mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-17 18:34:03 -05:00
WPS: Change wpa_supplicant wps_reg to not send out M8
Since we do not currently support changing the AP settings received from M7, there is no point in actually sending out the M8 that would likely trigger the AP to reconfigure itself and potentially reboot. For now, we just receive the AP settings in M7 and add a local network configuration block based on those, but NACK the message. This makes wps_reg work like wps_pin, but by using the AP PIN instead of a client PIN.
This commit is contained in:
parent
a5b73cc49d
commit
4625a47f4b
@ -2019,6 +2019,28 @@ static enum wps_process_res wps_process_m5(struct wps_data *wps,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void wps_sta_cred_cb(struct wps_data *wps)
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* Update credential to only include a single authentication and
|
||||||
|
* encryption type in case the AP configuration includes more than one
|
||||||
|
* option.
|
||||||
|
*/
|
||||||
|
if (wps->cred.auth_type & WPS_AUTH_WPA2PSK)
|
||||||
|
wps->cred.auth_type = WPS_AUTH_WPA2PSK;
|
||||||
|
else if (wps->cred.auth_type & WPS_AUTH_WPAPSK)
|
||||||
|
wps->cred.auth_type = WPS_AUTH_WPAPSK;
|
||||||
|
if (wps->cred.encr_type & WPS_ENCR_AES)
|
||||||
|
wps->cred.encr_type = WPS_ENCR_AES;
|
||||||
|
else if (wps->cred.encr_type & WPS_ENCR_TKIP)
|
||||||
|
wps->cred.encr_type = WPS_ENCR_TKIP;
|
||||||
|
wpa_printf(MSG_DEBUG, "WPS: Update local configuration based on the "
|
||||||
|
"AP configuration");
|
||||||
|
if (wps->wps->cred_cb)
|
||||||
|
wps->wps->cred_cb(wps->wps->cb_ctx, &wps->cred);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static int wps_process_ap_settings_r(struct wps_data *wps,
|
static int wps_process_ap_settings_r(struct wps_data *wps,
|
||||||
struct wps_parse_attr *attr)
|
struct wps_parse_attr *attr)
|
||||||
{
|
{
|
||||||
@ -2031,12 +2053,21 @@ static int wps_process_ap_settings_r(struct wps_data *wps,
|
|||||||
|
|
||||||
wpa_printf(MSG_INFO, "WPS: Received old AP configuration from AP");
|
wpa_printf(MSG_INFO, "WPS: Received old AP configuration from AP");
|
||||||
|
|
||||||
|
#if 0
|
||||||
/*
|
/*
|
||||||
* TODO: Provide access to AP settings and allow changes before sending
|
* TODO: Provide access to AP settings and allow changes before sending
|
||||||
* out M8. For now, just copy the settings unchanged into M8.
|
* out M8. For now, just copy the settings unchanged into M8.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
#else
|
||||||
|
/*
|
||||||
|
* For now, use the AP PIN only to receive the current AP settings,
|
||||||
|
* not to reconfigure the AP.
|
||||||
|
*/
|
||||||
|
wps_sta_cred_cb(wps);
|
||||||
|
return 1;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -2404,25 +2435,8 @@ static enum wps_process_res wps_process_wsc_done(struct wps_data *wps,
|
|||||||
wps->new_psk = NULL;
|
wps->new_psk = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!wps->wps->ap) {
|
if (!wps->wps->ap)
|
||||||
/*
|
wps_sta_cred_cb(wps);
|
||||||
* Update credential to only include a single authentication
|
|
||||||
* and encryption type in case the AP configuration includes
|
|
||||||
* more than one option.
|
|
||||||
*/
|
|
||||||
if (wps->cred.auth_type & WPS_AUTH_WPA2PSK)
|
|
||||||
wps->cred.auth_type = WPS_AUTH_WPA2PSK;
|
|
||||||
else if (wps->cred.auth_type & WPS_AUTH_WPAPSK)
|
|
||||||
wps->cred.auth_type = WPS_AUTH_WPAPSK;
|
|
||||||
if (wps->cred.encr_type & WPS_ENCR_AES)
|
|
||||||
wps->cred.encr_type = WPS_ENCR_AES;
|
|
||||||
else if (wps->cred.encr_type & WPS_ENCR_TKIP)
|
|
||||||
wps->cred.encr_type = WPS_ENCR_TKIP;
|
|
||||||
wpa_printf(MSG_DEBUG, "WPS: Update local configuration based "
|
|
||||||
"on the modified AP configuration");
|
|
||||||
if (wps->wps->cred_cb)
|
|
||||||
wps->wps->cred_cb(wps->wps->cb_ctx, &wps->cred);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (wps->new_psk) {
|
if (wps->new_psk) {
|
||||||
if (wps_cb_new_psk(wps->wps->registrar, wps->mac_addr_e,
|
if (wps_cb_new_psk(wps->wps->registrar, wps->mac_addr_e,
|
||||||
|
@ -131,13 +131,18 @@ negotiation which will generate a new WPA PSK in the same way as the
|
|||||||
PIN method described above.
|
PIN method described above.
|
||||||
|
|
||||||
|
|
||||||
If the client wants to operation in the Registrar role to configure an
|
If the client wants to operate in the Registrar role to configure an
|
||||||
AP, wpa_supplicant is notified over the control interface, e.g., with
|
AP, wpa_supplicant is notified over the control interface, e.g., with
|
||||||
wpa_cli:
|
wpa_cli:
|
||||||
|
|
||||||
wpa_cli wps_reg <AP BSSID> <AP PIN>
|
wpa_cli wps_reg <AP BSSID> <AP PIN>
|
||||||
(example: wpa_cli wps_reg 02:34:56:78:9a:bc 12345670)
|
(example: wpa_cli wps_reg 02:34:56:78:9a:bc 12345670)
|
||||||
|
|
||||||
|
This is currently only used to fetch the current AP settings instead
|
||||||
|
of actually changing them. The main difference with the wps_pin
|
||||||
|
command is that wps_reg uses the AP PIN (e.g., from a label on the AP)
|
||||||
|
instead of a PIN generated at the client.
|
||||||
|
|
||||||
|
|
||||||
Scanning
|
Scanning
|
||||||
--------
|
--------
|
||||||
|
Loading…
Reference in New Issue
Block a user