| Message ID | 1436770157-6702-10-git-send-email-ilan.peer@intel.com |
|---|---|
| State | Superseded |
| Headers | show |
On Mon, Jul 13, 2015 at 09:49:15AM +0300, Ilan Peer wrote: > When P2PS PD with default P2PS method is done, the peer that becomes GO > should authorize the client. However, P2PS spec doesn't require the client > to include its intended interface address in PD request/response. > As a result the P2P client's address couldn't be known, so the only possible > option is to authorize ANY. > Previously, client's device address was used for authorization, which is > not correct when a dedicated interface is used for p2p client. > This is not resulting in a connection failure, however it causes a > significant delay (until WPS_PIN_TIME_IGNORE_SEL_REG elapses). > Fix this by authorizing ANY. This does not sound desirable. Why wouldn't this be done using P2P Device Address instead? If (and only if) the intended interface address is not known, the WPS element could advertise wildcard MAC address for the Enrollee, but WPS Registrar should not allow any other device to connect.
On Sun, Jul 26, 2015 at 9:32 PM, Jouni Malinen <j@w1.fi> wrote: > On Mon, Jul 13, 2015 at 09:49:15AM +0300, Ilan Peer wrote: >> When P2PS PD with default P2PS method is done, the peer that becomes GO >> should authorize the client. However, P2PS spec doesn't require the client >> to include its intended interface address in PD request/response. >> As a result the P2P client's address couldn't be known, so the only possible >> option is to authorize ANY. >> Previously, client's device address was used for authorization, which is >> not correct when a dedicated interface is used for p2p client. >> This is not resulting in a connection failure, however it causes a >> significant delay (until WPS_PIN_TIME_IGNORE_SEL_REG elapses). >> Fix this by authorizing ANY. > > This does not sound desirable. Why wouldn't this be done using P2P > Device Address instead? If (and only if) the intended interface address > is not known, the WPS element could advertise wildcard MAC address for > the Enrollee, but WPS Registrar should not allow any other device to > connect. How the intended address can be known at all? P2PS spec doesn't require from the client to add it's intended address. In fact (if I understand the spec. correctly), even if the potential client adds it during PD it means "the address of the GO" and if this device eventually becomes a client, it doesn't obligated to use this address. For me this looks like a hole in the spec. Is there any other way to deduct the client's interface address that I'm missing? Regarding the WPS Registrar validations - this is something that can be done in a separate patch, but currently there is no validation flows at all on the registrar. But why is this needed? Andrei > > -- > Jouni Malinen PGP id EFC895FA > _______________________________________________ > HostAP mailing list > HostAP@lists.shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap
diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c index ce06e61..983c204 100644 --- a/wpa_supplicant/p2p_supplicant.c +++ b/wpa_supplicant/p2p_supplicant.c @@ -1686,14 +1686,12 @@ static void p2p_go_configured(void *ctx, void *data) params->persistent_group, ""); wpa_s->group_formation_reported = 1; - if (wpa_s->parent->p2ps_join_addr_valid) { + if (wpa_s->parent->p2ps_method_config_any) { wpa_dbg(wpa_s, MSG_DEBUG, - "P2PS: Setting default PIN for " MACSTR, - MAC2STR(wpa_s->parent->p2ps_join_addr)); - wpa_supplicant_ap_wps_pin(wpa_s, - wpa_s->parent->p2ps_join_addr, - "12345670", NULL, 0, 0); - wpa_s->parent->p2ps_join_addr_valid = 0; + "P2PS: Setting default PIN for ANY"); + wpa_supplicant_ap_wps_pin(wpa_s, NULL, "12345670", + NULL, 0, 0); + wpa_s->parent->p2ps_method_config_any = 0; } os_get_reltime(&wpa_s->global->p2p_go_wait_client); @@ -3808,26 +3806,19 @@ static void wpas_p2ps_prov_complete(void *ctx, u8 status, const u8 *dev, wpas_p2p_group_add(wpa_s, 1, 0, 0, 0); } - if (passwd_id == DEV_PW_P2PS_DEFAULT) { - os_memcpy(wpa_s->p2ps_join_addr, dev, ETH_ALEN); - wpa_s->p2ps_join_addr_valid = 1; - wpa_dbg(wpa_s, MSG_DEBUG, - "P2PS: Saving PIN for " MACSTR, - MAC2STR(dev)); - } + if (passwd_id == DEV_PW_P2PS_DEFAULT) + wpa_s->p2ps_method_config_any = 1; + } else if (passwd_id == DEV_PW_P2PS_DEFAULT) { os_memcpy(go_ifname, go_wpa_s->ifname, sizeof(go_ifname)); wpa_dbg(go_wpa_s, MSG_DEBUG, - "P2P: Setting PIN-1 For " MACSTR, MAC2STR(dev)); - wpa_supplicant_ap_wps_pin(go_wpa_s, dev, "12345670", - NULL, 0, 0); + "P2P: Setting PIN-1 For ANY"); + wpa_supplicant_ap_wps_pin(go_wpa_s, NULL, + "12345670", NULL, 0, 0); - os_memcpy(wpa_s->p2ps_join_addr, dev, ETH_ALEN); - wpa_s->p2ps_join_addr_valid = 1; - wpa_dbg(wpa_s, MSG_DEBUG, - "P2PS: Saving PIN for " MACSTR, MAC2STR(dev)); + wpa_s->p2ps_method_config_any = 1; } wpa_msg_global(wpa_s, MSG_INFO, diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h index dd5b245..0e9d000 100644 --- a/wpa_supplicant/wpa_supplicant_i.h +++ b/wpa_supplicant/wpa_supplicant_i.h @@ -820,7 +820,7 @@ struct wpa_supplicant { unsigned int p2p_nfc_tag_enabled:1; unsigned int p2p_peer_oob_pk_hash_known:1; unsigned int p2p_disable_ip_addr_req:1; - unsigned int p2ps_join_addr_valid:1; + unsigned int p2ps_method_config_any:1; unsigned int p2p_cli_probe:1; int p2p_persistent_go_freq; int p2p_persistent_id; @@ -841,7 +841,9 @@ struct wpa_supplicant { /* group common frequencies */ int *p2p_group_common_freqs; unsigned int p2p_group_common_freqs_num; + u8 p2ps_join_addr[ETH_ALEN]; + #endif /* CONFIG_P2P */ struct wpa_ssid *bgscan_ssid;