]>
Commit | Line | Data |
---|---|---|
25471fe3 JK |
1 | /* |
2 | * Copyright (c) 2009, Atheros Communications, Inc. | |
1d2215fc | 3 | * Copyright (c) 2011-2013, Qualcomm Atheros, Inc. |
25471fe3 JK |
4 | * |
5 | * This software may be distributed under the terms of the BSD license. | |
6 | * See README for more details. | |
7 | */ | |
8 | ||
9 | #include "includes.h" | |
d10b01d2 | 10 | #include <sys/stat.h> |
25471fe3 JK |
11 | |
12 | #include "common.h" | |
13 | #include "eloop.h" | |
14 | #include "common/ieee802_11_common.h" | |
15 | #include "common/ieee802_11_defs.h" | |
16 | #include "common/gas.h" | |
17 | #include "common/wpa_ctrl.h" | |
7ef69479 | 18 | #include "rsn_supp/wpa.h" |
25471fe3 JK |
19 | #include "wpa_supplicant_i.h" |
20 | #include "driver_i.h" | |
21 | #include "config.h" | |
b572df86 | 22 | #include "scan.h" |
25471fe3 | 23 | #include "bss.h" |
7ef69479 | 24 | #include "blacklist.h" |
25471fe3 JK |
25 | #include "gas_query.h" |
26 | #include "interworking.h" | |
27 | #include "hs20_supplicant.h" | |
28 | ||
29 | ||
b572df86 JM |
30 | #define OSU_MAX_ITEMS 10 |
31 | ||
32 | struct osu_lang_string { | |
33 | char lang[4]; | |
34 | char text[253]; | |
35 | }; | |
36 | ||
37 | struct osu_icon { | |
38 | u16 width; | |
39 | u16 height; | |
40 | char lang[4]; | |
41 | char icon_type[256]; | |
42 | char filename[256]; | |
43 | unsigned int id; | |
44 | unsigned int failed:1; | |
45 | }; | |
46 | ||
47 | struct osu_provider { | |
48 | u8 bssid[ETH_ALEN]; | |
49 | u8 osu_ssid[32]; | |
50 | u8 osu_ssid_len; | |
51 | char server_uri[256]; | |
52 | u32 osu_methods; /* bit 0 = OMA-DM, bit 1 = SOAP-XML SPP */ | |
53 | char osu_nai[256]; | |
54 | struct osu_lang_string friendly_name[OSU_MAX_ITEMS]; | |
55 | size_t friendly_name_count; | |
56 | struct osu_lang_string serv_desc[OSU_MAX_ITEMS]; | |
57 | size_t serv_desc_count; | |
58 | struct osu_icon icon[OSU_MAX_ITEMS]; | |
59 | size_t icon_count; | |
60 | }; | |
61 | ||
62 | ||
f9cd147d | 63 | void wpas_hs20_add_indication(struct wpabuf *buf, int pps_mo_id) |
c923b8a5 | 64 | { |
f9cd147d JM |
65 | u8 conf; |
66 | ||
c923b8a5 | 67 | wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC); |
f9cd147d | 68 | wpabuf_put_u8(buf, pps_mo_id >= 0 ? 7 : 5); |
c923b8a5 JK |
69 | wpabuf_put_be24(buf, OUI_WFA); |
70 | wpabuf_put_u8(buf, HS20_INDICATION_OUI_TYPE); | |
f9cd147d JM |
71 | conf = HS20_VERSION; |
72 | if (pps_mo_id >= 0) | |
73 | conf |= HS20_PPS_MO_ID_PRESENT; | |
74 | wpabuf_put_u8(buf, conf); | |
75 | if (pps_mo_id >= 0) | |
76 | wpabuf_put_le16(buf, pps_mo_id); | |
c923b8a5 JK |
77 | } |
78 | ||
79 | ||
55a2df43 JM |
80 | int is_hs20_network(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, |
81 | struct wpa_bss *bss) | |
82 | { | |
83 | if (!wpa_s->conf->hs20 || !ssid) | |
84 | return 0; | |
85 | ||
86 | if (ssid->parent_cred) | |
87 | return 1; | |
88 | ||
89 | if (bss && !wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE)) | |
90 | return 0; | |
91 | ||
92 | /* | |
93 | * This may catch some non-Hotspot 2.0 cases, but it is safer to do that | |
94 | * than cause Hotspot 2.0 connections without indication element getting | |
95 | * added. Non-Hotspot 2.0 APs should ignore the unknown vendor element. | |
96 | */ | |
97 | ||
98 | if (!(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X)) | |
99 | return 0; | |
100 | if (!(ssid->pairwise_cipher & WPA_CIPHER_CCMP)) | |
101 | return 0; | |
102 | if (ssid->proto != WPA_PROTO_RSN) | |
103 | return 0; | |
104 | ||
105 | return 1; | |
106 | } | |
107 | ||
108 | ||
f9cd147d JM |
109 | int hs20_get_pps_mo_id(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) |
110 | { | |
111 | struct wpa_cred *cred; | |
112 | ||
e376290c DS |
113 | if (ssid == NULL) |
114 | return 0; | |
115 | ||
116 | if (ssid->update_identifier) | |
117 | return ssid->update_identifier; | |
118 | ||
119 | if (ssid->parent_cred == NULL) | |
f9cd147d JM |
120 | return 0; |
121 | ||
122 | for (cred = wpa_s->conf->cred; cred; cred = cred->next) { | |
123 | if (ssid->parent_cred == cred) | |
124 | return cred->update_identifier; | |
125 | } | |
126 | ||
127 | return 0; | |
128 | } | |
129 | ||
130 | ||
cf28c66b DS |
131 | void hs20_put_anqp_req(u32 stypes, const u8 *payload, size_t payload_len, |
132 | struct wpabuf *buf) | |
25471fe3 | 133 | { |
25471fe3 JK |
134 | u8 *len_pos; |
135 | ||
25471fe3 | 136 | if (buf == NULL) |
cf28c66b | 137 | return; |
25471fe3 JK |
138 | |
139 | len_pos = gas_anqp_add_element(buf, ANQP_VENDOR_SPECIFIC); | |
140 | wpabuf_put_be24(buf, OUI_WFA); | |
141 | wpabuf_put_u8(buf, HS20_ANQP_OUI_TYPE); | |
142 | if (stypes == BIT(HS20_STYPE_NAI_HOME_REALM_QUERY)) { | |
143 | wpabuf_put_u8(buf, HS20_STYPE_NAI_HOME_REALM_QUERY); | |
144 | wpabuf_put_u8(buf, 0); /* Reserved */ | |
145 | if (payload) | |
146 | wpabuf_put_data(buf, payload, payload_len); | |
184e110c JM |
147 | } else if (stypes == BIT(HS20_STYPE_ICON_REQUEST)) { |
148 | wpabuf_put_u8(buf, HS20_STYPE_ICON_REQUEST); | |
149 | wpabuf_put_u8(buf, 0); /* Reserved */ | |
150 | if (payload) | |
151 | wpabuf_put_data(buf, payload, payload_len); | |
25471fe3 JK |
152 | } else { |
153 | u8 i; | |
154 | wpabuf_put_u8(buf, HS20_STYPE_QUERY_LIST); | |
155 | wpabuf_put_u8(buf, 0); /* Reserved */ | |
156 | for (i = 0; i < 32; i++) { | |
157 | if (stypes & BIT(i)) | |
158 | wpabuf_put_u8(buf, i); | |
159 | } | |
160 | } | |
161 | gas_anqp_set_element_len(buf, len_pos); | |
162 | ||
163 | gas_anqp_set_len(buf); | |
cf28c66b DS |
164 | } |
165 | ||
166 | ||
167 | struct wpabuf * hs20_build_anqp_req(u32 stypes, const u8 *payload, | |
168 | size_t payload_len) | |
169 | { | |
170 | struct wpabuf *buf; | |
171 | ||
172 | buf = gas_anqp_build_initial_req(0, 100 + payload_len); | |
173 | if (buf == NULL) | |
174 | return NULL; | |
175 | ||
176 | hs20_put_anqp_req(stypes, payload, payload_len, buf); | |
25471fe3 JK |
177 | |
178 | return buf; | |
179 | } | |
180 | ||
181 | ||
182 | int hs20_anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst, u32 stypes, | |
183 | const u8 *payload, size_t payload_len) | |
184 | { | |
185 | struct wpabuf *buf; | |
186 | int ret = 0; | |
187 | int freq; | |
188 | struct wpa_bss *bss; | |
189 | int res; | |
190 | ||
191 | freq = wpa_s->assoc_freq; | |
192 | bss = wpa_bss_get_bssid(wpa_s, dst); | |
485e3a92 JM |
193 | if (bss) { |
194 | wpa_bss_anqp_unshare_alloc(bss); | |
25471fe3 | 195 | freq = bss->freq; |
485e3a92 | 196 | } |
25471fe3 JK |
197 | if (freq <= 0) |
198 | return -1; | |
199 | ||
200 | wpa_printf(MSG_DEBUG, "HS20: ANQP Query Request to " MACSTR " for " | |
201 | "subtypes 0x%x", MAC2STR(dst), stypes); | |
202 | ||
203 | buf = hs20_build_anqp_req(stypes, payload, payload_len); | |
204 | if (buf == NULL) | |
205 | return -1; | |
206 | ||
207 | res = gas_query_req(wpa_s->gas, dst, freq, buf, anqp_resp_cb, wpa_s); | |
208 | if (res < 0) { | |
209 | wpa_printf(MSG_DEBUG, "ANQP: Failed to send Query Request"); | |
24c694b4 | 210 | wpabuf_free(buf); |
25471fe3 JK |
211 | ret = -1; |
212 | } else | |
213 | wpa_printf(MSG_DEBUG, "ANQP: Query started with dialog token " | |
214 | "%u", res); | |
215 | ||
25471fe3 JK |
216 | return ret; |
217 | } | |
218 | ||
219 | ||
d10b01d2 AN |
220 | static void hs20_set_osu_access_permission(const char *osu_dir, |
221 | const char *fname) | |
222 | { | |
223 | struct stat statbuf; | |
224 | ||
225 | /* Get OSU directory information */ | |
226 | if (stat(osu_dir, &statbuf) < 0) { | |
227 | wpa_printf(MSG_WARNING, "Cannot stat the OSU directory %s", | |
228 | osu_dir); | |
229 | return; | |
230 | } | |
231 | ||
232 | if (chmod(fname, statbuf.st_mode) < 0) { | |
233 | wpa_printf(MSG_WARNING, | |
234 | "Cannot change the permissions for %s", fname); | |
235 | return; | |
236 | } | |
237 | ||
238 | if (chown(fname, statbuf.st_uid, statbuf.st_gid) < 0) { | |
239 | wpa_printf(MSG_WARNING, "Cannot change the ownership for %s", | |
240 | fname); | |
241 | } | |
242 | } | |
243 | ||
b572df86 JM |
244 | static int hs20_process_icon_binary_file(struct wpa_supplicant *wpa_s, |
245 | const u8 *sa, const u8 *pos, | |
246 | size_t slen) | |
247 | { | |
248 | char fname[256]; | |
249 | int png; | |
250 | FILE *f; | |
251 | u16 data_len; | |
252 | ||
253 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR " Icon Binary File", | |
254 | MAC2STR(sa)); | |
255 | ||
256 | if (slen < 4) { | |
257 | wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File " | |
258 | "value from " MACSTR, MAC2STR(sa)); | |
259 | return -1; | |
260 | } | |
261 | ||
262 | wpa_printf(MSG_DEBUG, "HS 2.0: Download Status Code %u", *pos); | |
263 | if (*pos != 0) | |
264 | return -1; | |
265 | pos++; | |
266 | slen--; | |
267 | ||
268 | if ((size_t) 1 + pos[0] > slen) { | |
269 | wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File " | |
270 | "value from " MACSTR, MAC2STR(sa)); | |
271 | return -1; | |
272 | } | |
273 | wpa_hexdump_ascii(MSG_DEBUG, "Icon Type", pos + 1, pos[0]); | |
274 | png = os_strncasecmp((char *) pos + 1, "image/png", 9) == 0; | |
275 | slen -= 1 + pos[0]; | |
276 | pos += 1 + pos[0]; | |
277 | ||
278 | if (slen < 2) { | |
279 | wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File " | |
280 | "value from " MACSTR, MAC2STR(sa)); | |
281 | return -1; | |
282 | } | |
283 | data_len = WPA_GET_LE16(pos); | |
284 | pos += 2; | |
285 | slen -= 2; | |
286 | ||
287 | if (data_len > slen) { | |
288 | wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File " | |
289 | "value from " MACSTR, MAC2STR(sa)); | |
290 | return -1; | |
291 | } | |
292 | ||
293 | wpa_printf(MSG_DEBUG, "Icon Binary Data: %u bytes", data_len); | |
294 | if (wpa_s->conf->osu_dir == NULL) | |
295 | return -1; | |
296 | ||
297 | wpa_s->osu_icon_id++; | |
298 | if (wpa_s->osu_icon_id == 0) | |
299 | wpa_s->osu_icon_id++; | |
300 | snprintf(fname, sizeof(fname), "%s/osu-icon-%u.%s", | |
301 | wpa_s->conf->osu_dir, wpa_s->osu_icon_id, | |
302 | png ? "png" : "icon"); | |
303 | f = fopen(fname, "wb"); | |
304 | if (f == NULL) | |
305 | return -1; | |
d10b01d2 AN |
306 | |
307 | hs20_set_osu_access_permission(wpa_s->conf->osu_dir, fname); | |
308 | ||
b572df86 JM |
309 | if (fwrite(pos, slen, 1, f) != 1) { |
310 | fclose(f); | |
311 | unlink(fname); | |
312 | return -1; | |
313 | } | |
314 | fclose(f); | |
315 | ||
316 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP-ICON %s", fname); | |
317 | return 0; | |
318 | } | |
319 | ||
320 | ||
321 | static void hs20_continue_icon_fetch(void *eloop_ctx, void *sock_ctx) | |
322 | { | |
323 | struct wpa_supplicant *wpa_s = eloop_ctx; | |
324 | if (wpa_s->fetch_osu_icon_in_progress) | |
325 | hs20_next_osu_icon(wpa_s); | |
326 | } | |
327 | ||
328 | ||
329 | static void hs20_osu_icon_fetch_result(struct wpa_supplicant *wpa_s, int res) | |
330 | { | |
331 | size_t i, j; | |
230e3735 JM |
332 | struct os_reltime now, tmp; |
333 | int dur; | |
334 | ||
335 | os_get_reltime(&now); | |
336 | os_reltime_sub(&now, &wpa_s->osu_icon_fetch_start, &tmp); | |
337 | dur = tmp.sec * 1000 + tmp.usec / 1000; | |
338 | wpa_printf(MSG_DEBUG, "HS 2.0: Icon fetch dur=%d ms res=%d", | |
339 | dur, res); | |
340 | ||
b572df86 JM |
341 | for (i = 0; i < wpa_s->osu_prov_count; i++) { |
342 | struct osu_provider *osu = &wpa_s->osu_prov[i]; | |
343 | for (j = 0; j < osu->icon_count; j++) { | |
344 | struct osu_icon *icon = &osu->icon[j]; | |
345 | if (icon->id || icon->failed) | |
346 | continue; | |
347 | if (res < 0) | |
348 | icon->failed = 1; | |
349 | else | |
350 | icon->id = wpa_s->osu_icon_id; | |
351 | return; | |
352 | } | |
353 | } | |
354 | } | |
355 | ||
356 | ||
25471fe3 | 357 | void hs20_parse_rx_hs20_anqp_resp(struct wpa_supplicant *wpa_s, |
8266e6c6 JM |
358 | struct wpa_bss *bss, const u8 *sa, |
359 | const u8 *data, size_t slen) | |
25471fe3 JK |
360 | { |
361 | const u8 *pos = data; | |
362 | u8 subtype; | |
476aed35 | 363 | struct wpa_bss_anqp *anqp = NULL; |
b572df86 | 364 | int ret; |
25471fe3 JK |
365 | |
366 | if (slen < 2) | |
367 | return; | |
368 | ||
476aed35 JM |
369 | if (bss) |
370 | anqp = bss->anqp; | |
371 | ||
25471fe3 JK |
372 | subtype = *pos++; |
373 | slen--; | |
374 | ||
375 | pos++; /* Reserved */ | |
376 | slen--; | |
377 | ||
378 | switch (subtype) { | |
379 | case HS20_STYPE_CAPABILITY_LIST: | |
380 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR | |
381 | " HS Capability List", MAC2STR(sa)); | |
382 | wpa_hexdump_ascii(MSG_DEBUG, "HS Capability List", pos, slen); | |
185ada47 AN |
383 | if (anqp) { |
384 | wpabuf_free(anqp->hs20_capability_list); | |
385 | anqp->hs20_capability_list = | |
386 | wpabuf_alloc_copy(pos, slen); | |
387 | } | |
25471fe3 JK |
388 | break; |
389 | case HS20_STYPE_OPERATOR_FRIENDLY_NAME: | |
390 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR | |
391 | " Operator Friendly Name", MAC2STR(sa)); | |
392 | wpa_hexdump_ascii(MSG_DEBUG, "oper friendly name", pos, slen); | |
476aed35 JM |
393 | if (anqp) { |
394 | wpabuf_free(anqp->hs20_operator_friendly_name); | |
395 | anqp->hs20_operator_friendly_name = | |
25471fe3 JK |
396 | wpabuf_alloc_copy(pos, slen); |
397 | } | |
398 | break; | |
399 | case HS20_STYPE_WAN_METRICS: | |
2edcd504 JM |
400 | wpa_hexdump(MSG_DEBUG, "WAN Metrics", pos, slen); |
401 | if (slen < 13) { | |
402 | wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short WAN " | |
403 | "Metrics value from " MACSTR, MAC2STR(sa)); | |
404 | break; | |
405 | } | |
25471fe3 | 406 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR |
2edcd504 JM |
407 | " WAN Metrics %02x:%u:%u:%u:%u:%u", MAC2STR(sa), |
408 | pos[0], WPA_GET_LE32(pos + 1), WPA_GET_LE32(pos + 5), | |
409 | pos[9], pos[10], WPA_GET_LE16(pos + 11)); | |
476aed35 JM |
410 | if (anqp) { |
411 | wpabuf_free(anqp->hs20_wan_metrics); | |
412 | anqp->hs20_wan_metrics = wpabuf_alloc_copy(pos, slen); | |
25471fe3 JK |
413 | } |
414 | break; | |
415 | case HS20_STYPE_CONNECTION_CAPABILITY: | |
416 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR | |
417 | " Connection Capability", MAC2STR(sa)); | |
418 | wpa_hexdump_ascii(MSG_DEBUG, "conn capability", pos, slen); | |
476aed35 JM |
419 | if (anqp) { |
420 | wpabuf_free(anqp->hs20_connection_capability); | |
421 | anqp->hs20_connection_capability = | |
25471fe3 JK |
422 | wpabuf_alloc_copy(pos, slen); |
423 | } | |
424 | break; | |
425 | case HS20_STYPE_OPERATING_CLASS: | |
426 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR | |
427 | " Operating Class", MAC2STR(sa)); | |
428 | wpa_hexdump_ascii(MSG_DEBUG, "Operating Class", pos, slen); | |
476aed35 JM |
429 | if (anqp) { |
430 | wpabuf_free(anqp->hs20_operating_class); | |
431 | anqp->hs20_operating_class = | |
25471fe3 JK |
432 | wpabuf_alloc_copy(pos, slen); |
433 | } | |
434 | break; | |
1d2215fc JM |
435 | case HS20_STYPE_OSU_PROVIDERS_LIST: |
436 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR | |
437 | " OSU Providers list", MAC2STR(sa)); | |
a6739e19 | 438 | wpa_s->num_prov_found++; |
1d2215fc JM |
439 | if (anqp) { |
440 | wpabuf_free(anqp->hs20_osu_providers_list); | |
441 | anqp->hs20_osu_providers_list = | |
442 | wpabuf_alloc_copy(pos, slen); | |
443 | } | |
444 | break; | |
184e110c | 445 | case HS20_STYPE_ICON_BINARY_FILE: |
b572df86 JM |
446 | ret = hs20_process_icon_binary_file(wpa_s, sa, pos, slen); |
447 | if (wpa_s->fetch_osu_icon_in_progress) { | |
448 | hs20_osu_icon_fetch_result(wpa_s, ret); | |
449 | eloop_cancel_timeout(hs20_continue_icon_fetch, | |
450 | wpa_s, NULL); | |
451 | eloop_register_timeout(0, 0, hs20_continue_icon_fetch, | |
452 | wpa_s, NULL); | |
453 | } | |
454 | break; | |
455 | default: | |
456 | wpa_printf(MSG_DEBUG, "HS20: Unsupported subtype %u", subtype); | |
457 | break; | |
458 | } | |
459 | } | |
460 | ||
461 | ||
462 | void hs20_notify_parse_done(struct wpa_supplicant *wpa_s) | |
463 | { | |
464 | if (!wpa_s->fetch_osu_icon_in_progress) | |
465 | return; | |
466 | if (eloop_is_timeout_registered(hs20_continue_icon_fetch, wpa_s, NULL)) | |
467 | return; | |
468 | /* | |
469 | * We are going through icon fetch, but no icon response was received. | |
470 | * Assume this means the current AP could not provide an answer to avoid | |
471 | * getting stuck in fetch iteration. | |
472 | */ | |
473 | hs20_icon_fetch_failed(wpa_s); | |
474 | } | |
475 | ||
476 | ||
477 | static void hs20_free_osu_prov_entry(struct osu_provider *prov) | |
478 | { | |
479 | } | |
480 | ||
481 | ||
482 | void hs20_free_osu_prov(struct wpa_supplicant *wpa_s) | |
483 | { | |
484 | size_t i; | |
485 | for (i = 0; i < wpa_s->osu_prov_count; i++) | |
486 | hs20_free_osu_prov_entry(&wpa_s->osu_prov[i]); | |
487 | os_free(wpa_s->osu_prov); | |
488 | wpa_s->osu_prov = NULL; | |
489 | wpa_s->osu_prov_count = 0; | |
490 | } | |
491 | ||
492 | ||
493 | static void hs20_osu_fetch_done(struct wpa_supplicant *wpa_s) | |
494 | { | |
495 | char fname[256]; | |
496 | FILE *f; | |
497 | size_t i, j; | |
498 | ||
499 | wpa_s->fetch_osu_info = 0; | |
500 | wpa_s->fetch_osu_icon_in_progress = 0; | |
184e110c | 501 | |
b572df86 JM |
502 | if (wpa_s->conf->osu_dir == NULL) { |
503 | hs20_free_osu_prov(wpa_s); | |
504 | wpa_s->fetch_anqp_in_progress = 0; | |
505 | return; | |
506 | } | |
507 | ||
508 | snprintf(fname, sizeof(fname), "%s/osu-providers.txt", | |
509 | wpa_s->conf->osu_dir); | |
510 | f = fopen(fname, "w"); | |
511 | if (f == NULL) { | |
512 | hs20_free_osu_prov(wpa_s); | |
513 | return; | |
514 | } | |
d10b01d2 AN |
515 | |
516 | hs20_set_osu_access_permission(wpa_s->conf->osu_dir, fname); | |
517 | ||
b572df86 JM |
518 | for (i = 0; i < wpa_s->osu_prov_count; i++) { |
519 | struct osu_provider *osu = &wpa_s->osu_prov[i]; | |
520 | if (i > 0) | |
521 | fprintf(f, "\n"); | |
522 | fprintf(f, "OSU-PROVIDER " MACSTR "\n" | |
523 | "uri=%s\n" | |
524 | "methods=%08x\n", | |
525 | MAC2STR(osu->bssid), osu->server_uri, osu->osu_methods); | |
526 | if (osu->osu_ssid_len) { | |
527 | fprintf(f, "osu_ssid=%s\n", | |
528 | wpa_ssid_txt(osu->osu_ssid, | |
529 | osu->osu_ssid_len)); | |
530 | } | |
531 | if (osu->osu_nai[0]) | |
532 | fprintf(f, "osu_nai=%s\n", osu->osu_nai); | |
533 | for (j = 0; j < osu->friendly_name_count; j++) { | |
534 | fprintf(f, "friendly_name=%s:%s\n", | |
535 | osu->friendly_name[j].lang, | |
536 | osu->friendly_name[j].text); | |
537 | } | |
538 | for (j = 0; j < osu->serv_desc_count; j++) { | |
539 | fprintf(f, "desc=%s:%s\n", | |
540 | osu->serv_desc[j].lang, | |
541 | osu->serv_desc[j].text); | |
542 | } | |
543 | for (j = 0; j < osu->icon_count; j++) { | |
544 | struct osu_icon *icon = &osu->icon[j]; | |
545 | if (icon->failed) | |
546 | continue; /* could not fetch icon */ | |
547 | fprintf(f, "icon=%u:%u:%u:%s:%s:%s\n", | |
548 | icon->id, icon->width, icon->height, icon->lang, | |
549 | icon->icon_type, icon->filename); | |
550 | } | |
551 | } | |
552 | fclose(f); | |
553 | hs20_free_osu_prov(wpa_s); | |
554 | ||
555 | wpa_msg(wpa_s, MSG_INFO, "OSU provider fetch completed"); | |
556 | wpa_s->fetch_anqp_in_progress = 0; | |
557 | } | |
558 | ||
559 | ||
560 | void hs20_next_osu_icon(struct wpa_supplicant *wpa_s) | |
561 | { | |
562 | size_t i, j; | |
563 | ||
564 | wpa_printf(MSG_DEBUG, "HS 2.0: Ready to fetch next icon"); | |
565 | ||
566 | for (i = 0; i < wpa_s->osu_prov_count; i++) { | |
567 | struct osu_provider *osu = &wpa_s->osu_prov[i]; | |
568 | for (j = 0; j < osu->icon_count; j++) { | |
569 | struct osu_icon *icon = &osu->icon[j]; | |
570 | if (icon->id || icon->failed) | |
571 | continue; | |
572 | ||
573 | wpa_printf(MSG_DEBUG, "HS 2.0: Try to fetch icon '%s' " | |
574 | "from " MACSTR, icon->filename, | |
575 | MAC2STR(osu->bssid)); | |
230e3735 | 576 | os_get_reltime(&wpa_s->osu_icon_fetch_start); |
b572df86 JM |
577 | if (hs20_anqp_send_req(wpa_s, osu->bssid, |
578 | BIT(HS20_STYPE_ICON_REQUEST), | |
579 | (u8 *) icon->filename, | |
580 | os_strlen(icon->filename)) < 0) { | |
581 | icon->failed = 1; | |
582 | continue; | |
583 | } | |
584 | return; | |
585 | } | |
586 | } | |
587 | ||
588 | wpa_printf(MSG_DEBUG, "HS 2.0: No more icons to fetch"); | |
589 | hs20_osu_fetch_done(wpa_s); | |
590 | } | |
591 | ||
592 | ||
593 | static void hs20_osu_add_prov(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, | |
594 | const u8 *osu_ssid, u8 osu_ssid_len, | |
595 | const u8 *pos, size_t len) | |
596 | { | |
597 | struct osu_provider *prov; | |
598 | const u8 *end = pos + len; | |
599 | u16 len2; | |
600 | const u8 *pos2; | |
0570a3ea | 601 | u8 uri_len, osu_method_len, osu_nai_len; |
b572df86 JM |
602 | |
603 | wpa_hexdump(MSG_DEBUG, "HS 2.0: Parsing OSU Provider", pos, len); | |
604 | prov = os_realloc_array(wpa_s->osu_prov, | |
605 | wpa_s->osu_prov_count + 1, | |
606 | sizeof(*prov)); | |
607 | if (prov == NULL) | |
608 | return; | |
609 | wpa_s->osu_prov = prov; | |
610 | prov = &prov[wpa_s->osu_prov_count]; | |
611 | os_memset(prov, 0, sizeof(*prov)); | |
612 | ||
613 | os_memcpy(prov->bssid, bss->bssid, ETH_ALEN); | |
614 | os_memcpy(prov->osu_ssid, osu_ssid, osu_ssid_len); | |
615 | prov->osu_ssid_len = osu_ssid_len; | |
616 | ||
617 | /* OSU Friendly Name Length */ | |
618 | if (pos + 2 > end) { | |
619 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU " | |
620 | "Friendly Name Length"); | |
621 | return; | |
622 | } | |
623 | len2 = WPA_GET_LE16(pos); | |
624 | pos += 2; | |
0570a3ea | 625 | if (len2 > end - pos) { |
b572df86 JM |
626 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU " |
627 | "Friendly Name Duples"); | |
628 | return; | |
629 | } | |
630 | pos2 = pos; | |
631 | pos += len2; | |
632 | ||
633 | /* OSU Friendly Name Duples */ | |
634 | while (pos2 + 4 <= pos && prov->friendly_name_count < OSU_MAX_ITEMS) { | |
635 | struct osu_lang_string *f; | |
636 | if (pos2 + 1 + pos2[0] > pos || pos2[0] < 3) { | |
637 | wpa_printf(MSG_DEBUG, "Invalid OSU Friendly Name"); | |
638 | break; | |
639 | } | |
640 | f = &prov->friendly_name[prov->friendly_name_count++]; | |
641 | os_memcpy(f->lang, pos2 + 1, 3); | |
642 | os_memcpy(f->text, pos2 + 1 + 3, pos2[0] - 3); | |
643 | pos2 += 1 + pos2[0]; | |
644 | } | |
645 | ||
646 | /* OSU Server URI */ | |
355e17eb JM |
647 | if (pos + 1 > end) { |
648 | wpa_printf(MSG_DEBUG, | |
649 | "HS 2.0: Not enough room for OSU Server URI length"); | |
650 | return; | |
651 | } | |
652 | uri_len = *pos++; | |
653 | if (uri_len > end - pos) { | |
b572df86 JM |
654 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Server " |
655 | "URI"); | |
656 | return; | |
657 | } | |
355e17eb JM |
658 | os_memcpy(prov->server_uri, pos, uri_len); |
659 | pos += uri_len; | |
b572df86 JM |
660 | |
661 | /* OSU Method list */ | |
0570a3ea JM |
662 | if (pos + 1 > end) { |
663 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Method " | |
664 | "list length"); | |
665 | return; | |
666 | } | |
667 | osu_method_len = pos[0]; | |
668 | if (osu_method_len > end - pos - 1) { | |
b572df86 JM |
669 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Method " |
670 | "list"); | |
671 | return; | |
672 | } | |
673 | pos2 = pos + 1; | |
0570a3ea | 674 | pos += 1 + osu_method_len; |
b572df86 JM |
675 | while (pos2 < pos) { |
676 | if (*pos2 < 32) | |
677 | prov->osu_methods |= BIT(*pos2); | |
678 | pos2++; | |
679 | } | |
680 | ||
681 | /* Icons Available Length */ | |
682 | if (pos + 2 > end) { | |
683 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for Icons " | |
684 | "Available Length"); | |
685 | return; | |
686 | } | |
687 | len2 = WPA_GET_LE16(pos); | |
688 | pos += 2; | |
0570a3ea | 689 | if (len2 > end - pos) { |
b572df86 JM |
690 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for Icons " |
691 | "Available"); | |
692 | return; | |
693 | } | |
694 | pos2 = pos; | |
695 | pos += len2; | |
696 | ||
697 | /* Icons Available */ | |
698 | while (pos2 < pos) { | |
699 | struct osu_icon *icon = &prov->icon[prov->icon_count]; | |
0570a3ea JM |
700 | u8 flen; |
701 | ||
b572df86 JM |
702 | if (pos2 + 2 + 2 + 3 + 1 + 1 > pos) { |
703 | wpa_printf(MSG_DEBUG, "HS 2.0: Invalid Icon Metadata"); | |
184e110c JM |
704 | break; |
705 | } | |
706 | ||
b572df86 JM |
707 | icon->width = WPA_GET_LE16(pos2); |
708 | pos2 += 2; | |
709 | icon->height = WPA_GET_LE16(pos2); | |
710 | pos2 += 2; | |
711 | os_memcpy(icon->lang, pos2, 3); | |
712 | pos2 += 3; | |
184e110c | 713 | |
0570a3ea JM |
714 | flen = pos2[0]; |
715 | if (flen > pos - pos2 - 1) { | |
b572df86 | 716 | wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon Type"); |
184e110c JM |
717 | break; |
718 | } | |
0570a3ea JM |
719 | os_memcpy(icon->icon_type, pos2 + 1, flen); |
720 | pos2 += 1 + flen; | |
184e110c | 721 | |
0570a3ea JM |
722 | if (pos2 + 1 > pos) { |
723 | wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon " | |
724 | "Filename length"); | |
725 | break; | |
726 | } | |
727 | flen = pos2[0]; | |
728 | if (flen > pos - pos2 - 1) { | |
b572df86 JM |
729 | wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon " |
730 | "Filename"); | |
184e110c JM |
731 | break; |
732 | } | |
0570a3ea JM |
733 | os_memcpy(icon->filename, pos2 + 1, flen); |
734 | pos2 += 1 + flen; | |
184e110c | 735 | |
b572df86 JM |
736 | prov->icon_count++; |
737 | } | |
738 | ||
739 | /* OSU_NAI */ | |
0570a3ea | 740 | if (pos + 1 > end) { |
b572df86 JM |
741 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU_NAI"); |
742 | return; | |
743 | } | |
0570a3ea JM |
744 | osu_nai_len = pos[0]; |
745 | if (osu_nai_len > end - pos - 1) { | |
746 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU_NAI"); | |
747 | return; | |
748 | } | |
749 | os_memcpy(prov->osu_nai, pos + 1, osu_nai_len); | |
750 | pos += 1 + osu_nai_len; | |
b572df86 JM |
751 | |
752 | /* OSU Service Description Length */ | |
753 | if (pos + 2 > end) { | |
754 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU " | |
755 | "Service Description Length"); | |
756 | return; | |
757 | } | |
758 | len2 = WPA_GET_LE16(pos); | |
759 | pos += 2; | |
0570a3ea | 760 | if (len2 > end - pos) { |
b572df86 JM |
761 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU " |
762 | "Service Description Duples"); | |
763 | return; | |
764 | } | |
765 | pos2 = pos; | |
766 | pos += len2; | |
767 | ||
768 | /* OSU Service Description Duples */ | |
769 | while (pos2 + 4 <= pos && prov->serv_desc_count < OSU_MAX_ITEMS) { | |
770 | struct osu_lang_string *f; | |
0570a3ea JM |
771 | u8 descr_len; |
772 | ||
773 | descr_len = pos2[0]; | |
774 | if (descr_len > pos - pos2 - 1 || descr_len < 3) { | |
b572df86 JM |
775 | wpa_printf(MSG_DEBUG, "Invalid OSU Service " |
776 | "Description"); | |
184e110c JM |
777 | break; |
778 | } | |
b572df86 JM |
779 | f = &prov->serv_desc[prov->serv_desc_count++]; |
780 | os_memcpy(f->lang, pos2 + 1, 3); | |
0570a3ea JM |
781 | os_memcpy(f->text, pos2 + 1 + 3, descr_len - 3); |
782 | pos2 += 1 + descr_len; | |
b572df86 | 783 | } |
184e110c | 784 | |
b572df86 JM |
785 | wpa_printf(MSG_DEBUG, "HS 2.0: Added OSU Provider through " MACSTR, |
786 | MAC2STR(bss->bssid)); | |
787 | wpa_s->osu_prov_count++; | |
788 | } | |
789 | ||
790 | ||
791 | void hs20_osu_icon_fetch(struct wpa_supplicant *wpa_s) | |
792 | { | |
793 | struct wpa_bss *bss; | |
794 | struct wpabuf *prov_anqp; | |
795 | const u8 *pos, *end; | |
796 | u16 len; | |
797 | const u8 *osu_ssid; | |
798 | u8 osu_ssid_len; | |
799 | u8 num_providers; | |
800 | ||
801 | hs20_free_osu_prov(wpa_s); | |
802 | ||
803 | dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { | |
804 | if (bss->anqp == NULL) | |
805 | continue; | |
806 | prov_anqp = bss->anqp->hs20_osu_providers_list; | |
807 | if (prov_anqp == NULL) | |
808 | continue; | |
809 | wpa_printf(MSG_DEBUG, "HS 2.0: Parsing OSU Providers list from " | |
810 | MACSTR, MAC2STR(bss->bssid)); | |
811 | wpa_hexdump_buf(MSG_DEBUG, "HS 2.0: OSU Providers list", | |
812 | prov_anqp); | |
813 | pos = wpabuf_head(prov_anqp); | |
814 | end = pos + wpabuf_len(prov_anqp); | |
815 | ||
816 | /* OSU SSID */ | |
817 | if (pos + 1 > end) | |
818 | continue; | |
819 | if (pos + 1 + pos[0] > end) { | |
820 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for " | |
821 | "OSU SSID"); | |
822 | continue; | |
823 | } | |
824 | osu_ssid_len = *pos++; | |
825 | if (osu_ssid_len > 32) { | |
826 | wpa_printf(MSG_DEBUG, "HS 2.0: Invalid OSU SSID " | |
827 | "Length %u", osu_ssid_len); | |
828 | continue; | |
829 | } | |
830 | osu_ssid = pos; | |
831 | pos += osu_ssid_len; | |
832 | ||
833 | if (pos + 1 > end) { | |
834 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for " | |
835 | "Number of OSU Providers"); | |
836 | continue; | |
837 | } | |
838 | num_providers = *pos++; | |
839 | wpa_printf(MSG_DEBUG, "HS 2.0: Number of OSU Providers: %u", | |
840 | num_providers); | |
841 | ||
842 | /* OSU Providers */ | |
843 | while (pos + 2 < end && num_providers > 0) { | |
844 | num_providers--; | |
845 | len = WPA_GET_LE16(pos); | |
846 | pos += 2; | |
5c58c0ce | 847 | if (len > (unsigned int) (end - pos)) |
b572df86 JM |
848 | break; |
849 | hs20_osu_add_prov(wpa_s, bss, osu_ssid, | |
850 | osu_ssid_len, pos, len); | |
851 | pos += len; | |
852 | } | |
853 | ||
854 | if (pos != end) { | |
855 | wpa_printf(MSG_DEBUG, "HS 2.0: Ignored %d bytes of " | |
856 | "extra data after OSU Providers", | |
857 | (int) (end - pos)); | |
858 | } | |
859 | } | |
860 | ||
861 | wpa_s->fetch_osu_icon_in_progress = 1; | |
862 | hs20_next_osu_icon(wpa_s); | |
863 | } | |
864 | ||
865 | ||
866 | static void hs20_osu_scan_res_handler(struct wpa_supplicant *wpa_s, | |
867 | struct wpa_scan_results *scan_res) | |
868 | { | |
869 | wpa_printf(MSG_DEBUG, "OSU provisioning fetch scan completed"); | |
568475b7 JM |
870 | if (!wpa_s->fetch_osu_waiting_scan) { |
871 | wpa_printf(MSG_DEBUG, "OSU fetch have been canceled"); | |
872 | return; | |
873 | } | |
b572df86 JM |
874 | wpa_s->network_select = 0; |
875 | wpa_s->fetch_all_anqp = 1; | |
876 | wpa_s->fetch_osu_info = 1; | |
877 | wpa_s->fetch_osu_icon_in_progress = 0; | |
878 | ||
879 | interworking_start_fetch_anqp(wpa_s); | |
880 | } | |
881 | ||
882 | ||
883 | int hs20_fetch_osu(struct wpa_supplicant *wpa_s) | |
884 | { | |
885 | if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { | |
886 | wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - " | |
887 | "interface disabled"); | |
888 | return -1; | |
889 | } | |
890 | ||
891 | if (wpa_s->scanning) { | |
892 | wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - " | |
893 | "scanning"); | |
894 | return -1; | |
25471fe3 | 895 | } |
b572df86 JM |
896 | |
897 | if (wpa_s->conf->osu_dir == NULL) { | |
898 | wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - " | |
899 | "osu_dir not configured"); | |
900 | return -1; | |
901 | } | |
902 | ||
903 | if (wpa_s->fetch_anqp_in_progress || wpa_s->network_select) { | |
904 | wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - " | |
905 | "fetch in progress (%d, %d)", | |
906 | wpa_s->fetch_anqp_in_progress, | |
907 | wpa_s->network_select); | |
908 | return -1; | |
909 | } | |
910 | ||
911 | wpa_msg(wpa_s, MSG_INFO, "Starting OSU provisioning information fetch"); | |
a6739e19 JM |
912 | wpa_s->num_osu_scans = 0; |
913 | wpa_s->num_prov_found = 0; | |
914 | hs20_start_osu_scan(wpa_s); | |
915 | ||
916 | return 0; | |
917 | } | |
918 | ||
919 | ||
920 | void hs20_start_osu_scan(struct wpa_supplicant *wpa_s) | |
921 | { | |
568475b7 | 922 | wpa_s->fetch_osu_waiting_scan = 1; |
a6739e19 | 923 | wpa_s->num_osu_scans++; |
b572df86 JM |
924 | wpa_s->scan_req = MANUAL_SCAN_REQ; |
925 | wpa_s->scan_res_handler = hs20_osu_scan_res_handler; | |
926 | wpa_supplicant_req_scan(wpa_s, 0, 0); | |
b572df86 JM |
927 | } |
928 | ||
929 | ||
930 | void hs20_cancel_fetch_osu(struct wpa_supplicant *wpa_s) | |
931 | { | |
932 | wpa_printf(MSG_DEBUG, "Cancel OSU fetch"); | |
933 | interworking_stop_fetch_anqp(wpa_s); | |
568475b7 | 934 | wpa_s->fetch_osu_waiting_scan = 0; |
b572df86 JM |
935 | wpa_s->network_select = 0; |
936 | wpa_s->fetch_osu_info = 0; | |
937 | wpa_s->fetch_osu_icon_in_progress = 0; | |
938 | } | |
939 | ||
940 | ||
941 | void hs20_icon_fetch_failed(struct wpa_supplicant *wpa_s) | |
942 | { | |
943 | hs20_osu_icon_fetch_result(wpa_s, -1); | |
944 | eloop_cancel_timeout(hs20_continue_icon_fetch, wpa_s, NULL); | |
945 | eloop_register_timeout(0, 0, hs20_continue_icon_fetch, wpa_s, NULL); | |
25471fe3 | 946 | } |
95a3ea94 JM |
947 | |
948 | ||
949 | void hs20_rx_subscription_remediation(struct wpa_supplicant *wpa_s, | |
950 | const char *url, u8 osu_method) | |
951 | { | |
952 | if (url) | |
953 | wpa_msg(wpa_s, MSG_INFO, HS20_SUBSCRIPTION_REMEDIATION "%u %s", | |
954 | osu_method, url); | |
955 | else | |
956 | wpa_msg(wpa_s, MSG_INFO, HS20_SUBSCRIPTION_REMEDIATION); | |
957 | } | |
7ef69479 JM |
958 | |
959 | ||
960 | void hs20_rx_deauth_imminent_notice(struct wpa_supplicant *wpa_s, u8 code, | |
961 | u16 reauth_delay, const char *url) | |
962 | { | |
963 | if (!wpa_sm_pmf_enabled(wpa_s->wpa)) { | |
964 | wpa_printf(MSG_DEBUG, "HS 2.0: Ignore deauthentication imminent notice since PMF was not enabled"); | |
965 | return; | |
966 | } | |
967 | ||
968 | wpa_msg(wpa_s, MSG_INFO, HS20_DEAUTH_IMMINENT_NOTICE "%u %u %s", | |
969 | code, reauth_delay, url); | |
970 | ||
971 | if (code == HS20_DEAUTH_REASON_CODE_BSS) { | |
972 | wpa_printf(MSG_DEBUG, "HS 2.0: Add BSS to blacklist"); | |
973 | wpa_blacklist_add(wpa_s, wpa_s->bssid); | |
533536d8 JM |
974 | /* TODO: For now, disable full ESS since some drivers may not |
975 | * support disabling per BSS. */ | |
976 | if (wpa_s->current_ssid) { | |
06c7b7f0 JM |
977 | struct os_reltime now; |
978 | os_get_reltime(&now); | |
533536d8 JM |
979 | if (now.sec + reauth_delay <= |
980 | wpa_s->current_ssid->disabled_until.sec) | |
981 | return; | |
982 | wpa_printf(MSG_DEBUG, "HS 2.0: Disable network for %u seconds (BSS)", | |
983 | reauth_delay); | |
984 | wpa_s->current_ssid->disabled_until.sec = | |
985 | now.sec + reauth_delay; | |
986 | } | |
7ef69479 JM |
987 | } |
988 | ||
989 | if (code == HS20_DEAUTH_REASON_CODE_ESS && wpa_s->current_ssid) { | |
06c7b7f0 JM |
990 | struct os_reltime now; |
991 | os_get_reltime(&now); | |
7ef69479 JM |
992 | if (now.sec + reauth_delay <= |
993 | wpa_s->current_ssid->disabled_until.sec) | |
994 | return; | |
995 | wpa_printf(MSG_DEBUG, "HS 2.0: Disable network for %u seconds", | |
996 | reauth_delay); | |
997 | wpa_s->current_ssid->disabled_until.sec = | |
998 | now.sec + reauth_delay; | |
999 | } | |
1000 | } | |
fb2ac53d AC |
1001 | |
1002 | ||
1003 | void hs20_deinit(struct wpa_supplicant *wpa_s) | |
1004 | { | |
1005 | eloop_cancel_timeout(hs20_continue_icon_fetch, wpa_s, NULL); | |
1006 | hs20_free_osu_prov(wpa_s); | |
1007 | } |