1 /*
2 * Wi-Fi Protected Setup - Strict protocol validation routines
3 * Copyright (c) 2010, Atheros Communications, Inc.
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "wps_i.h"
13 #include "wps.h"
14
15
16 #ifndef WPS_STRICT_ALL
17 #define WPS_STRICT_WPS2
18 #endif /* WPS_STRICT_ALL */
19
20
wps_validate_version(const u8 * version,int mandatory)21 static int wps_validate_version(const u8 *version, int mandatory)
22 {
23 if (version == NULL) {
24 if (mandatory) {
25 wpa_printf(MSG_INFO, "WPS-STRICT: Version attribute "
26 "missing");
27 return -1;
28 }
29 return 0;
30 }
31 if (*version != 0x10) {
32 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Version attribute "
33 "value 0x%x", *version);
34 return -1;
35 }
36 return 0;
37 }
38
39
wps_validate_version2(const u8 * version2,int mandatory)40 static int wps_validate_version2(const u8 *version2, int mandatory)
41 {
42 if (version2 == NULL) {
43 if (mandatory) {
44 wpa_printf(MSG_INFO, "WPS-STRICT: Version2 attribute "
45 "missing");
46 return -1;
47 }
48 return 0;
49 }
50 if (*version2 < 0x20) {
51 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Version2 attribute "
52 "value 0x%x", *version2);
53 return -1;
54 }
55 return 0;
56 }
57
58
wps_validate_request_type(const u8 * request_type,int mandatory)59 static int wps_validate_request_type(const u8 *request_type, int mandatory)
60 {
61 if (request_type == NULL) {
62 if (mandatory) {
63 wpa_printf(MSG_INFO, "WPS-STRICT: Request Type "
64 "attribute missing");
65 return -1;
66 }
67 return 0;
68 }
69 if (*request_type > 0x03) {
70 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Request Type "
71 "attribute value 0x%x", *request_type);
72 return -1;
73 }
74 return 0;
75 }
76
77
wps_validate_response_type(const u8 * response_type,int mandatory)78 static int wps_validate_response_type(const u8 *response_type, int mandatory)
79 {
80 if (response_type == NULL) {
81 if (mandatory) {
82 wpa_printf(MSG_INFO, "WPS-STRICT: Response Type "
83 "attribute missing");
84 return -1;
85 }
86 return 0;
87 }
88 if (*response_type > 0x03) {
89 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Response Type "
90 "attribute value 0x%x", *response_type);
91 return -1;
92 }
93 return 0;
94 }
95
96
valid_config_methods(u16 val,int wps2)97 static int valid_config_methods(u16 val, int wps2)
98 {
99 if (wps2) {
100 if ((val & 0x6000) && !(val & WPS_CONFIG_DISPLAY)) {
101 wpa_printf(MSG_INFO, "WPS-STRICT: Physical/Virtual "
102 "Display flag without old Display flag "
103 "set");
104 return 0;
105 }
106 if (!(val & 0x6000) && (val & WPS_CONFIG_DISPLAY)) {
107 wpa_printf(MSG_INFO, "WPS-STRICT: Display flag "
108 "without Physical/Virtual Display flag");
109 return 0;
110 }
111 if ((val & 0x0600) && !(val & WPS_CONFIG_PUSHBUTTON)) {
112 wpa_printf(MSG_INFO, "WPS-STRICT: Physical/Virtual "
113 "PushButton flag without old PushButton "
114 "flag set");
115 return 0;
116 }
117 if (!(val & 0x0600) && (val & WPS_CONFIG_PUSHBUTTON)) {
118 wpa_printf(MSG_INFO, "WPS-STRICT: PushButton flag "
119 "without Physical/Virtual PushButton flag");
120 return 0;
121 }
122 }
123
124 return 1;
125 }
126
127
wps_validate_config_methods(const u8 * config_methods,int wps2,int mandatory)128 static int wps_validate_config_methods(const u8 *config_methods, int wps2,
129 int mandatory)
130 {
131 u16 val;
132
133 if (config_methods == NULL) {
134 if (mandatory) {
135 wpa_printf(MSG_INFO, "WPS-STRICT: Configuration "
136 "Methods attribute missing");
137 return -1;
138 }
139 return 0;
140 }
141
142 val = WPA_GET_BE16(config_methods);
143 if (!valid_config_methods(val, wps2)) {
144 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Configuration "
145 "Methods attribute value 0x%04x", val);
146 return -1;
147 }
148 return 0;
149 }
150
151
wps_validate_ap_config_methods(const u8 * config_methods,int wps2,int mandatory)152 static int wps_validate_ap_config_methods(const u8 *config_methods, int wps2,
153 int mandatory)
154 {
155 u16 val;
156
157 if (wps_validate_config_methods(config_methods, wps2, mandatory) < 0)
158 return -1;
159 if (config_methods == NULL)
160 return 0;
161 val = WPA_GET_BE16(config_methods);
162 if (val & WPS_CONFIG_PUSHBUTTON) {
163 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Configuration "
164 "Methods attribute value 0x%04x in AP info "
165 "(PushButton not allowed for registering new ER)",
166 val);
167 return -1;
168 }
169 return 0;
170 }
171
172
wps_validate_uuid_e(const u8 * uuid_e,int mandatory)173 static int wps_validate_uuid_e(const u8 *uuid_e, int mandatory)
174 {
175 if (uuid_e == NULL) {
176 if (mandatory) {
177 wpa_printf(MSG_INFO, "WPS-STRICT: UUID-E "
178 "attribute missing");
179 return -1;
180 }
181 return 0;
182 }
183 return 0;
184 }
185
186
wps_validate_uuid_r(const u8 * uuid_r,int mandatory)187 static int wps_validate_uuid_r(const u8 *uuid_r, int mandatory)
188 {
189 if (uuid_r == NULL) {
190 if (mandatory) {
191 wpa_printf(MSG_INFO, "WPS-STRICT: UUID-R "
192 "attribute missing");
193 return -1;
194 }
195 return 0;
196 }
197 return 0;
198 }
199
200
wps_validate_primary_dev_type(const u8 * primary_dev_type,int mandatory)201 static int wps_validate_primary_dev_type(const u8 *primary_dev_type,
202 int mandatory)
203 {
204 if (primary_dev_type == NULL) {
205 if (mandatory) {
206 wpa_printf(MSG_INFO, "WPS-STRICT: Primary Device Type "
207 "attribute missing");
208 return -1;
209 }
210 return 0;
211 }
212 return 0;
213 }
214
215
wps_validate_rf_bands(const u8 * rf_bands,int mandatory)216 static int wps_validate_rf_bands(const u8 *rf_bands, int mandatory)
217 {
218 if (rf_bands == NULL) {
219 if (mandatory) {
220 wpa_printf(MSG_INFO, "WPS-STRICT: RF Bands "
221 "attribute missing");
222 return -1;
223 }
224 return 0;
225 }
226 if (*rf_bands != WPS_RF_24GHZ && *rf_bands != WPS_RF_50GHZ &&
227 *rf_bands != WPS_RF_60GHZ &&
228 *rf_bands != (WPS_RF_24GHZ | WPS_RF_50GHZ | WPS_RF_60GHZ) &&
229 *rf_bands != (WPS_RF_24GHZ | WPS_RF_50GHZ)) {
230 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Rf Bands "
231 "attribute value 0x%x", *rf_bands);
232 return -1;
233 }
234 return 0;
235 }
236
237
wps_validate_assoc_state(const u8 * assoc_state,int mandatory)238 static int wps_validate_assoc_state(const u8 *assoc_state, int mandatory)
239 {
240 u16 val;
241 if (assoc_state == NULL) {
242 if (mandatory) {
243 wpa_printf(MSG_INFO, "WPS-STRICT: Association State "
244 "attribute missing");
245 return -1;
246 }
247 return 0;
248 }
249 val = WPA_GET_BE16(assoc_state);
250 if (val > 4) {
251 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Association State "
252 "attribute value 0x%04x", val);
253 return -1;
254 }
255 return 0;
256 }
257
258
wps_validate_config_error(const u8 * config_error,int mandatory)259 static int wps_validate_config_error(const u8 *config_error, int mandatory)
260 {
261 u16 val;
262
263 if (config_error == NULL) {
264 if (mandatory) {
265 wpa_printf(MSG_INFO, "WPS-STRICT: Configuration Error "
266 "attribute missing");
267 return -1;
268 }
269 return 0;
270 }
271 val = WPA_GET_BE16(config_error);
272 if (val > 20) {
273 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Configuration Error "
274 "attribute value 0x%04x", val);
275 return -1;
276 }
277 return 0;
278 }
279
280
wps_validate_dev_password_id(const u8 * dev_password_id,int mandatory)281 static int wps_validate_dev_password_id(const u8 *dev_password_id,
282 int mandatory)
283 {
284 u16 val;
285
286 if (dev_password_id == NULL) {
287 if (mandatory) {
288 wpa_printf(MSG_INFO, "WPS-STRICT: Device Password ID "
289 "attribute missing");
290 return -1;
291 }
292 return 0;
293 }
294 val = WPA_GET_BE16(dev_password_id);
295 if (val >= 0x0008 && val <= 0x000f) {
296 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Device Password ID "
297 "attribute value 0x%04x", val);
298 return -1;
299 }
300 return 0;
301 }
302
303
wps_validate_manufacturer(const u8 * manufacturer,size_t len,int mandatory)304 static int wps_validate_manufacturer(const u8 *manufacturer, size_t len,
305 int mandatory)
306 {
307 if (manufacturer == NULL) {
308 if (mandatory) {
309 wpa_printf(MSG_INFO, "WPS-STRICT: Manufacturer "
310 "attribute missing");
311 return -1;
312 }
313 return 0;
314 }
315 if (len > 0 && manufacturer[len - 1] == 0) {
316 wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid Manufacturer "
317 "attribute value", manufacturer, len);
318 return -1;
319 }
320 return 0;
321 }
322
323
wps_validate_model_name(const u8 * model_name,size_t len,int mandatory)324 static int wps_validate_model_name(const u8 *model_name, size_t len,
325 int mandatory)
326 {
327 if (model_name == NULL) {
328 if (mandatory) {
329 wpa_printf(MSG_INFO, "WPS-STRICT: Model Name "
330 "attribute missing");
331 return -1;
332 }
333 return 0;
334 }
335 if (len > 0 && model_name[len - 1] == 0) {
336 wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid Model Name "
337 "attribute value", model_name, len);
338 return -1;
339 }
340 return 0;
341 }
342
343
wps_validate_model_number(const u8 * model_number,size_t len,int mandatory)344 static int wps_validate_model_number(const u8 *model_number, size_t len,
345 int mandatory)
346 {
347 if (model_number == NULL) {
348 if (mandatory) {
349 wpa_printf(MSG_INFO, "WPS-STRICT: Model Number "
350 "attribute missing");
351 return -1;
352 }
353 return 0;
354 }
355 if (len > 0 && model_number[len - 1] == 0) {
356 wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid Model Number "
357 "attribute value", model_number, len);
358 return -1;
359 }
360 return 0;
361 }
362
363
wps_validate_serial_number(const u8 * serial_number,size_t len,int mandatory)364 static int wps_validate_serial_number(const u8 *serial_number, size_t len,
365 int mandatory)
366 {
367 if (serial_number == NULL) {
368 if (mandatory) {
369 wpa_printf(MSG_INFO, "WPS-STRICT: Serial Number "
370 "attribute missing");
371 return -1;
372 }
373 return 0;
374 }
375 if (len > 0 && serial_number[len - 1] == 0) {
376 wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid Serial "
377 "Number attribute value",
378 serial_number, len);
379 return -1;
380 }
381 return 0;
382 }
383
384
wps_validate_dev_name(const u8 * dev_name,size_t len,int mandatory)385 static int wps_validate_dev_name(const u8 *dev_name, size_t len,
386 int mandatory)
387 {
388 if (dev_name == NULL) {
389 if (mandatory) {
390 wpa_printf(MSG_INFO, "WPS-STRICT: Device Name "
391 "attribute missing");
392 return -1;
393 }
394 return 0;
395 }
396 if (len > 0 && dev_name[len - 1] == 0) {
397 wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid Device Name "
398 "attribute value", dev_name, len);
399 return -1;
400 }
401 return 0;
402 }
403
404
wps_validate_request_to_enroll(const u8 * request_to_enroll,int mandatory)405 static int wps_validate_request_to_enroll(const u8 *request_to_enroll,
406 int mandatory)
407 {
408 if (request_to_enroll == NULL) {
409 if (mandatory) {
410 wpa_printf(MSG_INFO, "WPS-STRICT: Request to Enroll "
411 "attribute missing");
412 return -1;
413 }
414 return 0;
415 }
416 if (*request_to_enroll > 0x01) {
417 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Request to Enroll "
418 "attribute value 0x%x", *request_to_enroll);
419 return -1;
420 }
421 return 0;
422 }
423
424
wps_validate_req_dev_type(const u8 * req_dev_type[],size_t num,int mandatory)425 static int wps_validate_req_dev_type(const u8 *req_dev_type[], size_t num,
426 int mandatory)
427 {
428 if (num == 0) {
429 if (mandatory) {
430 wpa_printf(MSG_INFO, "WPS-STRICT: Requested Device "
431 "Type attribute missing");
432 return -1;
433 }
434 return 0;
435 }
436 return 0;
437 }
438
439
wps_validate_wps_state(const u8 * wps_state,int mandatory)440 static int wps_validate_wps_state(const u8 *wps_state, int mandatory)
441 {
442 if (wps_state == NULL) {
443 if (mandatory) {
444 wpa_printf(MSG_INFO, "WPS-STRICT: Wi-Fi Protected "
445 "Setup State attribute missing");
446 return -1;
447 }
448 return 0;
449 }
450 if (*wps_state != WPS_STATE_NOT_CONFIGURED &&
451 *wps_state != WPS_STATE_CONFIGURED) {
452 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Wi-Fi Protected "
453 "Setup State attribute value 0x%x", *wps_state);
454 return -1;
455 }
456 return 0;
457 }
458
459
wps_validate_ap_setup_locked(const u8 * ap_setup_locked,int mandatory)460 static int wps_validate_ap_setup_locked(const u8 *ap_setup_locked,
461 int mandatory)
462 {
463 if (ap_setup_locked == NULL) {
464 if (mandatory) {
465 wpa_printf(MSG_INFO, "WPS-STRICT: AP Setup Locked "
466 "attribute missing");
467 return -1;
468 }
469 return 0;
470 }
471 if (*ap_setup_locked > 1) {
472 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid AP Setup Locked "
473 "attribute value 0x%x", *ap_setup_locked);
474 return -1;
475 }
476 return 0;
477 }
478
479
wps_validate_selected_registrar(const u8 * selected_registrar,int mandatory)480 static int wps_validate_selected_registrar(const u8 *selected_registrar,
481 int mandatory)
482 {
483 if (selected_registrar == NULL) {
484 if (mandatory) {
485 wpa_printf(MSG_INFO, "WPS-STRICT: Selected Registrar "
486 "attribute missing");
487 return -1;
488 }
489 return 0;
490 }
491 if (*selected_registrar > 1) {
492 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Selected Registrar "
493 "attribute value 0x%x", *selected_registrar);
494 return -1;
495 }
496 return 0;
497 }
498
499
wps_validate_sel_reg_config_methods(const u8 * config_methods,int wps2,int mandatory)500 static int wps_validate_sel_reg_config_methods(const u8 *config_methods,
501 int wps2, int mandatory)
502 {
503 u16 val;
504
505 if (config_methods == NULL) {
506 if (mandatory) {
507 wpa_printf(MSG_INFO, "WPS-STRICT: Selected Registrar "
508 "Configuration Methods attribute missing");
509 return -1;
510 }
511 return 0;
512 }
513
514 val = WPA_GET_BE16(config_methods);
515 if (!valid_config_methods(val, wps2)) {
516 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Selected Registrar "
517 "Configuration Methods attribute value 0x%04x",
518 val);
519 return -1;
520 }
521 return 0;
522 }
523
524
wps_validate_authorized_macs(const u8 * authorized_macs,size_t len,int mandatory)525 static int wps_validate_authorized_macs(const u8 *authorized_macs, size_t len,
526 int mandatory)
527 {
528 if (authorized_macs == NULL) {
529 if (mandatory) {
530 wpa_printf(MSG_INFO, "WPS-STRICT: Authorized MACs "
531 "attribute missing");
532 return -1;
533 }
534 return 0;
535 }
536 if (len > 30 && (len % ETH_ALEN) != 0) {
537 wpa_hexdump(MSG_INFO, "WPS-STRICT: Invalid Authorized "
538 "MACs attribute value", authorized_macs, len);
539 return -1;
540 }
541 return 0;
542 }
543
544
wps_validate_msg_type(const u8 * msg_type,int mandatory)545 static int wps_validate_msg_type(const u8 *msg_type, int mandatory)
546 {
547 if (msg_type == NULL) {
548 if (mandatory) {
549 wpa_printf(MSG_INFO, "WPS-STRICT: Message Type "
550 "attribute missing");
551 return -1;
552 }
553 return 0;
554 }
555 if (*msg_type < WPS_Beacon || *msg_type > WPS_WSC_DONE) {
556 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Message Type "
557 "attribute value 0x%x", *msg_type);
558 return -1;
559 }
560 return 0;
561 }
562
563
wps_validate_mac_addr(const u8 * mac_addr,int mandatory)564 static int wps_validate_mac_addr(const u8 *mac_addr, int mandatory)
565 {
566 if (mac_addr == NULL) {
567 if (mandatory) {
568 wpa_printf(MSG_INFO, "WPS-STRICT: MAC Address "
569 "attribute missing");
570 return -1;
571 }
572 return 0;
573 }
574 if (mac_addr[0] & 0x01) {
575 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid MAC Address "
576 "attribute value " MACSTR, MAC2STR(mac_addr));
577 return -1;
578 }
579 return 0;
580 }
581
582
wps_validate_enrollee_nonce(const u8 * enrollee_nonce,int mandatory)583 static int wps_validate_enrollee_nonce(const u8 *enrollee_nonce, int mandatory)
584 {
585 if (enrollee_nonce == NULL) {
586 if (mandatory) {
587 wpa_printf(MSG_INFO, "WPS-STRICT: Enrollee Nonce "
588 "attribute missing");
589 return -1;
590 }
591 return 0;
592 }
593 return 0;
594 }
595
596
wps_validate_registrar_nonce(const u8 * registrar_nonce,int mandatory)597 static int wps_validate_registrar_nonce(const u8 *registrar_nonce,
598 int mandatory)
599 {
600 if (registrar_nonce == NULL) {
601 if (mandatory) {
602 wpa_printf(MSG_INFO, "WPS-STRICT: Registrar Nonce "
603 "attribute missing");
604 return -1;
605 }
606 return 0;
607 }
608 return 0;
609 }
610
611
wps_validate_public_key(const u8 * public_key,size_t len,int mandatory)612 static int wps_validate_public_key(const u8 *public_key, size_t len,
613 int mandatory)
614 {
615 if (public_key == NULL) {
616 if (mandatory) {
617 wpa_printf(MSG_INFO, "WPS-STRICT: Public Key "
618 "attribute missing");
619 return -1;
620 }
621 return 0;
622 }
623 if (len != 192) {
624 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Public Key "
625 "attribute length %d", (int) len);
626 return -1;
627 }
628 return 0;
629 }
630
631
num_bits_set(u16 val)632 static int num_bits_set(u16 val)
633 {
634 int c;
635 for (c = 0; val; c++)
636 val &= val - 1;
637 return c;
638 }
639
640
wps_validate_auth_type_flags(const u8 * flags,int mandatory)641 static int wps_validate_auth_type_flags(const u8 *flags, int mandatory)
642 {
643 u16 val;
644
645 if (flags == NULL) {
646 if (mandatory) {
647 wpa_printf(MSG_INFO, "WPS-STRICT: Authentication Type "
648 "Flags attribute missing");
649 return -1;
650 }
651 return 0;
652 }
653 val = WPA_GET_BE16(flags);
654 if ((val & ~WPS_AUTH_TYPES) || !(val & WPS_AUTH_WPA2PSK)) {
655 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Authentication Type "
656 "Flags attribute value 0x%04x", val);
657 return -1;
658 }
659 return 0;
660 }
661
662
wps_validate_auth_type(const u8 * type,int mandatory)663 static int wps_validate_auth_type(const u8 *type, int mandatory)
664 {
665 u16 val;
666
667 if (type == NULL) {
668 if (mandatory) {
669 wpa_printf(MSG_INFO, "WPS-STRICT: Authentication Type "
670 "attribute missing");
671 return -1;
672 }
673 return 0;
674 }
675 val = WPA_GET_BE16(type);
676 if ((val & ~WPS_AUTH_TYPES) || val == 0 ||
677 (num_bits_set(val) > 1 &&
678 val != (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK))) {
679 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Authentication Type "
680 "attribute value 0x%04x", val);
681 return -1;
682 }
683 return 0;
684 }
685
686
wps_validate_encr_type_flags(const u8 * flags,int mandatory)687 static int wps_validate_encr_type_flags(const u8 *flags, int mandatory)
688 {
689 u16 val;
690
691 if (flags == NULL) {
692 if (mandatory) {
693 wpa_printf(MSG_INFO, "WPS-STRICT: Encryption Type "
694 "Flags attribute missing");
695 return -1;
696 }
697 return 0;
698 }
699 val = WPA_GET_BE16(flags);
700 if ((val & ~WPS_ENCR_TYPES) || !(val & WPS_ENCR_AES)) {
701 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Encryption Type "
702 "Flags attribute value 0x%04x", val);
703 return -1;
704 }
705 return 0;
706 }
707
708
wps_validate_encr_type(const u8 * type,int mandatory)709 static int wps_validate_encr_type(const u8 *type, int mandatory)
710 {
711 u16 val;
712
713 if (type == NULL) {
714 if (mandatory) {
715 wpa_printf(MSG_INFO, "WPS-STRICT: Encryption Type "
716 "attribute missing");
717 return -1;
718 }
719 return 0;
720 }
721 val = WPA_GET_BE16(type);
722 if ((val & ~WPS_ENCR_TYPES) || val == 0 ||
723 (num_bits_set(val) > 1 && val != (WPS_ENCR_TKIP | WPS_ENCR_AES))) {
724 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Encryption Type "
725 "attribute value 0x%04x", val);
726 return -1;
727 }
728 return 0;
729 }
730
731
wps_validate_conn_type_flags(const u8 * flags,int mandatory)732 static int wps_validate_conn_type_flags(const u8 *flags, int mandatory)
733 {
734 if (flags == NULL) {
735 if (mandatory) {
736 wpa_printf(MSG_INFO, "WPS-STRICT: Connection Type "
737 "Flags attribute missing");
738 return -1;
739 }
740 return 0;
741 }
742 if ((*flags & ~(WPS_CONN_ESS | WPS_CONN_IBSS)) ||
743 !(*flags & WPS_CONN_ESS)) {
744 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Connection Type "
745 "Flags attribute value 0x%02x", *flags);
746 return -1;
747 }
748 return 0;
749 }
750
751
wps_validate_os_version(const u8 * os_version,int mandatory)752 static int wps_validate_os_version(const u8 *os_version, int mandatory)
753 {
754 if (os_version == NULL) {
755 if (mandatory) {
756 wpa_printf(MSG_INFO, "WPS-STRICT: OS Version "
757 "attribute missing");
758 return -1;
759 }
760 return 0;
761 }
762 return 0;
763 }
764
765
wps_validate_authenticator(const u8 * authenticator,int mandatory)766 static int wps_validate_authenticator(const u8 *authenticator, int mandatory)
767 {
768 if (authenticator == NULL) {
769 if (mandatory) {
770 wpa_printf(MSG_INFO, "WPS-STRICT: Authenticator "
771 "attribute missing");
772 return -1;
773 }
774 return 0;
775 }
776 return 0;
777 }
778
779
wps_validate_e_hash1(const u8 * hash,int mandatory)780 static int wps_validate_e_hash1(const u8 *hash, int mandatory)
781 {
782 if (hash == NULL) {
783 if (mandatory) {
784 wpa_printf(MSG_INFO, "WPS-STRICT: E-Hash1 "
785 "attribute missing");
786 return -1;
787 }
788 return 0;
789 }
790 return 0;
791 }
792
793
wps_validate_e_hash2(const u8 * hash,int mandatory)794 static int wps_validate_e_hash2(const u8 *hash, int mandatory)
795 {
796 if (hash == NULL) {
797 if (mandatory) {
798 wpa_printf(MSG_INFO, "WPS-STRICT: E-Hash2 "
799 "attribute missing");
800 return -1;
801 }
802 return 0;
803 }
804 return 0;
805 }
806
807
wps_validate_r_hash1(const u8 * hash,int mandatory)808 static int wps_validate_r_hash1(const u8 *hash, int mandatory)
809 {
810 if (hash == NULL) {
811 if (mandatory) {
812 wpa_printf(MSG_INFO, "WPS-STRICT: R-Hash1 "
813 "attribute missing");
814 return -1;
815 }
816 return 0;
817 }
818 return 0;
819 }
820
821
wps_validate_r_hash2(const u8 * hash,int mandatory)822 static int wps_validate_r_hash2(const u8 *hash, int mandatory)
823 {
824 if (hash == NULL) {
825 if (mandatory) {
826 wpa_printf(MSG_INFO, "WPS-STRICT: R-Hash2 "
827 "attribute missing");
828 return -1;
829 }
830 return 0;
831 }
832 return 0;
833 }
834
835
wps_validate_encr_settings(const u8 * encr_settings,size_t len,int mandatory)836 static int wps_validate_encr_settings(const u8 *encr_settings, size_t len,
837 int mandatory)
838 {
839 if (encr_settings == NULL) {
840 if (mandatory) {
841 wpa_printf(MSG_INFO, "WPS-STRICT: Encrypted Settings "
842 "attribute missing");
843 return -1;
844 }
845 return 0;
846 }
847 if (len < 16) {
848 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Encrypted Settings "
849 "attribute length %d", (int) len);
850 return -1;
851 }
852 return 0;
853 }
854
855
wps_validate_settings_delay_time(const u8 * delay,int mandatory)856 static int wps_validate_settings_delay_time(const u8 *delay, int mandatory)
857 {
858 if (delay == NULL) {
859 if (mandatory) {
860 wpa_printf(MSG_INFO, "WPS-STRICT: Settings Delay Time "
861 "attribute missing");
862 return -1;
863 }
864 return 0;
865 }
866 return 0;
867 }
868
869
wps_validate_r_snonce1(const u8 * nonce,int mandatory)870 static int wps_validate_r_snonce1(const u8 *nonce, int mandatory)
871 {
872 if (nonce == NULL) {
873 if (mandatory) {
874 wpa_printf(MSG_INFO, "WPS-STRICT: R-SNonce1 "
875 "attribute missing");
876 return -1;
877 }
878 return 0;
879 }
880 return 0;
881 }
882
883
wps_validate_r_snonce2(const u8 * nonce,int mandatory)884 static int wps_validate_r_snonce2(const u8 *nonce, int mandatory)
885 {
886 if (nonce == NULL) {
887 if (mandatory) {
888 wpa_printf(MSG_INFO, "WPS-STRICT: R-SNonce2 "
889 "attribute missing");
890 return -1;
891 }
892 return 0;
893 }
894 return 0;
895 }
896
897
wps_validate_e_snonce1(const u8 * nonce,int mandatory)898 static int wps_validate_e_snonce1(const u8 *nonce, int mandatory)
899 {
900 if (nonce == NULL) {
901 if (mandatory) {
902 wpa_printf(MSG_INFO, "WPS-STRICT: E-SNonce1 "
903 "attribute missing");
904 return -1;
905 }
906 return 0;
907 }
908 return 0;
909 }
910
911
wps_validate_e_snonce2(const u8 * nonce,int mandatory)912 static int wps_validate_e_snonce2(const u8 *nonce, int mandatory)
913 {
914 if (nonce == NULL) {
915 if (mandatory) {
916 wpa_printf(MSG_INFO, "WPS-STRICT: E-SNonce2 "
917 "attribute missing");
918 return -1;
919 }
920 return 0;
921 }
922 return 0;
923 }
924
925
wps_validate_key_wrap_auth(const u8 * auth,int mandatory)926 static int wps_validate_key_wrap_auth(const u8 *auth, int mandatory)
927 {
928 if (auth == NULL) {
929 if (mandatory) {
930 wpa_printf(MSG_INFO, "WPS-STRICT: Key Wrap "
931 "Authenticator attribute missing");
932 return -1;
933 }
934 return 0;
935 }
936 return 0;
937 }
938
939
wps_validate_ssid(const u8 * ssid,size_t ssid_len,int mandatory)940 static int wps_validate_ssid(const u8 *ssid, size_t ssid_len, int mandatory)
941 {
942 if (ssid == NULL) {
943 if (mandatory) {
944 wpa_printf(MSG_INFO, "WPS-STRICT: SSID "
945 "attribute missing");
946 return -1;
947 }
948 return 0;
949 }
950 if (ssid_len == 0 || ssid[ssid_len - 1] == 0) {
951 wpa_hexdump_ascii(MSG_INFO, "WPS-STRICT: Invalid SSID "
952 "attribute value", ssid, ssid_len);
953 return -1;
954 }
955 return 0;
956 }
957
958
wps_validate_network_key_index(const u8 * idx,int mandatory)959 static int wps_validate_network_key_index(const u8 *idx, int mandatory)
960 {
961 if (idx == NULL) {
962 if (mandatory) {
963 wpa_printf(MSG_INFO, "WPS-STRICT: Network Key Index "
964 "attribute missing");
965 return -1;
966 }
967 return 0;
968 }
969 return 0;
970 }
971
972
wps_validate_network_idx(const u8 * idx,int mandatory)973 static int wps_validate_network_idx(const u8 *idx, int mandatory)
974 {
975 if (idx == NULL) {
976 if (mandatory) {
977 wpa_printf(MSG_INFO, "WPS-STRICT: Network Index "
978 "attribute missing");
979 return -1;
980 }
981 return 0;
982 }
983 return 0;
984 }
985
986
wps_validate_network_key(const u8 * key,size_t key_len,const u8 * encr_type,int mandatory)987 static int wps_validate_network_key(const u8 *key, size_t key_len,
988 const u8 *encr_type, int mandatory)
989 {
990 if (key == NULL) {
991 if (mandatory) {
992 wpa_printf(MSG_INFO, "WPS-STRICT: Network Key "
993 "attribute missing");
994 return -1;
995 }
996 return 0;
997 }
998 if (((encr_type == NULL || WPA_GET_BE16(encr_type) != WPS_ENCR_WEP) &&
999 key_len > 8 && key_len < 64 && key[key_len - 1] == 0) ||
1000 key_len > 64) {
1001 wpa_hexdump_ascii_key(MSG_INFO, "WPS-STRICT: Invalid Network "
1002 "Key attribute value", key, key_len);
1003 return -1;
1004 }
1005 return 0;
1006 }
1007
1008
wps_validate_network_key_shareable(const u8 * val,int mandatory)1009 static int wps_validate_network_key_shareable(const u8 *val, int mandatory)
1010 {
1011 if (val == NULL) {
1012 if (mandatory) {
1013 wpa_printf(MSG_INFO, "WPS-STRICT: Network Key "
1014 "Shareable attribute missing");
1015 return -1;
1016 }
1017 return 0;
1018 }
1019 if (*val > 1) {
1020 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Network Key "
1021 "Shareable attribute value 0x%x", *val);
1022 return -1;
1023 }
1024 return 0;
1025 }
1026
1027
wps_validate_cred(const u8 * cred,size_t len)1028 static int wps_validate_cred(const u8 *cred, size_t len)
1029 {
1030 struct wps_parse_attr *attr;
1031 struct wpabuf buf;
1032 int ret;
1033
1034 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
1035 if (attr == NULL) {
1036 ret = -99;
1037 goto _out;
1038 }
1039
1040 if (cred == NULL) {
1041 ret = -1;
1042 goto _out;
1043 }
1044 wpabuf_set(&buf, cred, len);
1045 if (wps_parse_msg(&buf, attr) < 0) {
1046 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse Credential");
1047 ret = -1;
1048 goto _out;
1049 }
1050
1051 if (wps_validate_network_idx(attr->network_idx, 1) ||
1052 wps_validate_ssid(attr->ssid, attr->ssid_len, 1) ||
1053 wps_validate_auth_type(attr->auth_type, 1) ||
1054 wps_validate_encr_type(attr->encr_type, 1) ||
1055 wps_validate_network_key_index(attr->network_key_idx, 0) ||
1056 wps_validate_network_key(attr->network_key, attr->network_key_len,
1057 attr->encr_type, 1) ||
1058 wps_validate_mac_addr(attr->mac_addr, 1) ||
1059 wps_validate_network_key_shareable(attr->network_key_shareable, 0))
1060 {
1061 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Credential");
1062 ret = -1;
1063 goto _out;
1064 }
1065
1066 ret = 0;
1067 _out:
1068 if (attr)
1069 os_free(attr);
1070
1071 return ret;
1072 }
1073
1074
wps_validate_credential(const u8 * cred[],u16 len[],size_t num,int mandatory)1075 static int wps_validate_credential(const u8 *cred[], u16 len[], size_t num,
1076 int mandatory)
1077 {
1078 size_t i;
1079
1080 if (num == 0) {
1081 if (mandatory) {
1082 wpa_printf(MSG_INFO, "WPS-STRICT: Credential "
1083 "attribute missing");
1084 return -1;
1085 }
1086 return 0;
1087 }
1088
1089 for (i = 0; i < num; i++) {
1090 if (wps_validate_cred(cred[i], len[i]) < 0)
1091 return -1;
1092 }
1093
1094 return 0;
1095 }
1096
1097
wps_validate_beacon(const struct wpabuf * wps_ie)1098 int wps_validate_beacon(const struct wpabuf *wps_ie)
1099 {
1100 struct wps_parse_attr *attr;
1101 int wps2, sel_reg;
1102 int ret;
1103
1104 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
1105 if (attr == NULL) {
1106 ret = -99;
1107 goto _out;
1108 }
1109
1110 if (wps_ie == NULL) {
1111 wpa_printf(MSG_INFO, "WPS-STRICT: No WPS IE in Beacon frame");
1112 ret = -1;
1113 goto _out;
1114 }
1115 if (wps_parse_msg(wps_ie, attr) < 0) {
1116 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse WPS IE in "
1117 "Beacon frame");
1118 ret = -1;
1119 goto _out;
1120 }
1121
1122 wps2 = attr->version2 != NULL;
1123 sel_reg = attr->selected_registrar != NULL &&
1124 *attr->selected_registrar != 0;
1125 if (wps_validate_version(attr->version, 1) ||
1126 wps_validate_wps_state(attr->wps_state, 1) ||
1127 wps_validate_ap_setup_locked(attr->ap_setup_locked, 0) ||
1128 wps_validate_selected_registrar(attr->selected_registrar, 0) ||
1129 wps_validate_dev_password_id(attr->dev_password_id, sel_reg) ||
1130 wps_validate_sel_reg_config_methods(attr->sel_reg_config_methods,
1131 wps2, sel_reg) ||
1132 wps_validate_uuid_e(attr->uuid_e, 0) ||
1133 wps_validate_rf_bands(attr->rf_bands, 0) ||
1134 wps_validate_version2(attr->version2, wps2) ||
1135 wps_validate_authorized_macs(attr->authorized_macs,
1136 attr->authorized_macs_len, 0)) {
1137 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Beacon frame");
1138 ret = -1;
1139 goto _out;
1140 }
1141
1142 ret = 0;
1143 _out:
1144 if (attr)
1145 os_free(attr);
1146
1147 return ret;
1148 }
1149
1150
wps_validate_beacon_probe_resp(const struct wpabuf * wps_ie,int probe,const u8 * addr)1151 int wps_validate_beacon_probe_resp(const struct wpabuf *wps_ie, int probe,
1152 const u8 *addr)
1153 {
1154 struct wps_parse_attr *attr;
1155 int wps2, sel_reg;
1156 int ret;
1157
1158 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
1159 if (attr == NULL) {
1160 ret = -99;
1161 goto _out;
1162 }
1163
1164 if (wps_ie == NULL) {
1165 wpa_printf(MSG_INFO, "WPS-STRICT: No WPS IE in "
1166 "%sProbe Response frame", probe ? "" : "Beacon/");
1167 ret = -1;
1168 goto _out;
1169 }
1170 if (wps_parse_msg(wps_ie, attr) < 0) {
1171 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse WPS IE in "
1172 "%sProbe Response frame", probe ? "" : "Beacon/");
1173 ret = -1;
1174 goto _out;
1175 }
1176
1177 wps2 = attr->version2 != NULL;
1178 sel_reg = attr->selected_registrar != NULL &&
1179 *attr->selected_registrar != 0;
1180 if (wps_validate_version(attr->version, 1) ||
1181 wps_validate_wps_state(attr->wps_state, 1) ||
1182 wps_validate_ap_setup_locked(attr->ap_setup_locked, 0) ||
1183 wps_validate_selected_registrar(attr->selected_registrar, 0) ||
1184 wps_validate_dev_password_id(attr->dev_password_id, sel_reg) ||
1185 wps_validate_sel_reg_config_methods(attr->sel_reg_config_methods,
1186 wps2, sel_reg) ||
1187 wps_validate_response_type(attr->response_type, probe) ||
1188 wps_validate_uuid_e(attr->uuid_e, probe) ||
1189 wps_validate_manufacturer(attr->manufacturer, attr->manufacturer_len,
1190 probe) ||
1191 wps_validate_model_name(attr->model_name, attr->model_name_len,
1192 probe) ||
1193 wps_validate_model_number(attr->model_number, attr->model_number_len,
1194 probe) ||
1195 wps_validate_serial_number(attr->serial_number,
1196 attr->serial_number_len, probe) ||
1197 wps_validate_primary_dev_type(attr->primary_dev_type, probe) ||
1198 wps_validate_dev_name(attr->dev_name, attr->dev_name_len, probe) ||
1199 wps_validate_ap_config_methods(attr->config_methods, wps2, probe) ||
1200 wps_validate_rf_bands(attr->rf_bands, 0) ||
1201 wps_validate_version2(attr->version2, wps2) ||
1202 wps_validate_authorized_macs(attr->authorized_macs,
1203 attr->authorized_macs_len, 0)) {
1204 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid %sProbe Response "
1205 "frame from " MACSTR, probe ? "" : "Beacon/",
1206 MAC2STR(addr));
1207 #ifdef WPS_STRICT_WPS2
1208 if (wps2) {
1209 ret = -1;
1210 goto _out;
1211 }
1212 #else /* WPS_STRICT_WPS2 */
1213 ret = -1;
1214 goto _out;
1215 #endif /* WPS_STRICT_WPS2 */
1216 }
1217
1218 ret = 0;
1219 _out:
1220 if (attr)
1221 os_free(attr);
1222
1223 return ret;
1224 }
1225
1226
wps_validate_probe_req(const struct wpabuf * wps_ie,const u8 * addr)1227 int wps_validate_probe_req(const struct wpabuf *wps_ie, const u8 *addr)
1228 {
1229 struct wps_parse_attr *attr;
1230 int wps2;
1231 int ret;
1232
1233 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
1234 if (attr == NULL) {
1235 ret = -99;
1236 goto _out;
1237 }
1238
1239 if (wps_ie == NULL) {
1240 wpa_printf(MSG_INFO, "WPS-STRICT: No WPS IE in "
1241 "Probe Request frame");
1242 ret = -1;
1243 goto _out;
1244 }
1245 if (wps_parse_msg(wps_ie, attr) < 0) {
1246 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse WPS IE in "
1247 "Probe Request frame");
1248 ret = -1;
1249 goto _out;
1250 }
1251
1252 wps2 = attr->version2 != NULL;
1253 if (wps_validate_version(attr->version, 1) ||
1254 wps_validate_request_type(attr->request_type, 1) ||
1255 wps_validate_config_methods(attr->config_methods, wps2, 1) ||
1256 wps_validate_uuid_e(attr->uuid_e, attr->uuid_r == NULL) ||
1257 wps_validate_uuid_r(attr->uuid_r, attr->uuid_e == NULL) ||
1258 wps_validate_primary_dev_type(attr->primary_dev_type, 1) ||
1259 wps_validate_rf_bands(attr->rf_bands, 1) ||
1260 wps_validate_assoc_state(attr->assoc_state, 1) ||
1261 wps_validate_config_error(attr->config_error, 1) ||
1262 wps_validate_dev_password_id(attr->dev_password_id, 1) ||
1263 wps_validate_version2(attr->version2, wps2) ||
1264 wps_validate_manufacturer(attr->manufacturer, attr->manufacturer_len,
1265 wps2) ||
1266 wps_validate_model_name(attr->model_name, attr->model_name_len,
1267 wps2) ||
1268 wps_validate_model_number(attr->model_number, attr->model_number_len,
1269 wps2) ||
1270 wps_validate_dev_name(attr->dev_name, attr->dev_name_len, wps2) ||
1271 wps_validate_request_to_enroll(attr->request_to_enroll, 0) ||
1272 wps_validate_req_dev_type(attr->req_dev_type, attr->num_req_dev_type,
1273 0)) {
1274 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid Probe Request "
1275 "frame from " MACSTR, MAC2STR(addr));
1276 ret = -1;
1277 goto _out;
1278 }
1279
1280 ret = 0;
1281 _out:
1282 if (attr)
1283 os_free(attr);
1284
1285 return ret;
1286 }
1287
1288
wps_validate_assoc_req(const struct wpabuf * wps_ie)1289 int wps_validate_assoc_req(const struct wpabuf *wps_ie)
1290 {
1291 struct wps_parse_attr *attr;
1292 int wps2;
1293 int ret;
1294
1295 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
1296 if (attr == NULL) {
1297 ret = -99;
1298 goto _out;
1299 }
1300
1301 if (wps_ie == NULL) {
1302 wpa_printf(MSG_INFO, "WPS-STRICT: No WPS IE in "
1303 "(Re)Association Request frame");
1304 ret = -1;
1305 goto _out;
1306 }
1307 if (wps_parse_msg(wps_ie, attr) < 0) {
1308 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse WPS IE in "
1309 "(Re)Association Request frame");
1310 ret = -1;
1311 goto _out;
1312 }
1313
1314 wps2 = attr->version2 != NULL;
1315 if (wps_validate_version(attr->version, 1) ||
1316 wps_validate_request_type(attr->request_type, 1) ||
1317 wps_validate_version2(attr->version2, wps2)) {
1318 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid (Re)Association "
1319 "Request frame");
1320 ret = -1;
1321 goto _out;
1322 }
1323
1324 ret = 0;
1325 _out:
1326 if (attr)
1327 os_free(attr);
1328
1329 return ret;
1330 }
1331
1332
wps_validate_assoc_resp(const struct wpabuf * wps_ie)1333 int wps_validate_assoc_resp(const struct wpabuf *wps_ie)
1334 {
1335 struct wps_parse_attr *attr;
1336 int wps2;
1337 int ret;
1338
1339 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
1340 if (attr == NULL) {
1341 ret = -99;
1342 goto _out;
1343 }
1344
1345
1346 if (wps_ie == NULL) {
1347 wpa_printf(MSG_INFO, "WPS-STRICT: No WPS IE in "
1348 "(Re)Association Response frame");
1349 ret = -1;
1350 goto _out;
1351 }
1352 if (wps_parse_msg(wps_ie, attr) < 0) {
1353 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse WPS IE in "
1354 "(Re)Association Response frame");
1355 ret = -1;
1356 goto _out;
1357 }
1358
1359 wps2 = attr->version2 != NULL;
1360 if (wps_validate_version(attr->version, 1) ||
1361 wps_validate_response_type(attr->response_type, 1) ||
1362 wps_validate_version2(attr->version2, wps2)) {
1363 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid (Re)Association "
1364 "Response frame");
1365 ret = -1;
1366 goto _out;
1367 }
1368
1369 ret = 0;
1370 _out:
1371 if(attr)
1372 os_free(attr);
1373
1374 return ret;
1375 }
1376
1377
wps_validate_m1(const struct wpabuf * tlvs)1378 int wps_validate_m1(const struct wpabuf *tlvs)
1379 {
1380 struct wps_parse_attr *attr;
1381 int wps2;
1382 int ret;
1383
1384 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
1385 if (attr == NULL) {
1386 ret = -99;
1387 goto _out;
1388 }
1389
1390
1391 if (tlvs == NULL) {
1392 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M1");
1393 ret = -1;
1394 goto _out;
1395 }
1396 if (wps_parse_msg(tlvs, attr) < 0) {
1397 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1398 "in M1");
1399 ret = -1;
1400 goto _out;
1401 }
1402
1403 wps2 = attr->version2 != NULL;
1404 if (wps_validate_version(attr->version, 1) ||
1405 wps_validate_msg_type(attr->msg_type, 1) ||
1406 wps_validate_uuid_e(attr->uuid_e, 1) ||
1407 wps_validate_mac_addr(attr->mac_addr, 1) ||
1408 wps_validate_enrollee_nonce(attr->enrollee_nonce, 1) ||
1409 wps_validate_public_key(attr->public_key, attr->public_key_len, 1) ||
1410 wps_validate_auth_type_flags(attr->auth_type_flags, 1) ||
1411 wps_validate_encr_type_flags(attr->encr_type_flags, 1) ||
1412 wps_validate_conn_type_flags(attr->conn_type_flags, 1) ||
1413 wps_validate_config_methods(attr->config_methods, wps2, 1) ||
1414 wps_validate_wps_state(attr->wps_state, 1) ||
1415 wps_validate_manufacturer(attr->manufacturer, attr->manufacturer_len,
1416 1) ||
1417 wps_validate_model_name(attr->model_name, attr->model_name_len, 1) ||
1418 wps_validate_model_number(attr->model_number, attr->model_number_len,
1419 1) ||
1420 wps_validate_serial_number(attr->serial_number,
1421 attr->serial_number_len, 1) ||
1422 wps_validate_primary_dev_type(attr->primary_dev_type, 1) ||
1423 wps_validate_dev_name(attr->dev_name, attr->dev_name_len, 1) ||
1424 wps_validate_rf_bands(attr->rf_bands, 1) ||
1425 wps_validate_assoc_state(attr->assoc_state, 1) ||
1426 wps_validate_dev_password_id(attr->dev_password_id, 1) ||
1427 wps_validate_config_error(attr->config_error, 1) ||
1428 wps_validate_os_version(attr->os_version, 1) ||
1429 wps_validate_version2(attr->version2, wps2) ||
1430 wps_validate_request_to_enroll(attr->request_to_enroll, 0)) {
1431 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M1");
1432 #ifdef WPS_STRICT_WPS2
1433 if (wps2) {
1434 ret = -1;
1435 goto _out;
1436 }
1437 #else /* WPS_STRICT_WPS2 */
1438 ret = -1;
1439 goto _out;
1440 #endif /* WPS_STRICT_WPS2 */
1441 }
1442
1443 ret = 0;
1444 _out:
1445 if (attr)
1446 os_free(attr);
1447
1448 return ret;
1449 }
1450
1451
wps_validate_m2(const struct wpabuf * tlvs)1452 int wps_validate_m2(const struct wpabuf *tlvs)
1453 {
1454 struct wps_parse_attr *attr;
1455 int wps2;
1456 int ret;
1457
1458 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
1459 if (attr == NULL) {
1460 ret = -99;
1461 goto _out;
1462 }
1463
1464
1465 if (tlvs == NULL) {
1466 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M2");
1467 ret = -1;
1468 goto _out;
1469 }
1470 if (wps_parse_msg(tlvs, attr) < 0) {
1471 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1472 "in M2");
1473 ret = -1;
1474 goto _out;
1475 }
1476
1477 wps2 = attr->version2 != NULL;
1478 if (wps_validate_version(attr->version, 1) ||
1479 wps_validate_msg_type(attr->msg_type, 1) ||
1480 wps_validate_enrollee_nonce(attr->enrollee_nonce, 1) ||
1481 wps_validate_registrar_nonce(attr->registrar_nonce, 1) ||
1482 wps_validate_uuid_r(attr->uuid_r, 1) ||
1483 wps_validate_public_key(attr->public_key, attr->public_key_len, 1) ||
1484 wps_validate_auth_type_flags(attr->auth_type_flags, 1) ||
1485 wps_validate_encr_type_flags(attr->encr_type_flags, 1) ||
1486 wps_validate_conn_type_flags(attr->conn_type_flags, 1) ||
1487 wps_validate_config_methods(attr->config_methods, wps2, 1) ||
1488 wps_validate_manufacturer(attr->manufacturer, attr->manufacturer_len,
1489 1) ||
1490 wps_validate_model_name(attr->model_name, attr->model_name_len, 1) ||
1491 wps_validate_model_number(attr->model_number, attr->model_number_len,
1492 1) ||
1493 wps_validate_serial_number(attr->serial_number,
1494 attr->serial_number_len, 1) ||
1495 wps_validate_primary_dev_type(attr->primary_dev_type, 1) ||
1496 wps_validate_dev_name(attr->dev_name, attr->dev_name_len, 1) ||
1497 wps_validate_rf_bands(attr->rf_bands, 1) ||
1498 wps_validate_assoc_state(attr->assoc_state, 1) ||
1499 wps_validate_config_error(attr->config_error, 1) ||
1500 wps_validate_dev_password_id(attr->dev_password_id, 1) ||
1501 wps_validate_os_version(attr->os_version, 1) ||
1502 wps_validate_version2(attr->version2, wps2) ||
1503 wps_validate_authenticator(attr->authenticator, 1)) {
1504 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M2");
1505 #ifdef WPS_STRICT_WPS2
1506 if (wps2) {
1507 ret = -1;
1508 goto _out;
1509 }
1510 #else /* WPS_STRICT_WPS2 */
1511 ret = -1;
1512 goto _out;
1513 #endif /* WPS_STRICT_WPS2 */
1514 }
1515
1516 ret = 0;
1517 _out:
1518 if (attr)
1519 os_free(attr);
1520
1521 return ret;
1522 }
1523
1524
wps_validate_m2d(const struct wpabuf * tlvs)1525 int wps_validate_m2d(const struct wpabuf *tlvs)
1526 {
1527 struct wps_parse_attr *attr;
1528 int wps2;
1529 int ret;
1530
1531 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
1532 if (attr == NULL) {
1533 ret = -99;
1534 goto _out;
1535 }
1536
1537 if (tlvs == NULL) {
1538 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M2D");
1539 ret = -1;
1540 goto _out;
1541 }
1542 if (wps_parse_msg(tlvs, attr) < 0) {
1543 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1544 "in M2D");
1545 ret = -1;
1546 goto _out;
1547 }
1548
1549 wps2 = attr->version2 != NULL;
1550 if (wps_validate_version(attr->version, 1) ||
1551 wps_validate_msg_type(attr->msg_type, 1) ||
1552 wps_validate_enrollee_nonce(attr->enrollee_nonce, 1) ||
1553 wps_validate_registrar_nonce(attr->registrar_nonce, 1) ||
1554 wps_validate_uuid_r(attr->uuid_r, 1) ||
1555 wps_validate_auth_type_flags(attr->auth_type_flags, 1) ||
1556 wps_validate_encr_type_flags(attr->encr_type_flags, 1) ||
1557 wps_validate_conn_type_flags(attr->conn_type_flags, 1) ||
1558 wps_validate_config_methods(attr->config_methods, wps2, 1) ||
1559 wps_validate_manufacturer(attr->manufacturer, attr->manufacturer_len,
1560 1) ||
1561 wps_validate_model_name(attr->model_name, attr->model_name_len, 1) ||
1562 wps_validate_model_number(attr->model_number, attr->model_number_len,
1563 1) ||
1564 wps_validate_serial_number(attr->serial_number,
1565 attr->serial_number_len, 1) ||
1566 wps_validate_primary_dev_type(attr->primary_dev_type, 1) ||
1567 wps_validate_dev_name(attr->dev_name, attr->dev_name_len, 1) ||
1568 wps_validate_rf_bands(attr->rf_bands, 1) ||
1569 wps_validate_assoc_state(attr->assoc_state, 1) ||
1570 wps_validate_config_error(attr->config_error, 1) ||
1571 wps_validate_os_version(attr->os_version, 1) ||
1572 wps_validate_version2(attr->version2, wps2)) {
1573 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M2D");
1574 #ifdef WPS_STRICT_WPS2
1575 if (wps2) {
1576 ret = -1;
1577 goto _out;
1578 }
1579 #else /* WPS_STRICT_WPS2 */
1580 ret = -1;
1581 goto _out;
1582 #endif /* WPS_STRICT_WPS2 */
1583 }
1584
1585 ret = 0;
1586 _out:
1587 if (attr)
1588 os_free(attr);
1589
1590 return ret;
1591 }
1592
1593
wps_validate_m3(const struct wpabuf * tlvs)1594 int wps_validate_m3(const struct wpabuf *tlvs)
1595 {
1596 struct wps_parse_attr *attr;
1597 int wps2;
1598 int ret;
1599
1600 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
1601 if (attr == NULL) {
1602 ret = -99;
1603 goto _out;
1604 }
1605
1606 if (tlvs == NULL) {
1607 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M3");
1608 ret = -1;
1609 goto _out;
1610 }
1611 if (wps_parse_msg(tlvs, attr) < 0) {
1612 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1613 "in M3");
1614 ret = -1;
1615 goto _out;
1616 }
1617
1618 wps2 = attr->version2 != NULL;
1619 if (wps_validate_version(attr->version, 1) ||
1620 wps_validate_msg_type(attr->msg_type, 1) ||
1621 wps_validate_registrar_nonce(attr->registrar_nonce, 1) ||
1622 wps_validate_e_hash1(attr->e_hash1, 1) ||
1623 wps_validate_e_hash2(attr->e_hash2, 1) ||
1624 wps_validate_version2(attr->version2, wps2) ||
1625 wps_validate_authenticator(attr->authenticator, 1)) {
1626 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M3");
1627 #ifdef WPS_STRICT_WPS2
1628 if (wps2) {
1629 ret = -1;
1630 goto _out;
1631 }
1632 #else /* WPS_STRICT_WPS2 */
1633 ret = -1;
1634 goto _out;
1635 #endif /* WPS_STRICT_WPS2 */
1636 }
1637
1638 ret = 0;
1639 _out:
1640 if (attr)
1641 os_free(attr);
1642
1643 return ret;
1644 }
1645
1646
wps_validate_m4(const struct wpabuf * tlvs)1647 int wps_validate_m4(const struct wpabuf *tlvs)
1648 {
1649 struct wps_parse_attr *attr;
1650 int wps2;
1651 int ret;
1652
1653 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
1654 if (attr == NULL) {
1655 ret = -99;
1656 goto _out;
1657 }
1658
1659 if (tlvs == NULL) {
1660 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M4");
1661 ret = -1;
1662 goto _out;
1663 }
1664 if (wps_parse_msg(tlvs, attr) < 0) {
1665 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1666 "in M4");
1667 ret = -1;
1668 goto _out;
1669 }
1670
1671 wps2 = attr->version2 != NULL;
1672 if (wps_validate_version(attr->version, 1) ||
1673 wps_validate_msg_type(attr->msg_type, 1) ||
1674 wps_validate_enrollee_nonce(attr->enrollee_nonce, 1) ||
1675 wps_validate_r_hash1(attr->r_hash1, 1) ||
1676 wps_validate_r_hash2(attr->r_hash2, 1) ||
1677 wps_validate_encr_settings(attr->encr_settings,
1678 attr->encr_settings_len, 1) ||
1679 wps_validate_version2(attr->version2, wps2) ||
1680 wps_validate_authenticator(attr->authenticator, 1)) {
1681 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M4");
1682 #ifdef WPS_STRICT_WPS2
1683 if (wps2) {
1684 ret = -1;
1685 goto _out;
1686 }
1687 #else /* WPS_STRICT_WPS2 */
1688 ret = -1;
1689 goto _out;
1690 #endif /* WPS_STRICT_WPS2 */
1691 }
1692
1693 ret = 0;
1694 _out:
1695 if (attr)
1696 os_free(attr);
1697
1698 return ret;
1699 }
1700
1701
wps_validate_m4_encr(const struct wpabuf * tlvs,int wps2)1702 int wps_validate_m4_encr(const struct wpabuf *tlvs, int wps2)
1703 {
1704 struct wps_parse_attr *attr;
1705 int ret;
1706
1707 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
1708 if (attr == NULL) {
1709 ret = -99;
1710 goto _out;
1711 }
1712
1713
1714 if (tlvs == NULL) {
1715 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M4 encrypted "
1716 "settings");
1717 ret = -1;
1718 goto _out;
1719 }
1720 if (wps_parse_msg(tlvs, attr) < 0) {
1721 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1722 "in M4 encrypted settings");
1723 ret = -1;
1724 goto _out;
1725 }
1726
1727 if (wps_validate_r_snonce1(attr->r_snonce1, 1) ||
1728 wps_validate_key_wrap_auth(attr->key_wrap_auth, 1)) {
1729 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M4 encrypted "
1730 "settings");
1731 #ifdef WPS_STRICT_WPS2
1732 if (wps2) {
1733 ret = -1;
1734 goto _out;
1735 }
1736 #else /* WPS_STRICT_WPS2 */
1737 ret = -1;
1738 goto _out;
1739 #endif /* WPS_STRICT_WPS2 */
1740 }
1741
1742 ret = 0;
1743 _out:
1744 if (attr)
1745 os_free(attr);
1746
1747 return ret;
1748 }
1749
1750
wps_validate_m5(const struct wpabuf * tlvs)1751 int wps_validate_m5(const struct wpabuf *tlvs)
1752 {
1753 struct wps_parse_attr *attr;
1754 int wps2;
1755 int ret;
1756
1757 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
1758 if (attr == NULL) {
1759 ret = -99;
1760 goto _out;
1761 }
1762
1763 if (tlvs == NULL) {
1764 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M5");
1765 ret = -1;
1766 goto _out;
1767 }
1768 if (wps_parse_msg(tlvs, attr) < 0) {
1769 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1770 "in M5");
1771 ret = -1;
1772 goto _out;
1773 }
1774
1775 wps2 = attr->version2 != NULL;
1776 if (wps_validate_version(attr->version, 1) ||
1777 wps_validate_msg_type(attr->msg_type, 1) ||
1778 wps_validate_registrar_nonce(attr->registrar_nonce, 1) ||
1779 wps_validate_encr_settings(attr->encr_settings,
1780 attr->encr_settings_len, 1) ||
1781 wps_validate_version2(attr->version2, wps2) ||
1782 wps_validate_authenticator(attr->authenticator, 1)) {
1783 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M5");
1784 #ifdef WPS_STRICT_WPS2
1785 if (wps2) {
1786 ret = -1;
1787 goto _out;
1788 }
1789 #else /* WPS_STRICT_WPS2 */
1790 ret = -1;
1791 goto _out;
1792 #endif /* WPS_STRICT_WPS2 */
1793 }
1794
1795 ret = 0;
1796 _out:
1797 if (attr)
1798 os_free(attr);
1799
1800 return ret;
1801 }
1802
1803
wps_validate_m5_encr(const struct wpabuf * tlvs,int wps2)1804 int wps_validate_m5_encr(const struct wpabuf *tlvs, int wps2)
1805 {
1806 struct wps_parse_attr *attr;
1807 int ret;
1808
1809 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
1810 if (attr == NULL) {
1811 ret = -99;
1812 goto _out;
1813 }
1814
1815 if (tlvs == NULL) {
1816 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M5 encrypted "
1817 "settings");
1818 ret = -1;
1819 goto _out;
1820 }
1821 if (wps_parse_msg(tlvs, attr) < 0) {
1822 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1823 "in M5 encrypted settings");
1824 ret = -1;
1825 goto _out;
1826 }
1827
1828 if (wps_validate_e_snonce1(attr->e_snonce1, 1) ||
1829 wps_validate_key_wrap_auth(attr->key_wrap_auth, 1)) {
1830 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M5 encrypted "
1831 "settings");
1832 #ifdef WPS_STRICT_WPS2
1833 if (wps2) {
1834 ret = -1;
1835 goto _out;
1836 }
1837 #else /* WPS_STRICT_WPS2 */
1838 ret = -1;
1839 goto _out;
1840 #endif /* WPS_STRICT_WPS2 */
1841 }
1842
1843 ret = 0;
1844 _out:
1845 if (attr)
1846 os_free(attr);
1847
1848 return ret;
1849 }
1850
1851
wps_validate_m6(const struct wpabuf * tlvs)1852 int wps_validate_m6(const struct wpabuf *tlvs)
1853 {
1854 struct wps_parse_attr *attr;
1855 int wps2;
1856 int ret;
1857
1858 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
1859 if (attr == NULL) {
1860 ret = -99;
1861 goto _out;
1862 }
1863
1864 if (tlvs == NULL) {
1865 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M6");
1866 ret = -1;
1867 goto _out;
1868 }
1869 if (wps_parse_msg(tlvs, attr) < 0) {
1870 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1871 "in M6");
1872 ret = -1;
1873 goto _out;
1874 }
1875
1876 wps2 = attr->version2 != NULL;
1877 if (wps_validate_version(attr->version, 1) ||
1878 wps_validate_msg_type(attr->msg_type, 1) ||
1879 wps_validate_enrollee_nonce(attr->enrollee_nonce, 1) ||
1880 wps_validate_encr_settings(attr->encr_settings,
1881 attr->encr_settings_len, 1) ||
1882 wps_validate_version2(attr->version2, wps2) ||
1883 wps_validate_authenticator(attr->authenticator, 1)) {
1884 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M6");
1885 #ifdef WPS_STRICT_WPS2
1886 if (wps2) {
1887 ret = -1;
1888 goto _out;
1889 }
1890 #else /* WPS_STRICT_WPS2 */
1891 ret = -1;
1892 goto _out;
1893 #endif /* WPS_STRICT_WPS2 */
1894 }
1895
1896 ret = 0;
1897 _out:
1898 if (attr)
1899 os_free(attr);
1900
1901 return ret;
1902 }
1903
1904
wps_validate_m6_encr(const struct wpabuf * tlvs,int wps2)1905 int wps_validate_m6_encr(const struct wpabuf *tlvs, int wps2)
1906 {
1907 struct wps_parse_attr *attr;
1908 int ret;
1909
1910 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
1911 if (attr == NULL) {
1912 ret = -99;
1913 goto _out;
1914 }
1915
1916 if (tlvs == NULL) {
1917 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M6 encrypted "
1918 "settings");
1919 ret = -1;
1920 goto _out;
1921 }
1922 if (wps_parse_msg(tlvs, attr) < 0) {
1923 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1924 "in M6 encrypted settings");
1925 ret = -1;
1926 goto _out;
1927 }
1928
1929 if (wps_validate_r_snonce2(attr->r_snonce2, 1) ||
1930 wps_validate_key_wrap_auth(attr->key_wrap_auth, 1)) {
1931 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M6 encrypted "
1932 "settings");
1933 #ifdef WPS_STRICT_WPS2
1934 if (wps2) {
1935 ret = -1;
1936 goto _out;
1937 }
1938 #else /* WPS_STRICT_WPS2 */
1939 ret = -1;
1940 goto _out;
1941 #endif /* WPS_STRICT_WPS2 */
1942 }
1943
1944 ret = 0;
1945 _out:
1946 if (attr)
1947 os_free(attr);
1948
1949 return ret;
1950 }
1951
1952
wps_validate_m7(const struct wpabuf * tlvs)1953 int wps_validate_m7(const struct wpabuf *tlvs)
1954 {
1955 struct wps_parse_attr *attr;
1956 int wps2;
1957 int ret;
1958
1959 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
1960 if (attr == NULL) {
1961 ret = -99;
1962 goto _out;
1963 }
1964
1965 if (tlvs == NULL) {
1966 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M7");
1967 ret = -1;
1968 goto _out;
1969 }
1970 if (wps_parse_msg(tlvs, attr) < 0) {
1971 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
1972 "in M7");
1973 ret = -1;
1974 goto _out;
1975 }
1976
1977 wps2 = attr->version2 != NULL;
1978 if (wps_validate_version(attr->version, 1) ||
1979 wps_validate_msg_type(attr->msg_type, 1) ||
1980 wps_validate_registrar_nonce(attr->registrar_nonce, 1) ||
1981 wps_validate_encr_settings(attr->encr_settings,
1982 attr->encr_settings_len, 1) ||
1983 wps_validate_settings_delay_time(attr->settings_delay_time, 0) ||
1984 wps_validate_version2(attr->version2, wps2) ||
1985 wps_validate_authenticator(attr->authenticator, 1)) {
1986 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M7");
1987 #ifdef WPS_STRICT_WPS2
1988 if (wps2) {
1989 ret = -1;
1990 goto _out;
1991 }
1992 #else /* WPS_STRICT_WPS2 */
1993 ret = -1;
1994 goto _out;
1995 #endif /* WPS_STRICT_WPS2 */
1996 }
1997
1998 ret = 0;
1999 _out:
2000 if (attr)
2001 os_free(attr);
2002
2003 return ret;
2004 }
2005
2006
wps_validate_m7_encr(const struct wpabuf * tlvs,int ap,int wps2)2007 int wps_validate_m7_encr(const struct wpabuf *tlvs, int ap, int wps2)
2008 {
2009 struct wps_parse_attr *attr;
2010 int ret;
2011
2012 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
2013 if (attr == NULL) {
2014 ret = -99;
2015 goto _out;
2016 }
2017
2018 if (tlvs == NULL) {
2019 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M7 encrypted "
2020 "settings");
2021 ret = -1;
2022 goto _out;
2023 }
2024 if (wps_parse_msg(tlvs, attr) < 0) {
2025 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
2026 "in M7 encrypted settings");
2027 ret = -1;
2028 goto _out;
2029 }
2030
2031 if (wps_validate_e_snonce2(attr->e_snonce2, 1) ||
2032 wps_validate_ssid(attr->ssid, attr->ssid_len, !ap) ||
2033 wps_validate_mac_addr(attr->mac_addr, !ap) ||
2034 wps_validate_auth_type(attr->auth_type, !ap) ||
2035 wps_validate_encr_type(attr->encr_type, !ap) ||
2036 wps_validate_network_key_index(attr->network_key_idx, 0) ||
2037 wps_validate_network_key(attr->network_key, attr->network_key_len,
2038 attr->encr_type, !ap) ||
2039 wps_validate_key_wrap_auth(attr->key_wrap_auth, 1)) {
2040 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M7 encrypted "
2041 "settings");
2042 #ifdef WPS_STRICT_WPS2
2043 if (wps2) {
2044 ret = -1;
2045 goto _out;
2046 }
2047 #else /* WPS_STRICT_WPS2 */
2048 ret = -1;
2049 goto _out;
2050 #endif /* WPS_STRICT_WPS2 */
2051 }
2052
2053 ret = 0;
2054 _out:
2055 if (attr)
2056 os_free(attr);
2057
2058 return ret;
2059 }
2060
2061
wps_validate_m8(const struct wpabuf * tlvs)2062 int wps_validate_m8(const struct wpabuf *tlvs)
2063 {
2064 struct wps_parse_attr *attr;
2065 int wps2;
2066 int ret;
2067
2068 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
2069 if (attr == NULL) {
2070 ret = -99;
2071 goto _out;
2072 }
2073
2074 if (tlvs == NULL) {
2075 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M8");
2076 ret = -1;
2077 goto _out;
2078 }
2079 if (wps_parse_msg(tlvs, attr) < 0) {
2080 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
2081 "in M8");
2082 ret = -1;
2083 goto _out;
2084 }
2085
2086 wps2 = attr->version2 != NULL;
2087 if (wps_validate_version(attr->version, 1) ||
2088 wps_validate_msg_type(attr->msg_type, 1) ||
2089 wps_validate_enrollee_nonce(attr->enrollee_nonce, 1) ||
2090 wps_validate_encr_settings(attr->encr_settings,
2091 attr->encr_settings_len, 1) ||
2092 wps_validate_version2(attr->version2, wps2) ||
2093 wps_validate_authenticator(attr->authenticator, 1)) {
2094 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M8");
2095 #ifdef WPS_STRICT_WPS2
2096 if (wps2) {
2097 ret = -1;
2098 goto _out;
2099 }
2100 #else /* WPS_STRICT_WPS2 */
2101 ret = -1;
2102 goto _out;
2103 #endif /* WPS_STRICT_WPS2 */
2104 }
2105
2106 ret = 0;
2107 _out:
2108 if (attr)
2109 os_free(attr);
2110
2111 return ret;
2112 }
2113
2114
wps_validate_m8_encr(const struct wpabuf * tlvs,int ap,int wps2)2115 int wps_validate_m8_encr(const struct wpabuf *tlvs, int ap, int wps2)
2116 {
2117 struct wps_parse_attr *attr;
2118 int ret;
2119
2120 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
2121 if (attr == NULL) {
2122 ret = -99;
2123 goto _out;
2124 }
2125
2126 if (tlvs == NULL) {
2127 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in M8 encrypted "
2128 "settings");
2129 ret = -1;
2130 goto _out;
2131 }
2132 if (wps_parse_msg(tlvs, attr) < 0) {
2133 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
2134 "in M8 encrypted settings");
2135 ret = -1;
2136 goto _out;
2137 }
2138
2139 if (wps_validate_ssid(attr->ssid, attr->ssid_len, ap) ||
2140 wps_validate_auth_type(attr->auth_type, ap) ||
2141 wps_validate_encr_type(attr->encr_type, ap) ||
2142 wps_validate_network_key_index(attr->network_key_idx, 0) ||
2143 wps_validate_mac_addr(attr->mac_addr, ap) ||
2144 wps_validate_credential(attr->cred, attr->cred_len, attr->num_cred,
2145 !ap) ||
2146 wps_validate_key_wrap_auth(attr->key_wrap_auth, 1)) {
2147 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid M8 encrypted "
2148 "settings");
2149 #ifdef WPS_STRICT_WPS2
2150 if (wps2) {
2151 ret = -1;
2152 goto _out;
2153 }
2154 #else /* WPS_STRICT_WPS2 */
2155 ret = -1;
2156 goto _out;
2157 #endif /* WPS_STRICT_WPS2 */
2158 }
2159
2160 ret = 0;
2161 _out:
2162 if (attr)
2163 os_free(attr);
2164
2165 return ret;
2166 }
2167
2168
wps_validate_wsc_ack(const struct wpabuf * tlvs)2169 int wps_validate_wsc_ack(const struct wpabuf *tlvs)
2170 {
2171 struct wps_parse_attr *attr;
2172 int wps2;
2173 int ret;
2174
2175 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
2176 if (attr == NULL) {
2177 ret = -99;
2178 goto _out;
2179 }
2180
2181 if (tlvs == NULL) {
2182 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in WSC_ACK");
2183 ret = -1;
2184 goto _out;
2185 }
2186 if (wps_parse_msg(tlvs, attr) < 0) {
2187 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
2188 "in WSC_ACK");
2189 ret = -1;
2190 goto _out;
2191 }
2192
2193 wps2 = attr->version2 != NULL;
2194 if (wps_validate_version(attr->version, 1) ||
2195 wps_validate_msg_type(attr->msg_type, 1) ||
2196 wps_validate_enrollee_nonce(attr->enrollee_nonce, 1) ||
2197 wps_validate_registrar_nonce(attr->registrar_nonce, 1) ||
2198 wps_validate_version2(attr->version2, wps2)) {
2199 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid WSC_ACK");
2200 #ifdef WPS_STRICT_WPS2
2201 if (wps2) {
2202 ret = -1;
2203 goto _out;
2204 }
2205 #else /* WPS_STRICT_WPS2 */
2206 ret = -1;
2207 goto _out;
2208 #endif /* WPS_STRICT_WPS2 */
2209 }
2210
2211 ret = 0;
2212 _out:
2213 if (attr)
2214 os_free(attr);
2215
2216 return ret;
2217 }
2218
2219
wps_validate_wsc_nack(const struct wpabuf * tlvs)2220 int wps_validate_wsc_nack(const struct wpabuf *tlvs)
2221 {
2222 struct wps_parse_attr *attr;
2223 int wps2;
2224 int ret;
2225
2226 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
2227 if (attr == NULL) {
2228 ret = -99;
2229 goto _out;
2230 }
2231
2232 if (tlvs == NULL) {
2233 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in WSC_NACK");
2234 ret = -1;
2235 }
2236 if (wps_parse_msg(tlvs, attr) < 0) {
2237 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
2238 "in WSC_NACK");
2239 ret = -1;
2240 goto _out;
2241 }
2242
2243 wps2 = attr->version2 != NULL;
2244 if (wps_validate_version(attr->version, 1) ||
2245 wps_validate_msg_type(attr->msg_type, 1) ||
2246 wps_validate_enrollee_nonce(attr->enrollee_nonce, 1) ||
2247 wps_validate_registrar_nonce(attr->registrar_nonce, 1) ||
2248 wps_validate_config_error(attr->config_error, 1) ||
2249 wps_validate_version2(attr->version2, wps2)) {
2250 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid WSC_NACK");
2251 #ifdef WPS_STRICT_WPS2
2252 if (wps2) {
2253 ret = -1;
2254 goto _out;
2255 }
2256 #else /* WPS_STRICT_WPS2 */
2257 goto _out;
2258 ret = -1;
2259 #endif /* WPS_STRICT_WPS2 */
2260 }
2261
2262 ret = 0;
2263 _out:
2264 if (attr)
2265 os_free(attr);
2266
2267 return ret;
2268 }
2269
2270
wps_validate_wsc_done(const struct wpabuf * tlvs)2271 int wps_validate_wsc_done(const struct wpabuf *tlvs)
2272 {
2273 struct wps_parse_attr *attr;
2274 int wps2;
2275 int ret;
2276
2277 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
2278 if (attr == NULL) {
2279 ret = -99;
2280 goto _out;
2281 }
2282
2283 if (tlvs == NULL) {
2284 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in WSC_Done");
2285 ret = -1;
2286 goto _out;
2287 }
2288 if (wps_parse_msg(tlvs, attr) < 0) {
2289 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
2290 "in WSC_Done");
2291 ret = -1;
2292 goto _out;
2293 }
2294
2295 wps2 = attr->version2 != NULL;
2296 if (wps_validate_version(attr->version, 1) ||
2297 wps_validate_msg_type(attr->msg_type, 1) ||
2298 wps_validate_enrollee_nonce(attr->enrollee_nonce, 1) ||
2299 wps_validate_registrar_nonce(attr->registrar_nonce, 1) ||
2300 wps_validate_version2(attr->version2, wps2)) {
2301 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid WSC_Done");
2302 #ifdef WPS_STRICT_WPS2
2303 if (wps2) {
2304 ret = -1;
2305 goto _out;
2306 }
2307 #else /* WPS_STRICT_WPS2 */
2308 ret = -1;
2309 goto _out;
2310 #endif /* WPS_STRICT_WPS2 */
2311 }
2312
2313 ret = 0;
2314 _out:
2315 if (attr)
2316 os_free(attr);
2317
2318 return ret;
2319 }
2320
2321
wps_validate_upnp_set_selected_registrar(const struct wpabuf * tlvs)2322 int wps_validate_upnp_set_selected_registrar(const struct wpabuf *tlvs)
2323 {
2324 struct wps_parse_attr *attr;
2325 int wps2;
2326 int sel_reg;
2327 int ret;
2328
2329 attr = (struct wps_parse_attr *)os_zalloc(sizeof(struct wps_parse_attr));
2330 if (attr == NULL) {
2331 ret = -99;
2332 goto _out;
2333 }
2334
2335 if (tlvs == NULL) {
2336 wpa_printf(MSG_INFO, "WPS-STRICT: No TLVs in "
2337 "SetSelectedRegistrar");
2338 ret = -1;
2339 goto _out;
2340 }
2341 if (wps_parse_msg(tlvs, attr) < 0) {
2342 wpa_printf(MSG_INFO, "WPS-STRICT: Failed to parse attributes "
2343 "in SetSelectedRegistrar");
2344 ret = -1;
2345 goto _out;
2346 }
2347
2348 wps2 = attr->version2 != NULL;
2349 sel_reg = attr->selected_registrar != NULL &&
2350 *attr->selected_registrar != 0;
2351 if (wps_validate_version(attr->version, 1) ||
2352 wps_validate_dev_password_id(attr->dev_password_id, sel_reg) ||
2353 wps_validate_sel_reg_config_methods(attr->sel_reg_config_methods,
2354 wps2, sel_reg) ||
2355 wps_validate_version2(attr->version2, wps2) ||
2356 wps_validate_authorized_macs(attr->authorized_macs,
2357 attr->authorized_macs_len, wps2) ||
2358 wps_validate_uuid_r(attr->uuid_r, wps2)) {
2359 wpa_printf(MSG_INFO, "WPS-STRICT: Invalid "
2360 "SetSelectedRegistrar");
2361 #ifdef WPS_STRICT_WPS2
2362 if (wps2) {
2363 ret = -1;
2364 goto _out;
2365 }
2366 #else /* WPS_STRICT_WPS2 */
2367 ret -1;
2368 goto _out;
2369 #endif /* WPS_STRICT_WPS2 */
2370 }
2371
2372 ret = 0;
2373 _out:
2374 if (attr)
2375 os_free(attr);
2376
2377 return ret;
2378 }
2379
