]> git.ipfire.org Git - thirdparty/hostap.git/blob - wpa_supplicant/interworking.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Interworking: Allow roaming partner configuration
[thirdparty/hostap.git] / wpa_supplicant / interworking.c
1 /*
2 * Interworking (IEEE 802.11u)
3 * Copyright (c) 2011-2013, Qualcomm Atheros, Inc.
4 * Copyright (c) 2011-2014, Jouni Malinen <j@w1.fi>
5 *
6 * This software may be distributed under the terms of the BSD license.
7 * See README for more details.
8 */
9
10 #include "includes.h"
11
12 #include "common.h"
13 #include "common/ieee802_11_defs.h"
14 #include "common/gas.h"
15 #include "common/wpa_ctrl.h"
16 #include "utils/pcsc_funcs.h"
17 #include "utils/eloop.h"
18 #include "drivers/driver.h"
19 #include "eap_common/eap_defs.h"
20 #include "eap_peer/eap.h"
21 #include "eap_peer/eap_methods.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "rsn_supp/wpa.h"
24 #include "wpa_supplicant_i.h"
25 #include "config.h"
26 #include "config_ssid.h"
27 #include "bss.h"
28 #include "scan.h"
29 #include "notify.h"
30 #include "gas_query.h"
31 #include "hs20_supplicant.h"
32 #include "interworking.h"
33
34
35 #if defined(EAP_SIM) | defined(EAP_SIM_DYNAMIC)
36 #define INTERWORKING_3GPP
37 #else
38 #if defined(EAP_AKA) | defined(EAP_AKA_DYNAMIC)
39 #define INTERWORKING_3GPP
40 #else
41 #if defined(EAP_AKA_PRIME) | defined(EAP_AKA_PRIME_DYNAMIC)
42 #define INTERWORKING_3GPP
43 #endif
44 #endif
45 #endif
46
47 static void interworking_next_anqp_fetch(struct wpa_supplicant *wpa_s);
48 static struct wpa_cred * interworking_credentials_available_realm(
49 struct wpa_supplicant *wpa_s, struct wpa_bss *bss);
50 static struct wpa_cred * interworking_credentials_available_3gpp(
51 struct wpa_supplicant *wpa_s, struct wpa_bss *bss);
52
53
54 static void interworking_reconnect(struct wpa_supplicant *wpa_s)
55 {
56 if (wpa_s->wpa_state >= WPA_AUTHENTICATING) {
57 wpa_supplicant_cancel_sched_scan(wpa_s);
58 wpa_supplicant_deauthenticate(wpa_s,
59 WLAN_REASON_DEAUTH_LEAVING);
60 }
61 wpa_s->disconnected = 0;
62 wpa_s->reassociate = 1;
63
64 if (wpa_supplicant_fast_associate(wpa_s) >= 0)
65 return;
66
67 wpa_supplicant_req_scan(wpa_s, 0, 0);
68 }
69
70
71 static struct wpabuf * anqp_build_req(u16 info_ids[], size_t num_ids,
72 struct wpabuf *extra)
73 {
74 struct wpabuf *buf;
75 size_t i;
76 u8 *len_pos;
77
78 buf = gas_anqp_build_initial_req(0, 4 + num_ids * 2 +
79 (extra ? wpabuf_len(extra) : 0));
80 if (buf == NULL)
81 return NULL;
82
83 len_pos = gas_anqp_add_element(buf, ANQP_QUERY_LIST);
84 for (i = 0; i < num_ids; i++)
85 wpabuf_put_le16(buf, info_ids[i]);
86 gas_anqp_set_element_len(buf, len_pos);
87 if (extra)
88 wpabuf_put_buf(buf, extra);
89
90 gas_anqp_set_len(buf);
91
92 return buf;
93 }
94
95
96 static void interworking_anqp_resp_cb(void *ctx, const u8 *dst,
97 u8 dialog_token,
98 enum gas_query_result result,
99 const struct wpabuf *adv_proto,
100 const struct wpabuf *resp,
101 u16 status_code)
102 {
103 struct wpa_supplicant *wpa_s = ctx;
104
105 anqp_resp_cb(wpa_s, dst, dialog_token, result, adv_proto, resp,
106 status_code);
107 interworking_next_anqp_fetch(wpa_s);
108 }
109
110
111 static int cred_with_roaming_consortium(struct wpa_supplicant *wpa_s)
112 {
113 struct wpa_cred *cred;
114
115 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
116 if (cred->roaming_consortium_len)
117 return 1;
118 if (cred->required_roaming_consortium_len)
119 return 1;
120 }
121 return 0;
122 }
123
124
125 static int cred_with_3gpp(struct wpa_supplicant *wpa_s)
126 {
127 struct wpa_cred *cred;
128
129 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
130 if (cred->pcsc || cred->imsi)
131 return 1;
132 }
133 return 0;
134 }
135
136
137 static int cred_with_nai_realm(struct wpa_supplicant *wpa_s)
138 {
139 struct wpa_cred *cred;
140
141 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
142 if (cred->pcsc || cred->imsi)
143 continue;
144 if (!cred->eap_method)
145 return 1;
146 if (cred->realm && cred->roaming_consortium_len == 0)
147 return 1;
148 }
149 return 0;
150 }
151
152
153 static int cred_with_domain(struct wpa_supplicant *wpa_s)
154 {
155 struct wpa_cred *cred;
156
157 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
158 if (cred->domain || cred->pcsc || cred->imsi ||
159 cred->roaming_partner)
160 return 1;
161 }
162 return 0;
163 }
164
165
166 static int additional_roaming_consortiums(struct wpa_bss *bss)
167 {
168 const u8 *ie;
169 ie = wpa_bss_get_ie(bss, WLAN_EID_ROAMING_CONSORTIUM);
170 if (ie == NULL || ie[1] == 0)
171 return 0;
172 return ie[2]; /* Number of ANQP OIs */
173 }
174
175
176 static void interworking_continue_anqp(void *eloop_ctx, void *sock_ctx)
177 {
178 struct wpa_supplicant *wpa_s = eloop_ctx;
179 interworking_next_anqp_fetch(wpa_s);
180 }
181
182
183 static int interworking_anqp_send_req(struct wpa_supplicant *wpa_s,
184 struct wpa_bss *bss)
185 {
186 struct wpabuf *buf;
187 int ret = 0;
188 int res;
189 u16 info_ids[8];
190 size_t num_info_ids = 0;
191 struct wpabuf *extra = NULL;
192 int all = wpa_s->fetch_all_anqp;
193
194 wpa_printf(MSG_DEBUG, "Interworking: ANQP Query Request to " MACSTR,
195 MAC2STR(bss->bssid));
196 wpa_s->interworking_gas_bss = bss;
197
198 info_ids[num_info_ids++] = ANQP_CAPABILITY_LIST;
199 if (all) {
200 info_ids[num_info_ids++] = ANQP_VENUE_NAME;
201 info_ids[num_info_ids++] = ANQP_NETWORK_AUTH_TYPE;
202 }
203 if (all || (cred_with_roaming_consortium(wpa_s) &&
204 additional_roaming_consortiums(bss)))
205 info_ids[num_info_ids++] = ANQP_ROAMING_CONSORTIUM;
206 if (all)
207 info_ids[num_info_ids++] = ANQP_IP_ADDR_TYPE_AVAILABILITY;
208 if (all || cred_with_nai_realm(wpa_s))
209 info_ids[num_info_ids++] = ANQP_NAI_REALM;
210 if (all || cred_with_3gpp(wpa_s))
211 info_ids[num_info_ids++] = ANQP_3GPP_CELLULAR_NETWORK;
212 if (all || cred_with_domain(wpa_s))
213 info_ids[num_info_ids++] = ANQP_DOMAIN_NAME;
214 wpa_hexdump(MSG_DEBUG, "Interworking: ANQP Query info",
215 (u8 *) info_ids, num_info_ids * 2);
216
217 #ifdef CONFIG_HS20
218 if (wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE)) {
219 u8 *len_pos;
220
221 extra = wpabuf_alloc(100);
222 if (!extra)
223 return -1;
224
225 len_pos = gas_anqp_add_element(extra, ANQP_VENDOR_SPECIFIC);
226 wpabuf_put_be24(extra, OUI_WFA);
227 wpabuf_put_u8(extra, HS20_ANQP_OUI_TYPE);
228 wpabuf_put_u8(extra, HS20_STYPE_QUERY_LIST);
229 wpabuf_put_u8(extra, 0); /* Reserved */
230 wpabuf_put_u8(extra, HS20_STYPE_CAPABILITY_LIST);
231 if (all) {
232 wpabuf_put_u8(extra,
233 HS20_STYPE_OPERATOR_FRIENDLY_NAME);
234 wpabuf_put_u8(extra, HS20_STYPE_WAN_METRICS);
235 wpabuf_put_u8(extra, HS20_STYPE_CONNECTION_CAPABILITY);
236 wpabuf_put_u8(extra, HS20_STYPE_OPERATING_CLASS);
237 }
238 gas_anqp_set_element_len(extra, len_pos);
239 }
240 #endif /* CONFIG_HS20 */
241
242 buf = anqp_build_req(info_ids, num_info_ids, extra);
243 wpabuf_free(extra);
244 if (buf == NULL)
245 return -1;
246
247 res = gas_query_req(wpa_s->gas, bss->bssid, bss->freq, buf,
248 interworking_anqp_resp_cb, wpa_s);
249 if (res < 0) {
250 wpa_printf(MSG_DEBUG, "ANQP: Failed to send Query Request");
251 wpabuf_free(buf);
252 ret = -1;
253 eloop_register_timeout(0, 0, interworking_continue_anqp, wpa_s,
254 NULL);
255 } else
256 wpa_printf(MSG_DEBUG, "ANQP: Query started with dialog token "
257 "%u", res);
258
259 return ret;
260 }
261
262
263 struct nai_realm_eap {
264 u8 method;
265 u8 inner_method;
266 enum nai_realm_eap_auth_inner_non_eap inner_non_eap;
267 u8 cred_type;
268 u8 tunneled_cred_type;
269 };
270
271 struct nai_realm {
272 u8 encoding;
273 char *realm;
274 u8 eap_count;
275 struct nai_realm_eap *eap;
276 };
277
278
279 static void nai_realm_free(struct nai_realm *realms, u16 count)
280 {
281 u16 i;
282
283 if (realms == NULL)
284 return;
285 for (i = 0; i < count; i++) {
286 os_free(realms[i].eap);
287 os_free(realms[i].realm);
288 }
289 os_free(realms);
290 }
291
292
293 static const u8 * nai_realm_parse_eap(struct nai_realm_eap *e, const u8 *pos,
294 const u8 *end)
295 {
296 u8 elen, auth_count, a;
297 const u8 *e_end;
298
299 if (pos + 3 > end) {
300 wpa_printf(MSG_DEBUG, "No room for EAP Method fixed fields");
301 return NULL;
302 }
303
304 elen = *pos++;
305 if (pos + elen > end || elen < 2) {
306 wpa_printf(MSG_DEBUG, "No room for EAP Method subfield");
307 return NULL;
308 }
309 e_end = pos + elen;
310 e->method = *pos++;
311 auth_count = *pos++;
312 wpa_printf(MSG_DEBUG, "EAP Method: len=%u method=%u auth_count=%u",
313 elen, e->method, auth_count);
314
315 for (a = 0; a < auth_count; a++) {
316 u8 id, len;
317
318 if (pos + 2 > end || pos + 2 + pos[1] > end) {
319 wpa_printf(MSG_DEBUG, "No room for Authentication "
320 "Parameter subfield");
321 return NULL;
322 }
323
324 id = *pos++;
325 len = *pos++;
326
327 switch (id) {
328 case NAI_REALM_EAP_AUTH_NON_EAP_INNER_AUTH:
329 if (len < 1)
330 break;
331 e->inner_non_eap = *pos;
332 if (e->method != EAP_TYPE_TTLS)
333 break;
334 switch (*pos) {
335 case NAI_REALM_INNER_NON_EAP_PAP:
336 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP");
337 break;
338 case NAI_REALM_INNER_NON_EAP_CHAP:
339 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP");
340 break;
341 case NAI_REALM_INNER_NON_EAP_MSCHAP:
342 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP");
343 break;
344 case NAI_REALM_INNER_NON_EAP_MSCHAPV2:
345 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2");
346 break;
347 }
348 break;
349 case NAI_REALM_EAP_AUTH_INNER_AUTH_EAP_METHOD:
350 if (len < 1)
351 break;
352 e->inner_method = *pos;
353 wpa_printf(MSG_DEBUG, "Inner EAP method: %u",
354 e->inner_method);
355 break;
356 case NAI_REALM_EAP_AUTH_CRED_TYPE:
357 if (len < 1)
358 break;
359 e->cred_type = *pos;
360 wpa_printf(MSG_DEBUG, "Credential Type: %u",
361 e->cred_type);
362 break;
363 case NAI_REALM_EAP_AUTH_TUNNELED_CRED_TYPE:
364 if (len < 1)
365 break;
366 e->tunneled_cred_type = *pos;
367 wpa_printf(MSG_DEBUG, "Tunneled EAP Method Credential "
368 "Type: %u", e->tunneled_cred_type);
369 break;
370 default:
371 wpa_printf(MSG_DEBUG, "Unsupported Authentication "
372 "Parameter: id=%u len=%u", id, len);
373 wpa_hexdump(MSG_DEBUG, "Authentication Parameter "
374 "Value", pos, len);
375 break;
376 }
377
378 pos += len;
379 }
380
381 return e_end;
382 }
383
384
385 static const u8 * nai_realm_parse_realm(struct nai_realm *r, const u8 *pos,
386 const u8 *end)
387 {
388 u16 len;
389 const u8 *f_end;
390 u8 realm_len, e;
391
392 if (end - pos < 4) {
393 wpa_printf(MSG_DEBUG, "No room for NAI Realm Data "
394 "fixed fields");
395 return NULL;
396 }
397
398 len = WPA_GET_LE16(pos); /* NAI Realm Data field Length */
399 pos += 2;
400 if (pos + len > end || len < 3) {
401 wpa_printf(MSG_DEBUG, "No room for NAI Realm Data "
402 "(len=%u; left=%u)",
403 len, (unsigned int) (end - pos));
404 return NULL;
405 }
406 f_end = pos + len;
407
408 r->encoding = *pos++;
409 realm_len = *pos++;
410 if (pos + realm_len > f_end) {
411 wpa_printf(MSG_DEBUG, "No room for NAI Realm "
412 "(len=%u; left=%u)",
413 realm_len, (unsigned int) (f_end - pos));
414 return NULL;
415 }
416 wpa_hexdump_ascii(MSG_DEBUG, "NAI Realm", pos, realm_len);
417 r->realm = dup_binstr(pos, realm_len);
418 if (r->realm == NULL)
419 return NULL;
420 pos += realm_len;
421
422 if (pos + 1 > f_end) {
423 wpa_printf(MSG_DEBUG, "No room for EAP Method Count");
424 return NULL;
425 }
426 r->eap_count = *pos++;
427 wpa_printf(MSG_DEBUG, "EAP Count: %u", r->eap_count);
428 if (pos + r->eap_count * 3 > f_end) {
429 wpa_printf(MSG_DEBUG, "No room for EAP Methods");
430 return NULL;
431 }
432 r->eap = os_calloc(r->eap_count, sizeof(struct nai_realm_eap));
433 if (r->eap == NULL)
434 return NULL;
435
436 for (e = 0; e < r->eap_count; e++) {
437 pos = nai_realm_parse_eap(&r->eap[e], pos, f_end);
438 if (pos == NULL)
439 return NULL;
440 }
441
442 return f_end;
443 }
444
445
446 static struct nai_realm * nai_realm_parse(struct wpabuf *anqp, u16 *count)
447 {
448 struct nai_realm *realm;
449 const u8 *pos, *end;
450 u16 i, num;
451
452 if (anqp == NULL || wpabuf_len(anqp) < 2)
453 return NULL;
454
455 pos = wpabuf_head_u8(anqp);
456 end = pos + wpabuf_len(anqp);
457 num = WPA_GET_LE16(pos);
458 wpa_printf(MSG_DEBUG, "NAI Realm Count: %u", num);
459 pos += 2;
460
461 if (num * 5 > end - pos) {
462 wpa_printf(MSG_DEBUG, "Invalid NAI Realm Count %u - not "
463 "enough data (%u octets) for that many realms",
464 num, (unsigned int) (end - pos));
465 return NULL;
466 }
467
468 realm = os_calloc(num, sizeof(struct nai_realm));
469 if (realm == NULL)
470 return NULL;
471
472 for (i = 0; i < num; i++) {
473 pos = nai_realm_parse_realm(&realm[i], pos, end);
474 if (pos == NULL) {
475 nai_realm_free(realm, num);
476 return NULL;
477 }
478 }
479
480 *count = num;
481 return realm;
482 }
483
484
485 static int nai_realm_match(struct nai_realm *realm, const char *home_realm)
486 {
487 char *tmp, *pos, *end;
488 int match = 0;
489
490 if (realm->realm == NULL || home_realm == NULL)
491 return 0;
492
493 if (os_strchr(realm->realm, ';') == NULL)
494 return os_strcasecmp(realm->realm, home_realm) == 0;
495
496 tmp = os_strdup(realm->realm);
497 if (tmp == NULL)
498 return 0;
499
500 pos = tmp;
501 while (*pos) {
502 end = os_strchr(pos, ';');
503 if (end)
504 *end = '\0';
505 if (os_strcasecmp(pos, home_realm) == 0) {
506 match = 1;
507 break;
508 }
509 if (end == NULL)
510 break;
511 pos = end + 1;
512 }
513
514 os_free(tmp);
515
516 return match;
517 }
518
519
520 static int nai_realm_cred_username(struct nai_realm_eap *eap)
521 {
522 if (eap_get_name(EAP_VENDOR_IETF, eap->method) == NULL)
523 return 0; /* method not supported */
524
525 if (eap->method != EAP_TYPE_TTLS && eap->method != EAP_TYPE_PEAP &&
526 eap->method != EAP_TYPE_FAST) {
527 /* Only tunneled methods with username/password supported */
528 return 0;
529 }
530
531 if (eap->method == EAP_TYPE_PEAP || eap->method == EAP_TYPE_FAST) {
532 if (eap->inner_method &&
533 eap_get_name(EAP_VENDOR_IETF, eap->inner_method) == NULL)
534 return 0;
535 if (!eap->inner_method &&
536 eap_get_name(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2) == NULL)
537 return 0;
538 }
539
540 if (eap->method == EAP_TYPE_TTLS) {
541 if (eap->inner_method == 0 && eap->inner_non_eap == 0)
542 return 1; /* Assume TTLS/MSCHAPv2 is used */
543 if (eap->inner_method &&
544 eap_get_name(EAP_VENDOR_IETF, eap->inner_method) == NULL)
545 return 0;
546 if (eap->inner_non_eap &&
547 eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_PAP &&
548 eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_CHAP &&
549 eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_MSCHAP &&
550 eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_MSCHAPV2)
551 return 0;
552 }
553
554 if (eap->inner_method &&
555 eap->inner_method != EAP_TYPE_GTC &&
556 eap->inner_method != EAP_TYPE_MSCHAPV2)
557 return 0;
558
559 return 1;
560 }
561
562
563 static int nai_realm_cred_cert(struct nai_realm_eap *eap)
564 {
565 if (eap_get_name(EAP_VENDOR_IETF, eap->method) == NULL)
566 return 0; /* method not supported */
567
568 if (eap->method != EAP_TYPE_TLS) {
569 /* Only EAP-TLS supported for credential authentication */
570 return 0;
571 }
572
573 return 1;
574 }
575
576
577 static struct nai_realm_eap * nai_realm_find_eap(struct wpa_cred *cred,
578 struct nai_realm *realm)
579 {
580 u8 e;
581
582 if (cred == NULL ||
583 cred->username == NULL ||
584 cred->username[0] == '\0' ||
585 ((cred->password == NULL ||
586 cred->password[0] == '\0') &&
587 (cred->private_key == NULL ||
588 cred->private_key[0] == '\0')))
589 return NULL;
590
591 for (e = 0; e < realm->eap_count; e++) {
592 struct nai_realm_eap *eap = &realm->eap[e];
593 if (cred->password && cred->password[0] &&
594 nai_realm_cred_username(eap))
595 return eap;
596 if (cred->private_key && cred->private_key[0] &&
597 nai_realm_cred_cert(eap))
598 return eap;
599 }
600
601 return NULL;
602 }
603
604
605 #ifdef INTERWORKING_3GPP
606
607 static int plmn_id_match(struct wpabuf *anqp, const char *imsi, int mnc_len)
608 {
609 u8 plmn[3], plmn2[3];
610 const u8 *pos, *end;
611 u8 udhl;
612
613 /*
614 * See Annex A of 3GPP TS 24.234 v8.1.0 for description. The network
615 * operator is allowed to include only two digits of the MNC, so allow
616 * matches based on both two and three digit MNC assumptions. Since some
617 * SIM/USIM cards may not expose MNC length conveniently, we may be
618 * provided the default MNC length 3 here and as such, checking with MNC
619 * length 2 is justifiable even though 3GPP TS 24.234 does not mention
620 * that case. Anyway, MCC/MNC pair where both 2 and 3 digit MNC is used
621 * with otherwise matching values would not be good idea in general, so
622 * this should not result in selecting incorrect networks.
623 */
624 /* Match with 3 digit MNC */
625 plmn[0] = (imsi[0] - '0') | ((imsi[1] - '0') << 4);
626 plmn[1] = (imsi[2] - '0') | ((imsi[5] - '0') << 4);
627 plmn[2] = (imsi[3] - '0') | ((imsi[4] - '0') << 4);
628 /* Match with 2 digit MNC */
629 plmn2[0] = (imsi[0] - '0') | ((imsi[1] - '0') << 4);
630 plmn2[1] = (imsi[2] - '0') | 0xf0;
631 plmn2[2] = (imsi[3] - '0') | ((imsi[4] - '0') << 4);
632
633 if (anqp == NULL)
634 return 0;
635 pos = wpabuf_head_u8(anqp);
636 end = pos + wpabuf_len(anqp);
637 if (pos + 2 > end)
638 return 0;
639 if (*pos != 0) {
640 wpa_printf(MSG_DEBUG, "Unsupported GUD version 0x%x", *pos);
641 return 0;
642 }
643 pos++;
644 udhl = *pos++;
645 if (pos + udhl > end) {
646 wpa_printf(MSG_DEBUG, "Invalid UDHL");
647 return 0;
648 }
649 end = pos + udhl;
650
651 wpa_printf(MSG_DEBUG, "Interworking: Matching against MCC/MNC alternatives: %02x:%02x:%02x or %02x:%02x:%02x (IMSI %s, MNC length %d)",
652 plmn[0], plmn[1], plmn[2], plmn2[0], plmn2[1], plmn2[2],
653 imsi, mnc_len);
654
655 while (pos + 2 <= end) {
656 u8 iei, len;
657 const u8 *l_end;
658 iei = *pos++;
659 len = *pos++ & 0x7f;
660 if (pos + len > end)
661 break;
662 l_end = pos + len;
663
664 if (iei == 0 && len > 0) {
665 /* PLMN List */
666 u8 num, i;
667 wpa_hexdump(MSG_DEBUG, "Interworking: PLMN List information element",
668 pos, len);
669 num = *pos++;
670 for (i = 0; i < num; i++) {
671 if (pos + 3 > l_end)
672 break;
673 if (os_memcmp(pos, plmn, 3) == 0 ||
674 os_memcmp(pos, plmn2, 3) == 0)
675 return 1; /* Found matching PLMN */
676 pos += 3;
677 }
678 } else {
679 wpa_hexdump(MSG_DEBUG, "Interworking: Unrecognized 3GPP information element",
680 pos, len);
681 }
682
683 pos = l_end;
684 }
685
686 return 0;
687 }
688
689
690 static int build_root_nai(char *nai, size_t nai_len, const char *imsi,
691 size_t mnc_len, char prefix)
692 {
693 const char *sep, *msin;
694 char *end, *pos;
695 size_t msin_len, plmn_len;
696
697 /*
698 * TS 23.003, Clause 14 (3GPP to WLAN Interworking)
699 * Root NAI:
700 * <aka:0|sim:1><IMSI>@wlan.mnc<MNC>.mcc<MCC>.3gppnetwork.org
701 * <MNC> is zero-padded to three digits in case two-digit MNC is used
702 */
703
704 if (imsi == NULL || os_strlen(imsi) > 16) {
705 wpa_printf(MSG_DEBUG, "No valid IMSI available");
706 return -1;
707 }
708 sep = os_strchr(imsi, '-');
709 if (sep) {
710 plmn_len = sep - imsi;
711 msin = sep + 1;
712 } else if (mnc_len && os_strlen(imsi) >= 3 + mnc_len) {
713 plmn_len = 3 + mnc_len;
714 msin = imsi + plmn_len;
715 } else
716 return -1;
717 if (plmn_len != 5 && plmn_len != 6)
718 return -1;
719 msin_len = os_strlen(msin);
720
721 pos = nai;
722 end = nai + nai_len;
723 if (prefix)
724 *pos++ = prefix;
725 os_memcpy(pos, imsi, plmn_len);
726 pos += plmn_len;
727 os_memcpy(pos, msin, msin_len);
728 pos += msin_len;
729 pos += os_snprintf(pos, end - pos, "@wlan.mnc");
730 if (plmn_len == 5) {
731 *pos++ = '0';
732 *pos++ = imsi[3];
733 *pos++ = imsi[4];
734 } else {
735 *pos++ = imsi[3];
736 *pos++ = imsi[4];
737 *pos++ = imsi[5];
738 }
739 pos += os_snprintf(pos, end - pos, ".mcc%c%c%c.3gppnetwork.org",
740 imsi[0], imsi[1], imsi[2]);
741
742 return 0;
743 }
744
745
746 static int set_root_nai(struct wpa_ssid *ssid, const char *imsi, char prefix)
747 {
748 char nai[100];
749 if (build_root_nai(nai, sizeof(nai), imsi, 0, prefix) < 0)
750 return -1;
751 return wpa_config_set_quoted(ssid, "identity", nai);
752 }
753
754 #endif /* INTERWORKING_3GPP */
755
756
757 static int already_connected(struct wpa_supplicant *wpa_s,
758 struct wpa_cred *cred, struct wpa_bss *bss)
759 {
760 struct wpa_ssid *ssid;
761
762 if (wpa_s->wpa_state < WPA_ASSOCIATED || wpa_s->current_ssid == NULL)
763 return 0;
764
765 ssid = wpa_s->current_ssid;
766 if (ssid->parent_cred != cred)
767 return 0;
768
769 if (ssid->ssid_len != bss->ssid_len ||
770 os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) != 0)
771 return 0;
772
773 return 1;
774 }
775
776
777 static void remove_duplicate_network(struct wpa_supplicant *wpa_s,
778 struct wpa_cred *cred,
779 struct wpa_bss *bss)
780 {
781 struct wpa_ssid *ssid;
782
783 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
784 if (ssid->parent_cred != cred)
785 continue;
786 if (ssid->ssid_len != bss->ssid_len ||
787 os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) != 0)
788 continue;
789
790 break;
791 }
792
793 if (ssid == NULL)
794 return;
795
796 wpa_printf(MSG_DEBUG, "Interworking: Remove duplicate network entry for the same credential");
797
798 if (ssid == wpa_s->current_ssid) {
799 wpa_sm_set_config(wpa_s->wpa, NULL);
800 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
801 wpa_supplicant_deauthenticate(wpa_s,
802 WLAN_REASON_DEAUTH_LEAVING);
803 }
804
805 wpas_notify_network_removed(wpa_s, ssid);
806 wpa_config_remove_network(wpa_s->conf, ssid->id);
807 }
808
809
810 static int interworking_set_hs20_params(struct wpa_supplicant *wpa_s,
811 struct wpa_ssid *ssid)
812 {
813 if (wpa_config_set(ssid, "key_mgmt",
814 wpa_s->conf->pmf != NO_MGMT_FRAME_PROTECTION ?
815 "WPA-EAP WPA-EAP-SHA256" : "WPA-EAP", 0) < 0)
816 return -1;
817 if (wpa_config_set(ssid, "proto", "RSN", 0) < 0)
818 return -1;
819 if (wpa_config_set(ssid, "pairwise", "CCMP", 0) < 0)
820 return -1;
821 return 0;
822 }
823
824
825 static int interworking_connect_3gpp(struct wpa_supplicant *wpa_s,
826 struct wpa_cred *cred,
827 struct wpa_bss *bss)
828 {
829 #ifdef INTERWORKING_3GPP
830 struct wpa_ssid *ssid;
831 int eap_type;
832 int res;
833 char prefix;
834
835 if (bss->anqp == NULL || bss->anqp->anqp_3gpp == NULL)
836 return -1;
837
838 wpa_printf(MSG_DEBUG, "Interworking: Connect with " MACSTR " (3GPP)",
839 MAC2STR(bss->bssid));
840
841 if (already_connected(wpa_s, cred, bss)) {
842 wpa_msg(wpa_s, MSG_INFO, INTERWORKING_ALREADY_CONNECTED MACSTR,
843 MAC2STR(bss->bssid));
844 return 0;
845 }
846
847 remove_duplicate_network(wpa_s, cred, bss);
848
849 ssid = wpa_config_add_network(wpa_s->conf);
850 if (ssid == NULL)
851 return -1;
852 ssid->parent_cred = cred;
853
854 wpas_notify_network_added(wpa_s, ssid);
855 wpa_config_set_network_defaults(ssid);
856 ssid->priority = cred->priority;
857 ssid->temporary = 1;
858 ssid->ssid = os_zalloc(bss->ssid_len + 1);
859 if (ssid->ssid == NULL)
860 goto fail;
861 os_memcpy(ssid->ssid, bss->ssid, bss->ssid_len);
862 ssid->ssid_len = bss->ssid_len;
863
864 if (interworking_set_hs20_params(wpa_s, ssid) < 0)
865 goto fail;
866
867 eap_type = EAP_TYPE_SIM;
868 if (cred->pcsc && wpa_s->scard && scard_supports_umts(wpa_s->scard))
869 eap_type = EAP_TYPE_AKA;
870 if (cred->eap_method && cred->eap_method[0].vendor == EAP_VENDOR_IETF) {
871 if (cred->eap_method[0].method == EAP_TYPE_SIM ||
872 cred->eap_method[0].method == EAP_TYPE_AKA ||
873 cred->eap_method[0].method == EAP_TYPE_AKA_PRIME)
874 eap_type = cred->eap_method[0].method;
875 }
876
877 switch (eap_type) {
878 case EAP_TYPE_SIM:
879 prefix = '1';
880 res = wpa_config_set(ssid, "eap", "SIM", 0);
881 break;
882 case EAP_TYPE_AKA:
883 prefix = '0';
884 res = wpa_config_set(ssid, "eap", "AKA", 0);
885 break;
886 case EAP_TYPE_AKA_PRIME:
887 prefix = '6';
888 res = wpa_config_set(ssid, "eap", "AKA'", 0);
889 break;
890 default:
891 res = -1;
892 break;
893 }
894 if (res < 0) {
895 wpa_printf(MSG_DEBUG, "Selected EAP method (%d) not supported",
896 eap_type);
897 goto fail;
898 }
899
900 if (!cred->pcsc && set_root_nai(ssid, cred->imsi, prefix) < 0) {
901 wpa_printf(MSG_DEBUG, "Failed to set Root NAI");
902 goto fail;
903 }
904
905 if (cred->milenage && cred->milenage[0]) {
906 if (wpa_config_set_quoted(ssid, "password",
907 cred->milenage) < 0)
908 goto fail;
909 } else if (cred->pcsc) {
910 if (wpa_config_set_quoted(ssid, "pcsc", "") < 0)
911 goto fail;
912 if (wpa_s->conf->pcsc_pin &&
913 wpa_config_set_quoted(ssid, "pin", wpa_s->conf->pcsc_pin)
914 < 0)
915 goto fail;
916 }
917
918 if (cred->password && cred->password[0] &&
919 wpa_config_set_quoted(ssid, "password", cred->password) < 0)
920 goto fail;
921
922 wpa_s->next_ssid = ssid;
923 wpa_config_update_prio_list(wpa_s->conf);
924 interworking_reconnect(wpa_s);
925
926 return 0;
927
928 fail:
929 wpas_notify_network_removed(wpa_s, ssid);
930 wpa_config_remove_network(wpa_s->conf, ssid->id);
931 #endif /* INTERWORKING_3GPP */
932 return -1;
933 }
934
935
936 static int roaming_consortium_element_match(const u8 *ie, const u8 *rc_id,
937 size_t rc_len)
938 {
939 const u8 *pos, *end;
940 u8 lens;
941
942 if (ie == NULL)
943 return 0;
944
945 pos = ie + 2;
946 end = ie + 2 + ie[1];
947
948 /* Roaming Consortium element:
949 * Number of ANQP OIs
950 * OI #1 and #2 lengths
951 * OI #1, [OI #2], [OI #3]
952 */
953
954 if (pos + 2 > end)
955 return 0;
956
957 pos++; /* skip Number of ANQP OIs */
958 lens = *pos++;
959 if (pos + (lens & 0x0f) + (lens >> 4) > end)
960 return 0;
961
962 if ((lens & 0x0f) == rc_len && os_memcmp(pos, rc_id, rc_len) == 0)
963 return 1;
964 pos += lens & 0x0f;
965
966 if ((lens >> 4) == rc_len && os_memcmp(pos, rc_id, rc_len) == 0)
967 return 1;
968 pos += lens >> 4;
969
970 if (pos < end && (size_t) (end - pos) == rc_len &&
971 os_memcmp(pos, rc_id, rc_len) == 0)
972 return 1;
973
974 return 0;
975 }
976
977
978 static int roaming_consortium_anqp_match(const struct wpabuf *anqp,
979 const u8 *rc_id, size_t rc_len)
980 {
981 const u8 *pos, *end;
982 u8 len;
983
984 if (anqp == NULL)
985 return 0;
986
987 pos = wpabuf_head(anqp);
988 end = pos + wpabuf_len(anqp);
989
990 /* Set of <OI Length, OI> duples */
991 while (pos < end) {
992 len = *pos++;
993 if (pos + len > end)
994 break;
995 if (len == rc_len && os_memcmp(pos, rc_id, rc_len) == 0)
996 return 1;
997 pos += len;
998 }
999
1000 return 0;
1001 }
1002
1003
1004 static int roaming_consortium_match(const u8 *ie, const struct wpabuf *anqp,
1005 const u8 *rc_id, size_t rc_len)
1006 {
1007 return roaming_consortium_element_match(ie, rc_id, rc_len) ||
1008 roaming_consortium_anqp_match(anqp, rc_id, rc_len);
1009 }
1010
1011
1012 static int cred_no_required_oi_match(struct wpa_cred *cred, struct wpa_bss *bss)
1013 {
1014 const u8 *ie;
1015
1016 if (cred->required_roaming_consortium_len == 0)
1017 return 0;
1018
1019 ie = wpa_bss_get_ie(bss, WLAN_EID_ROAMING_CONSORTIUM);
1020
1021 if (ie == NULL &&
1022 (bss->anqp == NULL || bss->anqp->roaming_consortium == NULL))
1023 return 1;
1024
1025 return !roaming_consortium_match(ie,
1026 bss->anqp ?
1027 bss->anqp->roaming_consortium : NULL,
1028 cred->required_roaming_consortium,
1029 cred->required_roaming_consortium_len);
1030 }
1031
1032
1033 static int cred_excluded_ssid(struct wpa_cred *cred, struct wpa_bss *bss)
1034 {
1035 size_t i;
1036
1037 if (!cred->excluded_ssid)
1038 return 0;
1039
1040 for (i = 0; i < cred->num_excluded_ssid; i++) {
1041 struct excluded_ssid *e = &cred->excluded_ssid[i];
1042 if (bss->ssid_len == e->ssid_len &&
1043 os_memcmp(bss->ssid, e->ssid, e->ssid_len) == 0)
1044 return 1;
1045 }
1046
1047 return 0;
1048 }
1049
1050
1051 static struct wpa_cred * interworking_credentials_available_roaming_consortium(
1052 struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
1053 {
1054 struct wpa_cred *cred, *selected = NULL;
1055 const u8 *ie;
1056
1057 ie = wpa_bss_get_ie(bss, WLAN_EID_ROAMING_CONSORTIUM);
1058
1059 if (ie == NULL &&
1060 (bss->anqp == NULL || bss->anqp->roaming_consortium == NULL))
1061 return NULL;
1062
1063 if (wpa_s->conf->cred == NULL)
1064 return NULL;
1065
1066 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
1067 if (cred->roaming_consortium_len == 0)
1068 continue;
1069
1070 if (!roaming_consortium_match(ie,
1071 bss->anqp ?
1072 bss->anqp->roaming_consortium :
1073 NULL,
1074 cred->roaming_consortium,
1075 cred->roaming_consortium_len))
1076 continue;
1077
1078 if (cred_excluded_ssid(cred, bss))
1079 continue;
1080 if (cred_no_required_oi_match(cred, bss))
1081 continue;
1082
1083 if (selected == NULL ||
1084 selected->priority < cred->priority)
1085 selected = cred;
1086 }
1087
1088 return selected;
1089 }
1090
1091
1092 static int interworking_set_eap_params(struct wpa_ssid *ssid,
1093 struct wpa_cred *cred, int ttls)
1094 {
1095 if (cred->eap_method) {
1096 ttls = cred->eap_method->vendor == EAP_VENDOR_IETF &&
1097 cred->eap_method->method == EAP_TYPE_TTLS;
1098
1099 os_free(ssid->eap.eap_methods);
1100 ssid->eap.eap_methods =
1101 os_malloc(sizeof(struct eap_method_type) * 2);
1102 if (ssid->eap.eap_methods == NULL)
1103 return -1;
1104 os_memcpy(ssid->eap.eap_methods, cred->eap_method,
1105 sizeof(*cred->eap_method));
1106 ssid->eap.eap_methods[1].vendor = EAP_VENDOR_IETF;
1107 ssid->eap.eap_methods[1].method = EAP_TYPE_NONE;
1108 }
1109
1110 if (ttls && cred->username && cred->username[0]) {
1111 const char *pos;
1112 char *anon;
1113 /* Use anonymous NAI in Phase 1 */
1114 pos = os_strchr(cred->username, '@');
1115 if (pos) {
1116 size_t buflen = 9 + os_strlen(pos) + 1;
1117 anon = os_malloc(buflen);
1118 if (anon == NULL)
1119 return -1;
1120 os_snprintf(anon, buflen, "anonymous%s", pos);
1121 } else if (cred->realm) {
1122 size_t buflen = 10 + os_strlen(cred->realm) + 1;
1123 anon = os_malloc(buflen);
1124 if (anon == NULL)
1125 return -1;
1126 os_snprintf(anon, buflen, "anonymous@%s", cred->realm);
1127 } else {
1128 anon = os_strdup("anonymous");
1129 if (anon == NULL)
1130 return -1;
1131 }
1132 if (wpa_config_set_quoted(ssid, "anonymous_identity", anon) <
1133 0) {
1134 os_free(anon);
1135 return -1;
1136 }
1137 os_free(anon);
1138 }
1139
1140 if (cred->username && cred->username[0] &&
1141 wpa_config_set_quoted(ssid, "identity", cred->username) < 0)
1142 return -1;
1143
1144 if (cred->password && cred->password[0]) {
1145 if (cred->ext_password &&
1146 wpa_config_set(ssid, "password", cred->password, 0) < 0)
1147 return -1;
1148 if (!cred->ext_password &&
1149 wpa_config_set_quoted(ssid, "password", cred->password) <
1150 0)
1151 return -1;
1152 }
1153
1154 if (cred->client_cert && cred->client_cert[0] &&
1155 wpa_config_set_quoted(ssid, "client_cert", cred->client_cert) < 0)
1156 return -1;
1157
1158 #ifdef ANDROID
1159 if (cred->private_key &&
1160 os_strncmp(cred->private_key, "keystore://", 11) == 0) {
1161 /* Use OpenSSL engine configuration for Android keystore */
1162 if (wpa_config_set_quoted(ssid, "engine_id", "keystore") < 0 ||
1163 wpa_config_set_quoted(ssid, "key_id",
1164 cred->private_key + 11) < 0 ||
1165 wpa_config_set(ssid, "engine", "1", 0) < 0)
1166 return -1;
1167 } else
1168 #endif /* ANDROID */
1169 if (cred->private_key && cred->private_key[0] &&
1170 wpa_config_set_quoted(ssid, "private_key", cred->private_key) < 0)
1171 return -1;
1172
1173 if (cred->private_key_passwd && cred->private_key_passwd[0] &&
1174 wpa_config_set_quoted(ssid, "private_key_passwd",
1175 cred->private_key_passwd) < 0)
1176 return -1;
1177
1178 if (cred->phase1) {
1179 os_free(ssid->eap.phase1);
1180 ssid->eap.phase1 = os_strdup(cred->phase1);
1181 }
1182 if (cred->phase2) {
1183 os_free(ssid->eap.phase2);
1184 ssid->eap.phase2 = os_strdup(cred->phase2);
1185 }
1186
1187 if (cred->ca_cert && cred->ca_cert[0] &&
1188 wpa_config_set_quoted(ssid, "ca_cert", cred->ca_cert) < 0)
1189 return -1;
1190
1191 if (cred->domain_suffix_match && cred->domain_suffix_match[0] &&
1192 wpa_config_set_quoted(ssid, "domain_suffix_match",
1193 cred->domain_suffix_match) < 0)
1194 return -1;
1195
1196 return 0;
1197 }
1198
1199
1200 static int interworking_connect_roaming_consortium(
1201 struct wpa_supplicant *wpa_s, struct wpa_cred *cred,
1202 struct wpa_bss *bss)
1203 {
1204 struct wpa_ssid *ssid;
1205
1206 wpa_printf(MSG_DEBUG, "Interworking: Connect with " MACSTR " based on "
1207 "roaming consortium match", MAC2STR(bss->bssid));
1208
1209 if (already_connected(wpa_s, cred, bss)) {
1210 wpa_msg(wpa_s, MSG_INFO, INTERWORKING_ALREADY_CONNECTED MACSTR,
1211 MAC2STR(bss->bssid));
1212 return 0;
1213 }
1214
1215 remove_duplicate_network(wpa_s, cred, bss);
1216
1217 ssid = wpa_config_add_network(wpa_s->conf);
1218 if (ssid == NULL)
1219 return -1;
1220 ssid->parent_cred = cred;
1221 wpas_notify_network_added(wpa_s, ssid);
1222 wpa_config_set_network_defaults(ssid);
1223 ssid->priority = cred->priority;
1224 ssid->temporary = 1;
1225 ssid->ssid = os_zalloc(bss->ssid_len + 1);
1226 if (ssid->ssid == NULL)
1227 goto fail;
1228 os_memcpy(ssid->ssid, bss->ssid, bss->ssid_len);
1229 ssid->ssid_len = bss->ssid_len;
1230
1231 if (interworking_set_hs20_params(wpa_s, ssid) < 0)
1232 goto fail;
1233
1234 if (cred->eap_method == NULL) {
1235 wpa_printf(MSG_DEBUG, "Interworking: No EAP method set for "
1236 "credential using roaming consortium");
1237 goto fail;
1238 }
1239
1240 if (interworking_set_eap_params(
1241 ssid, cred,
1242 cred->eap_method->vendor == EAP_VENDOR_IETF &&
1243 cred->eap_method->method == EAP_TYPE_TTLS) < 0)
1244 goto fail;
1245
1246 wpa_s->next_ssid = ssid;
1247 wpa_config_update_prio_list(wpa_s->conf);
1248 interworking_reconnect(wpa_s);
1249
1250 return 0;
1251
1252 fail:
1253 wpas_notify_network_removed(wpa_s, ssid);
1254 wpa_config_remove_network(wpa_s->conf, ssid->id);
1255 return -1;
1256 }
1257
1258
1259 int interworking_connect(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
1260 {
1261 struct wpa_cred *cred, *cred_rc, *cred_3gpp;
1262 struct wpa_ssid *ssid;
1263 struct nai_realm *realm;
1264 struct nai_realm_eap *eap = NULL;
1265 u16 count, i;
1266 char buf[100];
1267
1268 if (wpa_s->conf->cred == NULL || bss == NULL)
1269 return -1;
1270 if (disallowed_bssid(wpa_s, bss->bssid) ||
1271 disallowed_ssid(wpa_s, bss->ssid, bss->ssid_len)) {
1272 wpa_printf(MSG_DEBUG, "Interworking: Reject connection to disallowed BSS "
1273 MACSTR, MAC2STR(bss->bssid));
1274 return -1;
1275 }
1276
1277 if (!wpa_bss_get_ie(bss, WLAN_EID_RSN)) {
1278 /*
1279 * We currently support only HS 2.0 networks and those are
1280 * required to use WPA2-Enterprise.
1281 */
1282 wpa_printf(MSG_DEBUG, "Interworking: Network does not use "
1283 "RSN");
1284 return -1;
1285 }
1286
1287 cred_rc = interworking_credentials_available_roaming_consortium(wpa_s,
1288 bss);
1289 if (cred_rc) {
1290 wpa_printf(MSG_DEBUG, "Interworking: Highest roaming "
1291 "consortium matching credential priority %d",
1292 cred_rc->priority);
1293 }
1294
1295 cred = interworking_credentials_available_realm(wpa_s, bss);
1296 if (cred) {
1297 wpa_printf(MSG_DEBUG, "Interworking: Highest NAI Realm list "
1298 "matching credential priority %d",
1299 cred->priority);
1300 }
1301
1302 cred_3gpp = interworking_credentials_available_3gpp(wpa_s, bss);
1303 if (cred_3gpp) {
1304 wpa_printf(MSG_DEBUG, "Interworking: Highest 3GPP matching "
1305 "credential priority %d", cred_3gpp->priority);
1306 }
1307
1308 if (cred_rc &&
1309 (cred == NULL || cred_rc->priority >= cred->priority) &&
1310 (cred_3gpp == NULL || cred_rc->priority >= cred_3gpp->priority))
1311 return interworking_connect_roaming_consortium(wpa_s, cred_rc,
1312 bss);
1313
1314 if (cred_3gpp &&
1315 (cred == NULL || cred_3gpp->priority >= cred->priority)) {
1316 return interworking_connect_3gpp(wpa_s, cred_3gpp, bss);
1317 }
1318
1319 if (cred == NULL) {
1320 wpa_printf(MSG_DEBUG, "Interworking: No matching credentials "
1321 "found for " MACSTR, MAC2STR(bss->bssid));
1322 return -1;
1323 }
1324
1325 realm = nai_realm_parse(bss->anqp ? bss->anqp->nai_realm : NULL,
1326 &count);
1327 if (realm == NULL) {
1328 wpa_printf(MSG_DEBUG, "Interworking: Could not parse NAI "
1329 "Realm list from " MACSTR, MAC2STR(bss->bssid));
1330 return -1;
1331 }
1332
1333 for (i = 0; i < count; i++) {
1334 if (!nai_realm_match(&realm[i], cred->realm))
1335 continue;
1336 eap = nai_realm_find_eap(cred, &realm[i]);
1337 if (eap)
1338 break;
1339 }
1340
1341 if (!eap) {
1342 wpa_printf(MSG_DEBUG, "Interworking: No matching credentials "
1343 "and EAP method found for " MACSTR,
1344 MAC2STR(bss->bssid));
1345 nai_realm_free(realm, count);
1346 return -1;
1347 }
1348
1349 wpa_printf(MSG_DEBUG, "Interworking: Connect with " MACSTR,
1350 MAC2STR(bss->bssid));
1351
1352 if (already_connected(wpa_s, cred, bss)) {
1353 wpa_msg(wpa_s, MSG_INFO, INTERWORKING_ALREADY_CONNECTED MACSTR,
1354 MAC2STR(bss->bssid));
1355 nai_realm_free(realm, count);
1356 return 0;
1357 }
1358
1359 remove_duplicate_network(wpa_s, cred, bss);
1360
1361 ssid = wpa_config_add_network(wpa_s->conf);
1362 if (ssid == NULL) {
1363 nai_realm_free(realm, count);
1364 return -1;
1365 }
1366 ssid->parent_cred = cred;
1367 wpas_notify_network_added(wpa_s, ssid);
1368 wpa_config_set_network_defaults(ssid);
1369 ssid->priority = cred->priority;
1370 ssid->temporary = 1;
1371 ssid->ssid = os_zalloc(bss->ssid_len + 1);
1372 if (ssid->ssid == NULL)
1373 goto fail;
1374 os_memcpy(ssid->ssid, bss->ssid, bss->ssid_len);
1375 ssid->ssid_len = bss->ssid_len;
1376
1377 if (interworking_set_hs20_params(wpa_s, ssid) < 0)
1378 goto fail;
1379
1380 if (wpa_config_set(ssid, "eap", eap_get_name(EAP_VENDOR_IETF,
1381 eap->method), 0) < 0)
1382 goto fail;
1383
1384 switch (eap->method) {
1385 case EAP_TYPE_TTLS:
1386 if (eap->inner_method) {
1387 os_snprintf(buf, sizeof(buf), "\"autheap=%s\"",
1388 eap_get_name(EAP_VENDOR_IETF,
1389 eap->inner_method));
1390 if (wpa_config_set(ssid, "phase2", buf, 0) < 0)
1391 goto fail;
1392 break;
1393 }
1394 switch (eap->inner_non_eap) {
1395 case NAI_REALM_INNER_NON_EAP_PAP:
1396 if (wpa_config_set(ssid, "phase2", "\"auth=PAP\"", 0) <
1397 0)
1398 goto fail;
1399 break;
1400 case NAI_REALM_INNER_NON_EAP_CHAP:
1401 if (wpa_config_set(ssid, "phase2", "\"auth=CHAP\"", 0)
1402 < 0)
1403 goto fail;
1404 break;
1405 case NAI_REALM_INNER_NON_EAP_MSCHAP:
1406 if (wpa_config_set(ssid, "phase2", "\"auth=MSCHAP\"",
1407 0) < 0)
1408 goto fail;
1409 break;
1410 case NAI_REALM_INNER_NON_EAP_MSCHAPV2:
1411 if (wpa_config_set(ssid, "phase2", "\"auth=MSCHAPV2\"",
1412 0) < 0)
1413 goto fail;
1414 break;
1415 default:
1416 /* EAP params were not set - assume TTLS/MSCHAPv2 */
1417 if (wpa_config_set(ssid, "phase2", "\"auth=MSCHAPV2\"",
1418 0) < 0)
1419 goto fail;
1420 break;
1421 }
1422 break;
1423 case EAP_TYPE_PEAP:
1424 case EAP_TYPE_FAST:
1425 if (wpa_config_set(ssid, "phase1", "\"fast_provisioning=2\"",
1426 0) < 0)
1427 goto fail;
1428 if (wpa_config_set(ssid, "pac_file",
1429 "\"blob://pac_interworking\"", 0) < 0)
1430 goto fail;
1431 os_snprintf(buf, sizeof(buf), "\"auth=%s\"",
1432 eap_get_name(EAP_VENDOR_IETF,
1433 eap->inner_method ?
1434 eap->inner_method :
1435 EAP_TYPE_MSCHAPV2));
1436 if (wpa_config_set(ssid, "phase2", buf, 0) < 0)
1437 goto fail;
1438 break;
1439 case EAP_TYPE_TLS:
1440 break;
1441 }
1442
1443 if (interworking_set_eap_params(ssid, cred,
1444 eap->method == EAP_TYPE_TTLS) < 0)
1445 goto fail;
1446
1447 nai_realm_free(realm, count);
1448
1449 wpa_s->next_ssid = ssid;
1450 wpa_config_update_prio_list(wpa_s->conf);
1451 interworking_reconnect(wpa_s);
1452
1453 return 0;
1454
1455 fail:
1456 wpas_notify_network_removed(wpa_s, ssid);
1457 wpa_config_remove_network(wpa_s->conf, ssid->id);
1458 nai_realm_free(realm, count);
1459 return -1;
1460 }
1461
1462
1463 static struct wpa_cred * interworking_credentials_available_3gpp(
1464 struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
1465 {
1466 struct wpa_cred *selected = NULL;
1467 #ifdef INTERWORKING_3GPP
1468 struct wpa_cred *cred;
1469 int ret;
1470
1471 if (bss->anqp == NULL || bss->anqp->anqp_3gpp == NULL)
1472 return NULL;
1473
1474 #ifdef CONFIG_EAP_PROXY
1475 if (!wpa_s->imsi[0]) {
1476 size_t len;
1477 wpa_printf(MSG_DEBUG, "Interworking: IMSI not available - try to read again through eap_proxy");
1478 wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol,
1479 wpa_s->imsi,
1480 &len);
1481 if (wpa_s->mnc_len > 0) {
1482 wpa_s->imsi[len] = '\0';
1483 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
1484 wpa_s->imsi, wpa_s->mnc_len);
1485 } else {
1486 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
1487 }
1488 }
1489 #endif /* CONFIG_EAP_PROXY */
1490
1491 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
1492 char *sep;
1493 const char *imsi;
1494 int mnc_len;
1495 char imsi_buf[16];
1496 size_t msin_len;
1497
1498 #ifdef PCSC_FUNCS
1499 if (cred->pcsc && wpa_s->conf->pcsc_reader && wpa_s->scard &&
1500 wpa_s->imsi[0]) {
1501 imsi = wpa_s->imsi;
1502 mnc_len = wpa_s->mnc_len;
1503 goto compare;
1504 }
1505 #endif /* PCSC_FUNCS */
1506 #ifdef CONFIG_EAP_PROXY
1507 if (cred->pcsc && wpa_s->mnc_len > 0 && wpa_s->imsi[0]) {
1508 imsi = wpa_s->imsi;
1509 mnc_len = wpa_s->mnc_len;
1510 goto compare;
1511 }
1512 #endif /* CONFIG_EAP_PROXY */
1513
1514 if (cred->imsi == NULL || !cred->imsi[0] ||
1515 (!wpa_s->conf->external_sim &&
1516 (cred->milenage == NULL || !cred->milenage[0])))
1517 continue;
1518
1519 sep = os_strchr(cred->imsi, '-');
1520 if (sep == NULL ||
1521 (sep - cred->imsi != 5 && sep - cred->imsi != 6))
1522 continue;
1523 mnc_len = sep - cred->imsi - 3;
1524 os_memcpy(imsi_buf, cred->imsi, 3 + mnc_len);
1525 sep++;
1526 msin_len = os_strlen(cred->imsi);
1527 if (3 + mnc_len + msin_len >= sizeof(imsi_buf) - 1)
1528 msin_len = sizeof(imsi_buf) - 3 - mnc_len - 1;
1529 os_memcpy(&imsi_buf[3 + mnc_len], sep, msin_len);
1530 imsi_buf[3 + mnc_len + msin_len] = '\0';
1531 imsi = imsi_buf;
1532
1533 #if defined(PCSC_FUNCS) || defined(CONFIG_EAP_PROXY)
1534 compare:
1535 #endif /* PCSC_FUNCS || CONFIG_EAP_PROXY */
1536 wpa_printf(MSG_DEBUG, "Interworking: Parsing 3GPP info from "
1537 MACSTR, MAC2STR(bss->bssid));
1538 ret = plmn_id_match(bss->anqp->anqp_3gpp, imsi, mnc_len);
1539 wpa_printf(MSG_DEBUG, "PLMN match %sfound", ret ? "" : "not ");
1540 if (ret) {
1541 if (cred_excluded_ssid(cred, bss))
1542 continue;
1543 if (cred_no_required_oi_match(cred, bss))
1544 continue;
1545 if (selected == NULL ||
1546 selected->priority < cred->priority)
1547 selected = cred;
1548 }
1549 }
1550 #endif /* INTERWORKING_3GPP */
1551 return selected;
1552 }
1553
1554
1555 static struct wpa_cred * interworking_credentials_available_realm(
1556 struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
1557 {
1558 struct wpa_cred *cred, *selected = NULL;
1559 struct nai_realm *realm;
1560 u16 count, i;
1561
1562 if (bss->anqp == NULL || bss->anqp->nai_realm == NULL)
1563 return NULL;
1564
1565 if (wpa_s->conf->cred == NULL)
1566 return NULL;
1567
1568 wpa_printf(MSG_DEBUG, "Interworking: Parsing NAI Realm list from "
1569 MACSTR, MAC2STR(bss->bssid));
1570 realm = nai_realm_parse(bss->anqp->nai_realm, &count);
1571 if (realm == NULL) {
1572 wpa_printf(MSG_DEBUG, "Interworking: Could not parse NAI "
1573 "Realm list from " MACSTR, MAC2STR(bss->bssid));
1574 return NULL;
1575 }
1576
1577 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
1578 if (cred->realm == NULL)
1579 continue;
1580
1581 for (i = 0; i < count; i++) {
1582 if (!nai_realm_match(&realm[i], cred->realm))
1583 continue;
1584 if (nai_realm_find_eap(cred, &realm[i])) {
1585 if (cred_excluded_ssid(cred, bss))
1586 continue;
1587 if (cred_no_required_oi_match(cred, bss))
1588 continue;
1589 if (selected == NULL ||
1590 selected->priority < cred->priority)
1591 selected = cred;
1592 break;
1593 }
1594 }
1595 }
1596
1597 nai_realm_free(realm, count);
1598
1599 return selected;
1600 }
1601
1602
1603 static struct wpa_cred * interworking_credentials_available(
1604 struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
1605 {
1606 struct wpa_cred *cred, *cred2;
1607
1608 if (disallowed_bssid(wpa_s, bss->bssid) ||
1609 disallowed_ssid(wpa_s, bss->ssid, bss->ssid_len)) {
1610 wpa_printf(MSG_DEBUG, "Interworking: Ignore disallowed BSS "
1611 MACSTR, MAC2STR(bss->bssid));
1612 return NULL;
1613 }
1614
1615 cred = interworking_credentials_available_realm(wpa_s, bss);
1616 cred2 = interworking_credentials_available_3gpp(wpa_s, bss);
1617 if (cred && cred2 && cred2->priority >= cred->priority)
1618 cred = cred2;
1619 if (!cred)
1620 cred = cred2;
1621
1622 cred2 = interworking_credentials_available_roaming_consortium(wpa_s,
1623 bss);
1624 if (cred && cred2 && cred2->priority >= cred->priority)
1625 cred = cred2;
1626 if (!cred)
1627 cred = cred2;
1628
1629 return cred;
1630 }
1631
1632
1633 static int domain_name_list_contains(struct wpabuf *domain_names,
1634 const char *domain, int exact_match)
1635 {
1636 const u8 *pos, *end;
1637 size_t len;
1638
1639 len = os_strlen(domain);
1640 pos = wpabuf_head(domain_names);
1641 end = pos + wpabuf_len(domain_names);
1642
1643 while (pos + 1 < end) {
1644 if (pos + 1 + pos[0] > end)
1645 break;
1646
1647 wpa_hexdump_ascii(MSG_DEBUG, "Interworking: AP domain name",
1648 pos + 1, pos[0]);
1649 if (pos[0] == len &&
1650 os_strncasecmp(domain, (const char *) (pos + 1), len) == 0)
1651 return 1;
1652 if (!exact_match && pos[0] > len && pos[pos[0] - len] == '.') {
1653 const char *ap = (const char *) (pos + 1);
1654 int offset = pos[0] - len;
1655 if (os_strncasecmp(domain, ap + offset, len) == 0)
1656 return 1;
1657 }
1658
1659 pos += 1 + pos[0];
1660 }
1661
1662 return 0;
1663 }
1664
1665
1666 int interworking_home_sp_cred(struct wpa_supplicant *wpa_s,
1667 struct wpa_cred *cred,
1668 struct wpabuf *domain_names)
1669 {
1670 size_t i;
1671 int ret = -1;
1672 #ifdef INTERWORKING_3GPP
1673 char nai[100], *realm;
1674
1675 char *imsi = NULL;
1676 int mnc_len = 0;
1677 if (cred->imsi)
1678 imsi = cred->imsi;
1679 #ifdef CONFIG_PCSC
1680 else if (cred->pcsc && wpa_s->conf->pcsc_reader &&
1681 wpa_s->scard && wpa_s->imsi[0]) {
1682 imsi = wpa_s->imsi;
1683 mnc_len = wpa_s->mnc_len;
1684 }
1685 #endif /* CONFIG_PCSC */
1686 #ifdef CONFIG_EAP_PROXY
1687 else if (cred->pcsc && wpa_s->mnc_len > 0 && wpa_s->imsi[0]) {
1688 imsi = wpa_s->imsi;
1689 mnc_len = wpa_s->mnc_len;
1690 }
1691 #endif /* CONFIG_EAP_PROXY */
1692 if (domain_names &&
1693 imsi && build_root_nai(nai, sizeof(nai), imsi, mnc_len, 0) == 0) {
1694 realm = os_strchr(nai, '@');
1695 if (realm)
1696 realm++;
1697 wpa_printf(MSG_DEBUG, "Interworking: Search for match "
1698 "with SIM/USIM domain %s", realm);
1699 if (realm &&
1700 domain_name_list_contains(domain_names, realm, 1))
1701 return 1;
1702 if (realm)
1703 ret = 0;
1704 }
1705 #endif /* INTERWORKING_3GPP */
1706
1707 if (domain_names == NULL || cred->domain == NULL)
1708 return ret;
1709
1710 for (i = 0; i < cred->num_domain; i++) {
1711 wpa_printf(MSG_DEBUG, "Interworking: Search for match with "
1712 "home SP FQDN %s", cred->domain[i]);
1713 if (domain_name_list_contains(domain_names, cred->domain[i], 1))
1714 return 1;
1715 }
1716
1717 return 0;
1718 }
1719
1720
1721 static int interworking_home_sp(struct wpa_supplicant *wpa_s,
1722 struct wpabuf *domain_names)
1723 {
1724 struct wpa_cred *cred;
1725
1726 if (domain_names == NULL || wpa_s->conf->cred == NULL)
1727 return -1;
1728
1729 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
1730 int res = interworking_home_sp_cred(wpa_s, cred, domain_names);
1731 if (res)
1732 return res;
1733 }
1734
1735 return 0;
1736 }
1737
1738
1739 static int interworking_find_network_match(struct wpa_supplicant *wpa_s)
1740 {
1741 struct wpa_bss *bss;
1742 struct wpa_ssid *ssid;
1743
1744 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1745 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1746 if (wpas_network_disabled(wpa_s, ssid) ||
1747 ssid->mode != WPAS_MODE_INFRA)
1748 continue;
1749 if (ssid->ssid_len != bss->ssid_len ||
1750 os_memcmp(ssid->ssid, bss->ssid, ssid->ssid_len) !=
1751 0)
1752 continue;
1753 /*
1754 * TODO: Consider more accurate matching of security
1755 * configuration similarly to what is done in events.c
1756 */
1757 return 1;
1758 }
1759 }
1760
1761 return 0;
1762 }
1763
1764
1765 static int roaming_partner_match(struct wpa_supplicant *wpa_s,
1766 struct roaming_partner *partner,
1767 struct wpabuf *domain_names)
1768 {
1769 if (!domain_name_list_contains(domain_names, partner->fqdn,
1770 partner->exact_match))
1771 return 0;
1772 /* TODO: match Country */
1773 return 1;
1774 }
1775
1776
1777 static u8 roaming_prio(struct wpa_supplicant *wpa_s, struct wpa_cred *cred,
1778 struct wpa_bss *bss)
1779 {
1780 size_t i;
1781
1782 if (bss->anqp == NULL || bss->anqp->domain_name == NULL)
1783 return 128; /* cannot check preference with domain name */
1784
1785 if (interworking_home_sp_cred(wpa_s, cred, bss->anqp->domain_name) > 0)
1786 return 0; /* max preference for home SP network */
1787
1788 for (i = 0; i < cred->num_roaming_partner; i++) {
1789 if (roaming_partner_match(wpa_s, &cred->roaming_partner[i],
1790 bss->anqp->domain_name))
1791 return cred->roaming_partner[i].priority;
1792 }
1793
1794 return 128;
1795 }
1796
1797
1798 static struct wpa_bss * pick_best_roaming_partner(struct wpa_supplicant *wpa_s,
1799 struct wpa_bss *selected,
1800 struct wpa_cred *cred)
1801 {
1802 struct wpa_bss *bss;
1803 u8 best_prio, prio;
1804
1805 /*
1806 * Check if any other BSS is operated by a more preferred roaming
1807 * partner.
1808 */
1809
1810 best_prio = roaming_prio(wpa_s, cred, selected);
1811
1812 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1813 if (bss == selected)
1814 continue;
1815 cred = interworking_credentials_available(wpa_s, bss);
1816 if (!cred)
1817 continue;
1818 if (!wpa_bss_get_ie(bss, WLAN_EID_RSN))
1819 continue;
1820 prio = roaming_prio(wpa_s, cred, bss);
1821 if (prio < best_prio) {
1822 best_prio = prio;
1823 selected = bss;
1824 }
1825 }
1826
1827
1828 return selected;
1829 }
1830
1831
1832 static void interworking_select_network(struct wpa_supplicant *wpa_s)
1833 {
1834 struct wpa_bss *bss, *selected = NULL, *selected_home = NULL;
1835 int selected_prio = -999999, selected_home_prio = -999999;
1836 unsigned int count = 0;
1837 const char *type;
1838 int res;
1839 struct wpa_cred *cred, *selected_cred = NULL;
1840 struct wpa_cred *selected_home_cred = NULL;
1841
1842 wpa_s->network_select = 0;
1843
1844 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1845 cred = interworking_credentials_available(wpa_s, bss);
1846 if (!cred)
1847 continue;
1848 if (!wpa_bss_get_ie(bss, WLAN_EID_RSN)) {
1849 /*
1850 * We currently support only HS 2.0 networks and those
1851 * are required to use WPA2-Enterprise.
1852 */
1853 wpa_printf(MSG_DEBUG, "Interworking: Credential match "
1854 "with " MACSTR " but network does not use "
1855 "RSN", MAC2STR(bss->bssid));
1856 continue;
1857 }
1858 count++;
1859 res = interworking_home_sp(wpa_s, bss->anqp ?
1860 bss->anqp->domain_name : NULL);
1861 if (res > 0)
1862 type = "home";
1863 else if (res == 0)
1864 type = "roaming";
1865 else
1866 type = "unknown";
1867 wpa_msg(wpa_s, MSG_INFO, INTERWORKING_AP MACSTR " type=%s",
1868 MAC2STR(bss->bssid), type);
1869 if (wpa_s->auto_select ||
1870 (wpa_s->conf->auto_interworking &&
1871 wpa_s->auto_network_select)) {
1872 if (selected == NULL ||
1873 cred->priority > selected_prio) {
1874 selected = bss;
1875 selected_prio = cred->priority;
1876 selected_cred = cred;
1877 }
1878 if (res > 0 &&
1879 (selected_home == NULL ||
1880 cred->priority > selected_home_prio)) {
1881 selected_home = bss;
1882 selected_home_prio = cred->priority;
1883 selected_home_cred = cred;
1884 }
1885 }
1886 }
1887
1888 if (selected_home && selected_home != selected &&
1889 selected_home_prio >= selected_prio) {
1890 /* Prefer network operated by the Home SP */
1891 selected = selected_home;
1892 selected_cred = selected_home_cred;
1893 }
1894
1895 if (count == 0) {
1896 /*
1897 * No matching network was found based on configured
1898 * credentials. Check whether any of the enabled network blocks
1899 * have matching APs.
1900 */
1901 if (interworking_find_network_match(wpa_s)) {
1902 wpa_printf(MSG_DEBUG, "Interworking: Possible BSS "
1903 "match for enabled network configurations");
1904 if (wpa_s->auto_select)
1905 interworking_reconnect(wpa_s);
1906 return;
1907 }
1908
1909 if (wpa_s->auto_network_select) {
1910 wpa_printf(MSG_DEBUG, "Interworking: Continue "
1911 "scanning after ANQP fetch");
1912 wpa_supplicant_req_scan(wpa_s, wpa_s->scan_interval,
1913 0);
1914 return;
1915 }
1916
1917 wpa_msg(wpa_s, MSG_INFO, INTERWORKING_NO_MATCH "No network "
1918 "with matching credentials found");
1919 }
1920
1921 if (selected) {
1922 selected = pick_best_roaming_partner(wpa_s, selected,
1923 selected_cred);
1924 interworking_connect(wpa_s, selected);
1925 }
1926 }
1927
1928
1929 static struct wpa_bss_anqp *
1930 interworking_match_anqp_info(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
1931 {
1932 struct wpa_bss *other;
1933
1934 if (is_zero_ether_addr(bss->hessid))
1935 return NULL; /* Cannot be in the same homegenous ESS */
1936
1937 dl_list_for_each(other, &wpa_s->bss, struct wpa_bss, list) {
1938 if (other == bss)
1939 continue;
1940 if (other->anqp == NULL)
1941 continue;
1942 if (other->anqp->roaming_consortium == NULL &&
1943 other->anqp->nai_realm == NULL &&
1944 other->anqp->anqp_3gpp == NULL &&
1945 other->anqp->domain_name == NULL)
1946 continue;
1947 if (!(other->flags & WPA_BSS_ANQP_FETCH_TRIED))
1948 continue;
1949 if (os_memcmp(bss->hessid, other->hessid, ETH_ALEN) != 0)
1950 continue;
1951 if (bss->ssid_len != other->ssid_len ||
1952 os_memcmp(bss->ssid, other->ssid, bss->ssid_len) != 0)
1953 continue;
1954
1955 wpa_printf(MSG_DEBUG, "Interworking: Share ANQP data with "
1956 "already fetched BSSID " MACSTR " and " MACSTR,
1957 MAC2STR(other->bssid), MAC2STR(bss->bssid));
1958 other->anqp->users++;
1959 return other->anqp;
1960 }
1961
1962 return NULL;
1963 }
1964
1965
1966 static void interworking_next_anqp_fetch(struct wpa_supplicant *wpa_s)
1967 {
1968 struct wpa_bss *bss;
1969 int found = 0;
1970 const u8 *ie;
1971
1972 if (eloop_terminated() || !wpa_s->fetch_anqp_in_progress)
1973 return;
1974
1975 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1976 if (!(bss->caps & IEEE80211_CAP_ESS))
1977 continue;
1978 ie = wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB);
1979 if (ie == NULL || ie[1] < 4 || !(ie[5] & 0x80))
1980 continue; /* AP does not support Interworking */
1981 if (disallowed_bssid(wpa_s, bss->bssid) ||
1982 disallowed_ssid(wpa_s, bss->ssid, bss->ssid_len))
1983 continue; /* Disallowed BSS */
1984
1985 if (!(bss->flags & WPA_BSS_ANQP_FETCH_TRIED)) {
1986 if (bss->anqp == NULL) {
1987 bss->anqp = interworking_match_anqp_info(wpa_s,
1988 bss);
1989 if (bss->anqp) {
1990 /* Shared data already fetched */
1991 continue;
1992 }
1993 bss->anqp = wpa_bss_anqp_alloc();
1994 if (bss->anqp == NULL)
1995 break;
1996 }
1997 found++;
1998 bss->flags |= WPA_BSS_ANQP_FETCH_TRIED;
1999 wpa_msg(wpa_s, MSG_INFO, "Starting ANQP fetch for "
2000 MACSTR, MAC2STR(bss->bssid));
2001 interworking_anqp_send_req(wpa_s, bss);
2002 break;
2003 }
2004 }
2005
2006 if (found == 0) {
2007 wpa_msg(wpa_s, MSG_INFO, "ANQP fetch completed");
2008 wpa_s->fetch_anqp_in_progress = 0;
2009 if (wpa_s->network_select)
2010 interworking_select_network(wpa_s);
2011 }
2012 }
2013
2014
2015 void interworking_start_fetch_anqp(struct wpa_supplicant *wpa_s)
2016 {
2017 struct wpa_bss *bss;
2018
2019 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list)
2020 bss->flags &= ~WPA_BSS_ANQP_FETCH_TRIED;
2021
2022 wpa_s->fetch_anqp_in_progress = 1;
2023 interworking_next_anqp_fetch(wpa_s);
2024 }
2025
2026
2027 int interworking_fetch_anqp(struct wpa_supplicant *wpa_s)
2028 {
2029 if (wpa_s->fetch_anqp_in_progress || wpa_s->network_select)
2030 return 0;
2031
2032 wpa_s->network_select = 0;
2033 wpa_s->fetch_all_anqp = 1;
2034
2035 interworking_start_fetch_anqp(wpa_s);
2036
2037 return 0;
2038 }
2039
2040
2041 void interworking_stop_fetch_anqp(struct wpa_supplicant *wpa_s)
2042 {
2043 if (!wpa_s->fetch_anqp_in_progress)
2044 return;
2045
2046 wpa_s->fetch_anqp_in_progress = 0;
2047 }
2048
2049
2050 int anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst,
2051 u16 info_ids[], size_t num_ids)
2052 {
2053 struct wpabuf *buf;
2054 int ret = 0;
2055 int freq;
2056 struct wpa_bss *bss;
2057 int res;
2058
2059 freq = wpa_s->assoc_freq;
2060 bss = wpa_bss_get_bssid(wpa_s, dst);
2061 if (bss) {
2062 wpa_bss_anqp_unshare_alloc(bss);
2063 freq = bss->freq;
2064 }
2065 if (freq <= 0)
2066 return -1;
2067
2068 wpa_printf(MSG_DEBUG, "ANQP: Query Request to " MACSTR " for %u id(s)",
2069 MAC2STR(dst), (unsigned int) num_ids);
2070
2071 buf = anqp_build_req(info_ids, num_ids, NULL);
2072 if (buf == NULL)
2073 return -1;
2074
2075 res = gas_query_req(wpa_s->gas, dst, freq, buf, anqp_resp_cb, wpa_s);
2076 if (res < 0) {
2077 wpa_printf(MSG_DEBUG, "ANQP: Failed to send Query Request");
2078 wpabuf_free(buf);
2079 ret = -1;
2080 } else
2081 wpa_printf(MSG_DEBUG, "ANQP: Query started with dialog token "
2082 "%u", res);
2083
2084 return ret;
2085 }
2086
2087
2088 static void interworking_parse_rx_anqp_resp(struct wpa_supplicant *wpa_s,
2089 struct wpa_bss *bss, const u8 *sa,
2090 u16 info_id,
2091 const u8 *data, size_t slen)
2092 {
2093 const u8 *pos = data;
2094 struct wpa_bss_anqp *anqp = NULL;
2095 #ifdef CONFIG_HS20
2096 u8 type;
2097 #endif /* CONFIG_HS20 */
2098
2099 if (bss)
2100 anqp = bss->anqp;
2101
2102 switch (info_id) {
2103 case ANQP_CAPABILITY_LIST:
2104 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
2105 " ANQP Capability list", MAC2STR(sa));
2106 break;
2107 case ANQP_VENUE_NAME:
2108 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
2109 " Venue Name", MAC2STR(sa));
2110 wpa_hexdump_ascii(MSG_DEBUG, "ANQP: Venue Name", pos, slen);
2111 if (anqp) {
2112 wpabuf_free(anqp->venue_name);
2113 anqp->venue_name = wpabuf_alloc_copy(pos, slen);
2114 }
2115 break;
2116 case ANQP_NETWORK_AUTH_TYPE:
2117 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
2118 " Network Authentication Type information",
2119 MAC2STR(sa));
2120 wpa_hexdump_ascii(MSG_DEBUG, "ANQP: Network Authentication "
2121 "Type", pos, slen);
2122 if (anqp) {
2123 wpabuf_free(anqp->network_auth_type);
2124 anqp->network_auth_type = wpabuf_alloc_copy(pos, slen);
2125 }
2126 break;
2127 case ANQP_ROAMING_CONSORTIUM:
2128 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
2129 " Roaming Consortium list", MAC2STR(sa));
2130 wpa_hexdump_ascii(MSG_DEBUG, "ANQP: Roaming Consortium",
2131 pos, slen);
2132 if (anqp) {
2133 wpabuf_free(anqp->roaming_consortium);
2134 anqp->roaming_consortium = wpabuf_alloc_copy(pos, slen);
2135 }
2136 break;
2137 case ANQP_IP_ADDR_TYPE_AVAILABILITY:
2138 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
2139 " IP Address Type Availability information",
2140 MAC2STR(sa));
2141 wpa_hexdump(MSG_MSGDUMP, "ANQP: IP Address Availability",
2142 pos, slen);
2143 if (anqp) {
2144 wpabuf_free(anqp->ip_addr_type_availability);
2145 anqp->ip_addr_type_availability =
2146 wpabuf_alloc_copy(pos, slen);
2147 }
2148 break;
2149 case ANQP_NAI_REALM:
2150 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
2151 " NAI Realm list", MAC2STR(sa));
2152 wpa_hexdump_ascii(MSG_DEBUG, "ANQP: NAI Realm", pos, slen);
2153 if (anqp) {
2154 wpabuf_free(anqp->nai_realm);
2155 anqp->nai_realm = wpabuf_alloc_copy(pos, slen);
2156 }
2157 break;
2158 case ANQP_3GPP_CELLULAR_NETWORK:
2159 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
2160 " 3GPP Cellular Network information", MAC2STR(sa));
2161 wpa_hexdump_ascii(MSG_DEBUG, "ANQP: 3GPP Cellular Network",
2162 pos, slen);
2163 if (anqp) {
2164 wpabuf_free(anqp->anqp_3gpp);
2165 anqp->anqp_3gpp = wpabuf_alloc_copy(pos, slen);
2166 }
2167 break;
2168 case ANQP_DOMAIN_NAME:
2169 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
2170 " Domain Name list", MAC2STR(sa));
2171 wpa_hexdump_ascii(MSG_MSGDUMP, "ANQP: Domain Name", pos, slen);
2172 if (anqp) {
2173 wpabuf_free(anqp->domain_name);
2174 anqp->domain_name = wpabuf_alloc_copy(pos, slen);
2175 }
2176 break;
2177 case ANQP_VENDOR_SPECIFIC:
2178 if (slen < 3)
2179 return;
2180
2181 switch (WPA_GET_BE24(pos)) {
2182 #ifdef CONFIG_HS20
2183 case OUI_WFA:
2184 pos += 3;
2185 slen -= 3;
2186
2187 if (slen < 1)
2188 return;
2189 type = *pos++;
2190 slen--;
2191
2192 switch (type) {
2193 case HS20_ANQP_OUI_TYPE:
2194 hs20_parse_rx_hs20_anqp_resp(wpa_s, sa, pos,
2195 slen);
2196 break;
2197 default:
2198 wpa_printf(MSG_DEBUG, "HS20: Unsupported ANQP "
2199 "vendor type %u", type);
2200 break;
2201 }
2202 break;
2203 #endif /* CONFIG_HS20 */
2204 default:
2205 wpa_printf(MSG_DEBUG, "Interworking: Unsupported "
2206 "vendor-specific ANQP OUI %06x",
2207 WPA_GET_BE24(pos));
2208 return;
2209 }
2210 break;
2211 default:
2212 wpa_printf(MSG_DEBUG, "Interworking: Unsupported ANQP Info ID "
2213 "%u", info_id);
2214 break;
2215 }
2216 }
2217
2218
2219 void anqp_resp_cb(void *ctx, const u8 *dst, u8 dialog_token,
2220 enum gas_query_result result,
2221 const struct wpabuf *adv_proto,
2222 const struct wpabuf *resp, u16 status_code)
2223 {
2224 struct wpa_supplicant *wpa_s = ctx;
2225 const u8 *pos;
2226 const u8 *end;
2227 u16 info_id;
2228 u16 slen;
2229 struct wpa_bss *bss = NULL, *tmp;
2230
2231 if (result != GAS_QUERY_SUCCESS)
2232 return;
2233
2234 pos = wpabuf_head(adv_proto);
2235 if (wpabuf_len(adv_proto) < 4 || pos[0] != WLAN_EID_ADV_PROTO ||
2236 pos[1] < 2 || pos[3] != ACCESS_NETWORK_QUERY_PROTOCOL) {
2237 wpa_printf(MSG_DEBUG, "ANQP: Unexpected Advertisement "
2238 "Protocol in response");
2239 return;
2240 }
2241
2242 /*
2243 * If possible, select the BSS entry based on which BSS entry was used
2244 * for the request. This can help in cases where multiple BSS entries
2245 * may exist for the same AP.
2246 */
2247 dl_list_for_each_reverse(tmp, &wpa_s->bss, struct wpa_bss, list) {
2248 if (tmp == wpa_s->interworking_gas_bss &&
2249 os_memcmp(tmp->bssid, dst, ETH_ALEN) == 0) {
2250 bss = tmp;
2251 break;
2252 }
2253 }
2254 if (bss == NULL)
2255 bss = wpa_bss_get_bssid(wpa_s, dst);
2256
2257 pos = wpabuf_head(resp);
2258 end = pos + wpabuf_len(resp);
2259
2260 while (pos < end) {
2261 if (pos + 4 > end) {
2262 wpa_printf(MSG_DEBUG, "ANQP: Invalid element");
2263 break;
2264 }
2265 info_id = WPA_GET_LE16(pos);
2266 pos += 2;
2267 slen = WPA_GET_LE16(pos);
2268 pos += 2;
2269 if (pos + slen > end) {
2270 wpa_printf(MSG_DEBUG, "ANQP: Invalid element length "
2271 "for Info ID %u", info_id);
2272 break;
2273 }
2274 interworking_parse_rx_anqp_resp(wpa_s, bss, dst, info_id, pos,
2275 slen);
2276 pos += slen;
2277 }
2278 }
2279
2280
2281 static void interworking_scan_res_handler(struct wpa_supplicant *wpa_s,
2282 struct wpa_scan_results *scan_res)
2283 {
2284 wpa_printf(MSG_DEBUG, "Interworking: Scan results available - start "
2285 "ANQP fetch");
2286 interworking_start_fetch_anqp(wpa_s);
2287 }
2288
2289
2290 int interworking_select(struct wpa_supplicant *wpa_s, int auto_select,
2291 int *freqs)
2292 {
2293 interworking_stop_fetch_anqp(wpa_s);
2294 wpa_s->network_select = 1;
2295 wpa_s->auto_network_select = 0;
2296 wpa_s->auto_select = !!auto_select;
2297 wpa_s->fetch_all_anqp = 0;
2298 wpa_printf(MSG_DEBUG, "Interworking: Start scan for network "
2299 "selection");
2300 wpa_s->scan_res_handler = interworking_scan_res_handler;
2301 wpa_s->normal_scans = 0;
2302 wpa_s->scan_req = MANUAL_SCAN_REQ;
2303 os_free(wpa_s->manual_scan_freqs);
2304 wpa_s->manual_scan_freqs = freqs;
2305 wpa_s->after_wps = 0;
2306 wpa_s->known_wps_freq = 0;
2307 wpa_supplicant_req_scan(wpa_s, 0, 0);
2308
2309 return 0;
2310 }
2311
2312
2313 static void gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token,
2314 enum gas_query_result result,
2315 const struct wpabuf *adv_proto,
2316 const struct wpabuf *resp, u16 status_code)
2317 {
2318 struct wpa_supplicant *wpa_s = ctx;
2319 struct wpabuf *n;
2320
2321 wpa_msg(wpa_s, MSG_INFO, GAS_RESPONSE_INFO "addr=" MACSTR
2322 " dialog_token=%d status_code=%d resp_len=%d",
2323 MAC2STR(addr), dialog_token, status_code,
2324 resp ? (int) wpabuf_len(resp) : -1);
2325 if (!resp)
2326 return;
2327
2328 n = wpabuf_dup(resp);
2329 if (n == NULL)
2330 return;
2331 wpabuf_free(wpa_s->prev_gas_resp);
2332 wpa_s->prev_gas_resp = wpa_s->last_gas_resp;
2333 os_memcpy(wpa_s->prev_gas_addr, wpa_s->last_gas_addr, ETH_ALEN);
2334 wpa_s->prev_gas_dialog_token = wpa_s->last_gas_dialog_token;
2335 wpa_s->last_gas_resp = n;
2336 os_memcpy(wpa_s->last_gas_addr, addr, ETH_ALEN);
2337 wpa_s->last_gas_dialog_token = dialog_token;
2338 }
2339
2340
2341 int gas_send_request(struct wpa_supplicant *wpa_s, const u8 *dst,
2342 const struct wpabuf *adv_proto,
2343 const struct wpabuf *query)
2344 {
2345 struct wpabuf *buf;
2346 int ret = 0;
2347 int freq;
2348 struct wpa_bss *bss;
2349 int res;
2350 size_t len;
2351 u8 query_resp_len_limit = 0, pame_bi = 0;
2352
2353 freq = wpa_s->assoc_freq;
2354 bss = wpa_bss_get_bssid(wpa_s, dst);
2355 if (bss)
2356 freq = bss->freq;
2357 if (freq <= 0)
2358 return -1;
2359
2360 wpa_printf(MSG_DEBUG, "GAS request to " MACSTR " (freq %d MHz)",
2361 MAC2STR(dst), freq);
2362 wpa_hexdump_buf(MSG_DEBUG, "Advertisement Protocol ID", adv_proto);
2363 wpa_hexdump_buf(MSG_DEBUG, "GAS Query", query);
2364
2365 len = 3 + wpabuf_len(adv_proto) + 2;
2366 if (query)
2367 len += wpabuf_len(query);
2368 buf = gas_build_initial_req(0, len);
2369 if (buf == NULL)
2370 return -1;
2371
2372 /* Advertisement Protocol IE */
2373 wpabuf_put_u8(buf, WLAN_EID_ADV_PROTO);
2374 wpabuf_put_u8(buf, 1 + wpabuf_len(adv_proto)); /* Length */
2375 wpabuf_put_u8(buf, (query_resp_len_limit & 0x7f) |
2376 (pame_bi ? 0x80 : 0));
2377 wpabuf_put_buf(buf, adv_proto);
2378
2379 /* GAS Query */
2380 if (query) {
2381 wpabuf_put_le16(buf, wpabuf_len(query));
2382 wpabuf_put_buf(buf, query);
2383 } else
2384 wpabuf_put_le16(buf, 0);
2385
2386 res = gas_query_req(wpa_s->gas, dst, freq, buf, gas_resp_cb, wpa_s);
2387 if (res < 0) {
2388 wpa_printf(MSG_DEBUG, "GAS: Failed to send Query Request");
2389 wpabuf_free(buf);
2390 ret = -1;
2391 } else
2392 wpa_printf(MSG_DEBUG, "GAS: Query started with dialog token "
2393 "%u", res);
2394
2395 return ret;
2396 }
Unnamed repository; edit this file 'description' to name the repository.