]>
Commit | Line | Data |
---|---|---|
25471fe3 JK |
1 | /* |
2 | * Copyright (c) 2009, Atheros Communications, Inc. | |
1d2215fc | 3 | * Copyright (c) 2011-2013, Qualcomm Atheros, Inc. |
25471fe3 JK |
4 | * |
5 | * This software may be distributed under the terms of the BSD license. | |
6 | * See README for more details. | |
7 | */ | |
8 | ||
9 | #include "includes.h" | |
10 | ||
11 | #include "common.h" | |
12 | #include "eloop.h" | |
13 | #include "common/ieee802_11_common.h" | |
14 | #include "common/ieee802_11_defs.h" | |
15 | #include "common/gas.h" | |
16 | #include "common/wpa_ctrl.h" | |
7ef69479 | 17 | #include "rsn_supp/wpa.h" |
25471fe3 JK |
18 | #include "wpa_supplicant_i.h" |
19 | #include "driver_i.h" | |
20 | #include "config.h" | |
b572df86 | 21 | #include "scan.h" |
25471fe3 | 22 | #include "bss.h" |
7ef69479 | 23 | #include "blacklist.h" |
25471fe3 JK |
24 | #include "gas_query.h" |
25 | #include "interworking.h" | |
26 | #include "hs20_supplicant.h" | |
27 | ||
28 | ||
b572df86 JM |
29 | #define OSU_MAX_ITEMS 10 |
30 | ||
31 | struct osu_lang_string { | |
32 | char lang[4]; | |
33 | char text[253]; | |
34 | }; | |
35 | ||
36 | struct osu_icon { | |
37 | u16 width; | |
38 | u16 height; | |
39 | char lang[4]; | |
40 | char icon_type[256]; | |
41 | char filename[256]; | |
42 | unsigned int id; | |
43 | unsigned int failed:1; | |
44 | }; | |
45 | ||
46 | struct osu_provider { | |
47 | u8 bssid[ETH_ALEN]; | |
48 | u8 osu_ssid[32]; | |
49 | u8 osu_ssid_len; | |
50 | char server_uri[256]; | |
51 | u32 osu_methods; /* bit 0 = OMA-DM, bit 1 = SOAP-XML SPP */ | |
52 | char osu_nai[256]; | |
53 | struct osu_lang_string friendly_name[OSU_MAX_ITEMS]; | |
54 | size_t friendly_name_count; | |
55 | struct osu_lang_string serv_desc[OSU_MAX_ITEMS]; | |
56 | size_t serv_desc_count; | |
57 | struct osu_icon icon[OSU_MAX_ITEMS]; | |
58 | size_t icon_count; | |
59 | }; | |
60 | ||
61 | ||
f9cd147d | 62 | void wpas_hs20_add_indication(struct wpabuf *buf, int pps_mo_id) |
c923b8a5 | 63 | { |
f9cd147d JM |
64 | u8 conf; |
65 | ||
c923b8a5 | 66 | wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC); |
f9cd147d | 67 | wpabuf_put_u8(buf, pps_mo_id >= 0 ? 7 : 5); |
c923b8a5 JK |
68 | wpabuf_put_be24(buf, OUI_WFA); |
69 | wpabuf_put_u8(buf, HS20_INDICATION_OUI_TYPE); | |
f9cd147d JM |
70 | conf = HS20_VERSION; |
71 | if (pps_mo_id >= 0) | |
72 | conf |= HS20_PPS_MO_ID_PRESENT; | |
73 | wpabuf_put_u8(buf, conf); | |
74 | if (pps_mo_id >= 0) | |
75 | wpabuf_put_le16(buf, pps_mo_id); | |
c923b8a5 JK |
76 | } |
77 | ||
78 | ||
55a2df43 JM |
79 | int is_hs20_network(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, |
80 | struct wpa_bss *bss) | |
81 | { | |
82 | if (!wpa_s->conf->hs20 || !ssid) | |
83 | return 0; | |
84 | ||
85 | if (ssid->parent_cred) | |
86 | return 1; | |
87 | ||
88 | if (bss && !wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE)) | |
89 | return 0; | |
90 | ||
91 | /* | |
92 | * This may catch some non-Hotspot 2.0 cases, but it is safer to do that | |
93 | * than cause Hotspot 2.0 connections without indication element getting | |
94 | * added. Non-Hotspot 2.0 APs should ignore the unknown vendor element. | |
95 | */ | |
96 | ||
97 | if (!(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X)) | |
98 | return 0; | |
99 | if (!(ssid->pairwise_cipher & WPA_CIPHER_CCMP)) | |
100 | return 0; | |
101 | if (ssid->proto != WPA_PROTO_RSN) | |
102 | return 0; | |
103 | ||
104 | return 1; | |
105 | } | |
106 | ||
107 | ||
f9cd147d JM |
108 | int hs20_get_pps_mo_id(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) |
109 | { | |
110 | struct wpa_cred *cred; | |
111 | ||
112 | if (ssid == NULL || ssid->parent_cred == NULL) | |
113 | return 0; | |
114 | ||
115 | for (cred = wpa_s->conf->cred; cred; cred = cred->next) { | |
116 | if (ssid->parent_cred == cred) | |
117 | return cred->update_identifier; | |
118 | } | |
119 | ||
120 | return 0; | |
121 | } | |
122 | ||
123 | ||
cf28c66b DS |
124 | void hs20_put_anqp_req(u32 stypes, const u8 *payload, size_t payload_len, |
125 | struct wpabuf *buf) | |
25471fe3 | 126 | { |
25471fe3 JK |
127 | u8 *len_pos; |
128 | ||
25471fe3 | 129 | if (buf == NULL) |
cf28c66b | 130 | return; |
25471fe3 JK |
131 | |
132 | len_pos = gas_anqp_add_element(buf, ANQP_VENDOR_SPECIFIC); | |
133 | wpabuf_put_be24(buf, OUI_WFA); | |
134 | wpabuf_put_u8(buf, HS20_ANQP_OUI_TYPE); | |
135 | if (stypes == BIT(HS20_STYPE_NAI_HOME_REALM_QUERY)) { | |
136 | wpabuf_put_u8(buf, HS20_STYPE_NAI_HOME_REALM_QUERY); | |
137 | wpabuf_put_u8(buf, 0); /* Reserved */ | |
138 | if (payload) | |
139 | wpabuf_put_data(buf, payload, payload_len); | |
184e110c JM |
140 | } else if (stypes == BIT(HS20_STYPE_ICON_REQUEST)) { |
141 | wpabuf_put_u8(buf, HS20_STYPE_ICON_REQUEST); | |
142 | wpabuf_put_u8(buf, 0); /* Reserved */ | |
143 | if (payload) | |
144 | wpabuf_put_data(buf, payload, payload_len); | |
25471fe3 JK |
145 | } else { |
146 | u8 i; | |
147 | wpabuf_put_u8(buf, HS20_STYPE_QUERY_LIST); | |
148 | wpabuf_put_u8(buf, 0); /* Reserved */ | |
149 | for (i = 0; i < 32; i++) { | |
150 | if (stypes & BIT(i)) | |
151 | wpabuf_put_u8(buf, i); | |
152 | } | |
153 | } | |
154 | gas_anqp_set_element_len(buf, len_pos); | |
155 | ||
156 | gas_anqp_set_len(buf); | |
cf28c66b DS |
157 | } |
158 | ||
159 | ||
160 | struct wpabuf * hs20_build_anqp_req(u32 stypes, const u8 *payload, | |
161 | size_t payload_len) | |
162 | { | |
163 | struct wpabuf *buf; | |
164 | ||
165 | buf = gas_anqp_build_initial_req(0, 100 + payload_len); | |
166 | if (buf == NULL) | |
167 | return NULL; | |
168 | ||
169 | hs20_put_anqp_req(stypes, payload, payload_len, buf); | |
25471fe3 JK |
170 | |
171 | return buf; | |
172 | } | |
173 | ||
174 | ||
175 | int hs20_anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst, u32 stypes, | |
176 | const u8 *payload, size_t payload_len) | |
177 | { | |
178 | struct wpabuf *buf; | |
179 | int ret = 0; | |
180 | int freq; | |
181 | struct wpa_bss *bss; | |
182 | int res; | |
183 | ||
184 | freq = wpa_s->assoc_freq; | |
185 | bss = wpa_bss_get_bssid(wpa_s, dst); | |
485e3a92 JM |
186 | if (bss) { |
187 | wpa_bss_anqp_unshare_alloc(bss); | |
25471fe3 | 188 | freq = bss->freq; |
485e3a92 | 189 | } |
25471fe3 JK |
190 | if (freq <= 0) |
191 | return -1; | |
192 | ||
193 | wpa_printf(MSG_DEBUG, "HS20: ANQP Query Request to " MACSTR " for " | |
194 | "subtypes 0x%x", MAC2STR(dst), stypes); | |
195 | ||
196 | buf = hs20_build_anqp_req(stypes, payload, payload_len); | |
197 | if (buf == NULL) | |
198 | return -1; | |
199 | ||
200 | res = gas_query_req(wpa_s->gas, dst, freq, buf, anqp_resp_cb, wpa_s); | |
201 | if (res < 0) { | |
202 | wpa_printf(MSG_DEBUG, "ANQP: Failed to send Query Request"); | |
24c694b4 | 203 | wpabuf_free(buf); |
25471fe3 JK |
204 | ret = -1; |
205 | } else | |
206 | wpa_printf(MSG_DEBUG, "ANQP: Query started with dialog token " | |
207 | "%u", res); | |
208 | ||
25471fe3 JK |
209 | return ret; |
210 | } | |
211 | ||
212 | ||
b572df86 JM |
213 | static int hs20_process_icon_binary_file(struct wpa_supplicant *wpa_s, |
214 | const u8 *sa, const u8 *pos, | |
215 | size_t slen) | |
216 | { | |
217 | char fname[256]; | |
218 | int png; | |
219 | FILE *f; | |
220 | u16 data_len; | |
221 | ||
222 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR " Icon Binary File", | |
223 | MAC2STR(sa)); | |
224 | ||
225 | if (slen < 4) { | |
226 | wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File " | |
227 | "value from " MACSTR, MAC2STR(sa)); | |
228 | return -1; | |
229 | } | |
230 | ||
231 | wpa_printf(MSG_DEBUG, "HS 2.0: Download Status Code %u", *pos); | |
232 | if (*pos != 0) | |
233 | return -1; | |
234 | pos++; | |
235 | slen--; | |
236 | ||
237 | if ((size_t) 1 + pos[0] > slen) { | |
238 | wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File " | |
239 | "value from " MACSTR, MAC2STR(sa)); | |
240 | return -1; | |
241 | } | |
242 | wpa_hexdump_ascii(MSG_DEBUG, "Icon Type", pos + 1, pos[0]); | |
243 | png = os_strncasecmp((char *) pos + 1, "image/png", 9) == 0; | |
244 | slen -= 1 + pos[0]; | |
245 | pos += 1 + pos[0]; | |
246 | ||
247 | if (slen < 2) { | |
248 | wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File " | |
249 | "value from " MACSTR, MAC2STR(sa)); | |
250 | return -1; | |
251 | } | |
252 | data_len = WPA_GET_LE16(pos); | |
253 | pos += 2; | |
254 | slen -= 2; | |
255 | ||
256 | if (data_len > slen) { | |
257 | wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File " | |
258 | "value from " MACSTR, MAC2STR(sa)); | |
259 | return -1; | |
260 | } | |
261 | ||
262 | wpa_printf(MSG_DEBUG, "Icon Binary Data: %u bytes", data_len); | |
263 | if (wpa_s->conf->osu_dir == NULL) | |
264 | return -1; | |
265 | ||
266 | wpa_s->osu_icon_id++; | |
267 | if (wpa_s->osu_icon_id == 0) | |
268 | wpa_s->osu_icon_id++; | |
269 | snprintf(fname, sizeof(fname), "%s/osu-icon-%u.%s", | |
270 | wpa_s->conf->osu_dir, wpa_s->osu_icon_id, | |
271 | png ? "png" : "icon"); | |
272 | f = fopen(fname, "wb"); | |
273 | if (f == NULL) | |
274 | return -1; | |
275 | if (fwrite(pos, slen, 1, f) != 1) { | |
276 | fclose(f); | |
277 | unlink(fname); | |
278 | return -1; | |
279 | } | |
280 | fclose(f); | |
281 | ||
282 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP-ICON %s", fname); | |
283 | return 0; | |
284 | } | |
285 | ||
286 | ||
287 | static void hs20_continue_icon_fetch(void *eloop_ctx, void *sock_ctx) | |
288 | { | |
289 | struct wpa_supplicant *wpa_s = eloop_ctx; | |
290 | if (wpa_s->fetch_osu_icon_in_progress) | |
291 | hs20_next_osu_icon(wpa_s); | |
292 | } | |
293 | ||
294 | ||
295 | static void hs20_osu_icon_fetch_result(struct wpa_supplicant *wpa_s, int res) | |
296 | { | |
297 | size_t i, j; | |
230e3735 JM |
298 | struct os_reltime now, tmp; |
299 | int dur; | |
300 | ||
301 | os_get_reltime(&now); | |
302 | os_reltime_sub(&now, &wpa_s->osu_icon_fetch_start, &tmp); | |
303 | dur = tmp.sec * 1000 + tmp.usec / 1000; | |
304 | wpa_printf(MSG_DEBUG, "HS 2.0: Icon fetch dur=%d ms res=%d", | |
305 | dur, res); | |
306 | ||
b572df86 JM |
307 | for (i = 0; i < wpa_s->osu_prov_count; i++) { |
308 | struct osu_provider *osu = &wpa_s->osu_prov[i]; | |
309 | for (j = 0; j < osu->icon_count; j++) { | |
310 | struct osu_icon *icon = &osu->icon[j]; | |
311 | if (icon->id || icon->failed) | |
312 | continue; | |
313 | if (res < 0) | |
314 | icon->failed = 1; | |
315 | else | |
316 | icon->id = wpa_s->osu_icon_id; | |
317 | return; | |
318 | } | |
319 | } | |
320 | } | |
321 | ||
322 | ||
25471fe3 JK |
323 | void hs20_parse_rx_hs20_anqp_resp(struct wpa_supplicant *wpa_s, |
324 | const u8 *sa, const u8 *data, size_t slen) | |
325 | { | |
326 | const u8 *pos = data; | |
327 | u8 subtype; | |
328 | struct wpa_bss *bss = wpa_bss_get_bssid(wpa_s, sa); | |
476aed35 | 329 | struct wpa_bss_anqp *anqp = NULL; |
b572df86 | 330 | int ret; |
25471fe3 JK |
331 | |
332 | if (slen < 2) | |
333 | return; | |
334 | ||
476aed35 JM |
335 | if (bss) |
336 | anqp = bss->anqp; | |
337 | ||
25471fe3 JK |
338 | subtype = *pos++; |
339 | slen--; | |
340 | ||
341 | pos++; /* Reserved */ | |
342 | slen--; | |
343 | ||
344 | switch (subtype) { | |
345 | case HS20_STYPE_CAPABILITY_LIST: | |
346 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR | |
347 | " HS Capability List", MAC2STR(sa)); | |
348 | wpa_hexdump_ascii(MSG_DEBUG, "HS Capability List", pos, slen); | |
349 | break; | |
350 | case HS20_STYPE_OPERATOR_FRIENDLY_NAME: | |
351 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR | |
352 | " Operator Friendly Name", MAC2STR(sa)); | |
353 | wpa_hexdump_ascii(MSG_DEBUG, "oper friendly name", pos, slen); | |
476aed35 JM |
354 | if (anqp) { |
355 | wpabuf_free(anqp->hs20_operator_friendly_name); | |
356 | anqp->hs20_operator_friendly_name = | |
25471fe3 JK |
357 | wpabuf_alloc_copy(pos, slen); |
358 | } | |
359 | break; | |
360 | case HS20_STYPE_WAN_METRICS: | |
2edcd504 JM |
361 | wpa_hexdump(MSG_DEBUG, "WAN Metrics", pos, slen); |
362 | if (slen < 13) { | |
363 | wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short WAN " | |
364 | "Metrics value from " MACSTR, MAC2STR(sa)); | |
365 | break; | |
366 | } | |
25471fe3 | 367 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR |
2edcd504 JM |
368 | " WAN Metrics %02x:%u:%u:%u:%u:%u", MAC2STR(sa), |
369 | pos[0], WPA_GET_LE32(pos + 1), WPA_GET_LE32(pos + 5), | |
370 | pos[9], pos[10], WPA_GET_LE16(pos + 11)); | |
476aed35 JM |
371 | if (anqp) { |
372 | wpabuf_free(anqp->hs20_wan_metrics); | |
373 | anqp->hs20_wan_metrics = wpabuf_alloc_copy(pos, slen); | |
25471fe3 JK |
374 | } |
375 | break; | |
376 | case HS20_STYPE_CONNECTION_CAPABILITY: | |
377 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR | |
378 | " Connection Capability", MAC2STR(sa)); | |
379 | wpa_hexdump_ascii(MSG_DEBUG, "conn capability", pos, slen); | |
476aed35 JM |
380 | if (anqp) { |
381 | wpabuf_free(anqp->hs20_connection_capability); | |
382 | anqp->hs20_connection_capability = | |
25471fe3 JK |
383 | wpabuf_alloc_copy(pos, slen); |
384 | } | |
385 | break; | |
386 | case HS20_STYPE_OPERATING_CLASS: | |
387 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR | |
388 | " Operating Class", MAC2STR(sa)); | |
389 | wpa_hexdump_ascii(MSG_DEBUG, "Operating Class", pos, slen); | |
476aed35 JM |
390 | if (anqp) { |
391 | wpabuf_free(anqp->hs20_operating_class); | |
392 | anqp->hs20_operating_class = | |
25471fe3 JK |
393 | wpabuf_alloc_copy(pos, slen); |
394 | } | |
395 | break; | |
1d2215fc JM |
396 | case HS20_STYPE_OSU_PROVIDERS_LIST: |
397 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR | |
398 | " OSU Providers list", MAC2STR(sa)); | |
a6739e19 | 399 | wpa_s->num_prov_found++; |
1d2215fc JM |
400 | if (anqp) { |
401 | wpabuf_free(anqp->hs20_osu_providers_list); | |
402 | anqp->hs20_osu_providers_list = | |
403 | wpabuf_alloc_copy(pos, slen); | |
404 | } | |
405 | break; | |
184e110c | 406 | case HS20_STYPE_ICON_BINARY_FILE: |
b572df86 JM |
407 | ret = hs20_process_icon_binary_file(wpa_s, sa, pos, slen); |
408 | if (wpa_s->fetch_osu_icon_in_progress) { | |
409 | hs20_osu_icon_fetch_result(wpa_s, ret); | |
410 | eloop_cancel_timeout(hs20_continue_icon_fetch, | |
411 | wpa_s, NULL); | |
412 | eloop_register_timeout(0, 0, hs20_continue_icon_fetch, | |
413 | wpa_s, NULL); | |
414 | } | |
415 | break; | |
416 | default: | |
417 | wpa_printf(MSG_DEBUG, "HS20: Unsupported subtype %u", subtype); | |
418 | break; | |
419 | } | |
420 | } | |
421 | ||
422 | ||
423 | void hs20_notify_parse_done(struct wpa_supplicant *wpa_s) | |
424 | { | |
425 | if (!wpa_s->fetch_osu_icon_in_progress) | |
426 | return; | |
427 | if (eloop_is_timeout_registered(hs20_continue_icon_fetch, wpa_s, NULL)) | |
428 | return; | |
429 | /* | |
430 | * We are going through icon fetch, but no icon response was received. | |
431 | * Assume this means the current AP could not provide an answer to avoid | |
432 | * getting stuck in fetch iteration. | |
433 | */ | |
434 | hs20_icon_fetch_failed(wpa_s); | |
435 | } | |
436 | ||
437 | ||
438 | static void hs20_free_osu_prov_entry(struct osu_provider *prov) | |
439 | { | |
440 | } | |
441 | ||
442 | ||
443 | void hs20_free_osu_prov(struct wpa_supplicant *wpa_s) | |
444 | { | |
445 | size_t i; | |
446 | for (i = 0; i < wpa_s->osu_prov_count; i++) | |
447 | hs20_free_osu_prov_entry(&wpa_s->osu_prov[i]); | |
448 | os_free(wpa_s->osu_prov); | |
449 | wpa_s->osu_prov = NULL; | |
450 | wpa_s->osu_prov_count = 0; | |
451 | } | |
452 | ||
453 | ||
454 | static void hs20_osu_fetch_done(struct wpa_supplicant *wpa_s) | |
455 | { | |
456 | char fname[256]; | |
457 | FILE *f; | |
458 | size_t i, j; | |
459 | ||
460 | wpa_s->fetch_osu_info = 0; | |
461 | wpa_s->fetch_osu_icon_in_progress = 0; | |
184e110c | 462 | |
b572df86 JM |
463 | if (wpa_s->conf->osu_dir == NULL) { |
464 | hs20_free_osu_prov(wpa_s); | |
465 | wpa_s->fetch_anqp_in_progress = 0; | |
466 | return; | |
467 | } | |
468 | ||
469 | snprintf(fname, sizeof(fname), "%s/osu-providers.txt", | |
470 | wpa_s->conf->osu_dir); | |
471 | f = fopen(fname, "w"); | |
472 | if (f == NULL) { | |
473 | hs20_free_osu_prov(wpa_s); | |
474 | return; | |
475 | } | |
476 | for (i = 0; i < wpa_s->osu_prov_count; i++) { | |
477 | struct osu_provider *osu = &wpa_s->osu_prov[i]; | |
478 | if (i > 0) | |
479 | fprintf(f, "\n"); | |
480 | fprintf(f, "OSU-PROVIDER " MACSTR "\n" | |
481 | "uri=%s\n" | |
482 | "methods=%08x\n", | |
483 | MAC2STR(osu->bssid), osu->server_uri, osu->osu_methods); | |
484 | if (osu->osu_ssid_len) { | |
485 | fprintf(f, "osu_ssid=%s\n", | |
486 | wpa_ssid_txt(osu->osu_ssid, | |
487 | osu->osu_ssid_len)); | |
488 | } | |
489 | if (osu->osu_nai[0]) | |
490 | fprintf(f, "osu_nai=%s\n", osu->osu_nai); | |
491 | for (j = 0; j < osu->friendly_name_count; j++) { | |
492 | fprintf(f, "friendly_name=%s:%s\n", | |
493 | osu->friendly_name[j].lang, | |
494 | osu->friendly_name[j].text); | |
495 | } | |
496 | for (j = 0; j < osu->serv_desc_count; j++) { | |
497 | fprintf(f, "desc=%s:%s\n", | |
498 | osu->serv_desc[j].lang, | |
499 | osu->serv_desc[j].text); | |
500 | } | |
501 | for (j = 0; j < osu->icon_count; j++) { | |
502 | struct osu_icon *icon = &osu->icon[j]; | |
503 | if (icon->failed) | |
504 | continue; /* could not fetch icon */ | |
505 | fprintf(f, "icon=%u:%u:%u:%s:%s:%s\n", | |
506 | icon->id, icon->width, icon->height, icon->lang, | |
507 | icon->icon_type, icon->filename); | |
508 | } | |
509 | } | |
510 | fclose(f); | |
511 | hs20_free_osu_prov(wpa_s); | |
512 | ||
513 | wpa_msg(wpa_s, MSG_INFO, "OSU provider fetch completed"); | |
514 | wpa_s->fetch_anqp_in_progress = 0; | |
515 | } | |
516 | ||
517 | ||
518 | void hs20_next_osu_icon(struct wpa_supplicant *wpa_s) | |
519 | { | |
520 | size_t i, j; | |
521 | ||
522 | wpa_printf(MSG_DEBUG, "HS 2.0: Ready to fetch next icon"); | |
523 | ||
524 | for (i = 0; i < wpa_s->osu_prov_count; i++) { | |
525 | struct osu_provider *osu = &wpa_s->osu_prov[i]; | |
526 | for (j = 0; j < osu->icon_count; j++) { | |
527 | struct osu_icon *icon = &osu->icon[j]; | |
528 | if (icon->id || icon->failed) | |
529 | continue; | |
530 | ||
531 | wpa_printf(MSG_DEBUG, "HS 2.0: Try to fetch icon '%s' " | |
532 | "from " MACSTR, icon->filename, | |
533 | MAC2STR(osu->bssid)); | |
230e3735 | 534 | os_get_reltime(&wpa_s->osu_icon_fetch_start); |
b572df86 JM |
535 | if (hs20_anqp_send_req(wpa_s, osu->bssid, |
536 | BIT(HS20_STYPE_ICON_REQUEST), | |
537 | (u8 *) icon->filename, | |
538 | os_strlen(icon->filename)) < 0) { | |
539 | icon->failed = 1; | |
540 | continue; | |
541 | } | |
542 | return; | |
543 | } | |
544 | } | |
545 | ||
546 | wpa_printf(MSG_DEBUG, "HS 2.0: No more icons to fetch"); | |
547 | hs20_osu_fetch_done(wpa_s); | |
548 | } | |
549 | ||
550 | ||
551 | static void hs20_osu_add_prov(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, | |
552 | const u8 *osu_ssid, u8 osu_ssid_len, | |
553 | const u8 *pos, size_t len) | |
554 | { | |
555 | struct osu_provider *prov; | |
556 | const u8 *end = pos + len; | |
557 | u16 len2; | |
558 | const u8 *pos2; | |
559 | ||
560 | wpa_hexdump(MSG_DEBUG, "HS 2.0: Parsing OSU Provider", pos, len); | |
561 | prov = os_realloc_array(wpa_s->osu_prov, | |
562 | wpa_s->osu_prov_count + 1, | |
563 | sizeof(*prov)); | |
564 | if (prov == NULL) | |
565 | return; | |
566 | wpa_s->osu_prov = prov; | |
567 | prov = &prov[wpa_s->osu_prov_count]; | |
568 | os_memset(prov, 0, sizeof(*prov)); | |
569 | ||
570 | os_memcpy(prov->bssid, bss->bssid, ETH_ALEN); | |
571 | os_memcpy(prov->osu_ssid, osu_ssid, osu_ssid_len); | |
572 | prov->osu_ssid_len = osu_ssid_len; | |
573 | ||
574 | /* OSU Friendly Name Length */ | |
575 | if (pos + 2 > end) { | |
576 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU " | |
577 | "Friendly Name Length"); | |
578 | return; | |
579 | } | |
580 | len2 = WPA_GET_LE16(pos); | |
581 | pos += 2; | |
582 | if (pos + len2 > end) { | |
583 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU " | |
584 | "Friendly Name Duples"); | |
585 | return; | |
586 | } | |
587 | pos2 = pos; | |
588 | pos += len2; | |
589 | ||
590 | /* OSU Friendly Name Duples */ | |
591 | while (pos2 + 4 <= pos && prov->friendly_name_count < OSU_MAX_ITEMS) { | |
592 | struct osu_lang_string *f; | |
593 | if (pos2 + 1 + pos2[0] > pos || pos2[0] < 3) { | |
594 | wpa_printf(MSG_DEBUG, "Invalid OSU Friendly Name"); | |
595 | break; | |
596 | } | |
597 | f = &prov->friendly_name[prov->friendly_name_count++]; | |
598 | os_memcpy(f->lang, pos2 + 1, 3); | |
599 | os_memcpy(f->text, pos2 + 1 + 3, pos2[0] - 3); | |
600 | pos2 += 1 + pos2[0]; | |
601 | } | |
602 | ||
603 | /* OSU Server URI */ | |
604 | if (pos + 1 > end || pos + 1 + pos[0] > end) { | |
605 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Server " | |
606 | "URI"); | |
607 | return; | |
608 | } | |
609 | os_memcpy(prov->server_uri, pos + 1, pos[0]); | |
610 | pos += 1 + pos[0]; | |
611 | ||
612 | /* OSU Method list */ | |
613 | if (pos + 1 > end || pos + 1 + pos[0] > end) { | |
614 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Method " | |
615 | "list"); | |
616 | return; | |
617 | } | |
618 | pos2 = pos + 1; | |
619 | pos += 1 + pos[0]; | |
620 | while (pos2 < pos) { | |
621 | if (*pos2 < 32) | |
622 | prov->osu_methods |= BIT(*pos2); | |
623 | pos2++; | |
624 | } | |
625 | ||
626 | /* Icons Available Length */ | |
627 | if (pos + 2 > end) { | |
628 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for Icons " | |
629 | "Available Length"); | |
630 | return; | |
631 | } | |
632 | len2 = WPA_GET_LE16(pos); | |
633 | pos += 2; | |
634 | if (pos + len2 > end) { | |
635 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for Icons " | |
636 | "Available"); | |
637 | return; | |
638 | } | |
639 | pos2 = pos; | |
640 | pos += len2; | |
641 | ||
642 | /* Icons Available */ | |
643 | while (pos2 < pos) { | |
644 | struct osu_icon *icon = &prov->icon[prov->icon_count]; | |
645 | if (pos2 + 2 + 2 + 3 + 1 + 1 > pos) { | |
646 | wpa_printf(MSG_DEBUG, "HS 2.0: Invalid Icon Metadata"); | |
184e110c JM |
647 | break; |
648 | } | |
649 | ||
b572df86 JM |
650 | icon->width = WPA_GET_LE16(pos2); |
651 | pos2 += 2; | |
652 | icon->height = WPA_GET_LE16(pos2); | |
653 | pos2 += 2; | |
654 | os_memcpy(icon->lang, pos2, 3); | |
655 | pos2 += 3; | |
184e110c | 656 | |
b572df86 JM |
657 | if (pos2 + 1 + pos2[0] > pos) { |
658 | wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon Type"); | |
184e110c JM |
659 | break; |
660 | } | |
b572df86 JM |
661 | os_memcpy(icon->icon_type, pos2 + 1, pos2[0]); |
662 | pos2 += 1 + pos2[0]; | |
184e110c | 663 | |
b572df86 JM |
664 | if (pos2 + 1 + pos2[0] > pos) { |
665 | wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon " | |
666 | "Filename"); | |
184e110c JM |
667 | break; |
668 | } | |
b572df86 JM |
669 | os_memcpy(icon->filename, pos2 + 1, pos2[0]); |
670 | pos2 += 1 + pos2[0]; | |
184e110c | 671 | |
b572df86 JM |
672 | prov->icon_count++; |
673 | } | |
674 | ||
675 | /* OSU_NAI */ | |
676 | if (pos + 1 > end || pos + 1 + pos[0] > end) { | |
677 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU_NAI"); | |
678 | return; | |
679 | } | |
680 | os_memcpy(prov->osu_nai, pos + 1, pos[0]); | |
681 | pos += 1 + pos[0]; | |
682 | ||
683 | /* OSU Service Description Length */ | |
684 | if (pos + 2 > end) { | |
685 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU " | |
686 | "Service Description Length"); | |
687 | return; | |
688 | } | |
689 | len2 = WPA_GET_LE16(pos); | |
690 | pos += 2; | |
691 | if (pos + len2 > end) { | |
692 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU " | |
693 | "Service Description Duples"); | |
694 | return; | |
695 | } | |
696 | pos2 = pos; | |
697 | pos += len2; | |
698 | ||
699 | /* OSU Service Description Duples */ | |
700 | while (pos2 + 4 <= pos && prov->serv_desc_count < OSU_MAX_ITEMS) { | |
701 | struct osu_lang_string *f; | |
702 | if (pos2 + 1 + pos2[0] > pos || pos2[0] < 3) { | |
703 | wpa_printf(MSG_DEBUG, "Invalid OSU Service " | |
704 | "Description"); | |
184e110c JM |
705 | break; |
706 | } | |
b572df86 JM |
707 | f = &prov->serv_desc[prov->serv_desc_count++]; |
708 | os_memcpy(f->lang, pos2 + 1, 3); | |
709 | os_memcpy(f->text, pos2 + 1 + 3, pos2[0] - 3); | |
710 | pos2 += 1 + pos2[0]; | |
711 | } | |
184e110c | 712 | |
b572df86 JM |
713 | wpa_printf(MSG_DEBUG, "HS 2.0: Added OSU Provider through " MACSTR, |
714 | MAC2STR(bss->bssid)); | |
715 | wpa_s->osu_prov_count++; | |
716 | } | |
717 | ||
718 | ||
719 | void hs20_osu_icon_fetch(struct wpa_supplicant *wpa_s) | |
720 | { | |
721 | struct wpa_bss *bss; | |
722 | struct wpabuf *prov_anqp; | |
723 | const u8 *pos, *end; | |
724 | u16 len; | |
725 | const u8 *osu_ssid; | |
726 | u8 osu_ssid_len; | |
727 | u8 num_providers; | |
728 | ||
729 | hs20_free_osu_prov(wpa_s); | |
730 | ||
731 | dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { | |
732 | if (bss->anqp == NULL) | |
733 | continue; | |
734 | prov_anqp = bss->anqp->hs20_osu_providers_list; | |
735 | if (prov_anqp == NULL) | |
736 | continue; | |
737 | wpa_printf(MSG_DEBUG, "HS 2.0: Parsing OSU Providers list from " | |
738 | MACSTR, MAC2STR(bss->bssid)); | |
739 | wpa_hexdump_buf(MSG_DEBUG, "HS 2.0: OSU Providers list", | |
740 | prov_anqp); | |
741 | pos = wpabuf_head(prov_anqp); | |
742 | end = pos + wpabuf_len(prov_anqp); | |
743 | ||
744 | /* OSU SSID */ | |
745 | if (pos + 1 > end) | |
746 | continue; | |
747 | if (pos + 1 + pos[0] > end) { | |
748 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for " | |
749 | "OSU SSID"); | |
750 | continue; | |
751 | } | |
752 | osu_ssid_len = *pos++; | |
753 | if (osu_ssid_len > 32) { | |
754 | wpa_printf(MSG_DEBUG, "HS 2.0: Invalid OSU SSID " | |
755 | "Length %u", osu_ssid_len); | |
756 | continue; | |
757 | } | |
758 | osu_ssid = pos; | |
759 | pos += osu_ssid_len; | |
760 | ||
761 | if (pos + 1 > end) { | |
762 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for " | |
763 | "Number of OSU Providers"); | |
764 | continue; | |
765 | } | |
766 | num_providers = *pos++; | |
767 | wpa_printf(MSG_DEBUG, "HS 2.0: Number of OSU Providers: %u", | |
768 | num_providers); | |
769 | ||
770 | /* OSU Providers */ | |
771 | while (pos + 2 < end && num_providers > 0) { | |
772 | num_providers--; | |
773 | len = WPA_GET_LE16(pos); | |
774 | pos += 2; | |
775 | if (pos + len > end) | |
776 | break; | |
777 | hs20_osu_add_prov(wpa_s, bss, osu_ssid, | |
778 | osu_ssid_len, pos, len); | |
779 | pos += len; | |
780 | } | |
781 | ||
782 | if (pos != end) { | |
783 | wpa_printf(MSG_DEBUG, "HS 2.0: Ignored %d bytes of " | |
784 | "extra data after OSU Providers", | |
785 | (int) (end - pos)); | |
786 | } | |
787 | } | |
788 | ||
789 | wpa_s->fetch_osu_icon_in_progress = 1; | |
790 | hs20_next_osu_icon(wpa_s); | |
791 | } | |
792 | ||
793 | ||
794 | static void hs20_osu_scan_res_handler(struct wpa_supplicant *wpa_s, | |
795 | struct wpa_scan_results *scan_res) | |
796 | { | |
797 | wpa_printf(MSG_DEBUG, "OSU provisioning fetch scan completed"); | |
798 | wpa_s->network_select = 0; | |
799 | wpa_s->fetch_all_anqp = 1; | |
800 | wpa_s->fetch_osu_info = 1; | |
801 | wpa_s->fetch_osu_icon_in_progress = 0; | |
802 | ||
803 | interworking_start_fetch_anqp(wpa_s); | |
804 | } | |
805 | ||
806 | ||
807 | int hs20_fetch_osu(struct wpa_supplicant *wpa_s) | |
808 | { | |
809 | if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { | |
810 | wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - " | |
811 | "interface disabled"); | |
812 | return -1; | |
813 | } | |
814 | ||
815 | if (wpa_s->scanning) { | |
816 | wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - " | |
817 | "scanning"); | |
818 | return -1; | |
25471fe3 | 819 | } |
b572df86 JM |
820 | |
821 | if (wpa_s->conf->osu_dir == NULL) { | |
822 | wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - " | |
823 | "osu_dir not configured"); | |
824 | return -1; | |
825 | } | |
826 | ||
827 | if (wpa_s->fetch_anqp_in_progress || wpa_s->network_select) { | |
828 | wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - " | |
829 | "fetch in progress (%d, %d)", | |
830 | wpa_s->fetch_anqp_in_progress, | |
831 | wpa_s->network_select); | |
832 | return -1; | |
833 | } | |
834 | ||
835 | wpa_msg(wpa_s, MSG_INFO, "Starting OSU provisioning information fetch"); | |
a6739e19 JM |
836 | wpa_s->num_osu_scans = 0; |
837 | wpa_s->num_prov_found = 0; | |
838 | hs20_start_osu_scan(wpa_s); | |
839 | ||
840 | return 0; | |
841 | } | |
842 | ||
843 | ||
844 | void hs20_start_osu_scan(struct wpa_supplicant *wpa_s) | |
845 | { | |
846 | wpa_s->num_osu_scans++; | |
b572df86 JM |
847 | wpa_s->scan_req = MANUAL_SCAN_REQ; |
848 | wpa_s->scan_res_handler = hs20_osu_scan_res_handler; | |
849 | wpa_supplicant_req_scan(wpa_s, 0, 0); | |
b572df86 JM |
850 | } |
851 | ||
852 | ||
853 | void hs20_cancel_fetch_osu(struct wpa_supplicant *wpa_s) | |
854 | { | |
855 | wpa_printf(MSG_DEBUG, "Cancel OSU fetch"); | |
856 | interworking_stop_fetch_anqp(wpa_s); | |
857 | wpa_s->network_select = 0; | |
858 | wpa_s->fetch_osu_info = 0; | |
859 | wpa_s->fetch_osu_icon_in_progress = 0; | |
860 | } | |
861 | ||
862 | ||
863 | void hs20_icon_fetch_failed(struct wpa_supplicant *wpa_s) | |
864 | { | |
865 | hs20_osu_icon_fetch_result(wpa_s, -1); | |
866 | eloop_cancel_timeout(hs20_continue_icon_fetch, wpa_s, NULL); | |
867 | eloop_register_timeout(0, 0, hs20_continue_icon_fetch, wpa_s, NULL); | |
25471fe3 | 868 | } |
95a3ea94 JM |
869 | |
870 | ||
871 | void hs20_rx_subscription_remediation(struct wpa_supplicant *wpa_s, | |
872 | const char *url, u8 osu_method) | |
873 | { | |
874 | if (url) | |
875 | wpa_msg(wpa_s, MSG_INFO, HS20_SUBSCRIPTION_REMEDIATION "%u %s", | |
876 | osu_method, url); | |
877 | else | |
878 | wpa_msg(wpa_s, MSG_INFO, HS20_SUBSCRIPTION_REMEDIATION); | |
879 | } | |
7ef69479 JM |
880 | |
881 | ||
882 | void hs20_rx_deauth_imminent_notice(struct wpa_supplicant *wpa_s, u8 code, | |
883 | u16 reauth_delay, const char *url) | |
884 | { | |
885 | if (!wpa_sm_pmf_enabled(wpa_s->wpa)) { | |
886 | wpa_printf(MSG_DEBUG, "HS 2.0: Ignore deauthentication imminent notice since PMF was not enabled"); | |
887 | return; | |
888 | } | |
889 | ||
890 | wpa_msg(wpa_s, MSG_INFO, HS20_DEAUTH_IMMINENT_NOTICE "%u %u %s", | |
891 | code, reauth_delay, url); | |
892 | ||
893 | if (code == HS20_DEAUTH_REASON_CODE_BSS) { | |
894 | wpa_printf(MSG_DEBUG, "HS 2.0: Add BSS to blacklist"); | |
895 | wpa_blacklist_add(wpa_s, wpa_s->bssid); | |
533536d8 JM |
896 | /* TODO: For now, disable full ESS since some drivers may not |
897 | * support disabling per BSS. */ | |
898 | if (wpa_s->current_ssid) { | |
06c7b7f0 JM |
899 | struct os_reltime now; |
900 | os_get_reltime(&now); | |
533536d8 JM |
901 | if (now.sec + reauth_delay <= |
902 | wpa_s->current_ssid->disabled_until.sec) | |
903 | return; | |
904 | wpa_printf(MSG_DEBUG, "HS 2.0: Disable network for %u seconds (BSS)", | |
905 | reauth_delay); | |
906 | wpa_s->current_ssid->disabled_until.sec = | |
907 | now.sec + reauth_delay; | |
908 | } | |
7ef69479 JM |
909 | } |
910 | ||
911 | if (code == HS20_DEAUTH_REASON_CODE_ESS && wpa_s->current_ssid) { | |
06c7b7f0 JM |
912 | struct os_reltime now; |
913 | os_get_reltime(&now); | |
7ef69479 JM |
914 | if (now.sec + reauth_delay <= |
915 | wpa_s->current_ssid->disabled_until.sec) | |
916 | return; | |
917 | wpa_printf(MSG_DEBUG, "HS 2.0: Disable network for %u seconds", | |
918 | reauth_delay); | |
919 | wpa_s->current_ssid->disabled_until.sec = | |
920 | now.sec + reauth_delay; | |
921 | } | |
922 | } |