const struct wpabuf *tlvs) { struct wps_parse_attr *attr; int wps2; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (tlvs == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in WSC_ACK"); ret = -1; goto _out; } if (wps_parse_msg(tlvs, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes " "in WSC_ACK"); ret = -1; goto _out; } wps2 = attr->version2 != NULL; if (wps_validate_version(attr->version, 1) || wps_validate_msg_type(attr->msg_type, 1) || wps_validate_enrollee_nonce(attr->enrollee_nonce, 1) || wps_validate_registrar_nonce(attr->registrar_nonce, 1) || wps_validate_version2(attr->version2, wps2)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid WSC_ACK"); #ifdef WPS_STRICT_WPS2 if (wps2) { ret = -1; goto _out; } #else /* WPS_STRICT_WPS2 */ ret = -1; goto _out; #endif /* WPS_STRICT_WPS2 */ } ret = 0; _out: if (attr) os_free(attr); return ret; } int wps_validate_wsc_nack(const struct wpabuf *tlvs) { struct wps_parse_attr *attr; int wps2; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (tlvs == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in WSC_NACK"); ret = -1; } if (wps_parse_msg(tlvs, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes " "in WSC_NACK"); ret = -1; goto _out; } wps2 = attr->version2 != NULL; if (wps_validate_version(attr->version, 1) || wps_validate_msg_type(attr->msg_type, 1) || wps_validate_enrollee_nonce(attr->enrollee_nonce, 1) || wps_validate_registrar_nonce(attr->registrar_nonce, 1) || wps_validate_config_error(attr->config_error, 1) || wps_validate_version2(attr->version2, wps2)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid WSC_NACK"); #ifdef WPS_STRICT_WPS2 if (wps2) { ret = -1; goto _out; } #else /* WPS_STRICT_WPS2 */ goto _out; ret = -1; #endif /* WPS_STRICT_WPS2 */ } ret = 0; _out: if (attr) os_free(attr); return ret; } int wps_validate_wsc_done(const struct wpabuf *tlvs) { struct wps_parse_attr *attr; int wps2; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (tlvs == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in WSC_Done"); ret = -1; goto _out; } if (wps_parse_msg(tlvs, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes " "in WSC_Done"); ret = -1; goto _out; } wps2 = attr->version2 != NULL; if (wps_validate_version(attr->version, 1) || wps_validate_msg_type(attr->msg_type, 1) || wps_validate_enrollee_nonce(attr->enrollee_nonce, 1) || wps_validate_registrar_nonce(attr->registrar_nonce, 1) || wps_validate_version2(attr->version2, wps2)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid WSC_Done"); #ifdef WPS_STRICT_WPS2 if (wps2) { ret = -1; goto _out; } #else /* WPS_STRICT_WPS2 */ ret = -1; goto _out; #endif /* WPS_STRICT_WPS2 */ } ret = 0; _out: if (attr) os_free(attr); return ret; } int wps_validate_upnp_set_selected_registrar(const struct wpabuf *tlvs) { struct wps_parse_attr *attr; int wps2; int sel_reg; int ret; attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr)); if (attr == NULL) { ret = -99; goto _out; } if (tlvs == NULL) { wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in " "SetSelectedRegistrar"); ret = -1; goto _out; } if (wps_parse_msg(tlvs, attr) < 0) { wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes " "in SetSelectedRegistrar"); ret = -1; goto _out; } wps2 = attr->version2 != NULL; sel_reg = attr->selected_registrar != NULL && *attr->selected_registrar != 0; if (wps_validate_version(attr->version, 1) || wps_validate_dev_password_id(attr->dev_password_id, sel_reg) || wps_validate_sel_reg_config_methods(attr->sel_reg_config_methods, wps2, sel_reg) || wps_validate_version2(attr->version2, wps2) || wps_validate_authorized_macs(attr->authorized_macs, attr->authorized_macs_len, wps2) || wps_validate_uuid_r(attr->uuid_r, wps2)) { wpa_printf(MSG_INFO, "WPS-STRICT: Invalid " "SetSelectedRegistrar"); #ifdef WPS_STRICT_WPS2 if (wps2) { ret = -1; goto _out; } #else /* WPS_STRICT_WPS2 */ ret -1; goto _out; #endif /* WPS_STRICT_WPS2 */ } ret = 0; _out: if (attr) os_free(attr); return ret; } #endif