[v3,10/12] wpa_supplicant: support Multi-AP backhaul STA onboarding

From: Davina Lu <ylu@quantenna.com>

The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a
backhaul STA through WPS. To enable this, the backhaul STA needs to add
a Multi-AP IE to the WFA vendor extension element in the WSC M1 message
that indicates it supports the Multi-AP backhaul STA role. The registrar
(if it support Multi-AP onboarding) will respond to that with a WSC M8
message that also contains the Multi-AP IE, and that contains the
credentials for the backhaul SSID (which may be different from the SSID
on which WPS is performed).

Introduce a new, global configuration option multi_ap_backhaul_sta to
enable this feature. It has to be separate from the per-SSID
multi_ap_backhaul_sta option since no SSID exists yet when WPS is
performed. multi_ap_backhaul_sta is set to 1 in the automatically
created SSID. Thus, if the AP does not support Multi-AP, association
will fail and WPS will be terminated.

Only wps_pbc is supported.

Extend wps_build_wfa_ext() with an extra argument to add the additional
subelement to a WPS message, and use this when building M1. Note that we
don't reuse the existing MULTI_AP_SUB_ELEM_TYPE definition here, but
rather define a new WFA_ELEM_MULTI_AP, to make sure the enum of WFA
subelement types remains complete.

Signed-off-by: Davina Lu <ylu@quantenna.com>
Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
---
 src/p2p/p2p_build.c                |  2 +-
 src/wps/wps.c                      |  6 +++---
 src/wps/wps.h                      |  6 ++++++
 src/wps/wps_attr_build.c           | 10 +++++++++-
 src/wps/wps_common.c               | 16 ++++++++--------
 src/wps/wps_defs.h                 |  3 ++-
 src/wps/wps_enrollee.c             | 14 +++++++++-----
 src/wps/wps_er.c                   |  4 ++--
 src/wps/wps_i.h                    |  3 ++-
 src/wps/wps_registrar.c            | 14 +++++++-------
 src/wps/wps_upnp.c                 |  2 +-
 wpa_supplicant/config.c            |  1 +
 wpa_supplicant/config.h            |  2 ++
 wpa_supplicant/config_file.c       |  4 ++++
 wpa_supplicant/wpa_supplicant.conf |  5 +++++
 wpa_supplicant/wps_supplicant.c    | 13 ++++++++++++-
 16 files changed, 74 insertions(+), 31 deletions(-)

On Wed, Dec 05, 2018 at 11:24:00AM +0100, Arnout Vandecappelle (Essensium/Mind) wrote:
> Introduce a new, global configuration option multi_ap_backhaul_sta to
> enable this feature. It has to be separate from the per-SSID
> multi_ap_backhaul_sta option since no SSID exists yet when WPS is
> performed. multi_ap_backhaul_sta is set to 1 in the automatically
> created SSID. Thus, if the AP does not support Multi-AP, association
> will fail and WPS will be terminated.

Why would this configuration parameter be needed? I thought I already
suggested that it would be better to indicate this as a parameter
specific to each instance of WPS provisioning, i.e., as a new optional
argument to the WPS_PBC control interface command. In other words,
wpas_wps_start_pbc() should get this from the caller and
wpa_supplicant_wps_cred() should get this from a new field added into
struct wps_credential.

On 20/12/2018 11:19, Jouni Malinen wrote:
> On Wed, Dec 05, 2018 at 11:24:00AM +0100, Arnout Vandecappelle (Essensium/Mind) wrote:
>> Introduce a new, global configuration option multi_ap_backhaul_sta to
>> enable this feature. It has to be separate from the per-SSID
>> multi_ap_backhaul_sta option since no SSID exists yet when WPS is
>> performed. multi_ap_backhaul_sta is set to 1 in the automatically
>> created SSID. Thus, if the AP does not support Multi-AP, association
>> will fail and WPS will be terminated.
> 
> Why would this configuration parameter be needed? I thought I already
> suggested

 I either missed that or misinterpreted it.

> that it would be better to indicate this as a parameter
> specific to each instance of WPS provisioning, i.e., as a new optional
> argument to the WPS_PBC control interface command.

 That makes sense.

> In other words,
> wpas_wps_start_pbc() should get this from the caller

 So an extra argument to wpas_wps_start_pbc, right?

 I guess then it should be added also to:

* wpa_cli;
* new D-Bus interface;
* (for OpenWrt only: ubus interface);

but not to:

* old D-Bus interfae;
* p2p enrollment.

 And I'm not sure what to do with EVENT_WPS_BUTTON_PUSHED. But the only caller
of that is apparently some atheros driver.

> and
> wpa_supplicant_wps_cred() should get this from a new field added into
> struct wps_credential. 

 Wouldn't struct wps_data be more appropriate? It's not very clear to me where
that gets initialized though... But actually, the same goes for wps_credential.
Is it possible that both of these only get initialized after
wpas_wps_start_pbc() has already returned?

 Maybe the best way to pass it on would be through the phase1 config string?
Although it feels like a bit of a hack to me, it looks like that is the way to
pass down context information into EAP, right?

 Regards,
 Arnout

Hi Jouni,

 I forgot to ask in my earlier reply...

On 05/12/2018 11:24, Arnout Vandecappelle (Essensium/Mind) wrote:
> diff --git a/src/p2p/p2p_build.c b/src/p2p/p2p_build.c
> index 2882c6ad0..63eb2e84c 100644
> --- a/src/p2p/p2p_build.c
> +++ b/src/p2p/p2p_build.c
> @@ -802,7 +802,7 @@ int p2p_build_wps_ie(struct p2p_data *p2p, struct wpabuf *buf, int pw_id,
>  		wpabuf_put_be16(buf, p2p->cfg->config_methods);
>  	}
>  
> -	if (wps_build_wfa_ext(buf, 0, NULL, 0) < 0)
> +	if (wps_build_wfa_ext(buf, 0, NULL, 0, 0) < 0)

 These small changes make the patch very big and perhaps hard to review. Would
you like me to split off the additional argument to wps_build_wfa_ext as a
separate patch?

 Regards,
 Arnout


>  		return -1;
>  
>  	if (all_attr && p2p->cfg->num_sec_dev_types) {

On Tue, Jan 08, 2019 at 11:04:42AM +0100, Arnout Vandecappelle wrote:
> On 05/12/2018 11:24, Arnout Vandecappelle (Essensium/Mind) wrote:
> > diff --git a/src/p2p/p2p_build.c b/src/p2p/p2p_build.c
> > -	if (wps_build_wfa_ext(buf, 0, NULL, 0) < 0)
> > +	if (wps_build_wfa_ext(buf, 0, NULL, 0, 0) < 0)
> 
>  These small changes make the patch very big and perhaps hard to review. Would
> you like me to split off the additional argument to wps_build_wfa_ext as a
> separate patch?

That would certainly make it easier to review the real functional
changes, so yes, that's the preferred approach for this type of
refactoring cases needed for new functionality.

On Mon, Jan 07, 2019 at 03:56:24PM +0100, Arnout Vandecappelle wrote:
> On 20/12/2018 11:19, Jouni Malinen wrote:
> > that it would be better to indicate this as a parameter
> > specific to each instance of WPS provisioning, i.e., as a new optional
> > argument to the WPS_PBC control interface command.
> 
>  That makes sense.
> 
> > In other words,
> > wpas_wps_start_pbc() should get this from the caller
> 
>  So an extra argument to wpas_wps_start_pbc, right?

Yes.

>  I guess then it should be added also to:
> 
> * wpa_cli;

wpa_cli is already accepting arbitrary number of arguments to WPS_PBC.

> * new D-Bus interface;

If we expect this functionality to be used over D-Bus, sure.

> * (for OpenWrt only: ubus interface);

Sounds reasonable.

> but not to:
> 
> * old D-Bus interfae;
> * p2p enrollment.

Agreed.

>  And I'm not sure what to do with EVENT_WPS_BUTTON_PUSHED. But the only caller
> of that is apparently some atheros driver.

I'd ignore that for this, i.e., that wpas_wps_start_pbc() call should
just note that there was no request for Multi-AP.

> > and
> > wpa_supplicant_wps_cred() should get this from a new field added into
> > struct wps_credential. 
> 
>  Wouldn't struct wps_data be more appropriate? It's not very clear to me where
> that gets initialized though... But actually, the same goes for wps_credential.

wpa_supplicant_wps_cred() gets called with information parsed from M8,
so this should be filled based on what the Registrar told us. I don't
see why struct wps_data would be involved in that part (i.e., processing
of a received Credential).

> Is it possible that both of these only get initialized after
> wpas_wps_start_pbc() has already returned?

Yes and not only possible, but that will happen in practice every time.

>  Maybe the best way to pass it on would be through the phase1 config string?
> Although it feels like a bit of a hack to me, it looks like that is the way to
> pass down context information into EAP, right?

So this is a bit different direction, i.e., configuration of the local
WPS Enrollee behavior for the request information while the comment
about wpa_supplicant_wps_cred() was on how to process the response
information. Anyway, yes, this is a bit complex due to the way the EAP
peer implementation is kept as a separate module between core
wpa_supplicant and WPS module. I did not consider details for that part,
but yes, a new parameter within the phase1 config string seems to make
most sense for getting information about the new optional WPS_PBC
argument to the actual WPS Enrollee implementation which needs to
generate the WSC messages with some additional information.

On 08/01/2019 12:04, Jouni Malinen wrote:
> On Mon, Jan 07, 2019 at 03:56:24PM +0100, Arnout Vandecappelle wrote:
>> On 20/12/2018 11:19, Jouni Malinen wrote:
[snip]
>>> wpa_supplicant_wps_cred() should get this from a new field added into
>>> struct wps_credential. 
>>
>>  Wouldn't struct wps_data be more appropriate? It's not very clear to me where
>> that gets initialized though... But actually, the same goes for wps_credential.
> 
> wpa_supplicant_wps_cred() gets called with information parsed from M8,
> so this should be filled based on what the Registrar told us. 

 Unfortunately, the registrar doesn't tell us anything. The M8 does NOT contain
the Multi-AP IE.

 However, wpa_supplicant_wps_cred has access to the current_ssid which has the
multi_ap setting. In fact, this bit of the patch:

+	if (wpa_s->conf->multi_ap_backhaul_sta)
+		ssid->multi_ap_backhaul_sta = 1;
+	else
+		ssid->multi_ap_backhaul_sta = 0;

is probably (I should check) redundant because the multi_ap_backhaul_sta bit is
already set in wpas_wps_start_pbc().

 I notice now, however, that the multi_ap_backhaul_sta option is missing from
wpa_config_write_network().


> I don't
> see why struct wps_data would be involved in that part (i.e., processing
> of a received Credential).
> 
>> Is it possible that both of these only get initialized after
>> wpas_wps_start_pbc() has already returned?
> 
> Yes and not only possible, but that will happen in practice every time.
> 
>>  Maybe the best way to pass it on would be through the phase1 config string?
>> Although it feels like a bit of a hack to me, it looks like that is the way to
>> pass down context information into EAP, right?
> 
> So this is a bit different direction, i.e., configuration of the local
> WPS Enrollee behavior for the request information while the comment
> about wpa_supplicant_wps_cred() was on how to process the response
> information.

 Indeed I was mixing those two.


> Anyway, yes, this is a bit complex due to the way the EAP
> peer implementation is kept as a separate module between core
> wpa_supplicant and WPS module. I did not consider details for that part,
> but yes, a new parameter within the phase1 config string seems to make
> most sense for getting information about the new optional WPS_PBC
> argument to the actual WPS Enrollee implementation which needs to
> generate the WSC messages with some additional information.

 OK, thanks.

 Regards,
 Arnout

On Tue, Jan 08, 2019 at 04:05:35PM +0100, Arnout Vandecappelle wrote:
> On 08/01/2019 12:04, Jouni Malinen wrote:
> > wpa_supplicant_wps_cred() gets called with information parsed from M8,
> > so this should be filled based on what the Registrar told us. 
> 
>  Unfortunately, the registrar doesn't tell us anything. The M8 does NOT contain
> the Multi-AP IE.

That sounds like a bad protocol design to me..

>  However, wpa_supplicant_wps_cred has access to the current_ssid which has the
> multi_ap setting.

I'd be a bit careful with wpa_s->current_ssid there.. It does not
actually have to be set in some WPS use cases. Anyway, for the Multi-AP
PBC case, I think this will in practice always be pointing to the
network profile where the extra parameter from WPS_PBC would be present.
Anyway, I would also be fine in adding a new flag in struct
wpa_supplicant for tracking this type of pending state for WPS, if
required.

Hi Jouni,

On Tue, Jan 08, 2019 at 01:04:37PM +0200, Jouni Malinen wrote:
> On Mon, Jan 07, 2019 at 03:56:24PM +0100, Arnout Vandecappelle wrote:
> > On 20/12/2018 11:19, Jouni Malinen wrote:
> > > that it would be better to indicate this as a parameter
> > > specific to each instance of WPS provisioning, i.e., as a new optional
> > > argument to the WPS_PBC control interface command.
> > 
> >  That makes sense.

I'm sure you have good reasons for requesting it do be done in that
way. It'd be great if you can elaborate on those reasons, see below
for the cause of my confusion with that.

> > 
> > > In other words,
> > > wpas_wps_start_pbc() should get this from the caller
> > 
> >  So an extra argument to wpas_wps_start_pbc, right?
> 
> Yes.

I've been going that road for a bit now and more and more come to
the conclusion that setting a global variable (just like other WPS-
related global configurations) would be much less complex.
Also note that a station is most likely really either a regular station
or multi-ap backhaul station, also considering the context: multi-ap
interface in 4-addr-mode sitting in a bridge while regular station
being a whole different use-case.

Coming from OpenWrt, whether the interface is a multiap backhaul sta or
a regular sta is known at the time of wpa_supplicant.conf being
generated. Sure, at this point we could store that somewhere next to
wpa_supplicant_$ifname.conf and when pushing the WPS butten checking
that file to decide whether multi_ap=1 is being passed along the call
of wps_start_pbc or not. A more dynamic decission doesn't make much
sense, because higher layers are also already set according to whether
the STA interface is part of a bridge or not.



> 
> >  I guess then it should be added also to:
> > 
> > * wpa_cli;
> 
> wpa_cli is already accepting arbitrary number of arguments to WPS_PBC.
> 
> > * new D-Bus interface;
> 
> If we expect this functionality to be used over D-Bus, sure.
> 
> > * (for OpenWrt only: ubus interface);
> 
> Sounds reasonable.
> 
> > but not to:
> > 
> > * old D-Bus interfae;
> > * p2p enrollment.
> 
> Agreed.
> 
> >  And I'm not sure what to do with EVENT_WPS_BUTTON_PUSHED. But the only caller
> > of that is apparently some atheros driver.
> 
> I'd ignore that for this, i.e., that wpas_wps_start_pbc() call should
> just note that there was no request for Multi-AP.
> 
> > > and
> > > wpa_supplicant_wps_cred() should get this from a new field added into
> > > struct wps_credential. 
> > 
> >  Wouldn't struct wps_data be more appropriate? It's not very clear to me where
> > that gets initialized though... But actually, the same goes for wps_credential.
> 
> wpa_supplicant_wps_cred() gets called with information parsed from M8,
> so this should be filled based on what the Registrar told us. I don't
> see why struct wps_data would be involved in that part (i.e., processing
> of a received Credential).
> 
> > Is it possible that both of these only get initialized after
> > wpas_wps_start_pbc() has already returned?
> 
> Yes and not only possible, but that will happen in practice every time.
> 
> >  Maybe the best way to pass it on would be through the phase1 config string?
> > Although it feels like a bit of a hack to me, it looks like that is the way to
> > pass down context information into EAP, right?
> 
> So this is a bit different direction, i.e., configuration of the local
> WPS Enrollee behavior for the request information while the comment
> about wpa_supplicant_wps_cred() was on how to process the response
> information. Anyway, yes, this is a bit complex due to the way the EAP
> peer implementation is kept as a separate module between core
> wpa_supplicant and WPS module. I did not consider details for that part,
> but yes, a new parameter within the phase1 config string seems to make
> most sense for getting information about the new optional WPS_PBC
> argument to the actual WPS Enrollee implementation which needs to
> generate the WSC messages with some additional information.

That kinda adds to it complexity wise...


Cheers


Daniel
> 
> -- 
> Jouni Malinen                                            PGP id EFC895FA
> 
> _______________________________________________
> Hostap mailing list
> Hostap@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/hostap

On Fri, Jan 18, 2019 at 01:28:43AM +0100, Daniel Golle wrote:
> Hi Jouni,
> 
> On Tue, Jan 08, 2019 at 01:04:37PM +0200, Jouni Malinen wrote:
> > On Mon, Jan 07, 2019 at 03:56:24PM +0100, Arnout Vandecappelle wrote:
> > > On 20/12/2018 11:19, Jouni Malinen wrote:
> > > > that it would be better to indicate this as a parameter
> > > > specific to each instance of WPS provisioning, i.e., as a new optional
> > > > argument to the WPS_PBC control interface command.
> > > 
> > >  That makes sense.
> 
> I'm sure you have good reasons for requesting it do be done in that
> way. It'd be great if you can elaborate on those reasons, see below
> for the cause of my confusion with that.

This information (whether to request credentials for Multi-AP use case
or for something else) is associated with a specific instance of WPS
protocol exchange; not to global state of a WPS Enrollee device.

> > > > In other words,
> > > > wpas_wps_start_pbc() should get this from the caller
> > > 
> > >  So an extra argument to wpas_wps_start_pbc, right?
> > 
> > Yes.
> 
> I've been going that road for a bit now and more and more come to
> the conclusion that setting a global variable (just like other WPS-
> related global configurations) would be much less complex.

Sure, it might be less complex, but it would be less correct as well. It
should also not be assumed that there is only a single WPS exchange in
process at any point in time. The most common example of this is the use
of WPS ER in wpa_supplicant, but that would obviously be Registrar
instead of two Enrollees, so that might not hit this specific case.
Anyway, using a global variable for setting a parameter for a single WPS
protocol instance does not sound correct.

> Also note that a station is most likely really either a regular station
> or multi-ap backhaul station, also considering the context: multi-ap
> interface in 4-addr-mode sitting in a bridge while regular station
> being a whole different use-case.

Probably true as well, but still, this is just trying to justify taking
a shortcut over a cleaner design.

> Coming from OpenWrt, whether the interface is a multiap backhaul sta or
> a regular sta is known at the time of wpa_supplicant.conf being
> generated. Sure, at this point we could store that somewhere next to
> wpa_supplicant_$ifname.conf and when pushing the WPS butten checking
> that file to decide whether multi_ap=1 is being passed along the call
> of wps_start_pbc or not. A more dynamic decission doesn't make much
> sense, because higher layers are also already set according to whether
> the STA interface is part of a bridge or not.

I don't think wpa_supplicant implementation design should be based on
assumptions that OpenWrt or some other user of wpa_supplicant has such
knowledge of the device using WPS Enrollee functionality only for a
specific purpose.