]> git.ipfire.org Git - thirdparty/hostap.git/blame - wpa_supplicant/hs20_supplicant.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
WPS: Ignore too long Device Name attribute
[thirdparty/hostap.git] / wpa_supplicant / hs20_supplicant.c
CommitLineData
25471fe3
JK		 1/*
2 * Copyright (c) 2009, Atheros Communications, Inc.
1d2215fc 3 * Copyright (c) 2011-2013, Qualcomm Atheros, Inc.
25471fe3
JK		 4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "includes.h"
d10b01d2 10#include <sys/stat.h>
25471fe3
JK		 11
12#include "common.h"
13#include "eloop.h"
14#include "common/ieee802_11_common.h"
15#include "common/ieee802_11_defs.h"
16#include "common/gas.h"
17#include "common/wpa_ctrl.h"
7ef69479 18#include "rsn_supp/wpa.h"
25471fe3
JK		 19#include "wpa_supplicant_i.h"
20#include "driver_i.h"
21#include "config.h"
b572df86 22#include "scan.h"
25471fe3 23#include "bss.h"
7ef69479 24#include "blacklist.h"
25471fe3
JK		 25#include "gas_query.h"
26#include "interworking.h"
27#include "hs20_supplicant.h"
28
29
b572df86
JM		 30#define OSU_MAX_ITEMS 10
31
32struct osu_lang_string {
33 char lang[4];
34 char text[253];
35};
36
37struct osu_icon {
38 u16 width;
39 u16 height;
40 char lang[4];
41 char icon_type[256];
42 char filename[256];
43 unsigned int id;
44 unsigned int failed:1;
45};
46
47struct osu_provider {
48 u8 bssid[ETH_ALEN];
49 u8 osu_ssid[32];
50 u8 osu_ssid_len;
51 char server_uri[256];
52 u32 osu_methods; /* bit 0 = OMA-DM, bit 1 = SOAP-XML SPP */
53 char osu_nai[256];
54 struct osu_lang_string friendly_name[OSU_MAX_ITEMS];
55 size_t friendly_name_count;
56 struct osu_lang_string serv_desc[OSU_MAX_ITEMS];
57 size_t serv_desc_count;
58 struct osu_icon icon[OSU_MAX_ITEMS];
59 size_t icon_count;
60};
61
62
f9cd147d 63void wpas_hs20_add_indication(struct wpabuf *buf, int pps_mo_id)
c923b8a5 64{
f9cd147d
JM		 65 u8 conf;
66
c923b8a5 67 wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC);
f9cd147d 68 wpabuf_put_u8(buf, pps_mo_id >= 0 ? 7 : 5);
c923b8a5
JK		 69 wpabuf_put_be24(buf, OUI_WFA);
70 wpabuf_put_u8(buf, HS20_INDICATION_OUI_TYPE);
f9cd147d
JM		 71 conf = HS20_VERSION;
72 if (pps_mo_id >= 0)
73 conf |= HS20_PPS_MO_ID_PRESENT;
74 wpabuf_put_u8(buf, conf);
75 if (pps_mo_id >= 0)
76 wpabuf_put_le16(buf, pps_mo_id);
c923b8a5
JK		 77}
78
79
55a2df43
JM		 80int is_hs20_network(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
81 struct wpa_bss *bss)
82{
83 if (!wpa_s->conf->hs20 || !ssid)
84 return 0;
85
86 if (ssid->parent_cred)
87 return 1;
88
89 if (bss && !wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE))
90 return 0;
91
92 /*
93 * This may catch some non-Hotspot 2.0 cases, but it is safer to do that
94 * than cause Hotspot 2.0 connections without indication element getting
95 * added. Non-Hotspot 2.0 APs should ignore the unknown vendor element.
96 */
97
98 if (!(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X))
99 return 0;
100 if (!(ssid->pairwise_cipher & WPA_CIPHER_CCMP))
101 return 0;
102 if (ssid->proto != WPA_PROTO_RSN)
103 return 0;
104
105 return 1;
106}
107
108
f9cd147d
JM		 109int hs20_get_pps_mo_id(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
110{
111 struct wpa_cred *cred;
112
e376290c
DS		 113 if (ssid == NULL)
114 return 0;
115
116 if (ssid->update_identifier)
117 return ssid->update_identifier;
118
119 if (ssid->parent_cred == NULL)
f9cd147d
JM		 120 return 0;
121
122 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
123 if (ssid->parent_cred == cred)
124 return cred->update_identifier;
125 }
126
127 return 0;
128}
129
130
cf28c66b
DS		 131void hs20_put_anqp_req(u32 stypes, const u8 *payload, size_t payload_len,
132 struct wpabuf *buf)
25471fe3 133{
25471fe3
JK		 134 u8 *len_pos;
135
25471fe3 136 if (buf == NULL)
cf28c66b 137 return;
25471fe3
JK		 138
139 len_pos = gas_anqp_add_element(buf, ANQP_VENDOR_SPECIFIC);
140 wpabuf_put_be24(buf, OUI_WFA);
141 wpabuf_put_u8(buf, HS20_ANQP_OUI_TYPE);
142 if (stypes == BIT(HS20_STYPE_NAI_HOME_REALM_QUERY)) {
143 wpabuf_put_u8(buf, HS20_STYPE_NAI_HOME_REALM_QUERY);
144 wpabuf_put_u8(buf, 0); /* Reserved */
145 if (payload)
146 wpabuf_put_data(buf, payload, payload_len);
184e110c
JM		 147 } else if (stypes == BIT(HS20_STYPE_ICON_REQUEST)) {
148 wpabuf_put_u8(buf, HS20_STYPE_ICON_REQUEST);
149 wpabuf_put_u8(buf, 0); /* Reserved */
150 if (payload)
151 wpabuf_put_data(buf, payload, payload_len);
25471fe3
JK		 152 } else {
153 u8 i;
154 wpabuf_put_u8(buf, HS20_STYPE_QUERY_LIST);
155 wpabuf_put_u8(buf, 0); /* Reserved */
156 for (i = 0; i < 32; i++) {
157 if (stypes & BIT(i))
158 wpabuf_put_u8(buf, i);
159 }
160 }
161 gas_anqp_set_element_len(buf, len_pos);
162
163 gas_anqp_set_len(buf);
cf28c66b
DS		 164}
165
166
167struct wpabuf * hs20_build_anqp_req(u32 stypes, const u8 *payload,
168 size_t payload_len)
169{
170 struct wpabuf *buf;
171
172 buf = gas_anqp_build_initial_req(0, 100 + payload_len);
173 if (buf == NULL)
174 return NULL;
175
176 hs20_put_anqp_req(stypes, payload, payload_len, buf);
25471fe3
JK		 177
178 return buf;
179}
180
181
182int hs20_anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst, u32 stypes,
183 const u8 *payload, size_t payload_len)
184{
185 struct wpabuf *buf;
186 int ret = 0;
187 int freq;
188 struct wpa_bss *bss;
189 int res;
190
191 freq = wpa_s->assoc_freq;
192 bss = wpa_bss_get_bssid(wpa_s, dst);
485e3a92
JM		 193 if (bss) {
194 wpa_bss_anqp_unshare_alloc(bss);
25471fe3 195 freq = bss->freq;
485e3a92 196 }
25471fe3
JK		 197 if (freq <= 0)
198 return -1;
199
200 wpa_printf(MSG_DEBUG, "HS20: ANQP Query Request to " MACSTR " for "
201 "subtypes 0x%x", MAC2STR(dst), stypes);
202
203 buf = hs20_build_anqp_req(stypes, payload, payload_len);
204 if (buf == NULL)
205 return -1;
206
207 res = gas_query_req(wpa_s->gas, dst, freq, buf, anqp_resp_cb, wpa_s);
208 if (res < 0) {
209 wpa_printf(MSG_DEBUG, "ANQP: Failed to send Query Request");
24c694b4 210 wpabuf_free(buf);
25471fe3
JK		 211 ret = -1;
212 } else
213 wpa_printf(MSG_DEBUG, "ANQP: Query started with dialog token "
214 "%u", res);
215
25471fe3
JK		 216 return ret;
217}
218
219
d10b01d2
AN		 220static void hs20_set_osu_access_permission(const char *osu_dir,
221 const char *fname)
222{
223 struct stat statbuf;
224
225 /* Get OSU directory information */
226 if (stat(osu_dir, &statbuf) < 0) {
227 wpa_printf(MSG_WARNING, "Cannot stat the OSU directory %s",
228 osu_dir);
229 return;
230 }
231
232 if (chmod(fname, statbuf.st_mode) < 0) {
233 wpa_printf(MSG_WARNING,
234 "Cannot change the permissions for %s", fname);
235 return;
236 }
237
238 if (chown(fname, statbuf.st_uid, statbuf.st_gid) < 0) {
239 wpa_printf(MSG_WARNING, "Cannot change the ownership for %s",
240 fname);
241 }
242}
243
b572df86
JM		 244static int hs20_process_icon_binary_file(struct wpa_supplicant *wpa_s,
245 const u8 *sa, const u8 *pos,
246 size_t slen)
247{
248 char fname[256];
249 int png;
250 FILE *f;
251 u16 data_len;
252
253 wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR " Icon Binary File",
254 MAC2STR(sa));
255
256 if (slen < 4) {
257 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File "
258 "value from " MACSTR, MAC2STR(sa));
259 return -1;
260 }
261
262 wpa_printf(MSG_DEBUG, "HS 2.0: Download Status Code %u", *pos);
263 if (*pos != 0)
264 return -1;
265 pos++;
266 slen--;
267
268 if ((size_t) 1 + pos[0] > slen) {
269 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File "
270 "value from " MACSTR, MAC2STR(sa));
271 return -1;
272 }
273 wpa_hexdump_ascii(MSG_DEBUG, "Icon Type", pos + 1, pos[0]);
274 png = os_strncasecmp((char *) pos + 1, "image/png", 9) == 0;
275 slen -= 1 + pos[0];
276 pos += 1 + pos[0];
277
278 if (slen < 2) {
279 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File "
280 "value from " MACSTR, MAC2STR(sa));
281 return -1;
282 }
283 data_len = WPA_GET_LE16(pos);
284 pos += 2;
285 slen -= 2;
286
287 if (data_len > slen) {
288 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File "
289 "value from " MACSTR, MAC2STR(sa));
290 return -1;
291 }
292
293 wpa_printf(MSG_DEBUG, "Icon Binary Data: %u bytes", data_len);
294 if (wpa_s->conf->osu_dir == NULL)
295 return -1;
296
297 wpa_s->osu_icon_id++;
298 if (wpa_s->osu_icon_id == 0)
299 wpa_s->osu_icon_id++;
300 snprintf(fname, sizeof(fname), "%s/osu-icon-%u.%s",
301 wpa_s->conf->osu_dir, wpa_s->osu_icon_id,
302 png ? "png" : "icon");
303 f = fopen(fname, "wb");
304 if (f == NULL)
305 return -1;
d10b01d2
AN		 306
307 hs20_set_osu_access_permission(wpa_s->conf->osu_dir, fname);
308
b572df86
JM		 309 if (fwrite(pos, slen, 1, f) != 1) {
310 fclose(f);
311 unlink(fname);
312 return -1;
313 }
314 fclose(f);
315
316 wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP-ICON %s", fname);
317 return 0;
318}
319
320
321static void hs20_continue_icon_fetch(void *eloop_ctx, void *sock_ctx)
322{
323 struct wpa_supplicant *wpa_s = eloop_ctx;
324 if (wpa_s->fetch_osu_icon_in_progress)
325 hs20_next_osu_icon(wpa_s);
326}
327
328
329static void hs20_osu_icon_fetch_result(struct wpa_supplicant *wpa_s, int res)
330{
331 size_t i, j;
230e3735
JM		 332 struct os_reltime now, tmp;
333 int dur;
334
335 os_get_reltime(&now);
336 os_reltime_sub(&now, &wpa_s->osu_icon_fetch_start, &tmp);
337 dur = tmp.sec * 1000 + tmp.usec / 1000;
338 wpa_printf(MSG_DEBUG, "HS 2.0: Icon fetch dur=%d ms res=%d",
339 dur, res);
340
b572df86
JM		 341 for (i = 0; i < wpa_s->osu_prov_count; i++) {
342 struct osu_provider *osu = &wpa_s->osu_prov[i];
343 for (j = 0; j < osu->icon_count; j++) {
344 struct osu_icon *icon = &osu->icon[j];
345 if (icon->id || icon->failed)
346 continue;
347 if (res < 0)
348 icon->failed = 1;
349 else
350 icon->id = wpa_s->osu_icon_id;
351 return;
352 }
353 }
354}
355
356
25471fe3 357void hs20_parse_rx_hs20_anqp_resp(struct wpa_supplicant *wpa_s,
8266e6c6
JM		 358 struct wpa_bss *bss, const u8 *sa,
359 const u8 *data, size_t slen)
25471fe3
JK		 360{
361 const u8 *pos = data;
362 u8 subtype;
476aed35 363 struct wpa_bss_anqp *anqp = NULL;
b572df86 364 int ret;
25471fe3
JK		 365
366 if (slen < 2)
367 return;
368
476aed35
JM		 369 if (bss)
370 anqp = bss->anqp;
371
25471fe3
JK		 372 subtype = *pos++;
373 slen--;
374
375 pos++; /* Reserved */
376 slen--;
377
378 switch (subtype) {
379 case HS20_STYPE_CAPABILITY_LIST:
380 wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR
381 " HS Capability List", MAC2STR(sa));
382 wpa_hexdump_ascii(MSG_DEBUG, "HS Capability List", pos, slen);
185ada47
AN		 383 if (anqp) {
384 wpabuf_free(anqp->hs20_capability_list);
385 anqp->hs20_capability_list =
386 wpabuf_alloc_copy(pos, slen);
387 }
25471fe3
JK		 388 break;
389 case HS20_STYPE_OPERATOR_FRIENDLY_NAME:
390 wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR
391 " Operator Friendly Name", MAC2STR(sa));
392 wpa_hexdump_ascii(MSG_DEBUG, "oper friendly name", pos, slen);
476aed35
JM		 393 if (anqp) {
394 wpabuf_free(anqp->hs20_operator_friendly_name);
395 anqp->hs20_operator_friendly_name =
25471fe3
JK		 396 wpabuf_alloc_copy(pos, slen);
397 }
398 break;
399 case HS20_STYPE_WAN_METRICS:
2edcd504
JM		 400 wpa_hexdump(MSG_DEBUG, "WAN Metrics", pos, slen);
401 if (slen < 13) {
402 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short WAN "
403 "Metrics value from " MACSTR, MAC2STR(sa));
404 break;
405 }
25471fe3 406 wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR
2edcd504
JM		 407 " WAN Metrics %02x:%u:%u:%u:%u:%u", MAC2STR(sa),
408 pos[0], WPA_GET_LE32(pos + 1), WPA_GET_LE32(pos + 5),
409 pos[9], pos[10], WPA_GET_LE16(pos + 11));
476aed35
JM		 410 if (anqp) {
411 wpabuf_free(anqp->hs20_wan_metrics);
412 anqp->hs20_wan_metrics = wpabuf_alloc_copy(pos, slen);
25471fe3
JK		 413 }
414 break;
415 case HS20_STYPE_CONNECTION_CAPABILITY:
416 wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR
417 " Connection Capability", MAC2STR(sa));
418 wpa_hexdump_ascii(MSG_DEBUG, "conn capability", pos, slen);
476aed35
JM		 419 if (anqp) {
420 wpabuf_free(anqp->hs20_connection_capability);
421 anqp->hs20_connection_capability =
25471fe3
JK		 422 wpabuf_alloc_copy(pos, slen);
423 }
424 break;
425 case HS20_STYPE_OPERATING_CLASS:
426 wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR
427 " Operating Class", MAC2STR(sa));
428 wpa_hexdump_ascii(MSG_DEBUG, "Operating Class", pos, slen);
476aed35
JM		 429 if (anqp) {
430 wpabuf_free(anqp->hs20_operating_class);
431 anqp->hs20_operating_class =
25471fe3
JK		 432 wpabuf_alloc_copy(pos, slen);
433 }
434 break;
1d2215fc
JM		 435 case HS20_STYPE_OSU_PROVIDERS_LIST:
436 wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR
437 " OSU Providers list", MAC2STR(sa));
a6739e19 438 wpa_s->num_prov_found++;
1d2215fc
JM		 439 if (anqp) {
440 wpabuf_free(anqp->hs20_osu_providers_list);
441 anqp->hs20_osu_providers_list =
442 wpabuf_alloc_copy(pos, slen);
443 }
444 break;
184e110c 445 case HS20_STYPE_ICON_BINARY_FILE:
b572df86
JM		 446 ret = hs20_process_icon_binary_file(wpa_s, sa, pos, slen);
447 if (wpa_s->fetch_osu_icon_in_progress) {
448 hs20_osu_icon_fetch_result(wpa_s, ret);
449 eloop_cancel_timeout(hs20_continue_icon_fetch,
450 wpa_s, NULL);
451 eloop_register_timeout(0, 0, hs20_continue_icon_fetch,
452 wpa_s, NULL);
453 }
454 break;
455 default:
456 wpa_printf(MSG_DEBUG, "HS20: Unsupported subtype %u", subtype);
457 break;
458 }
459}
460
461
462void hs20_notify_parse_done(struct wpa_supplicant *wpa_s)
463{
464 if (!wpa_s->fetch_osu_icon_in_progress)
465 return;
466 if (eloop_is_timeout_registered(hs20_continue_icon_fetch, wpa_s, NULL))
467 return;
468 /*
469 * We are going through icon fetch, but no icon response was received.
470 * Assume this means the current AP could not provide an answer to avoid
471 * getting stuck in fetch iteration.
472 */
473 hs20_icon_fetch_failed(wpa_s);
474}
475
476
477static void hs20_free_osu_prov_entry(struct osu_provider *prov)
478{
479}
480
481
482void hs20_free_osu_prov(struct wpa_supplicant *wpa_s)
483{
484 size_t i;
485 for (i = 0; i < wpa_s->osu_prov_count; i++)
486 hs20_free_osu_prov_entry(&wpa_s->osu_prov[i]);
487 os_free(wpa_s->osu_prov);
488 wpa_s->osu_prov = NULL;
489 wpa_s->osu_prov_count = 0;
490}
491
492
493static void hs20_osu_fetch_done(struct wpa_supplicant *wpa_s)
494{
495 char fname[256];
496 FILE *f;
497 size_t i, j;
498
499 wpa_s->fetch_osu_info = 0;
500 wpa_s->fetch_osu_icon_in_progress = 0;
184e110c 501
b572df86
JM		 502 if (wpa_s->conf->osu_dir == NULL) {
503 hs20_free_osu_prov(wpa_s);
504 wpa_s->fetch_anqp_in_progress = 0;
505 return;
506 }
507
508 snprintf(fname, sizeof(fname), "%s/osu-providers.txt",
509 wpa_s->conf->osu_dir);
510 f = fopen(fname, "w");
511 if (f == NULL) {
512 hs20_free_osu_prov(wpa_s);
513 return;
514 }
d10b01d2
AN		 515
516 hs20_set_osu_access_permission(wpa_s->conf->osu_dir, fname);
517
b572df86
JM		 518 for (i = 0; i < wpa_s->osu_prov_count; i++) {
519 struct osu_provider *osu = &wpa_s->osu_prov[i];
520 if (i > 0)
521 fprintf(f, "\n");
522 fprintf(f, "OSU-PROVIDER " MACSTR "\n"
523 "uri=%s\n"
524 "methods=%08x\n",
525 MAC2STR(osu->bssid), osu->server_uri, osu->osu_methods);
526 if (osu->osu_ssid_len) {
527 fprintf(f, "osu_ssid=%s\n",
528 wpa_ssid_txt(osu->osu_ssid,
529 osu->osu_ssid_len));
530 }
531 if (osu->osu_nai[0])
532 fprintf(f, "osu_nai=%s\n", osu->osu_nai);
533 for (j = 0; j < osu->friendly_name_count; j++) {
534 fprintf(f, "friendly_name=%s:%s\n",
535 osu->friendly_name[j].lang,
536 osu->friendly_name[j].text);
537 }
538 for (j = 0; j < osu->serv_desc_count; j++) {
539 fprintf(f, "desc=%s:%s\n",
540 osu->serv_desc[j].lang,
541 osu->serv_desc[j].text);
542 }
543 for (j = 0; j < osu->icon_count; j++) {
544 struct osu_icon *icon = &osu->icon[j];
545 if (icon->failed)
546 continue; /* could not fetch icon */
547 fprintf(f, "icon=%u:%u:%u:%s:%s:%s\n",
548 icon->id, icon->width, icon->height, icon->lang,
549 icon->icon_type, icon->filename);
550 }
551 }
552 fclose(f);
553 hs20_free_osu_prov(wpa_s);
554
555 wpa_msg(wpa_s, MSG_INFO, "OSU provider fetch completed");
556 wpa_s->fetch_anqp_in_progress = 0;
557}
558
559
560void hs20_next_osu_icon(struct wpa_supplicant *wpa_s)
561{
562 size_t i, j;
563
564 wpa_printf(MSG_DEBUG, "HS 2.0: Ready to fetch next icon");
565
566 for (i = 0; i < wpa_s->osu_prov_count; i++) {
567 struct osu_provider *osu = &wpa_s->osu_prov[i];
568 for (j = 0; j < osu->icon_count; j++) {
569 struct osu_icon *icon = &osu->icon[j];
570 if (icon->id || icon->failed)
571 continue;
572
573 wpa_printf(MSG_DEBUG, "HS 2.0: Try to fetch icon '%s' "
574 "from " MACSTR, icon->filename,
575 MAC2STR(osu->bssid));
230e3735 576 os_get_reltime(&wpa_s->osu_icon_fetch_start);
b572df86
JM		 577 if (hs20_anqp_send_req(wpa_s, osu->bssid,
578 BIT(HS20_STYPE_ICON_REQUEST),
579 (u8 *) icon->filename,
580 os_strlen(icon->filename)) < 0) {
581 icon->failed = 1;
582 continue;
583 }
584 return;
585 }
586 }
587
588 wpa_printf(MSG_DEBUG, "HS 2.0: No more icons to fetch");
589 hs20_osu_fetch_done(wpa_s);
590}
591
592
593static void hs20_osu_add_prov(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
594 const u8 *osu_ssid, u8 osu_ssid_len,
595 const u8 *pos, size_t len)
596{
597 struct osu_provider *prov;
598 const u8 *end = pos + len;
599 u16 len2;
600 const u8 *pos2;
0570a3ea 601 u8 uri_len, osu_method_len, osu_nai_len;
b572df86
JM		 602
603 wpa_hexdump(MSG_DEBUG, "HS 2.0: Parsing OSU Provider", pos, len);
604 prov = os_realloc_array(wpa_s->osu_prov,
605 wpa_s->osu_prov_count + 1,
606 sizeof(*prov));
607 if (prov == NULL)
608 return;
609 wpa_s->osu_prov = prov;
610 prov = &prov[wpa_s->osu_prov_count];
611 os_memset(prov, 0, sizeof(*prov));
612
613 os_memcpy(prov->bssid, bss->bssid, ETH_ALEN);
614 os_memcpy(prov->osu_ssid, osu_ssid, osu_ssid_len);
615 prov->osu_ssid_len = osu_ssid_len;
616
617 /* OSU Friendly Name Length */
618 if (pos + 2 > end) {
619 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
620 "Friendly Name Length");
621 return;
622 }
623 len2 = WPA_GET_LE16(pos);
624 pos += 2;
0570a3ea 625 if (len2 > end - pos) {
b572df86
JM		 626 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
627 "Friendly Name Duples");
628 return;
629 }
630 pos2 = pos;
631 pos += len2;
632
633 /* OSU Friendly Name Duples */
634 while (pos2 + 4 <= pos && prov->friendly_name_count < OSU_MAX_ITEMS) {
635 struct osu_lang_string *f;
636 if (pos2 + 1 + pos2[0] > pos || pos2[0] < 3) {
637 wpa_printf(MSG_DEBUG, "Invalid OSU Friendly Name");
638 break;
639 }
640 f = &prov->friendly_name[prov->friendly_name_count++];
641 os_memcpy(f->lang, pos2 + 1, 3);
642 os_memcpy(f->text, pos2 + 1 + 3, pos2[0] - 3);
643 pos2 += 1 + pos2[0];
644 }
645
646 /* OSU Server URI */
355e17eb
JM		 647 if (pos + 1 > end) {
648 wpa_printf(MSG_DEBUG,
649 "HS 2.0: Not enough room for OSU Server URI length");
650 return;
651 }
652 uri_len = *pos++;
653 if (uri_len > end - pos) {
b572df86
JM		 654 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Server "
655 "URI");
656 return;
657 }
355e17eb
JM		 658 os_memcpy(prov->server_uri, pos, uri_len);
659 pos += uri_len;
b572df86
JM		 660
661 /* OSU Method list */
0570a3ea
JM		 662 if (pos + 1 > end) {
663 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Method "
664 "list length");
665 return;
666 }
667 osu_method_len = pos[0];
668 if (osu_method_len > end - pos - 1) {
b572df86
JM		 669 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Method "
670 "list");
671 return;
672 }
673 pos2 = pos + 1;
0570a3ea 674 pos += 1 + osu_method_len;
b572df86
JM		 675 while (pos2 < pos) {
676 if (*pos2 < 32)
677 prov->osu_methods |= BIT(*pos2);
678 pos2++;
679 }
680
681 /* Icons Available Length */
682 if (pos + 2 > end) {
683 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for Icons "
684 "Available Length");
685 return;
686 }
687 len2 = WPA_GET_LE16(pos);
688 pos += 2;
0570a3ea 689 if (len2 > end - pos) {
b572df86
JM		 690 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for Icons "
691 "Available");
692 return;
693 }
694 pos2 = pos;
695 pos += len2;
696
697 /* Icons Available */
698 while (pos2 < pos) {
699 struct osu_icon *icon = &prov->icon[prov->icon_count];
0570a3ea
JM		 700 u8 flen;
701
b572df86
JM		 702 if (pos2 + 2 + 2 + 3 + 1 + 1 > pos) {
703 wpa_printf(MSG_DEBUG, "HS 2.0: Invalid Icon Metadata");
184e110c
JM		 704 break;
705 }
706
b572df86
JM		 707 icon->width = WPA_GET_LE16(pos2);
708 pos2 += 2;
709 icon->height = WPA_GET_LE16(pos2);
710 pos2 += 2;
711 os_memcpy(icon->lang, pos2, 3);
712 pos2 += 3;
184e110c 713
0570a3ea
JM		 714 flen = pos2[0];
715 if (flen > pos - pos2 - 1) {
b572df86 716 wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon Type");
184e110c
JM		 717 break;
718 }
0570a3ea
JM		 719 os_memcpy(icon->icon_type, pos2 + 1, flen);
720 pos2 += 1 + flen;
184e110c 721
0570a3ea
JM		 722 if (pos2 + 1 > pos) {
723 wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon "
724 "Filename length");
725 break;
726 }
727 flen = pos2[0];
728 if (flen > pos - pos2 - 1) {
b572df86
JM		 729 wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon "
730 "Filename");
184e110c
JM		 731 break;
732 }
0570a3ea
JM		 733 os_memcpy(icon->filename, pos2 + 1, flen);
734 pos2 += 1 + flen;
184e110c 735
b572df86
JM		 736 prov->icon_count++;
737 }
738
739 /* OSU_NAI */
0570a3ea 740 if (pos + 1 > end) {
b572df86
JM		 741 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU_NAI");
742 return;
743 }
0570a3ea
JM		 744 osu_nai_len = pos[0];
745 if (osu_nai_len > end - pos - 1) {
746 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU_NAI");
747 return;
748 }
749 os_memcpy(prov->osu_nai, pos + 1, osu_nai_len);
750 pos += 1 + osu_nai_len;
b572df86
JM		 751
752 /* OSU Service Description Length */
753 if (pos + 2 > end) {
754 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
755 "Service Description Length");
756 return;
757 }
758 len2 = WPA_GET_LE16(pos);
759 pos += 2;
0570a3ea 760 if (len2 > end - pos) {
b572df86
JM		 761 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
762 "Service Description Duples");
763 return;
764 }
765 pos2 = pos;
766 pos += len2;
767
768 /* OSU Service Description Duples */
769 while (pos2 + 4 <= pos && prov->serv_desc_count < OSU_MAX_ITEMS) {
770 struct osu_lang_string *f;
0570a3ea
JM		 771 u8 descr_len;
772
773 descr_len = pos2[0];
774 if (descr_len > pos - pos2 - 1 || descr_len < 3) {
b572df86
JM		 775 wpa_printf(MSG_DEBUG, "Invalid OSU Service "
776 "Description");
184e110c
JM		 777 break;
778 }
b572df86
JM		 779 f = &prov->serv_desc[prov->serv_desc_count++];
780 os_memcpy(f->lang, pos2 + 1, 3);
0570a3ea
JM		 781 os_memcpy(f->text, pos2 + 1 + 3, descr_len - 3);
782 pos2 += 1 + descr_len;
b572df86 783 }
184e110c 784
b572df86
JM		 785 wpa_printf(MSG_DEBUG, "HS 2.0: Added OSU Provider through " MACSTR,
786 MAC2STR(bss->bssid));
787 wpa_s->osu_prov_count++;
788}
789
790
791void hs20_osu_icon_fetch(struct wpa_supplicant *wpa_s)
792{
793 struct wpa_bss *bss;
794 struct wpabuf *prov_anqp;
795 const u8 *pos, *end;
796 u16 len;
797 const u8 *osu_ssid;
798 u8 osu_ssid_len;
799 u8 num_providers;
800
801 hs20_free_osu_prov(wpa_s);
802
803 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
804 if (bss->anqp == NULL)
805 continue;
806 prov_anqp = bss->anqp->hs20_osu_providers_list;
807 if (prov_anqp == NULL)
808 continue;
809 wpa_printf(MSG_DEBUG, "HS 2.0: Parsing OSU Providers list from "
810 MACSTR, MAC2STR(bss->bssid));
811 wpa_hexdump_buf(MSG_DEBUG, "HS 2.0: OSU Providers list",
812 prov_anqp);
813 pos = wpabuf_head(prov_anqp);
814 end = pos + wpabuf_len(prov_anqp);
815
816 /* OSU SSID */
817 if (pos + 1 > end)
818 continue;
819 if (pos + 1 + pos[0] > end) {
820 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for "
821 "OSU SSID");
822 continue;
823 }
824 osu_ssid_len = *pos++;
825 if (osu_ssid_len > 32) {
826 wpa_printf(MSG_DEBUG, "HS 2.0: Invalid OSU SSID "
827 "Length %u", osu_ssid_len);
828 continue;
829 }
830 osu_ssid = pos;
831 pos += osu_ssid_len;
832
833 if (pos + 1 > end) {
834 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for "
835 "Number of OSU Providers");
836 continue;
837 }
838 num_providers = *pos++;
839 wpa_printf(MSG_DEBUG, "HS 2.0: Number of OSU Providers: %u",
840 num_providers);
841
842 /* OSU Providers */
843 while (pos + 2 < end && num_providers > 0) {
844 num_providers--;
845 len = WPA_GET_LE16(pos);
846 pos += 2;
5c58c0ce 847 if (len > (unsigned int) (end - pos))
b572df86
JM		 848 break;
849 hs20_osu_add_prov(wpa_s, bss, osu_ssid,
850 osu_ssid_len, pos, len);
851 pos += len;
852 }
853
854 if (pos != end) {
855 wpa_printf(MSG_DEBUG, "HS 2.0: Ignored %d bytes of "
856 "extra data after OSU Providers",
857 (int) (end - pos));
858 }
859 }
860
861 wpa_s->fetch_osu_icon_in_progress = 1;
862 hs20_next_osu_icon(wpa_s);
863}
864
865
866static void hs20_osu_scan_res_handler(struct wpa_supplicant *wpa_s,
867 struct wpa_scan_results *scan_res)
868{
869 wpa_printf(MSG_DEBUG, "OSU provisioning fetch scan completed");
568475b7
JM		 870 if (!wpa_s->fetch_osu_waiting_scan) {
871 wpa_printf(MSG_DEBUG, "OSU fetch have been canceled");
872 return;
873 }
b572df86
JM		 874 wpa_s->network_select = 0;
875 wpa_s->fetch_all_anqp = 1;
876 wpa_s->fetch_osu_info = 1;
877 wpa_s->fetch_osu_icon_in_progress = 0;
878
879 interworking_start_fetch_anqp(wpa_s);
880}
881
882
883int hs20_fetch_osu(struct wpa_supplicant *wpa_s)
884{
885 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
886 wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
887 "interface disabled");
888 return -1;
889 }
890
891 if (wpa_s->scanning) {
892 wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
893 "scanning");
894 return -1;
25471fe3 895 }
b572df86
JM		 896
897 if (wpa_s->conf->osu_dir == NULL) {
898 wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
899 "osu_dir not configured");
900 return -1;
901 }
902
903 if (wpa_s->fetch_anqp_in_progress || wpa_s->network_select) {
904 wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
905 "fetch in progress (%d, %d)",
906 wpa_s->fetch_anqp_in_progress,
907 wpa_s->network_select);
908 return -1;
909 }
910
911 wpa_msg(wpa_s, MSG_INFO, "Starting OSU provisioning information fetch");
a6739e19
JM		 912 wpa_s->num_osu_scans = 0;
913 wpa_s->num_prov_found = 0;
914 hs20_start_osu_scan(wpa_s);
915
916 return 0;
917}
918
919
920void hs20_start_osu_scan(struct wpa_supplicant *wpa_s)
921{
568475b7 922 wpa_s->fetch_osu_waiting_scan = 1;
a6739e19 923 wpa_s->num_osu_scans++;
b572df86
JM		 924 wpa_s->scan_req = MANUAL_SCAN_REQ;
925 wpa_s->scan_res_handler = hs20_osu_scan_res_handler;
926 wpa_supplicant_req_scan(wpa_s, 0, 0);
b572df86
JM		 927}
928
929
930void hs20_cancel_fetch_osu(struct wpa_supplicant *wpa_s)
931{
932 wpa_printf(MSG_DEBUG, "Cancel OSU fetch");
933 interworking_stop_fetch_anqp(wpa_s);
568475b7 934 wpa_s->fetch_osu_waiting_scan = 0;
b572df86
JM		 935 wpa_s->network_select = 0;
936 wpa_s->fetch_osu_info = 0;
937 wpa_s->fetch_osu_icon_in_progress = 0;
938}
939
940
941void hs20_icon_fetch_failed(struct wpa_supplicant *wpa_s)
942{
943 hs20_osu_icon_fetch_result(wpa_s, -1);
944 eloop_cancel_timeout(hs20_continue_icon_fetch, wpa_s, NULL);
945 eloop_register_timeout(0, 0, hs20_continue_icon_fetch, wpa_s, NULL);
25471fe3 946}
95a3ea94
JM		 947
948
949void hs20_rx_subscription_remediation(struct wpa_supplicant *wpa_s,
950 const char *url, u8 osu_method)
951{
952 if (url)
953 wpa_msg(wpa_s, MSG_INFO, HS20_SUBSCRIPTION_REMEDIATION "%u %s",
954 osu_method, url);
955 else
956 wpa_msg(wpa_s, MSG_INFO, HS20_SUBSCRIPTION_REMEDIATION);
957}
7ef69479
JM		 958
959
960void hs20_rx_deauth_imminent_notice(struct wpa_supplicant *wpa_s, u8 code,
961 u16 reauth_delay, const char *url)
962{
963 if (!wpa_sm_pmf_enabled(wpa_s->wpa)) {
964 wpa_printf(MSG_DEBUG, "HS 2.0: Ignore deauthentication imminent notice since PMF was not enabled");
965 return;
966 }
967
968 wpa_msg(wpa_s, MSG_INFO, HS20_DEAUTH_IMMINENT_NOTICE "%u %u %s",
969 code, reauth_delay, url);
970
971 if (code == HS20_DEAUTH_REASON_CODE_BSS) {
972 wpa_printf(MSG_DEBUG, "HS 2.0: Add BSS to blacklist");
973 wpa_blacklist_add(wpa_s, wpa_s->bssid);
533536d8
JM		 974 /* TODO: For now, disable full ESS since some drivers may not
975 * support disabling per BSS. */
976 if (wpa_s->current_ssid) {
06c7b7f0
JM		 977 struct os_reltime now;
978 os_get_reltime(&now);
533536d8
JM		 979 if (now.sec + reauth_delay <=
980 wpa_s->current_ssid->disabled_until.sec)
981 return;
982 wpa_printf(MSG_DEBUG, "HS 2.0: Disable network for %u seconds (BSS)",
983 reauth_delay);
984 wpa_s->current_ssid->disabled_until.sec =
985 now.sec + reauth_delay;
986 }
7ef69479
JM		 987 }
988
989 if (code == HS20_DEAUTH_REASON_CODE_ESS && wpa_s->current_ssid) {
06c7b7f0
JM		 990 struct os_reltime now;
991 os_get_reltime(&now);
7ef69479
JM		 992 if (now.sec + reauth_delay <=
993 wpa_s->current_ssid->disabled_until.sec)
994 return;
995 wpa_printf(MSG_DEBUG, "HS 2.0: Disable network for %u seconds",
996 reauth_delay);
997 wpa_s->current_ssid->disabled_until.sec =
998 now.sec + reauth_delay;
999 }
1000}
fb2ac53d
AC		 1001
1002
1003void hs20_deinit(struct wpa_supplicant *wpa_s)
1004{
1005 eloop_cancel_timeout(hs20_continue_icon_fetch, wpa_s, NULL);
1006 hs20_free_osu_prov(wpa_s);
1007}
Unnamed repository; edit this file 'description' to name the repository.