]> git.ipfire.org Git - thirdparty/hostap.git/blame - wpa_supplicant/hs20_supplicant.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tests: DUP_NETWORK
[thirdparty/hostap.git] / wpa_supplicant / hs20_supplicant.c
CommitLineData
25471fe3
JK		 1/*
2 * Copyright (c) 2009, Atheros Communications, Inc.
1d2215fc 3 * Copyright (c) 2011-2013, Qualcomm Atheros, Inc.
25471fe3
JK		 4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "includes.h"
10
11#include "common.h"
12#include "eloop.h"
13#include "common/ieee802_11_common.h"
14#include "common/ieee802_11_defs.h"
15#include "common/gas.h"
16#include "common/wpa_ctrl.h"
7ef69479 17#include "rsn_supp/wpa.h"
25471fe3
JK		 18#include "wpa_supplicant_i.h"
19#include "driver_i.h"
20#include "config.h"
b572df86 21#include "scan.h"
25471fe3 22#include "bss.h"
7ef69479 23#include "blacklist.h"
25471fe3
JK		 24#include "gas_query.h"
25#include "interworking.h"
26#include "hs20_supplicant.h"
27
28
b572df86
JM		 29#define OSU_MAX_ITEMS 10
30
31struct osu_lang_string {
32 char lang[4];
33 char text[253];
34};
35
36struct osu_icon {
37 u16 width;
38 u16 height;
39 char lang[4];
40 char icon_type[256];
41 char filename[256];
42 unsigned int id;
43 unsigned int failed:1;
44};
45
46struct osu_provider {
47 u8 bssid[ETH_ALEN];
48 u8 osu_ssid[32];
49 u8 osu_ssid_len;
50 char server_uri[256];
51 u32 osu_methods; /* bit 0 = OMA-DM, bit 1 = SOAP-XML SPP */
52 char osu_nai[256];
53 struct osu_lang_string friendly_name[OSU_MAX_ITEMS];
54 size_t friendly_name_count;
55 struct osu_lang_string serv_desc[OSU_MAX_ITEMS];
56 size_t serv_desc_count;
57 struct osu_icon icon[OSU_MAX_ITEMS];
58 size_t icon_count;
59};
60
61
f9cd147d 62void wpas_hs20_add_indication(struct wpabuf *buf, int pps_mo_id)
c923b8a5 63{
f9cd147d
JM		 64 u8 conf;
65
c923b8a5 66 wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC);
f9cd147d 67 wpabuf_put_u8(buf, pps_mo_id >= 0 ? 7 : 5);
c923b8a5
JK		 68 wpabuf_put_be24(buf, OUI_WFA);
69 wpabuf_put_u8(buf, HS20_INDICATION_OUI_TYPE);
f9cd147d
JM		 70 conf = HS20_VERSION;
71 if (pps_mo_id >= 0)
72 conf |= HS20_PPS_MO_ID_PRESENT;
73 wpabuf_put_u8(buf, conf);
74 if (pps_mo_id >= 0)
75 wpabuf_put_le16(buf, pps_mo_id);
c923b8a5
JK		 76}
77
78
55a2df43
JM		 79int is_hs20_network(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
80 struct wpa_bss *bss)
81{
82 if (!wpa_s->conf->hs20 || !ssid)
83 return 0;
84
85 if (ssid->parent_cred)
86 return 1;
87
88 if (bss && !wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE))
89 return 0;
90
91 /*
92 * This may catch some non-Hotspot 2.0 cases, but it is safer to do that
93 * than cause Hotspot 2.0 connections without indication element getting
94 * added. Non-Hotspot 2.0 APs should ignore the unknown vendor element.
95 */
96
97 if (!(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X))
98 return 0;
99 if (!(ssid->pairwise_cipher & WPA_CIPHER_CCMP))
100 return 0;
101 if (ssid->proto != WPA_PROTO_RSN)
102 return 0;
103
104 return 1;
105}
106
107
f9cd147d
JM		 108int hs20_get_pps_mo_id(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
109{
110 struct wpa_cred *cred;
111
112 if (ssid == NULL || ssid->parent_cred == NULL)
113 return 0;
114
115 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
116 if (ssid->parent_cred == cred)
117 return cred->update_identifier;
118 }
119
120 return 0;
121}
122
123
cf28c66b
DS		 124void hs20_put_anqp_req(u32 stypes, const u8 *payload, size_t payload_len,
125 struct wpabuf *buf)
25471fe3 126{
25471fe3
JK		 127 u8 *len_pos;
128
25471fe3 129 if (buf == NULL)
cf28c66b 130 return;
25471fe3
JK		 131
132 len_pos = gas_anqp_add_element(buf, ANQP_VENDOR_SPECIFIC);
133 wpabuf_put_be24(buf, OUI_WFA);
134 wpabuf_put_u8(buf, HS20_ANQP_OUI_TYPE);
135 if (stypes == BIT(HS20_STYPE_NAI_HOME_REALM_QUERY)) {
136 wpabuf_put_u8(buf, HS20_STYPE_NAI_HOME_REALM_QUERY);
137 wpabuf_put_u8(buf, 0); /* Reserved */
138 if (payload)
139 wpabuf_put_data(buf, payload, payload_len);
184e110c
JM		 140 } else if (stypes == BIT(HS20_STYPE_ICON_REQUEST)) {
141 wpabuf_put_u8(buf, HS20_STYPE_ICON_REQUEST);
142 wpabuf_put_u8(buf, 0); /* Reserved */
143 if (payload)
144 wpabuf_put_data(buf, payload, payload_len);
25471fe3
JK		 145 } else {
146 u8 i;
147 wpabuf_put_u8(buf, HS20_STYPE_QUERY_LIST);
148 wpabuf_put_u8(buf, 0); /* Reserved */
149 for (i = 0; i < 32; i++) {
150 if (stypes & BIT(i))
151 wpabuf_put_u8(buf, i);
152 }
153 }
154 gas_anqp_set_element_len(buf, len_pos);
155
156 gas_anqp_set_len(buf);
cf28c66b
DS		 157}
158
159
160struct wpabuf * hs20_build_anqp_req(u32 stypes, const u8 *payload,
161 size_t payload_len)
162{
163 struct wpabuf *buf;
164
165 buf = gas_anqp_build_initial_req(0, 100 + payload_len);
166 if (buf == NULL)
167 return NULL;
168
169 hs20_put_anqp_req(stypes, payload, payload_len, buf);
25471fe3
JK		 170
171 return buf;
172}
173
174
175int hs20_anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst, u32 stypes,
176 const u8 *payload, size_t payload_len)
177{
178 struct wpabuf *buf;
179 int ret = 0;
180 int freq;
181 struct wpa_bss *bss;
182 int res;
183
184 freq = wpa_s->assoc_freq;
185 bss = wpa_bss_get_bssid(wpa_s, dst);
485e3a92
JM		 186 if (bss) {
187 wpa_bss_anqp_unshare_alloc(bss);
25471fe3 188 freq = bss->freq;
485e3a92 189 }
25471fe3
JK		 190 if (freq <= 0)
191 return -1;
192
193 wpa_printf(MSG_DEBUG, "HS20: ANQP Query Request to " MACSTR " for "
194 "subtypes 0x%x", MAC2STR(dst), stypes);
195
196 buf = hs20_build_anqp_req(stypes, payload, payload_len);
197 if (buf == NULL)
198 return -1;
199
200 res = gas_query_req(wpa_s->gas, dst, freq, buf, anqp_resp_cb, wpa_s);
201 if (res < 0) {
202 wpa_printf(MSG_DEBUG, "ANQP: Failed to send Query Request");
24c694b4 203 wpabuf_free(buf);
25471fe3
JK		 204 ret = -1;
205 } else
206 wpa_printf(MSG_DEBUG, "ANQP: Query started with dialog token "
207 "%u", res);
208
25471fe3
JK		 209 return ret;
210}
211
212
b572df86
JM		 213static int hs20_process_icon_binary_file(struct wpa_supplicant *wpa_s,
214 const u8 *sa, const u8 *pos,
215 size_t slen)
216{
217 char fname[256];
218 int png;
219 FILE *f;
220 u16 data_len;
221
222 wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR " Icon Binary File",
223 MAC2STR(sa));
224
225 if (slen < 4) {
226 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File "
227 "value from " MACSTR, MAC2STR(sa));
228 return -1;
229 }
230
231 wpa_printf(MSG_DEBUG, "HS 2.0: Download Status Code %u", *pos);
232 if (*pos != 0)
233 return -1;
234 pos++;
235 slen--;
236
237 if ((size_t) 1 + pos[0] > slen) {
238 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File "
239 "value from " MACSTR, MAC2STR(sa));
240 return -1;
241 }
242 wpa_hexdump_ascii(MSG_DEBUG, "Icon Type", pos + 1, pos[0]);
243 png = os_strncasecmp((char *) pos + 1, "image/png", 9) == 0;
244 slen -= 1 + pos[0];
245 pos += 1 + pos[0];
246
247 if (slen < 2) {
248 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File "
249 "value from " MACSTR, MAC2STR(sa));
250 return -1;
251 }
252 data_len = WPA_GET_LE16(pos);
253 pos += 2;
254 slen -= 2;
255
256 if (data_len > slen) {
257 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File "
258 "value from " MACSTR, MAC2STR(sa));
259 return -1;
260 }
261
262 wpa_printf(MSG_DEBUG, "Icon Binary Data: %u bytes", data_len);
263 if (wpa_s->conf->osu_dir == NULL)
264 return -1;
265
266 wpa_s->osu_icon_id++;
267 if (wpa_s->osu_icon_id == 0)
268 wpa_s->osu_icon_id++;
269 snprintf(fname, sizeof(fname), "%s/osu-icon-%u.%s",
270 wpa_s->conf->osu_dir, wpa_s->osu_icon_id,
271 png ? "png" : "icon");
272 f = fopen(fname, "wb");
273 if (f == NULL)
274 return -1;
275 if (fwrite(pos, slen, 1, f) != 1) {
276 fclose(f);
277 unlink(fname);
278 return -1;
279 }
280 fclose(f);
281
282 wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP-ICON %s", fname);
283 return 0;
284}
285
286
287static void hs20_continue_icon_fetch(void *eloop_ctx, void *sock_ctx)
288{
289 struct wpa_supplicant *wpa_s = eloop_ctx;
290 if (wpa_s->fetch_osu_icon_in_progress)
291 hs20_next_osu_icon(wpa_s);
292}
293
294
295static void hs20_osu_icon_fetch_result(struct wpa_supplicant *wpa_s, int res)
296{
297 size_t i, j;
230e3735
JM		 298 struct os_reltime now, tmp;
299 int dur;
300
301 os_get_reltime(&now);
302 os_reltime_sub(&now, &wpa_s->osu_icon_fetch_start, &tmp);
303 dur = tmp.sec * 1000 + tmp.usec / 1000;
304 wpa_printf(MSG_DEBUG, "HS 2.0: Icon fetch dur=%d ms res=%d",
305 dur, res);
306
b572df86
JM		 307 for (i = 0; i < wpa_s->osu_prov_count; i++) {
308 struct osu_provider *osu = &wpa_s->osu_prov[i];
309 for (j = 0; j < osu->icon_count; j++) {
310 struct osu_icon *icon = &osu->icon[j];
311 if (icon->id || icon->failed)
312 continue;
313 if (res < 0)
314 icon->failed = 1;
315 else
316 icon->id = wpa_s->osu_icon_id;
317 return;
318 }
319 }
320}
321
322
25471fe3
JK		 323void hs20_parse_rx_hs20_anqp_resp(struct wpa_supplicant *wpa_s,
324 const u8 *sa, const u8 *data, size_t slen)
325{
326 const u8 *pos = data;
327 u8 subtype;
328 struct wpa_bss *bss = wpa_bss_get_bssid(wpa_s, sa);
476aed35 329 struct wpa_bss_anqp *anqp = NULL;
b572df86 330 int ret;
25471fe3
JK		 331
332 if (slen < 2)
333 return;
334
476aed35
JM		 335 if (bss)
336 anqp = bss->anqp;
337
25471fe3
JK		 338 subtype = *pos++;
339 slen--;
340
341 pos++; /* Reserved */
342 slen--;
343
344 switch (subtype) {
345 case HS20_STYPE_CAPABILITY_LIST:
346 wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR
347 " HS Capability List", MAC2STR(sa));
348 wpa_hexdump_ascii(MSG_DEBUG, "HS Capability List", pos, slen);
349 break;
350 case HS20_STYPE_OPERATOR_FRIENDLY_NAME:
351 wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR
352 " Operator Friendly Name", MAC2STR(sa));
353 wpa_hexdump_ascii(MSG_DEBUG, "oper friendly name", pos, slen);
476aed35
JM		 354 if (anqp) {
355 wpabuf_free(anqp->hs20_operator_friendly_name);
356 anqp->hs20_operator_friendly_name =
25471fe3
JK		 357 wpabuf_alloc_copy(pos, slen);
358 }
359 break;
360 case HS20_STYPE_WAN_METRICS:
2edcd504
JM		 361 wpa_hexdump(MSG_DEBUG, "WAN Metrics", pos, slen);
362 if (slen < 13) {
363 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short WAN "
364 "Metrics value from " MACSTR, MAC2STR(sa));
365 break;
366 }
25471fe3 367 wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR
2edcd504
JM		 368 " WAN Metrics %02x:%u:%u:%u:%u:%u", MAC2STR(sa),
369 pos[0], WPA_GET_LE32(pos + 1), WPA_GET_LE32(pos + 5),
370 pos[9], pos[10], WPA_GET_LE16(pos + 11));
476aed35
JM		 371 if (anqp) {
372 wpabuf_free(anqp->hs20_wan_metrics);
373 anqp->hs20_wan_metrics = wpabuf_alloc_copy(pos, slen);
25471fe3
JK		 374 }
375 break;
376 case HS20_STYPE_CONNECTION_CAPABILITY:
377 wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR
378 " Connection Capability", MAC2STR(sa));
379 wpa_hexdump_ascii(MSG_DEBUG, "conn capability", pos, slen);
476aed35
JM		 380 if (anqp) {
381 wpabuf_free(anqp->hs20_connection_capability);
382 anqp->hs20_connection_capability =
25471fe3
JK		 383 wpabuf_alloc_copy(pos, slen);
384 }
385 break;
386 case HS20_STYPE_OPERATING_CLASS:
387 wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR
388 " Operating Class", MAC2STR(sa));
389 wpa_hexdump_ascii(MSG_DEBUG, "Operating Class", pos, slen);
476aed35
JM		 390 if (anqp) {
391 wpabuf_free(anqp->hs20_operating_class);
392 anqp->hs20_operating_class =
25471fe3
JK		 393 wpabuf_alloc_copy(pos, slen);
394 }
395 break;
1d2215fc
JM		 396 case HS20_STYPE_OSU_PROVIDERS_LIST:
397 wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR
398 " OSU Providers list", MAC2STR(sa));
a6739e19 399 wpa_s->num_prov_found++;
1d2215fc
JM		 400 if (anqp) {
401 wpabuf_free(anqp->hs20_osu_providers_list);
402 anqp->hs20_osu_providers_list =
403 wpabuf_alloc_copy(pos, slen);
404 }
405 break;
184e110c 406 case HS20_STYPE_ICON_BINARY_FILE:
b572df86
JM		 407 ret = hs20_process_icon_binary_file(wpa_s, sa, pos, slen);
408 if (wpa_s->fetch_osu_icon_in_progress) {
409 hs20_osu_icon_fetch_result(wpa_s, ret);
410 eloop_cancel_timeout(hs20_continue_icon_fetch,
411 wpa_s, NULL);
412 eloop_register_timeout(0, 0, hs20_continue_icon_fetch,
413 wpa_s, NULL);
414 }
415 break;
416 default:
417 wpa_printf(MSG_DEBUG, "HS20: Unsupported subtype %u", subtype);
418 break;
419 }
420}
421
422
423void hs20_notify_parse_done(struct wpa_supplicant *wpa_s)
424{
425 if (!wpa_s->fetch_osu_icon_in_progress)
426 return;
427 if (eloop_is_timeout_registered(hs20_continue_icon_fetch, wpa_s, NULL))
428 return;
429 /*
430 * We are going through icon fetch, but no icon response was received.
431 * Assume this means the current AP could not provide an answer to avoid
432 * getting stuck in fetch iteration.
433 */
434 hs20_icon_fetch_failed(wpa_s);
435}
436
437
438static void hs20_free_osu_prov_entry(struct osu_provider *prov)
439{
440}
441
442
443void hs20_free_osu_prov(struct wpa_supplicant *wpa_s)
444{
445 size_t i;
446 for (i = 0; i < wpa_s->osu_prov_count; i++)
447 hs20_free_osu_prov_entry(&wpa_s->osu_prov[i]);
448 os_free(wpa_s->osu_prov);
449 wpa_s->osu_prov = NULL;
450 wpa_s->osu_prov_count = 0;
451}
452
453
454static void hs20_osu_fetch_done(struct wpa_supplicant *wpa_s)
455{
456 char fname[256];
457 FILE *f;
458 size_t i, j;
459
460 wpa_s->fetch_osu_info = 0;
461 wpa_s->fetch_osu_icon_in_progress = 0;
184e110c 462
b572df86
JM		 463 if (wpa_s->conf->osu_dir == NULL) {
464 hs20_free_osu_prov(wpa_s);
465 wpa_s->fetch_anqp_in_progress = 0;
466 return;
467 }
468
469 snprintf(fname, sizeof(fname), "%s/osu-providers.txt",
470 wpa_s->conf->osu_dir);
471 f = fopen(fname, "w");
472 if (f == NULL) {
473 hs20_free_osu_prov(wpa_s);
474 return;
475 }
476 for (i = 0; i < wpa_s->osu_prov_count; i++) {
477 struct osu_provider *osu = &wpa_s->osu_prov[i];
478 if (i > 0)
479 fprintf(f, "\n");
480 fprintf(f, "OSU-PROVIDER " MACSTR "\n"
481 "uri=%s\n"
482 "methods=%08x\n",
483 MAC2STR(osu->bssid), osu->server_uri, osu->osu_methods);
484 if (osu->osu_ssid_len) {
485 fprintf(f, "osu_ssid=%s\n",
486 wpa_ssid_txt(osu->osu_ssid,
487 osu->osu_ssid_len));
488 }
489 if (osu->osu_nai[0])
490 fprintf(f, "osu_nai=%s\n", osu->osu_nai);
491 for (j = 0; j < osu->friendly_name_count; j++) {
492 fprintf(f, "friendly_name=%s:%s\n",
493 osu->friendly_name[j].lang,
494 osu->friendly_name[j].text);
495 }
496 for (j = 0; j < osu->serv_desc_count; j++) {
497 fprintf(f, "desc=%s:%s\n",
498 osu->serv_desc[j].lang,
499 osu->serv_desc[j].text);
500 }
501 for (j = 0; j < osu->icon_count; j++) {
502 struct osu_icon *icon = &osu->icon[j];
503 if (icon->failed)
504 continue; /* could not fetch icon */
505 fprintf(f, "icon=%u:%u:%u:%s:%s:%s\n",
506 icon->id, icon->width, icon->height, icon->lang,
507 icon->icon_type, icon->filename);
508 }
509 }
510 fclose(f);
511 hs20_free_osu_prov(wpa_s);
512
513 wpa_msg(wpa_s, MSG_INFO, "OSU provider fetch completed");
514 wpa_s->fetch_anqp_in_progress = 0;
515}
516
517
518void hs20_next_osu_icon(struct wpa_supplicant *wpa_s)
519{
520 size_t i, j;
521
522 wpa_printf(MSG_DEBUG, "HS 2.0: Ready to fetch next icon");
523
524 for (i = 0; i < wpa_s->osu_prov_count; i++) {
525 struct osu_provider *osu = &wpa_s->osu_prov[i];
526 for (j = 0; j < osu->icon_count; j++) {
527 struct osu_icon *icon = &osu->icon[j];
528 if (icon->id || icon->failed)
529 continue;
530
531 wpa_printf(MSG_DEBUG, "HS 2.0: Try to fetch icon '%s' "
532 "from " MACSTR, icon->filename,
533 MAC2STR(osu->bssid));
230e3735 534 os_get_reltime(&wpa_s->osu_icon_fetch_start);
b572df86
JM		 535 if (hs20_anqp_send_req(wpa_s, osu->bssid,
536 BIT(HS20_STYPE_ICON_REQUEST),
537 (u8 *) icon->filename,
538 os_strlen(icon->filename)) < 0) {
539 icon->failed = 1;
540 continue;
541 }
542 return;
543 }
544 }
545
546 wpa_printf(MSG_DEBUG, "HS 2.0: No more icons to fetch");
547 hs20_osu_fetch_done(wpa_s);
548}
549
550
551static void hs20_osu_add_prov(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
552 const u8 *osu_ssid, u8 osu_ssid_len,
553 const u8 *pos, size_t len)
554{
555 struct osu_provider *prov;
556 const u8 *end = pos + len;
557 u16 len2;
558 const u8 *pos2;
559
560 wpa_hexdump(MSG_DEBUG, "HS 2.0: Parsing OSU Provider", pos, len);
561 prov = os_realloc_array(wpa_s->osu_prov,
562 wpa_s->osu_prov_count + 1,
563 sizeof(*prov));
564 if (prov == NULL)
565 return;
566 wpa_s->osu_prov = prov;
567 prov = &prov[wpa_s->osu_prov_count];
568 os_memset(prov, 0, sizeof(*prov));
569
570 os_memcpy(prov->bssid, bss->bssid, ETH_ALEN);
571 os_memcpy(prov->osu_ssid, osu_ssid, osu_ssid_len);
572 prov->osu_ssid_len = osu_ssid_len;
573
574 /* OSU Friendly Name Length */
575 if (pos + 2 > end) {
576 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
577 "Friendly Name Length");
578 return;
579 }
580 len2 = WPA_GET_LE16(pos);
581 pos += 2;
582 if (pos + len2 > end) {
583 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
584 "Friendly Name Duples");
585 return;
586 }
587 pos2 = pos;
588 pos += len2;
589
590 /* OSU Friendly Name Duples */
591 while (pos2 + 4 <= pos && prov->friendly_name_count < OSU_MAX_ITEMS) {
592 struct osu_lang_string *f;
593 if (pos2 + 1 + pos2[0] > pos || pos2[0] < 3) {
594 wpa_printf(MSG_DEBUG, "Invalid OSU Friendly Name");
595 break;
596 }
597 f = &prov->friendly_name[prov->friendly_name_count++];
598 os_memcpy(f->lang, pos2 + 1, 3);
599 os_memcpy(f->text, pos2 + 1 + 3, pos2[0] - 3);
600 pos2 += 1 + pos2[0];
601 }
602
603 /* OSU Server URI */
604 if (pos + 1 > end || pos + 1 + pos[0] > end) {
605 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Server "
606 "URI");
607 return;
608 }
609 os_memcpy(prov->server_uri, pos + 1, pos[0]);
610 pos += 1 + pos[0];
611
612 /* OSU Method list */
613 if (pos + 1 > end || pos + 1 + pos[0] > end) {
614 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Method "
615 "list");
616 return;
617 }
618 pos2 = pos + 1;
619 pos += 1 + pos[0];
620 while (pos2 < pos) {
621 if (*pos2 < 32)
622 prov->osu_methods |= BIT(*pos2);
623 pos2++;
624 }
625
626 /* Icons Available Length */
627 if (pos + 2 > end) {
628 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for Icons "
629 "Available Length");
630 return;
631 }
632 len2 = WPA_GET_LE16(pos);
633 pos += 2;
634 if (pos + len2 > end) {
635 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for Icons "
636 "Available");
637 return;
638 }
639 pos2 = pos;
640 pos += len2;
641
642 /* Icons Available */
643 while (pos2 < pos) {
644 struct osu_icon *icon = &prov->icon[prov->icon_count];
645 if (pos2 + 2 + 2 + 3 + 1 + 1 > pos) {
646 wpa_printf(MSG_DEBUG, "HS 2.0: Invalid Icon Metadata");
184e110c
JM		 647 break;
648 }
649
b572df86
JM		 650 icon->width = WPA_GET_LE16(pos2);
651 pos2 += 2;
652 icon->height = WPA_GET_LE16(pos2);
653 pos2 += 2;
654 os_memcpy(icon->lang, pos2, 3);
655 pos2 += 3;
184e110c 656
b572df86
JM		 657 if (pos2 + 1 + pos2[0] > pos) {
658 wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon Type");
184e110c
JM		 659 break;
660 }
b572df86
JM		 661 os_memcpy(icon->icon_type, pos2 + 1, pos2[0]);
662 pos2 += 1 + pos2[0];
184e110c 663
b572df86
JM		 664 if (pos2 + 1 + pos2[0] > pos) {
665 wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon "
666 "Filename");
184e110c
JM		 667 break;
668 }
b572df86
JM		 669 os_memcpy(icon->filename, pos2 + 1, pos2[0]);
670 pos2 += 1 + pos2[0];
184e110c 671
b572df86
JM		 672 prov->icon_count++;
673 }
674
675 /* OSU_NAI */
676 if (pos + 1 > end || pos + 1 + pos[0] > end) {
677 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU_NAI");
678 return;
679 }
680 os_memcpy(prov->osu_nai, pos + 1, pos[0]);
681 pos += 1 + pos[0];
682
683 /* OSU Service Description Length */
684 if (pos + 2 > end) {
685 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
686 "Service Description Length");
687 return;
688 }
689 len2 = WPA_GET_LE16(pos);
690 pos += 2;
691 if (pos + len2 > end) {
692 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
693 "Service Description Duples");
694 return;
695 }
696 pos2 = pos;
697 pos += len2;
698
699 /* OSU Service Description Duples */
700 while (pos2 + 4 <= pos && prov->serv_desc_count < OSU_MAX_ITEMS) {
701 struct osu_lang_string *f;
702 if (pos2 + 1 + pos2[0] > pos || pos2[0] < 3) {
703 wpa_printf(MSG_DEBUG, "Invalid OSU Service "
704 "Description");
184e110c
JM		 705 break;
706 }
b572df86
JM		 707 f = &prov->serv_desc[prov->serv_desc_count++];
708 os_memcpy(f->lang, pos2 + 1, 3);
709 os_memcpy(f->text, pos2 + 1 + 3, pos2[0] - 3);
710 pos2 += 1 + pos2[0];
711 }
184e110c 712
b572df86
JM		 713 wpa_printf(MSG_DEBUG, "HS 2.0: Added OSU Provider through " MACSTR,
714 MAC2STR(bss->bssid));
715 wpa_s->osu_prov_count++;
716}
717
718
719void hs20_osu_icon_fetch(struct wpa_supplicant *wpa_s)
720{
721 struct wpa_bss *bss;
722 struct wpabuf *prov_anqp;
723 const u8 *pos, *end;
724 u16 len;
725 const u8 *osu_ssid;
726 u8 osu_ssid_len;
727 u8 num_providers;
728
729 hs20_free_osu_prov(wpa_s);
730
731 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
732 if (bss->anqp == NULL)
733 continue;
734 prov_anqp = bss->anqp->hs20_osu_providers_list;
735 if (prov_anqp == NULL)
736 continue;
737 wpa_printf(MSG_DEBUG, "HS 2.0: Parsing OSU Providers list from "
738 MACSTR, MAC2STR(bss->bssid));
739 wpa_hexdump_buf(MSG_DEBUG, "HS 2.0: OSU Providers list",
740 prov_anqp);
741 pos = wpabuf_head(prov_anqp);
742 end = pos + wpabuf_len(prov_anqp);
743
744 /* OSU SSID */
745 if (pos + 1 > end)
746 continue;
747 if (pos + 1 + pos[0] > end) {
748 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for "
749 "OSU SSID");
750 continue;
751 }
752 osu_ssid_len = *pos++;
753 if (osu_ssid_len > 32) {
754 wpa_printf(MSG_DEBUG, "HS 2.0: Invalid OSU SSID "
755 "Length %u", osu_ssid_len);
756 continue;
757 }
758 osu_ssid = pos;
759 pos += osu_ssid_len;
760
761 if (pos + 1 > end) {
762 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for "
763 "Number of OSU Providers");
764 continue;
765 }
766 num_providers = *pos++;
767 wpa_printf(MSG_DEBUG, "HS 2.0: Number of OSU Providers: %u",
768 num_providers);
769
770 /* OSU Providers */
771 while (pos + 2 < end && num_providers > 0) {
772 num_providers--;
773 len = WPA_GET_LE16(pos);
774 pos += 2;
775 if (pos + len > end)
776 break;
777 hs20_osu_add_prov(wpa_s, bss, osu_ssid,
778 osu_ssid_len, pos, len);
779 pos += len;
780 }
781
782 if (pos != end) {
783 wpa_printf(MSG_DEBUG, "HS 2.0: Ignored %d bytes of "
784 "extra data after OSU Providers",
785 (int) (end - pos));
786 }
787 }
788
789 wpa_s->fetch_osu_icon_in_progress = 1;
790 hs20_next_osu_icon(wpa_s);
791}
792
793
794static void hs20_osu_scan_res_handler(struct wpa_supplicant *wpa_s,
795 struct wpa_scan_results *scan_res)
796{
797 wpa_printf(MSG_DEBUG, "OSU provisioning fetch scan completed");
798 wpa_s->network_select = 0;
799 wpa_s->fetch_all_anqp = 1;
800 wpa_s->fetch_osu_info = 1;
801 wpa_s->fetch_osu_icon_in_progress = 0;
802
803 interworking_start_fetch_anqp(wpa_s);
804}
805
806
807int hs20_fetch_osu(struct wpa_supplicant *wpa_s)
808{
809 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
810 wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
811 "interface disabled");
812 return -1;
813 }
814
815 if (wpa_s->scanning) {
816 wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
817 "scanning");
818 return -1;
25471fe3 819 }
b572df86
JM		 820
821 if (wpa_s->conf->osu_dir == NULL) {
822 wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
823 "osu_dir not configured");
824 return -1;
825 }
826
827 if (wpa_s->fetch_anqp_in_progress || wpa_s->network_select) {
828 wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
829 "fetch in progress (%d, %d)",
830 wpa_s->fetch_anqp_in_progress,
831 wpa_s->network_select);
832 return -1;
833 }
834
835 wpa_msg(wpa_s, MSG_INFO, "Starting OSU provisioning information fetch");
a6739e19
JM		 836 wpa_s->num_osu_scans = 0;
837 wpa_s->num_prov_found = 0;
838 hs20_start_osu_scan(wpa_s);
839
840 return 0;
841}
842
843
844void hs20_start_osu_scan(struct wpa_supplicant *wpa_s)
845{
846 wpa_s->num_osu_scans++;
b572df86
JM		 847 wpa_s->scan_req = MANUAL_SCAN_REQ;
848 wpa_s->scan_res_handler = hs20_osu_scan_res_handler;
849 wpa_supplicant_req_scan(wpa_s, 0, 0);
b572df86
JM		 850}
851
852
853void hs20_cancel_fetch_osu(struct wpa_supplicant *wpa_s)
854{
855 wpa_printf(MSG_DEBUG, "Cancel OSU fetch");
856 interworking_stop_fetch_anqp(wpa_s);
857 wpa_s->network_select = 0;
858 wpa_s->fetch_osu_info = 0;
859 wpa_s->fetch_osu_icon_in_progress = 0;
860}
861
862
863void hs20_icon_fetch_failed(struct wpa_supplicant *wpa_s)
864{
865 hs20_osu_icon_fetch_result(wpa_s, -1);
866 eloop_cancel_timeout(hs20_continue_icon_fetch, wpa_s, NULL);
867 eloop_register_timeout(0, 0, hs20_continue_icon_fetch, wpa_s, NULL);
25471fe3 868}
95a3ea94
JM		 869
870
871void hs20_rx_subscription_remediation(struct wpa_supplicant *wpa_s,
872 const char *url, u8 osu_method)
873{
874 if (url)
875 wpa_msg(wpa_s, MSG_INFO, HS20_SUBSCRIPTION_REMEDIATION "%u %s",
876 osu_method, url);
877 else
878 wpa_msg(wpa_s, MSG_INFO, HS20_SUBSCRIPTION_REMEDIATION);
879}
7ef69479
JM		 880
881
882void hs20_rx_deauth_imminent_notice(struct wpa_supplicant *wpa_s, u8 code,
883 u16 reauth_delay, const char *url)
884{
885 if (!wpa_sm_pmf_enabled(wpa_s->wpa)) {
886 wpa_printf(MSG_DEBUG, "HS 2.0: Ignore deauthentication imminent notice since PMF was not enabled");
887 return;
888 }
889
890 wpa_msg(wpa_s, MSG_INFO, HS20_DEAUTH_IMMINENT_NOTICE "%u %u %s",
891 code, reauth_delay, url);
892
893 if (code == HS20_DEAUTH_REASON_CODE_BSS) {
894 wpa_printf(MSG_DEBUG, "HS 2.0: Add BSS to blacklist");
895 wpa_blacklist_add(wpa_s, wpa_s->bssid);
533536d8
JM		 896 /* TODO: For now, disable full ESS since some drivers may not
897 * support disabling per BSS. */
898 if (wpa_s->current_ssid) {
06c7b7f0
JM		 899 struct os_reltime now;
900 os_get_reltime(&now);
533536d8
JM		 901 if (now.sec + reauth_delay <=
902 wpa_s->current_ssid->disabled_until.sec)
903 return;
904 wpa_printf(MSG_DEBUG, "HS 2.0: Disable network for %u seconds (BSS)",
905 reauth_delay);
906 wpa_s->current_ssid->disabled_until.sec =
907 now.sec + reauth_delay;
908 }
7ef69479
JM		 909 }
910
911 if (code == HS20_DEAUTH_REASON_CODE_ESS && wpa_s->current_ssid) {
06c7b7f0
JM		 912 struct os_reltime now;
913 os_get_reltime(&now);
7ef69479
JM		 914 if (now.sec + reauth_delay <=
915 wpa_s->current_ssid->disabled_until.sec)
916 return;
917 wpa_printf(MSG_DEBUG, "HS 2.0: Disable network for %u seconds",
918 reauth_delay);
919 wpa_s->current_ssid->disabled_until.sec =
920 now.sec + reauth_delay;
921 }
922}
Unnamed repository; edit this file 'description' to name the repository.