]>
Commit | Line | Data |
---|---|---|
25471fe3 JK |
1 | /* |
2 | * Copyright (c) 2009, Atheros Communications, Inc. | |
1d2215fc | 3 | * Copyright (c) 2011-2013, Qualcomm Atheros, Inc. |
25471fe3 JK |
4 | * |
5 | * This software may be distributed under the terms of the BSD license. | |
6 | * See README for more details. | |
7 | */ | |
8 | ||
9 | #include "includes.h" | |
10 | ||
11 | #include "common.h" | |
12 | #include "eloop.h" | |
13 | #include "common/ieee802_11_common.h" | |
14 | #include "common/ieee802_11_defs.h" | |
15 | #include "common/gas.h" | |
16 | #include "common/wpa_ctrl.h" | |
7ef69479 | 17 | #include "rsn_supp/wpa.h" |
25471fe3 JK |
18 | #include "wpa_supplicant_i.h" |
19 | #include "driver_i.h" | |
20 | #include "config.h" | |
b572df86 | 21 | #include "scan.h" |
25471fe3 | 22 | #include "bss.h" |
7ef69479 | 23 | #include "blacklist.h" |
25471fe3 JK |
24 | #include "gas_query.h" |
25 | #include "interworking.h" | |
26 | #include "hs20_supplicant.h" | |
27 | ||
28 | ||
b572df86 JM |
29 | #define OSU_MAX_ITEMS 10 |
30 | ||
31 | struct osu_lang_string { | |
32 | char lang[4]; | |
33 | char text[253]; | |
34 | }; | |
35 | ||
36 | struct osu_icon { | |
37 | u16 width; | |
38 | u16 height; | |
39 | char lang[4]; | |
40 | char icon_type[256]; | |
41 | char filename[256]; | |
42 | unsigned int id; | |
43 | unsigned int failed:1; | |
44 | }; | |
45 | ||
46 | struct osu_provider { | |
47 | u8 bssid[ETH_ALEN]; | |
48 | u8 osu_ssid[32]; | |
49 | u8 osu_ssid_len; | |
50 | char server_uri[256]; | |
51 | u32 osu_methods; /* bit 0 = OMA-DM, bit 1 = SOAP-XML SPP */ | |
52 | char osu_nai[256]; | |
53 | struct osu_lang_string friendly_name[OSU_MAX_ITEMS]; | |
54 | size_t friendly_name_count; | |
55 | struct osu_lang_string serv_desc[OSU_MAX_ITEMS]; | |
56 | size_t serv_desc_count; | |
57 | struct osu_icon icon[OSU_MAX_ITEMS]; | |
58 | size_t icon_count; | |
59 | }; | |
60 | ||
61 | ||
f9cd147d | 62 | void wpas_hs20_add_indication(struct wpabuf *buf, int pps_mo_id) |
c923b8a5 | 63 | { |
f9cd147d JM |
64 | u8 conf; |
65 | ||
c923b8a5 | 66 | wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC); |
f9cd147d | 67 | wpabuf_put_u8(buf, pps_mo_id >= 0 ? 7 : 5); |
c923b8a5 JK |
68 | wpabuf_put_be24(buf, OUI_WFA); |
69 | wpabuf_put_u8(buf, HS20_INDICATION_OUI_TYPE); | |
f9cd147d JM |
70 | conf = HS20_VERSION; |
71 | if (pps_mo_id >= 0) | |
72 | conf |= HS20_PPS_MO_ID_PRESENT; | |
73 | wpabuf_put_u8(buf, conf); | |
74 | if (pps_mo_id >= 0) | |
75 | wpabuf_put_le16(buf, pps_mo_id); | |
c923b8a5 JK |
76 | } |
77 | ||
78 | ||
55a2df43 JM |
79 | int is_hs20_network(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, |
80 | struct wpa_bss *bss) | |
81 | { | |
82 | if (!wpa_s->conf->hs20 || !ssid) | |
83 | return 0; | |
84 | ||
85 | if (ssid->parent_cred) | |
86 | return 1; | |
87 | ||
88 | if (bss && !wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE)) | |
89 | return 0; | |
90 | ||
91 | /* | |
92 | * This may catch some non-Hotspot 2.0 cases, but it is safer to do that | |
93 | * than cause Hotspot 2.0 connections without indication element getting | |
94 | * added. Non-Hotspot 2.0 APs should ignore the unknown vendor element. | |
95 | */ | |
96 | ||
97 | if (!(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X)) | |
98 | return 0; | |
99 | if (!(ssid->pairwise_cipher & WPA_CIPHER_CCMP)) | |
100 | return 0; | |
101 | if (ssid->proto != WPA_PROTO_RSN) | |
102 | return 0; | |
103 | ||
104 | return 1; | |
105 | } | |
106 | ||
107 | ||
f9cd147d JM |
108 | int hs20_get_pps_mo_id(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) |
109 | { | |
110 | struct wpa_cred *cred; | |
111 | ||
e376290c DS |
112 | if (ssid == NULL) |
113 | return 0; | |
114 | ||
115 | if (ssid->update_identifier) | |
116 | return ssid->update_identifier; | |
117 | ||
118 | if (ssid->parent_cred == NULL) | |
f9cd147d JM |
119 | return 0; |
120 | ||
121 | for (cred = wpa_s->conf->cred; cred; cred = cred->next) { | |
122 | if (ssid->parent_cred == cred) | |
123 | return cred->update_identifier; | |
124 | } | |
125 | ||
126 | return 0; | |
127 | } | |
128 | ||
129 | ||
cf28c66b DS |
130 | void hs20_put_anqp_req(u32 stypes, const u8 *payload, size_t payload_len, |
131 | struct wpabuf *buf) | |
25471fe3 | 132 | { |
25471fe3 JK |
133 | u8 *len_pos; |
134 | ||
25471fe3 | 135 | if (buf == NULL) |
cf28c66b | 136 | return; |
25471fe3 JK |
137 | |
138 | len_pos = gas_anqp_add_element(buf, ANQP_VENDOR_SPECIFIC); | |
139 | wpabuf_put_be24(buf, OUI_WFA); | |
140 | wpabuf_put_u8(buf, HS20_ANQP_OUI_TYPE); | |
141 | if (stypes == BIT(HS20_STYPE_NAI_HOME_REALM_QUERY)) { | |
142 | wpabuf_put_u8(buf, HS20_STYPE_NAI_HOME_REALM_QUERY); | |
143 | wpabuf_put_u8(buf, 0); /* Reserved */ | |
144 | if (payload) | |
145 | wpabuf_put_data(buf, payload, payload_len); | |
184e110c JM |
146 | } else if (stypes == BIT(HS20_STYPE_ICON_REQUEST)) { |
147 | wpabuf_put_u8(buf, HS20_STYPE_ICON_REQUEST); | |
148 | wpabuf_put_u8(buf, 0); /* Reserved */ | |
149 | if (payload) | |
150 | wpabuf_put_data(buf, payload, payload_len); | |
25471fe3 JK |
151 | } else { |
152 | u8 i; | |
153 | wpabuf_put_u8(buf, HS20_STYPE_QUERY_LIST); | |
154 | wpabuf_put_u8(buf, 0); /* Reserved */ | |
155 | for (i = 0; i < 32; i++) { | |
156 | if (stypes & BIT(i)) | |
157 | wpabuf_put_u8(buf, i); | |
158 | } | |
159 | } | |
160 | gas_anqp_set_element_len(buf, len_pos); | |
161 | ||
162 | gas_anqp_set_len(buf); | |
cf28c66b DS |
163 | } |
164 | ||
165 | ||
166 | struct wpabuf * hs20_build_anqp_req(u32 stypes, const u8 *payload, | |
167 | size_t payload_len) | |
168 | { | |
169 | struct wpabuf *buf; | |
170 | ||
171 | buf = gas_anqp_build_initial_req(0, 100 + payload_len); | |
172 | if (buf == NULL) | |
173 | return NULL; | |
174 | ||
175 | hs20_put_anqp_req(stypes, payload, payload_len, buf); | |
25471fe3 JK |
176 | |
177 | return buf; | |
178 | } | |
179 | ||
180 | ||
181 | int hs20_anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst, u32 stypes, | |
182 | const u8 *payload, size_t payload_len) | |
183 | { | |
184 | struct wpabuf *buf; | |
185 | int ret = 0; | |
186 | int freq; | |
187 | struct wpa_bss *bss; | |
188 | int res; | |
189 | ||
190 | freq = wpa_s->assoc_freq; | |
191 | bss = wpa_bss_get_bssid(wpa_s, dst); | |
485e3a92 JM |
192 | if (bss) { |
193 | wpa_bss_anqp_unshare_alloc(bss); | |
25471fe3 | 194 | freq = bss->freq; |
485e3a92 | 195 | } |
25471fe3 JK |
196 | if (freq <= 0) |
197 | return -1; | |
198 | ||
199 | wpa_printf(MSG_DEBUG, "HS20: ANQP Query Request to " MACSTR " for " | |
200 | "subtypes 0x%x", MAC2STR(dst), stypes); | |
201 | ||
202 | buf = hs20_build_anqp_req(stypes, payload, payload_len); | |
203 | if (buf == NULL) | |
204 | return -1; | |
205 | ||
206 | res = gas_query_req(wpa_s->gas, dst, freq, buf, anqp_resp_cb, wpa_s); | |
207 | if (res < 0) { | |
208 | wpa_printf(MSG_DEBUG, "ANQP: Failed to send Query Request"); | |
24c694b4 | 209 | wpabuf_free(buf); |
25471fe3 JK |
210 | ret = -1; |
211 | } else | |
212 | wpa_printf(MSG_DEBUG, "ANQP: Query started with dialog token " | |
213 | "%u", res); | |
214 | ||
25471fe3 JK |
215 | return ret; |
216 | } | |
217 | ||
218 | ||
b572df86 JM |
219 | static int hs20_process_icon_binary_file(struct wpa_supplicant *wpa_s, |
220 | const u8 *sa, const u8 *pos, | |
221 | size_t slen) | |
222 | { | |
223 | char fname[256]; | |
224 | int png; | |
225 | FILE *f; | |
226 | u16 data_len; | |
227 | ||
228 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR " Icon Binary File", | |
229 | MAC2STR(sa)); | |
230 | ||
231 | if (slen < 4) { | |
232 | wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File " | |
233 | "value from " MACSTR, MAC2STR(sa)); | |
234 | return -1; | |
235 | } | |
236 | ||
237 | wpa_printf(MSG_DEBUG, "HS 2.0: Download Status Code %u", *pos); | |
238 | if (*pos != 0) | |
239 | return -1; | |
240 | pos++; | |
241 | slen--; | |
242 | ||
243 | if ((size_t) 1 + pos[0] > slen) { | |
244 | wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File " | |
245 | "value from " MACSTR, MAC2STR(sa)); | |
246 | return -1; | |
247 | } | |
248 | wpa_hexdump_ascii(MSG_DEBUG, "Icon Type", pos + 1, pos[0]); | |
249 | png = os_strncasecmp((char *) pos + 1, "image/png", 9) == 0; | |
250 | slen -= 1 + pos[0]; | |
251 | pos += 1 + pos[0]; | |
252 | ||
253 | if (slen < 2) { | |
254 | wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File " | |
255 | "value from " MACSTR, MAC2STR(sa)); | |
256 | return -1; | |
257 | } | |
258 | data_len = WPA_GET_LE16(pos); | |
259 | pos += 2; | |
260 | slen -= 2; | |
261 | ||
262 | if (data_len > slen) { | |
263 | wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File " | |
264 | "value from " MACSTR, MAC2STR(sa)); | |
265 | return -1; | |
266 | } | |
267 | ||
268 | wpa_printf(MSG_DEBUG, "Icon Binary Data: %u bytes", data_len); | |
269 | if (wpa_s->conf->osu_dir == NULL) | |
270 | return -1; | |
271 | ||
272 | wpa_s->osu_icon_id++; | |
273 | if (wpa_s->osu_icon_id == 0) | |
274 | wpa_s->osu_icon_id++; | |
275 | snprintf(fname, sizeof(fname), "%s/osu-icon-%u.%s", | |
276 | wpa_s->conf->osu_dir, wpa_s->osu_icon_id, | |
277 | png ? "png" : "icon"); | |
278 | f = fopen(fname, "wb"); | |
279 | if (f == NULL) | |
280 | return -1; | |
281 | if (fwrite(pos, slen, 1, f) != 1) { | |
282 | fclose(f); | |
283 | unlink(fname); | |
284 | return -1; | |
285 | } | |
286 | fclose(f); | |
287 | ||
288 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP-ICON %s", fname); | |
289 | return 0; | |
290 | } | |
291 | ||
292 | ||
293 | static void hs20_continue_icon_fetch(void *eloop_ctx, void *sock_ctx) | |
294 | { | |
295 | struct wpa_supplicant *wpa_s = eloop_ctx; | |
296 | if (wpa_s->fetch_osu_icon_in_progress) | |
297 | hs20_next_osu_icon(wpa_s); | |
298 | } | |
299 | ||
300 | ||
301 | static void hs20_osu_icon_fetch_result(struct wpa_supplicant *wpa_s, int res) | |
302 | { | |
303 | size_t i, j; | |
230e3735 JM |
304 | struct os_reltime now, tmp; |
305 | int dur; | |
306 | ||
307 | os_get_reltime(&now); | |
308 | os_reltime_sub(&now, &wpa_s->osu_icon_fetch_start, &tmp); | |
309 | dur = tmp.sec * 1000 + tmp.usec / 1000; | |
310 | wpa_printf(MSG_DEBUG, "HS 2.0: Icon fetch dur=%d ms res=%d", | |
311 | dur, res); | |
312 | ||
b572df86 JM |
313 | for (i = 0; i < wpa_s->osu_prov_count; i++) { |
314 | struct osu_provider *osu = &wpa_s->osu_prov[i]; | |
315 | for (j = 0; j < osu->icon_count; j++) { | |
316 | struct osu_icon *icon = &osu->icon[j]; | |
317 | if (icon->id || icon->failed) | |
318 | continue; | |
319 | if (res < 0) | |
320 | icon->failed = 1; | |
321 | else | |
322 | icon->id = wpa_s->osu_icon_id; | |
323 | return; | |
324 | } | |
325 | } | |
326 | } | |
327 | ||
328 | ||
25471fe3 JK |
329 | void hs20_parse_rx_hs20_anqp_resp(struct wpa_supplicant *wpa_s, |
330 | const u8 *sa, const u8 *data, size_t slen) | |
331 | { | |
332 | const u8 *pos = data; | |
333 | u8 subtype; | |
334 | struct wpa_bss *bss = wpa_bss_get_bssid(wpa_s, sa); | |
476aed35 | 335 | struct wpa_bss_anqp *anqp = NULL; |
b572df86 | 336 | int ret; |
25471fe3 JK |
337 | |
338 | if (slen < 2) | |
339 | return; | |
340 | ||
476aed35 JM |
341 | if (bss) |
342 | anqp = bss->anqp; | |
343 | ||
25471fe3 JK |
344 | subtype = *pos++; |
345 | slen--; | |
346 | ||
347 | pos++; /* Reserved */ | |
348 | slen--; | |
349 | ||
350 | switch (subtype) { | |
351 | case HS20_STYPE_CAPABILITY_LIST: | |
352 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR | |
353 | " HS Capability List", MAC2STR(sa)); | |
354 | wpa_hexdump_ascii(MSG_DEBUG, "HS Capability List", pos, slen); | |
355 | break; | |
356 | case HS20_STYPE_OPERATOR_FRIENDLY_NAME: | |
357 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR | |
358 | " Operator Friendly Name", MAC2STR(sa)); | |
359 | wpa_hexdump_ascii(MSG_DEBUG, "oper friendly name", pos, slen); | |
476aed35 JM |
360 | if (anqp) { |
361 | wpabuf_free(anqp->hs20_operator_friendly_name); | |
362 | anqp->hs20_operator_friendly_name = | |
25471fe3 JK |
363 | wpabuf_alloc_copy(pos, slen); |
364 | } | |
365 | break; | |
366 | case HS20_STYPE_WAN_METRICS: | |
2edcd504 JM |
367 | wpa_hexdump(MSG_DEBUG, "WAN Metrics", pos, slen); |
368 | if (slen < 13) { | |
369 | wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short WAN " | |
370 | "Metrics value from " MACSTR, MAC2STR(sa)); | |
371 | break; | |
372 | } | |
25471fe3 | 373 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR |
2edcd504 JM |
374 | " WAN Metrics %02x:%u:%u:%u:%u:%u", MAC2STR(sa), |
375 | pos[0], WPA_GET_LE32(pos + 1), WPA_GET_LE32(pos + 5), | |
376 | pos[9], pos[10], WPA_GET_LE16(pos + 11)); | |
476aed35 JM |
377 | if (anqp) { |
378 | wpabuf_free(anqp->hs20_wan_metrics); | |
379 | anqp->hs20_wan_metrics = wpabuf_alloc_copy(pos, slen); | |
25471fe3 JK |
380 | } |
381 | break; | |
382 | case HS20_STYPE_CONNECTION_CAPABILITY: | |
383 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR | |
384 | " Connection Capability", MAC2STR(sa)); | |
385 | wpa_hexdump_ascii(MSG_DEBUG, "conn capability", pos, slen); | |
476aed35 JM |
386 | if (anqp) { |
387 | wpabuf_free(anqp->hs20_connection_capability); | |
388 | anqp->hs20_connection_capability = | |
25471fe3 JK |
389 | wpabuf_alloc_copy(pos, slen); |
390 | } | |
391 | break; | |
392 | case HS20_STYPE_OPERATING_CLASS: | |
393 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR | |
394 | " Operating Class", MAC2STR(sa)); | |
395 | wpa_hexdump_ascii(MSG_DEBUG, "Operating Class", pos, slen); | |
476aed35 JM |
396 | if (anqp) { |
397 | wpabuf_free(anqp->hs20_operating_class); | |
398 | anqp->hs20_operating_class = | |
25471fe3 JK |
399 | wpabuf_alloc_copy(pos, slen); |
400 | } | |
401 | break; | |
1d2215fc JM |
402 | case HS20_STYPE_OSU_PROVIDERS_LIST: |
403 | wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR | |
404 | " OSU Providers list", MAC2STR(sa)); | |
a6739e19 | 405 | wpa_s->num_prov_found++; |
1d2215fc JM |
406 | if (anqp) { |
407 | wpabuf_free(anqp->hs20_osu_providers_list); | |
408 | anqp->hs20_osu_providers_list = | |
409 | wpabuf_alloc_copy(pos, slen); | |
410 | } | |
411 | break; | |
184e110c | 412 | case HS20_STYPE_ICON_BINARY_FILE: |
b572df86 JM |
413 | ret = hs20_process_icon_binary_file(wpa_s, sa, pos, slen); |
414 | if (wpa_s->fetch_osu_icon_in_progress) { | |
415 | hs20_osu_icon_fetch_result(wpa_s, ret); | |
416 | eloop_cancel_timeout(hs20_continue_icon_fetch, | |
417 | wpa_s, NULL); | |
418 | eloop_register_timeout(0, 0, hs20_continue_icon_fetch, | |
419 | wpa_s, NULL); | |
420 | } | |
421 | break; | |
422 | default: | |
423 | wpa_printf(MSG_DEBUG, "HS20: Unsupported subtype %u", subtype); | |
424 | break; | |
425 | } | |
426 | } | |
427 | ||
428 | ||
429 | void hs20_notify_parse_done(struct wpa_supplicant *wpa_s) | |
430 | { | |
431 | if (!wpa_s->fetch_osu_icon_in_progress) | |
432 | return; | |
433 | if (eloop_is_timeout_registered(hs20_continue_icon_fetch, wpa_s, NULL)) | |
434 | return; | |
435 | /* | |
436 | * We are going through icon fetch, but no icon response was received. | |
437 | * Assume this means the current AP could not provide an answer to avoid | |
438 | * getting stuck in fetch iteration. | |
439 | */ | |
440 | hs20_icon_fetch_failed(wpa_s); | |
441 | } | |
442 | ||
443 | ||
444 | static void hs20_free_osu_prov_entry(struct osu_provider *prov) | |
445 | { | |
446 | } | |
447 | ||
448 | ||
449 | void hs20_free_osu_prov(struct wpa_supplicant *wpa_s) | |
450 | { | |
451 | size_t i; | |
452 | for (i = 0; i < wpa_s->osu_prov_count; i++) | |
453 | hs20_free_osu_prov_entry(&wpa_s->osu_prov[i]); | |
454 | os_free(wpa_s->osu_prov); | |
455 | wpa_s->osu_prov = NULL; | |
456 | wpa_s->osu_prov_count = 0; | |
457 | } | |
458 | ||
459 | ||
460 | static void hs20_osu_fetch_done(struct wpa_supplicant *wpa_s) | |
461 | { | |
462 | char fname[256]; | |
463 | FILE *f; | |
464 | size_t i, j; | |
465 | ||
466 | wpa_s->fetch_osu_info = 0; | |
467 | wpa_s->fetch_osu_icon_in_progress = 0; | |
184e110c | 468 | |
b572df86 JM |
469 | if (wpa_s->conf->osu_dir == NULL) { |
470 | hs20_free_osu_prov(wpa_s); | |
471 | wpa_s->fetch_anqp_in_progress = 0; | |
472 | return; | |
473 | } | |
474 | ||
475 | snprintf(fname, sizeof(fname), "%s/osu-providers.txt", | |
476 | wpa_s->conf->osu_dir); | |
477 | f = fopen(fname, "w"); | |
478 | if (f == NULL) { | |
479 | hs20_free_osu_prov(wpa_s); | |
480 | return; | |
481 | } | |
482 | for (i = 0; i < wpa_s->osu_prov_count; i++) { | |
483 | struct osu_provider *osu = &wpa_s->osu_prov[i]; | |
484 | if (i > 0) | |
485 | fprintf(f, "\n"); | |
486 | fprintf(f, "OSU-PROVIDER " MACSTR "\n" | |
487 | "uri=%s\n" | |
488 | "methods=%08x\n", | |
489 | MAC2STR(osu->bssid), osu->server_uri, osu->osu_methods); | |
490 | if (osu->osu_ssid_len) { | |
491 | fprintf(f, "osu_ssid=%s\n", | |
492 | wpa_ssid_txt(osu->osu_ssid, | |
493 | osu->osu_ssid_len)); | |
494 | } | |
495 | if (osu->osu_nai[0]) | |
496 | fprintf(f, "osu_nai=%s\n", osu->osu_nai); | |
497 | for (j = 0; j < osu->friendly_name_count; j++) { | |
498 | fprintf(f, "friendly_name=%s:%s\n", | |
499 | osu->friendly_name[j].lang, | |
500 | osu->friendly_name[j].text); | |
501 | } | |
502 | for (j = 0; j < osu->serv_desc_count; j++) { | |
503 | fprintf(f, "desc=%s:%s\n", | |
504 | osu->serv_desc[j].lang, | |
505 | osu->serv_desc[j].text); | |
506 | } | |
507 | for (j = 0; j < osu->icon_count; j++) { | |
508 | struct osu_icon *icon = &osu->icon[j]; | |
509 | if (icon->failed) | |
510 | continue; /* could not fetch icon */ | |
511 | fprintf(f, "icon=%u:%u:%u:%s:%s:%s\n", | |
512 | icon->id, icon->width, icon->height, icon->lang, | |
513 | icon->icon_type, icon->filename); | |
514 | } | |
515 | } | |
516 | fclose(f); | |
517 | hs20_free_osu_prov(wpa_s); | |
518 | ||
519 | wpa_msg(wpa_s, MSG_INFO, "OSU provider fetch completed"); | |
520 | wpa_s->fetch_anqp_in_progress = 0; | |
521 | } | |
522 | ||
523 | ||
524 | void hs20_next_osu_icon(struct wpa_supplicant *wpa_s) | |
525 | { | |
526 | size_t i, j; | |
527 | ||
528 | wpa_printf(MSG_DEBUG, "HS 2.0: Ready to fetch next icon"); | |
529 | ||
530 | for (i = 0; i < wpa_s->osu_prov_count; i++) { | |
531 | struct osu_provider *osu = &wpa_s->osu_prov[i]; | |
532 | for (j = 0; j < osu->icon_count; j++) { | |
533 | struct osu_icon *icon = &osu->icon[j]; | |
534 | if (icon->id || icon->failed) | |
535 | continue; | |
536 | ||
537 | wpa_printf(MSG_DEBUG, "HS 2.0: Try to fetch icon '%s' " | |
538 | "from " MACSTR, icon->filename, | |
539 | MAC2STR(osu->bssid)); | |
230e3735 | 540 | os_get_reltime(&wpa_s->osu_icon_fetch_start); |
b572df86 JM |
541 | if (hs20_anqp_send_req(wpa_s, osu->bssid, |
542 | BIT(HS20_STYPE_ICON_REQUEST), | |
543 | (u8 *) icon->filename, | |
544 | os_strlen(icon->filename)) < 0) { | |
545 | icon->failed = 1; | |
546 | continue; | |
547 | } | |
548 | return; | |
549 | } | |
550 | } | |
551 | ||
552 | wpa_printf(MSG_DEBUG, "HS 2.0: No more icons to fetch"); | |
553 | hs20_osu_fetch_done(wpa_s); | |
554 | } | |
555 | ||
556 | ||
557 | static void hs20_osu_add_prov(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, | |
558 | const u8 *osu_ssid, u8 osu_ssid_len, | |
559 | const u8 *pos, size_t len) | |
560 | { | |
561 | struct osu_provider *prov; | |
562 | const u8 *end = pos + len; | |
563 | u16 len2; | |
564 | const u8 *pos2; | |
0570a3ea | 565 | u8 uri_len, osu_method_len, osu_nai_len; |
b572df86 JM |
566 | |
567 | wpa_hexdump(MSG_DEBUG, "HS 2.0: Parsing OSU Provider", pos, len); | |
568 | prov = os_realloc_array(wpa_s->osu_prov, | |
569 | wpa_s->osu_prov_count + 1, | |
570 | sizeof(*prov)); | |
571 | if (prov == NULL) | |
572 | return; | |
573 | wpa_s->osu_prov = prov; | |
574 | prov = &prov[wpa_s->osu_prov_count]; | |
575 | os_memset(prov, 0, sizeof(*prov)); | |
576 | ||
577 | os_memcpy(prov->bssid, bss->bssid, ETH_ALEN); | |
578 | os_memcpy(prov->osu_ssid, osu_ssid, osu_ssid_len); | |
579 | prov->osu_ssid_len = osu_ssid_len; | |
580 | ||
581 | /* OSU Friendly Name Length */ | |
582 | if (pos + 2 > end) { | |
583 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU " | |
584 | "Friendly Name Length"); | |
585 | return; | |
586 | } | |
587 | len2 = WPA_GET_LE16(pos); | |
588 | pos += 2; | |
0570a3ea | 589 | if (len2 > end - pos) { |
b572df86 JM |
590 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU " |
591 | "Friendly Name Duples"); | |
592 | return; | |
593 | } | |
594 | pos2 = pos; | |
595 | pos += len2; | |
596 | ||
597 | /* OSU Friendly Name Duples */ | |
598 | while (pos2 + 4 <= pos && prov->friendly_name_count < OSU_MAX_ITEMS) { | |
599 | struct osu_lang_string *f; | |
600 | if (pos2 + 1 + pos2[0] > pos || pos2[0] < 3) { | |
601 | wpa_printf(MSG_DEBUG, "Invalid OSU Friendly Name"); | |
602 | break; | |
603 | } | |
604 | f = &prov->friendly_name[prov->friendly_name_count++]; | |
605 | os_memcpy(f->lang, pos2 + 1, 3); | |
606 | os_memcpy(f->text, pos2 + 1 + 3, pos2[0] - 3); | |
607 | pos2 += 1 + pos2[0]; | |
608 | } | |
609 | ||
610 | /* OSU Server URI */ | |
355e17eb JM |
611 | if (pos + 1 > end) { |
612 | wpa_printf(MSG_DEBUG, | |
613 | "HS 2.0: Not enough room for OSU Server URI length"); | |
614 | return; | |
615 | } | |
616 | uri_len = *pos++; | |
617 | if (uri_len > end - pos) { | |
b572df86 JM |
618 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Server " |
619 | "URI"); | |
620 | return; | |
621 | } | |
355e17eb JM |
622 | os_memcpy(prov->server_uri, pos, uri_len); |
623 | pos += uri_len; | |
b572df86 JM |
624 | |
625 | /* OSU Method list */ | |
0570a3ea JM |
626 | if (pos + 1 > end) { |
627 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Method " | |
628 | "list length"); | |
629 | return; | |
630 | } | |
631 | osu_method_len = pos[0]; | |
632 | if (osu_method_len > end - pos - 1) { | |
b572df86 JM |
633 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Method " |
634 | "list"); | |
635 | return; | |
636 | } | |
637 | pos2 = pos + 1; | |
0570a3ea | 638 | pos += 1 + osu_method_len; |
b572df86 JM |
639 | while (pos2 < pos) { |
640 | if (*pos2 < 32) | |
641 | prov->osu_methods |= BIT(*pos2); | |
642 | pos2++; | |
643 | } | |
644 | ||
645 | /* Icons Available Length */ | |
646 | if (pos + 2 > end) { | |
647 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for Icons " | |
648 | "Available Length"); | |
649 | return; | |
650 | } | |
651 | len2 = WPA_GET_LE16(pos); | |
652 | pos += 2; | |
0570a3ea | 653 | if (len2 > end - pos) { |
b572df86 JM |
654 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for Icons " |
655 | "Available"); | |
656 | return; | |
657 | } | |
658 | pos2 = pos; | |
659 | pos += len2; | |
660 | ||
661 | /* Icons Available */ | |
662 | while (pos2 < pos) { | |
663 | struct osu_icon *icon = &prov->icon[prov->icon_count]; | |
0570a3ea JM |
664 | u8 flen; |
665 | ||
b572df86 JM |
666 | if (pos2 + 2 + 2 + 3 + 1 + 1 > pos) { |
667 | wpa_printf(MSG_DEBUG, "HS 2.0: Invalid Icon Metadata"); | |
184e110c JM |
668 | break; |
669 | } | |
670 | ||
b572df86 JM |
671 | icon->width = WPA_GET_LE16(pos2); |
672 | pos2 += 2; | |
673 | icon->height = WPA_GET_LE16(pos2); | |
674 | pos2 += 2; | |
675 | os_memcpy(icon->lang, pos2, 3); | |
676 | pos2 += 3; | |
184e110c | 677 | |
0570a3ea JM |
678 | flen = pos2[0]; |
679 | if (flen > pos - pos2 - 1) { | |
b572df86 | 680 | wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon Type"); |
184e110c JM |
681 | break; |
682 | } | |
0570a3ea JM |
683 | os_memcpy(icon->icon_type, pos2 + 1, flen); |
684 | pos2 += 1 + flen; | |
184e110c | 685 | |
0570a3ea JM |
686 | if (pos2 + 1 > pos) { |
687 | wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon " | |
688 | "Filename length"); | |
689 | break; | |
690 | } | |
691 | flen = pos2[0]; | |
692 | if (flen > pos - pos2 - 1) { | |
b572df86 JM |
693 | wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon " |
694 | "Filename"); | |
184e110c JM |
695 | break; |
696 | } | |
0570a3ea JM |
697 | os_memcpy(icon->filename, pos2 + 1, flen); |
698 | pos2 += 1 + flen; | |
184e110c | 699 | |
b572df86 JM |
700 | prov->icon_count++; |
701 | } | |
702 | ||
703 | /* OSU_NAI */ | |
0570a3ea | 704 | if (pos + 1 > end) { |
b572df86 JM |
705 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU_NAI"); |
706 | return; | |
707 | } | |
0570a3ea JM |
708 | osu_nai_len = pos[0]; |
709 | if (osu_nai_len > end - pos - 1) { | |
710 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU_NAI"); | |
711 | return; | |
712 | } | |
713 | os_memcpy(prov->osu_nai, pos + 1, osu_nai_len); | |
714 | pos += 1 + osu_nai_len; | |
b572df86 JM |
715 | |
716 | /* OSU Service Description Length */ | |
717 | if (pos + 2 > end) { | |
718 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU " | |
719 | "Service Description Length"); | |
720 | return; | |
721 | } | |
722 | len2 = WPA_GET_LE16(pos); | |
723 | pos += 2; | |
0570a3ea | 724 | if (len2 > end - pos) { |
b572df86 JM |
725 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU " |
726 | "Service Description Duples"); | |
727 | return; | |
728 | } | |
729 | pos2 = pos; | |
730 | pos += len2; | |
731 | ||
732 | /* OSU Service Description Duples */ | |
733 | while (pos2 + 4 <= pos && prov->serv_desc_count < OSU_MAX_ITEMS) { | |
734 | struct osu_lang_string *f; | |
0570a3ea JM |
735 | u8 descr_len; |
736 | ||
737 | descr_len = pos2[0]; | |
738 | if (descr_len > pos - pos2 - 1 || descr_len < 3) { | |
b572df86 JM |
739 | wpa_printf(MSG_DEBUG, "Invalid OSU Service " |
740 | "Description"); | |
184e110c JM |
741 | break; |
742 | } | |
b572df86 JM |
743 | f = &prov->serv_desc[prov->serv_desc_count++]; |
744 | os_memcpy(f->lang, pos2 + 1, 3); | |
0570a3ea JM |
745 | os_memcpy(f->text, pos2 + 1 + 3, descr_len - 3); |
746 | pos2 += 1 + descr_len; | |
b572df86 | 747 | } |
184e110c | 748 | |
b572df86 JM |
749 | wpa_printf(MSG_DEBUG, "HS 2.0: Added OSU Provider through " MACSTR, |
750 | MAC2STR(bss->bssid)); | |
751 | wpa_s->osu_prov_count++; | |
752 | } | |
753 | ||
754 | ||
755 | void hs20_osu_icon_fetch(struct wpa_supplicant *wpa_s) | |
756 | { | |
757 | struct wpa_bss *bss; | |
758 | struct wpabuf *prov_anqp; | |
759 | const u8 *pos, *end; | |
760 | u16 len; | |
761 | const u8 *osu_ssid; | |
762 | u8 osu_ssid_len; | |
763 | u8 num_providers; | |
764 | ||
765 | hs20_free_osu_prov(wpa_s); | |
766 | ||
767 | dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { | |
768 | if (bss->anqp == NULL) | |
769 | continue; | |
770 | prov_anqp = bss->anqp->hs20_osu_providers_list; | |
771 | if (prov_anqp == NULL) | |
772 | continue; | |
773 | wpa_printf(MSG_DEBUG, "HS 2.0: Parsing OSU Providers list from " | |
774 | MACSTR, MAC2STR(bss->bssid)); | |
775 | wpa_hexdump_buf(MSG_DEBUG, "HS 2.0: OSU Providers list", | |
776 | prov_anqp); | |
777 | pos = wpabuf_head(prov_anqp); | |
778 | end = pos + wpabuf_len(prov_anqp); | |
779 | ||
780 | /* OSU SSID */ | |
781 | if (pos + 1 > end) | |
782 | continue; | |
783 | if (pos + 1 + pos[0] > end) { | |
784 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for " | |
785 | "OSU SSID"); | |
786 | continue; | |
787 | } | |
788 | osu_ssid_len = *pos++; | |
789 | if (osu_ssid_len > 32) { | |
790 | wpa_printf(MSG_DEBUG, "HS 2.0: Invalid OSU SSID " | |
791 | "Length %u", osu_ssid_len); | |
792 | continue; | |
793 | } | |
794 | osu_ssid = pos; | |
795 | pos += osu_ssid_len; | |
796 | ||
797 | if (pos + 1 > end) { | |
798 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for " | |
799 | "Number of OSU Providers"); | |
800 | continue; | |
801 | } | |
802 | num_providers = *pos++; | |
803 | wpa_printf(MSG_DEBUG, "HS 2.0: Number of OSU Providers: %u", | |
804 | num_providers); | |
805 | ||
806 | /* OSU Providers */ | |
807 | while (pos + 2 < end && num_providers > 0) { | |
808 | num_providers--; | |
809 | len = WPA_GET_LE16(pos); | |
810 | pos += 2; | |
5c58c0ce | 811 | if (len > (unsigned int) (end - pos)) |
b572df86 JM |
812 | break; |
813 | hs20_osu_add_prov(wpa_s, bss, osu_ssid, | |
814 | osu_ssid_len, pos, len); | |
815 | pos += len; | |
816 | } | |
817 | ||
818 | if (pos != end) { | |
819 | wpa_printf(MSG_DEBUG, "HS 2.0: Ignored %d bytes of " | |
820 | "extra data after OSU Providers", | |
821 | (int) (end - pos)); | |
822 | } | |
823 | } | |
824 | ||
825 | wpa_s->fetch_osu_icon_in_progress = 1; | |
826 | hs20_next_osu_icon(wpa_s); | |
827 | } | |
828 | ||
829 | ||
830 | static void hs20_osu_scan_res_handler(struct wpa_supplicant *wpa_s, | |
831 | struct wpa_scan_results *scan_res) | |
832 | { | |
833 | wpa_printf(MSG_DEBUG, "OSU provisioning fetch scan completed"); | |
568475b7 JM |
834 | if (!wpa_s->fetch_osu_waiting_scan) { |
835 | wpa_printf(MSG_DEBUG, "OSU fetch have been canceled"); | |
836 | return; | |
837 | } | |
b572df86 JM |
838 | wpa_s->network_select = 0; |
839 | wpa_s->fetch_all_anqp = 1; | |
840 | wpa_s->fetch_osu_info = 1; | |
841 | wpa_s->fetch_osu_icon_in_progress = 0; | |
842 | ||
843 | interworking_start_fetch_anqp(wpa_s); | |
844 | } | |
845 | ||
846 | ||
847 | int hs20_fetch_osu(struct wpa_supplicant *wpa_s) | |
848 | { | |
849 | if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { | |
850 | wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - " | |
851 | "interface disabled"); | |
852 | return -1; | |
853 | } | |
854 | ||
855 | if (wpa_s->scanning) { | |
856 | wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - " | |
857 | "scanning"); | |
858 | return -1; | |
25471fe3 | 859 | } |
b572df86 JM |
860 | |
861 | if (wpa_s->conf->osu_dir == NULL) { | |
862 | wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - " | |
863 | "osu_dir not configured"); | |
864 | return -1; | |
865 | } | |
866 | ||
867 | if (wpa_s->fetch_anqp_in_progress || wpa_s->network_select) { | |
868 | wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - " | |
869 | "fetch in progress (%d, %d)", | |
870 | wpa_s->fetch_anqp_in_progress, | |
871 | wpa_s->network_select); | |
872 | return -1; | |
873 | } | |
874 | ||
875 | wpa_msg(wpa_s, MSG_INFO, "Starting OSU provisioning information fetch"); | |
a6739e19 JM |
876 | wpa_s->num_osu_scans = 0; |
877 | wpa_s->num_prov_found = 0; | |
878 | hs20_start_osu_scan(wpa_s); | |
879 | ||
880 | return 0; | |
881 | } | |
882 | ||
883 | ||
884 | void hs20_start_osu_scan(struct wpa_supplicant *wpa_s) | |
885 | { | |
568475b7 | 886 | wpa_s->fetch_osu_waiting_scan = 1; |
a6739e19 | 887 | wpa_s->num_osu_scans++; |
b572df86 JM |
888 | wpa_s->scan_req = MANUAL_SCAN_REQ; |
889 | wpa_s->scan_res_handler = hs20_osu_scan_res_handler; | |
890 | wpa_supplicant_req_scan(wpa_s, 0, 0); | |
b572df86 JM |
891 | } |
892 | ||
893 | ||
894 | void hs20_cancel_fetch_osu(struct wpa_supplicant *wpa_s) | |
895 | { | |
896 | wpa_printf(MSG_DEBUG, "Cancel OSU fetch"); | |
897 | interworking_stop_fetch_anqp(wpa_s); | |
568475b7 | 898 | wpa_s->fetch_osu_waiting_scan = 0; |
b572df86 JM |
899 | wpa_s->network_select = 0; |
900 | wpa_s->fetch_osu_info = 0; | |
901 | wpa_s->fetch_osu_icon_in_progress = 0; | |
902 | } | |
903 | ||
904 | ||
905 | void hs20_icon_fetch_failed(struct wpa_supplicant *wpa_s) | |
906 | { | |
907 | hs20_osu_icon_fetch_result(wpa_s, -1); | |
908 | eloop_cancel_timeout(hs20_continue_icon_fetch, wpa_s, NULL); | |
909 | eloop_register_timeout(0, 0, hs20_continue_icon_fetch, wpa_s, NULL); | |
25471fe3 | 910 | } |
95a3ea94 JM |
911 | |
912 | ||
913 | void hs20_rx_subscription_remediation(struct wpa_supplicant *wpa_s, | |
914 | const char *url, u8 osu_method) | |
915 | { | |
916 | if (url) | |
917 | wpa_msg(wpa_s, MSG_INFO, HS20_SUBSCRIPTION_REMEDIATION "%u %s", | |
918 | osu_method, url); | |
919 | else | |
920 | wpa_msg(wpa_s, MSG_INFO, HS20_SUBSCRIPTION_REMEDIATION); | |
921 | } | |
7ef69479 JM |
922 | |
923 | ||
924 | void hs20_rx_deauth_imminent_notice(struct wpa_supplicant *wpa_s, u8 code, | |
925 | u16 reauth_delay, const char *url) | |
926 | { | |
927 | if (!wpa_sm_pmf_enabled(wpa_s->wpa)) { | |
928 | wpa_printf(MSG_DEBUG, "HS 2.0: Ignore deauthentication imminent notice since PMF was not enabled"); | |
929 | return; | |
930 | } | |
931 | ||
932 | wpa_msg(wpa_s, MSG_INFO, HS20_DEAUTH_IMMINENT_NOTICE "%u %u %s", | |
933 | code, reauth_delay, url); | |
934 | ||
935 | if (code == HS20_DEAUTH_REASON_CODE_BSS) { | |
936 | wpa_printf(MSG_DEBUG, "HS 2.0: Add BSS to blacklist"); | |
937 | wpa_blacklist_add(wpa_s, wpa_s->bssid); | |
533536d8 JM |
938 | /* TODO: For now, disable full ESS since some drivers may not |
939 | * support disabling per BSS. */ | |
940 | if (wpa_s->current_ssid) { | |
06c7b7f0 JM |
941 | struct os_reltime now; |
942 | os_get_reltime(&now); | |
533536d8 JM |
943 | if (now.sec + reauth_delay <= |
944 | wpa_s->current_ssid->disabled_until.sec) | |
945 | return; | |
946 | wpa_printf(MSG_DEBUG, "HS 2.0: Disable network for %u seconds (BSS)", | |
947 | reauth_delay); | |
948 | wpa_s->current_ssid->disabled_until.sec = | |
949 | now.sec + reauth_delay; | |
950 | } | |
7ef69479 JM |
951 | } |
952 | ||
953 | if (code == HS20_DEAUTH_REASON_CODE_ESS && wpa_s->current_ssid) { | |
06c7b7f0 JM |
954 | struct os_reltime now; |
955 | os_get_reltime(&now); | |
7ef69479 JM |
956 | if (now.sec + reauth_delay <= |
957 | wpa_s->current_ssid->disabled_until.sec) | |
958 | return; | |
959 | wpa_printf(MSG_DEBUG, "HS 2.0: Disable network for %u seconds", | |
960 | reauth_delay); | |
961 | wpa_s->current_ssid->disabled_until.sec = | |
962 | now.sec + reauth_delay; | |
963 | } | |
964 | } | |
fb2ac53d AC |
965 | |
966 | ||
967 | void hs20_deinit(struct wpa_supplicant *wpa_s) | |
968 | { | |
969 | eloop_cancel_timeout(hs20_continue_icon_fetch, wpa_s, NULL); | |
970 | hs20_free_osu_prov(wpa_s); | |
971 | } |