]>
Commit | Line | Data |
---|---|---|
25471fe3 JK |
1 | /* |
2 | * Copyright (c) 2009, Atheros Communications, Inc. | |
1d2215fc | 3 | * Copyright (c) 2011-2013, Qualcomm Atheros, Inc. |
25471fe3 JK |
4 | * |
5 | * This software may be distributed under the terms of the BSD license. | |
6 | * See README for more details. | |
7 | */ | |
8 | ||
9 | #include "includes.h" | |
d10b01d2 | 10 | #include <sys/stat.h> |
25471fe3 JK |
11 | |
12 | #include "common.h" | |
13 | #include "eloop.h" | |
14 | #include "common/ieee802_11_common.h" | |
15 | #include "common/ieee802_11_defs.h" | |
16 | #include "common/gas.h" | |
17 | #include "common/wpa_ctrl.h" | |
7ef69479 | 18 | #include "rsn_supp/wpa.h" |
25471fe3 JK |
19 | #include "wpa_supplicant_i.h" |
20 | #include "driver_i.h" | |
21 | #include "config.h" | |
b572df86 | 22 | #include "scan.h" |
25471fe3 | 23 | #include "bss.h" |
7ef69479 | 24 | #include "blacklist.h" |
25471fe3 JK |
25 | #include "gas_query.h" |
26 | #include "interworking.h" | |
27 | #include "hs20_supplicant.h" | |
8dd5c1b4 | 28 | #include "base64.h" |
25471fe3 JK |
29 | |
30 | ||
b572df86 JM |
31 | #define OSU_MAX_ITEMS 10 |
32 | ||
33 | struct osu_lang_string { | |
34 | char lang[4]; | |
35 | char text[253]; | |
36 | }; | |
37 | ||
38 | struct osu_icon { | |
39 | u16 width; | |
40 | u16 height; | |
41 | char lang[4]; | |
42 | char icon_type[256]; | |
43 | char filename[256]; | |
44 | unsigned int id; | |
45 | unsigned int failed:1; | |
46 | }; | |
47 | ||
48 | struct osu_provider { | |
49 | u8 bssid[ETH_ALEN]; | |
d9d1b952 | 50 | u8 osu_ssid[SSID_MAX_LEN]; |
b572df86 | 51 | u8 osu_ssid_len; |
075926ec JM |
52 | u8 osu_ssid2[SSID_MAX_LEN]; |
53 | u8 osu_ssid2_len; | |
b572df86 JM |
54 | char server_uri[256]; |
55 | u32 osu_methods; /* bit 0 = OMA-DM, bit 1 = SOAP-XML SPP */ | |
56 | char osu_nai[256]; | |
baf4c863 | 57 | char osu_nai2[256]; |
b572df86 JM |
58 | struct osu_lang_string friendly_name[OSU_MAX_ITEMS]; |
59 | size_t friendly_name_count; | |
60 | struct osu_lang_string serv_desc[OSU_MAX_ITEMS]; | |
61 | size_t serv_desc_count; | |
62 | struct osu_icon icon[OSU_MAX_ITEMS]; | |
63 | size_t icon_count; | |
64 | }; | |
65 | ||
66 | ||
ece4ac5f MG |
67 | void hs20_configure_frame_filters(struct wpa_supplicant *wpa_s) |
68 | { | |
69 | struct wpa_bss *bss = wpa_s->current_bss; | |
70 | u8 *bssid = wpa_s->bssid; | |
71 | const u8 *ie; | |
72 | const u8 *ext_capa; | |
73 | u32 filter = 0; | |
74 | ||
75 | if (!bss || !is_hs20_network(wpa_s, wpa_s->current_ssid, bss)) { | |
76 | wpa_printf(MSG_DEBUG, | |
77 | "Not configuring frame filtering - BSS " MACSTR | |
78 | " is not a Hotspot 2.0 network", MAC2STR(bssid)); | |
79 | return; | |
80 | } | |
81 | ||
82 | ie = wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE); | |
83 | ||
84 | /* Check if DGAF disabled bit is zero (5th byte in the IE) */ | |
85 | if (!ie || ie[1] < 5) | |
86 | wpa_printf(MSG_DEBUG, | |
87 | "Not configuring frame filtering - Can't extract DGAF bit"); | |
88 | else if (!(ie[6] & HS20_DGAF_DISABLED)) | |
89 | filter |= WPA_DATA_FRAME_FILTER_FLAG_GTK; | |
90 | ||
91 | ext_capa = wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB); | |
92 | if (!ext_capa || ext_capa[1] < 2) { | |
93 | wpa_printf(MSG_DEBUG, | |
94 | "Not configuring frame filtering - Can't extract Proxy ARP bit"); | |
95 | return; | |
96 | } | |
97 | ||
ed87f6a8 | 98 | if (wpa_bss_ext_capab(bss, WLAN_EXT_CAPAB_PROXY_ARP)) |
ece4ac5f MG |
99 | filter |= WPA_DATA_FRAME_FILTER_FLAG_ARP | |
100 | WPA_DATA_FRAME_FILTER_FLAG_NA; | |
101 | ||
102 | wpa_drv_configure_frame_filters(wpa_s, filter); | |
103 | } | |
104 | ||
105 | ||
ec2cf403 | 106 | void wpas_hs20_add_indication(struct wpabuf *buf, int pps_mo_id, int ap_release) |
c923b8a5 | 107 | { |
ec2cf403 | 108 | int release; |
f9cd147d JM |
109 | u8 conf; |
110 | ||
ec2cf403 JM |
111 | release = (HS20_VERSION >> 4) + 1; |
112 | if (ap_release > 0 && release > ap_release) | |
113 | release = ap_release; | |
114 | if (release < 2) | |
115 | pps_mo_id = -1; | |
116 | ||
c923b8a5 | 117 | wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC); |
f9cd147d | 118 | wpabuf_put_u8(buf, pps_mo_id >= 0 ? 7 : 5); |
c923b8a5 JK |
119 | wpabuf_put_be24(buf, OUI_WFA); |
120 | wpabuf_put_u8(buf, HS20_INDICATION_OUI_TYPE); | |
ec2cf403 | 121 | conf = (release - 1) << 4; |
f9cd147d JM |
122 | if (pps_mo_id >= 0) |
123 | conf |= HS20_PPS_MO_ID_PRESENT; | |
124 | wpabuf_put_u8(buf, conf); | |
125 | if (pps_mo_id >= 0) | |
126 | wpabuf_put_le16(buf, pps_mo_id); | |
c923b8a5 JK |
127 | } |
128 | ||
129 | ||
4204669c JM |
130 | void wpas_hs20_add_roam_cons_sel(struct wpabuf *buf, |
131 | const struct wpa_ssid *ssid) | |
132 | { | |
133 | if (!ssid->roaming_consortium_selection || | |
134 | !ssid->roaming_consortium_selection_len) | |
135 | return; | |
136 | ||
137 | wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC); | |
138 | wpabuf_put_u8(buf, 4 + ssid->roaming_consortium_selection_len); | |
139 | wpabuf_put_be24(buf, OUI_WFA); | |
140 | wpabuf_put_u8(buf, HS20_ROAMING_CONS_SEL_OUI_TYPE); | |
141 | wpabuf_put_data(buf, ssid->roaming_consortium_selection, | |
142 | ssid->roaming_consortium_selection_len); | |
143 | } | |
144 | ||
145 | ||
ec2cf403 JM |
146 | int get_hs20_version(struct wpa_bss *bss) |
147 | { | |
148 | const u8 *ie; | |
149 | ||
150 | if (!bss) | |
151 | return 0; | |
152 | ||
153 | ie = wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE); | |
154 | if (!ie || ie[1] < 5) | |
155 | return 0; | |
156 | ||
157 | return ((ie[6] >> 4) & 0x0f) + 1; | |
158 | } | |
159 | ||
160 | ||
55a2df43 JM |
161 | int is_hs20_network(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, |
162 | struct wpa_bss *bss) | |
163 | { | |
164 | if (!wpa_s->conf->hs20 || !ssid) | |
165 | return 0; | |
166 | ||
167 | if (ssid->parent_cred) | |
168 | return 1; | |
169 | ||
170 | if (bss && !wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE)) | |
171 | return 0; | |
172 | ||
173 | /* | |
174 | * This may catch some non-Hotspot 2.0 cases, but it is safer to do that | |
175 | * than cause Hotspot 2.0 connections without indication element getting | |
176 | * added. Non-Hotspot 2.0 APs should ignore the unknown vendor element. | |
177 | */ | |
178 | ||
179 | if (!(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X)) | |
180 | return 0; | |
181 | if (!(ssid->pairwise_cipher & WPA_CIPHER_CCMP)) | |
182 | return 0; | |
183 | if (ssid->proto != WPA_PROTO_RSN) | |
184 | return 0; | |
185 | ||
186 | return 1; | |
187 | } | |
188 | ||
189 | ||
f9cd147d JM |
190 | int hs20_get_pps_mo_id(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) |
191 | { | |
192 | struct wpa_cred *cred; | |
193 | ||
e376290c DS |
194 | if (ssid == NULL) |
195 | return 0; | |
196 | ||
197 | if (ssid->update_identifier) | |
198 | return ssid->update_identifier; | |
199 | ||
200 | if (ssid->parent_cred == NULL) | |
f9cd147d JM |
201 | return 0; |
202 | ||
203 | for (cred = wpa_s->conf->cred; cred; cred = cred->next) { | |
204 | if (ssid->parent_cred == cred) | |
205 | return cred->update_identifier; | |
206 | } | |
207 | ||
208 | return 0; | |
209 | } | |
210 | ||
211 | ||
cf28c66b DS |
212 | void hs20_put_anqp_req(u32 stypes, const u8 *payload, size_t payload_len, |
213 | struct wpabuf *buf) | |
25471fe3 | 214 | { |
25471fe3 JK |
215 | u8 *len_pos; |
216 | ||
25471fe3 | 217 | if (buf == NULL) |
cf28c66b | 218 | return; |
25471fe3 JK |
219 | |
220 | len_pos = gas_anqp_add_element(buf, ANQP_VENDOR_SPECIFIC); | |
221 | wpabuf_put_be24(buf, OUI_WFA); | |
222 | wpabuf_put_u8(buf, HS20_ANQP_OUI_TYPE); | |
223 | if (stypes == BIT(HS20_STYPE_NAI_HOME_REALM_QUERY)) { | |
224 | wpabuf_put_u8(buf, HS20_STYPE_NAI_HOME_REALM_QUERY); | |
225 | wpabuf_put_u8(buf, 0); /* Reserved */ | |
226 | if (payload) | |
227 | wpabuf_put_data(buf, payload, payload_len); | |
184e110c JM |
228 | } else if (stypes == BIT(HS20_STYPE_ICON_REQUEST)) { |
229 | wpabuf_put_u8(buf, HS20_STYPE_ICON_REQUEST); | |
230 | wpabuf_put_u8(buf, 0); /* Reserved */ | |
231 | if (payload) | |
232 | wpabuf_put_data(buf, payload, payload_len); | |
25471fe3 JK |
233 | } else { |
234 | u8 i; | |
235 | wpabuf_put_u8(buf, HS20_STYPE_QUERY_LIST); | |
236 | wpabuf_put_u8(buf, 0); /* Reserved */ | |
237 | for (i = 0; i < 32; i++) { | |
238 | if (stypes & BIT(i)) | |
239 | wpabuf_put_u8(buf, i); | |
240 | } | |
241 | } | |
242 | gas_anqp_set_element_len(buf, len_pos); | |
243 | ||
244 | gas_anqp_set_len(buf); | |
cf28c66b DS |
245 | } |
246 | ||
247 | ||
99a9423c JM |
248 | static struct wpabuf * hs20_build_anqp_req(u32 stypes, const u8 *payload, |
249 | size_t payload_len) | |
cf28c66b DS |
250 | { |
251 | struct wpabuf *buf; | |
252 | ||
253 | buf = gas_anqp_build_initial_req(0, 100 + payload_len); | |
254 | if (buf == NULL) | |
255 | return NULL; | |
256 | ||
257 | hs20_put_anqp_req(stypes, payload, payload_len, buf); | |
25471fe3 JK |
258 | |
259 | return buf; | |
260 | } | |
261 | ||
262 | ||
263 | int hs20_anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst, u32 stypes, | |
8dd5c1b4 | 264 | const u8 *payload, size_t payload_len, int inmem) |
25471fe3 JK |
265 | { |
266 | struct wpabuf *buf; | |
267 | int ret = 0; | |
268 | int freq; | |
269 | struct wpa_bss *bss; | |
270 | int res; | |
8dd5c1b4 | 271 | struct icon_entry *icon_entry; |
25471fe3 | 272 | |
25471fe3 | 273 | bss = wpa_bss_get_bssid(wpa_s, dst); |
0c280718 MG |
274 | if (!bss) { |
275 | wpa_printf(MSG_WARNING, | |
276 | "ANQP: Cannot send query to unknown BSS " | |
277 | MACSTR, MAC2STR(dst)); | |
25471fe3 | 278 | return -1; |
0c280718 MG |
279 | } |
280 | ||
281 | wpa_bss_anqp_unshare_alloc(bss); | |
282 | freq = bss->freq; | |
25471fe3 JK |
283 | |
284 | wpa_printf(MSG_DEBUG, "HS20: ANQP Query Request to " MACSTR " for " | |
285 | "subtypes 0x%x", MAC2STR(dst), stypes); | |
286 | ||
287 | buf = hs20_build_anqp_req(stypes, payload, payload_len); | |
288 | if (buf == NULL) | |
289 | return -1; | |
290 | ||
aca4d84e | 291 | res = gas_query_req(wpa_s->gas, dst, freq, 0, buf, anqp_resp_cb, wpa_s); |
25471fe3 JK |
292 | if (res < 0) { |
293 | wpa_printf(MSG_DEBUG, "ANQP: Failed to send Query Request"); | |
24c694b4 | 294 | wpabuf_free(buf); |
8dd5c1b4 | 295 | return -1; |
25471fe3 JK |
296 | } else |
297 | wpa_printf(MSG_DEBUG, "ANQP: Query started with dialog token " | |
298 | "%u", res); | |
299 | ||
8dd5c1b4 JN |
300 | if (inmem) { |
301 | icon_entry = os_zalloc(sizeof(struct icon_entry)); | |
302 | if (!icon_entry) | |
303 | return -1; | |
304 | os_memcpy(icon_entry->bssid, dst, ETH_ALEN); | |
305 | icon_entry->file_name = os_malloc(payload_len + 1); | |
306 | if (!icon_entry->file_name) { | |
307 | os_free(icon_entry); | |
308 | return -1; | |
309 | } | |
310 | os_memcpy(icon_entry->file_name, payload, payload_len); | |
311 | icon_entry->file_name[payload_len] = '\0'; | |
312 | icon_entry->dialog_token = res; | |
313 | ||
ca9968a0 | 314 | dl_list_add(&wpa_s->icon_head, &icon_entry->list); |
8dd5c1b4 JN |
315 | } |
316 | ||
25471fe3 JK |
317 | return ret; |
318 | } | |
319 | ||
320 | ||
8dd5c1b4 JN |
321 | static struct icon_entry * hs20_find_icon(struct wpa_supplicant *wpa_s, |
322 | const u8 *bssid, | |
323 | const char *file_name) | |
324 | { | |
325 | struct icon_entry *icon; | |
326 | ||
ca9968a0 | 327 | dl_list_for_each(icon, &wpa_s->icon_head, struct icon_entry, list) { |
8dd5c1b4 JN |
328 | if (os_memcmp(icon->bssid, bssid, ETH_ALEN) == 0 && |
329 | os_strcmp(icon->file_name, file_name) == 0 && icon->image) | |
330 | return icon; | |
331 | } | |
332 | ||
333 | return NULL; | |
334 | } | |
335 | ||
336 | ||
337 | int hs20_get_icon(struct wpa_supplicant *wpa_s, const u8 *bssid, | |
338 | const char *file_name, size_t offset, size_t size, | |
339 | char *reply, size_t buf_len) | |
340 | { | |
341 | struct icon_entry *icon; | |
342 | size_t out_size; | |
343 | unsigned char *b64; | |
344 | size_t b64_size; | |
345 | int reply_size; | |
346 | ||
347 | wpa_printf(MSG_DEBUG, "HS20: Get icon " MACSTR " %s @ %u +%u (%u)", | |
348 | MAC2STR(bssid), file_name, (unsigned int) offset, | |
349 | (unsigned int) size, (unsigned int) buf_len); | |
350 | ||
8dd5c1b4 JN |
351 | icon = hs20_find_icon(wpa_s, bssid, file_name); |
352 | if (!icon || !icon->image || offset >= icon->image_len) | |
353 | return -1; | |
354 | if (size > icon->image_len - offset) | |
355 | size = icon->image_len - offset; | |
356 | out_size = buf_len - 3 /* max base64 padding */; | |
357 | if (size * 4 > out_size * 3) | |
358 | size = out_size * 3 / 4; | |
359 | if (size == 0) | |
360 | return -1; | |
361 | ||
362 | b64 = base64_encode(&icon->image[offset], size, &b64_size); | |
75b2a879 | 363 | if (b64 && buf_len >= b64_size) { |
8dd5c1b4 JN |
364 | os_memcpy(reply, b64, b64_size); |
365 | reply_size = b64_size; | |
366 | } else { | |
367 | reply_size = -1; | |
368 | } | |
369 | os_free(b64); | |
370 | return reply_size; | |
371 | } | |
372 | ||
373 | ||
374 | static void hs20_free_icon_entry(struct icon_entry *icon) | |
375 | { | |
376 | wpa_printf(MSG_DEBUG, "HS20: Free stored icon from " MACSTR | |
377 | " dialog_token=%u file_name=%s image_len=%u", | |
378 | MAC2STR(icon->bssid), icon->dialog_token, | |
379 | icon->file_name ? icon->file_name : "N/A", | |
380 | (unsigned int) icon->image_len); | |
381 | os_free(icon->file_name); | |
382 | os_free(icon->image); | |
383 | os_free(icon); | |
384 | } | |
385 | ||
386 | ||
387 | int hs20_del_icon(struct wpa_supplicant *wpa_s, const u8 *bssid, | |
388 | const char *file_name) | |
389 | { | |
ca9968a0 | 390 | struct icon_entry *icon, *tmp; |
8dd5c1b4 JN |
391 | int count = 0; |
392 | ||
393 | if (!bssid) | |
394 | wpa_printf(MSG_DEBUG, "HS20: Delete all stored icons"); | |
395 | else if (!file_name) | |
396 | wpa_printf(MSG_DEBUG, "HS20: Delete all stored icons for " | |
397 | MACSTR, MAC2STR(bssid)); | |
398 | else | |
399 | wpa_printf(MSG_DEBUG, "HS20: Delete stored icons for " | |
400 | MACSTR " file name %s", MAC2STR(bssid), file_name); | |
401 | ||
ca9968a0 JM |
402 | dl_list_for_each_safe(icon, tmp, &wpa_s->icon_head, struct icon_entry, |
403 | list) { | |
404 | if ((!bssid || os_memcmp(icon->bssid, bssid, ETH_ALEN) == 0) && | |
8dd5c1b4 | 405 | (!file_name || |
ca9968a0 JM |
406 | os_strcmp(icon->file_name, file_name) == 0)) { |
407 | dl_list_del(&icon->list); | |
408 | hs20_free_icon_entry(icon); | |
8dd5c1b4 | 409 | count++; |
8dd5c1b4 | 410 | } |
8dd5c1b4 JN |
411 | } |
412 | return count == 0 ? -1 : 0; | |
413 | } | |
414 | ||
415 | ||
d10b01d2 AN |
416 | static void hs20_set_osu_access_permission(const char *osu_dir, |
417 | const char *fname) | |
418 | { | |
419 | struct stat statbuf; | |
420 | ||
421 | /* Get OSU directory information */ | |
422 | if (stat(osu_dir, &statbuf) < 0) { | |
423 | wpa_printf(MSG_WARNING, "Cannot stat the OSU directory %s", | |
424 | osu_dir); | |
425 | return; | |
426 | } | |
427 | ||
428 | if (chmod(fname, statbuf.st_mode) < 0) { | |
429 | wpa_printf(MSG_WARNING, | |
430 | "Cannot change the permissions for %s", fname); | |
431 | return; | |
432 | } | |
433 | ||
02f52ab6 | 434 | if (lchown(fname, statbuf.st_uid, statbuf.st_gid) < 0) { |
d10b01d2 AN |
435 | wpa_printf(MSG_WARNING, "Cannot change the ownership for %s", |
436 | fname); | |
437 | } | |
438 | } | |
439 | ||
61f25f80 JM |
440 | |
441 | static void hs20_remove_duplicate_icons(struct wpa_supplicant *wpa_s, | |
442 | struct icon_entry *new_icon) | |
443 | { | |
444 | struct icon_entry *icon, *tmp; | |
445 | ||
446 | dl_list_for_each_safe(icon, tmp, &wpa_s->icon_head, struct icon_entry, | |
447 | list) { | |
448 | if (icon == new_icon) | |
449 | continue; | |
450 | if (os_memcmp(icon->bssid, new_icon->bssid, ETH_ALEN) == 0 && | |
451 | os_strcmp(icon->file_name, new_icon->file_name) == 0) { | |
452 | dl_list_del(&icon->list); | |
453 | hs20_free_icon_entry(icon); | |
454 | } | |
455 | } | |
456 | } | |
457 | ||
458 | ||
b572df86 JM |
459 | static int hs20_process_icon_binary_file(struct wpa_supplicant *wpa_s, |
460 | const u8 *sa, const u8 *pos, | |
8dd5c1b4 | 461 | size_t slen, u8 dialog_token) |
b572df86 JM |
462 | { |
463 | char fname[256]; | |
464 | int png; | |
465 | FILE *f; | |
466 | u16 data_len; | |
8dd5c1b4 JN |
467 | struct icon_entry *icon; |
468 | ||
ca9968a0 | 469 | dl_list_for_each(icon, &wpa_s->icon_head, struct icon_entry, list) { |
8dd5c1b4 JN |
470 | if (icon->dialog_token == dialog_token && !icon->image && |
471 | os_memcmp(icon->bssid, sa, ETH_ALEN) == 0) { | |
a1f11e34 | 472 | icon->image = os_memdup(pos, slen); |
8dd5c1b4 JN |
473 | if (!icon->image) |
474 | return -1; | |
8dd5c1b4 | 475 | icon->image_len = slen; |
61f25f80 | 476 | hs20_remove_duplicate_icons(wpa_s, icon); |
8dd5c1b4 | 477 | wpa_msg(wpa_s, MSG_INFO, |
f465c32d | 478 | RX_HS20_ICON MACSTR " %s %u", |
8dd5c1b4 JN |
479 | MAC2STR(sa), icon->file_name, |
480 | (unsigned int) icon->image_len); | |
481 | return 0; | |
482 | } | |
483 | } | |
b572df86 | 484 | |
f465c32d | 485 | wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR " Icon Binary File", |
b572df86 JM |
486 | MAC2STR(sa)); |
487 | ||
488 | if (slen < 4) { | |
489 | wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File " | |
490 | "value from " MACSTR, MAC2STR(sa)); | |
491 | return -1; | |
492 | } | |
493 | ||
494 | wpa_printf(MSG_DEBUG, "HS 2.0: Download Status Code %u", *pos); | |
495 | if (*pos != 0) | |
496 | return -1; | |
497 | pos++; | |
498 | slen--; | |
499 | ||
500 | if ((size_t) 1 + pos[0] > slen) { | |
501 | wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File " | |
502 | "value from " MACSTR, MAC2STR(sa)); | |
503 | return -1; | |
504 | } | |
505 | wpa_hexdump_ascii(MSG_DEBUG, "Icon Type", pos + 1, pos[0]); | |
506 | png = os_strncasecmp((char *) pos + 1, "image/png", 9) == 0; | |
507 | slen -= 1 + pos[0]; | |
508 | pos += 1 + pos[0]; | |
509 | ||
510 | if (slen < 2) { | |
511 | wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File " | |
512 | "value from " MACSTR, MAC2STR(sa)); | |
513 | return -1; | |
514 | } | |
515 | data_len = WPA_GET_LE16(pos); | |
516 | pos += 2; | |
517 | slen -= 2; | |
518 | ||
519 | if (data_len > slen) { | |
520 | wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File " | |
521 | "value from " MACSTR, MAC2STR(sa)); | |
522 | return -1; | |
523 | } | |
524 | ||
525 | wpa_printf(MSG_DEBUG, "Icon Binary Data: %u bytes", data_len); | |
526 | if (wpa_s->conf->osu_dir == NULL) | |
527 | return -1; | |
528 | ||
529 | wpa_s->osu_icon_id++; | |
530 | if (wpa_s->osu_icon_id == 0) | |
531 | wpa_s->osu_icon_id++; | |
532 | snprintf(fname, sizeof(fname), "%s/osu-icon-%u.%s", | |
533 | wpa_s->conf->osu_dir, wpa_s->osu_icon_id, | |
534 | png ? "png" : "icon"); | |
535 | f = fopen(fname, "wb"); | |
536 | if (f == NULL) | |
537 | return -1; | |
d10b01d2 AN |
538 | |
539 | hs20_set_osu_access_permission(wpa_s->conf->osu_dir, fname); | |
540 | ||
b572df86 JM |
541 | if (fwrite(pos, slen, 1, f) != 1) { |
542 | fclose(f); | |
543 | unlink(fname); | |
544 | return -1; | |
545 | } | |
546 | fclose(f); | |
547 | ||
f465c32d | 548 | wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP_ICON "%s", fname); |
b572df86 JM |
549 | return 0; |
550 | } | |
551 | ||
552 | ||
553 | static void hs20_continue_icon_fetch(void *eloop_ctx, void *sock_ctx) | |
554 | { | |
555 | struct wpa_supplicant *wpa_s = eloop_ctx; | |
556 | if (wpa_s->fetch_osu_icon_in_progress) | |
557 | hs20_next_osu_icon(wpa_s); | |
558 | } | |
559 | ||
560 | ||
561 | static void hs20_osu_icon_fetch_result(struct wpa_supplicant *wpa_s, int res) | |
562 | { | |
563 | size_t i, j; | |
230e3735 JM |
564 | struct os_reltime now, tmp; |
565 | int dur; | |
566 | ||
567 | os_get_reltime(&now); | |
568 | os_reltime_sub(&now, &wpa_s->osu_icon_fetch_start, &tmp); | |
569 | dur = tmp.sec * 1000 + tmp.usec / 1000; | |
570 | wpa_printf(MSG_DEBUG, "HS 2.0: Icon fetch dur=%d ms res=%d", | |
571 | dur, res); | |
572 | ||
b572df86 JM |
573 | for (i = 0; i < wpa_s->osu_prov_count; i++) { |
574 | struct osu_provider *osu = &wpa_s->osu_prov[i]; | |
575 | for (j = 0; j < osu->icon_count; j++) { | |
576 | struct osu_icon *icon = &osu->icon[j]; | |
577 | if (icon->id || icon->failed) | |
578 | continue; | |
579 | if (res < 0) | |
580 | icon->failed = 1; | |
581 | else | |
582 | icon->id = wpa_s->osu_icon_id; | |
583 | return; | |
584 | } | |
585 | } | |
586 | } | |
587 | ||
588 | ||
25471fe3 | 589 | void hs20_parse_rx_hs20_anqp_resp(struct wpa_supplicant *wpa_s, |
8266e6c6 | 590 | struct wpa_bss *bss, const u8 *sa, |
8dd5c1b4 | 591 | const u8 *data, size_t slen, u8 dialog_token) |
25471fe3 JK |
592 | { |
593 | const u8 *pos = data; | |
594 | u8 subtype; | |
476aed35 | 595 | struct wpa_bss_anqp *anqp = NULL; |
b572df86 | 596 | int ret; |
25471fe3 JK |
597 | |
598 | if (slen < 2) | |
599 | return; | |
600 | ||
476aed35 JM |
601 | if (bss) |
602 | anqp = bss->anqp; | |
603 | ||
25471fe3 JK |
604 | subtype = *pos++; |
605 | slen--; | |
606 | ||
607 | pos++; /* Reserved */ | |
608 | slen--; | |
609 | ||
610 | switch (subtype) { | |
611 | case HS20_STYPE_CAPABILITY_LIST: | |
f465c32d | 612 | wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR |
25471fe3 JK |
613 | " HS Capability List", MAC2STR(sa)); |
614 | wpa_hexdump_ascii(MSG_DEBUG, "HS Capability List", pos, slen); | |
185ada47 AN |
615 | if (anqp) { |
616 | wpabuf_free(anqp->hs20_capability_list); | |
617 | anqp->hs20_capability_list = | |
618 | wpabuf_alloc_copy(pos, slen); | |
619 | } | |
25471fe3 JK |
620 | break; |
621 | case HS20_STYPE_OPERATOR_FRIENDLY_NAME: | |
f465c32d | 622 | wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR |
25471fe3 JK |
623 | " Operator Friendly Name", MAC2STR(sa)); |
624 | wpa_hexdump_ascii(MSG_DEBUG, "oper friendly name", pos, slen); | |
476aed35 JM |
625 | if (anqp) { |
626 | wpabuf_free(anqp->hs20_operator_friendly_name); | |
627 | anqp->hs20_operator_friendly_name = | |
25471fe3 JK |
628 | wpabuf_alloc_copy(pos, slen); |
629 | } | |
630 | break; | |
631 | case HS20_STYPE_WAN_METRICS: | |
2edcd504 JM |
632 | wpa_hexdump(MSG_DEBUG, "WAN Metrics", pos, slen); |
633 | if (slen < 13) { | |
634 | wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short WAN " | |
635 | "Metrics value from " MACSTR, MAC2STR(sa)); | |
636 | break; | |
637 | } | |
f465c32d | 638 | wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR |
2edcd504 JM |
639 | " WAN Metrics %02x:%u:%u:%u:%u:%u", MAC2STR(sa), |
640 | pos[0], WPA_GET_LE32(pos + 1), WPA_GET_LE32(pos + 5), | |
641 | pos[9], pos[10], WPA_GET_LE16(pos + 11)); | |
476aed35 JM |
642 | if (anqp) { |
643 | wpabuf_free(anqp->hs20_wan_metrics); | |
644 | anqp->hs20_wan_metrics = wpabuf_alloc_copy(pos, slen); | |
25471fe3 JK |
645 | } |
646 | break; | |
647 | case HS20_STYPE_CONNECTION_CAPABILITY: | |
f465c32d | 648 | wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR |
25471fe3 JK |
649 | " Connection Capability", MAC2STR(sa)); |
650 | wpa_hexdump_ascii(MSG_DEBUG, "conn capability", pos, slen); | |
476aed35 JM |
651 | if (anqp) { |
652 | wpabuf_free(anqp->hs20_connection_capability); | |
653 | anqp->hs20_connection_capability = | |
25471fe3 JK |
654 | wpabuf_alloc_copy(pos, slen); |
655 | } | |
656 | break; | |
657 | case HS20_STYPE_OPERATING_CLASS: | |
f465c32d | 658 | wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR |
25471fe3 JK |
659 | " Operating Class", MAC2STR(sa)); |
660 | wpa_hexdump_ascii(MSG_DEBUG, "Operating Class", pos, slen); | |
476aed35 JM |
661 | if (anqp) { |
662 | wpabuf_free(anqp->hs20_operating_class); | |
663 | anqp->hs20_operating_class = | |
25471fe3 JK |
664 | wpabuf_alloc_copy(pos, slen); |
665 | } | |
666 | break; | |
1d2215fc | 667 | case HS20_STYPE_OSU_PROVIDERS_LIST: |
f465c32d | 668 | wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR |
1d2215fc | 669 | " OSU Providers list", MAC2STR(sa)); |
a6739e19 | 670 | wpa_s->num_prov_found++; |
1d2215fc JM |
671 | if (anqp) { |
672 | wpabuf_free(anqp->hs20_osu_providers_list); | |
673 | anqp->hs20_osu_providers_list = | |
674 | wpabuf_alloc_copy(pos, slen); | |
675 | } | |
676 | break; | |
184e110c | 677 | case HS20_STYPE_ICON_BINARY_FILE: |
8dd5c1b4 JN |
678 | ret = hs20_process_icon_binary_file(wpa_s, sa, pos, slen, |
679 | dialog_token); | |
b572df86 JM |
680 | if (wpa_s->fetch_osu_icon_in_progress) { |
681 | hs20_osu_icon_fetch_result(wpa_s, ret); | |
682 | eloop_cancel_timeout(hs20_continue_icon_fetch, | |
683 | wpa_s, NULL); | |
684 | eloop_register_timeout(0, 0, hs20_continue_icon_fetch, | |
685 | wpa_s, NULL); | |
686 | } | |
687 | break; | |
6a8a04d7 JM |
688 | case HS20_STYPE_OPERATOR_ICON_METADATA: |
689 | wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR | |
690 | " Operator Icon Metadata", MAC2STR(sa)); | |
691 | wpa_hexdump(MSG_DEBUG, "Operator Icon Metadata", pos, slen); | |
692 | if (anqp) { | |
693 | wpabuf_free(anqp->hs20_operator_icon_metadata); | |
694 | anqp->hs20_operator_icon_metadata = | |
695 | wpabuf_alloc_copy(pos, slen); | |
696 | } | |
697 | break; | |
baf4c863 JM |
698 | case HS20_STYPE_OSU_PROVIDERS_NAI_LIST: |
699 | wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR | |
700 | " OSU Providers NAI List", MAC2STR(sa)); | |
701 | if (anqp) { | |
702 | wpabuf_free(anqp->hs20_osu_providers_nai_list); | |
703 | anqp->hs20_osu_providers_nai_list = | |
704 | wpabuf_alloc_copy(pos, slen); | |
705 | } | |
706 | break; | |
b572df86 JM |
707 | default: |
708 | wpa_printf(MSG_DEBUG, "HS20: Unsupported subtype %u", subtype); | |
709 | break; | |
710 | } | |
711 | } | |
712 | ||
713 | ||
714 | void hs20_notify_parse_done(struct wpa_supplicant *wpa_s) | |
715 | { | |
716 | if (!wpa_s->fetch_osu_icon_in_progress) | |
717 | return; | |
718 | if (eloop_is_timeout_registered(hs20_continue_icon_fetch, wpa_s, NULL)) | |
719 | return; | |
720 | /* | |
721 | * We are going through icon fetch, but no icon response was received. | |
722 | * Assume this means the current AP could not provide an answer to avoid | |
723 | * getting stuck in fetch iteration. | |
724 | */ | |
725 | hs20_icon_fetch_failed(wpa_s); | |
726 | } | |
727 | ||
728 | ||
729 | static void hs20_free_osu_prov_entry(struct osu_provider *prov) | |
730 | { | |
731 | } | |
732 | ||
733 | ||
734 | void hs20_free_osu_prov(struct wpa_supplicant *wpa_s) | |
735 | { | |
736 | size_t i; | |
737 | for (i = 0; i < wpa_s->osu_prov_count; i++) | |
738 | hs20_free_osu_prov_entry(&wpa_s->osu_prov[i]); | |
739 | os_free(wpa_s->osu_prov); | |
740 | wpa_s->osu_prov = NULL; | |
741 | wpa_s->osu_prov_count = 0; | |
742 | } | |
743 | ||
744 | ||
745 | static void hs20_osu_fetch_done(struct wpa_supplicant *wpa_s) | |
746 | { | |
747 | char fname[256]; | |
748 | FILE *f; | |
749 | size_t i, j; | |
750 | ||
751 | wpa_s->fetch_osu_info = 0; | |
752 | wpa_s->fetch_osu_icon_in_progress = 0; | |
184e110c | 753 | |
b572df86 JM |
754 | if (wpa_s->conf->osu_dir == NULL) { |
755 | hs20_free_osu_prov(wpa_s); | |
756 | wpa_s->fetch_anqp_in_progress = 0; | |
757 | return; | |
758 | } | |
759 | ||
760 | snprintf(fname, sizeof(fname), "%s/osu-providers.txt", | |
761 | wpa_s->conf->osu_dir); | |
762 | f = fopen(fname, "w"); | |
763 | if (f == NULL) { | |
9636b07a JM |
764 | wpa_msg(wpa_s, MSG_INFO, |
765 | "Could not write OSU provider information"); | |
b572df86 | 766 | hs20_free_osu_prov(wpa_s); |
cbf8d181 | 767 | wpa_s->fetch_anqp_in_progress = 0; |
b572df86 JM |
768 | return; |
769 | } | |
d10b01d2 AN |
770 | |
771 | hs20_set_osu_access_permission(wpa_s->conf->osu_dir, fname); | |
772 | ||
b572df86 JM |
773 | for (i = 0; i < wpa_s->osu_prov_count; i++) { |
774 | struct osu_provider *osu = &wpa_s->osu_prov[i]; | |
775 | if (i > 0) | |
776 | fprintf(f, "\n"); | |
777 | fprintf(f, "OSU-PROVIDER " MACSTR "\n" | |
778 | "uri=%s\n" | |
779 | "methods=%08x\n", | |
780 | MAC2STR(osu->bssid), osu->server_uri, osu->osu_methods); | |
781 | if (osu->osu_ssid_len) { | |
782 | fprintf(f, "osu_ssid=%s\n", | |
783 | wpa_ssid_txt(osu->osu_ssid, | |
784 | osu->osu_ssid_len)); | |
785 | } | |
075926ec JM |
786 | if (osu->osu_ssid2_len) { |
787 | fprintf(f, "osu_ssid2=%s\n", | |
788 | wpa_ssid_txt(osu->osu_ssid2, | |
789 | osu->osu_ssid2_len)); | |
790 | } | |
b572df86 JM |
791 | if (osu->osu_nai[0]) |
792 | fprintf(f, "osu_nai=%s\n", osu->osu_nai); | |
baf4c863 JM |
793 | if (osu->osu_nai2[0]) |
794 | fprintf(f, "osu_nai2=%s\n", osu->osu_nai2); | |
b572df86 JM |
795 | for (j = 0; j < osu->friendly_name_count; j++) { |
796 | fprintf(f, "friendly_name=%s:%s\n", | |
797 | osu->friendly_name[j].lang, | |
798 | osu->friendly_name[j].text); | |
799 | } | |
800 | for (j = 0; j < osu->serv_desc_count; j++) { | |
801 | fprintf(f, "desc=%s:%s\n", | |
802 | osu->serv_desc[j].lang, | |
803 | osu->serv_desc[j].text); | |
804 | } | |
805 | for (j = 0; j < osu->icon_count; j++) { | |
806 | struct osu_icon *icon = &osu->icon[j]; | |
807 | if (icon->failed) | |
808 | continue; /* could not fetch icon */ | |
809 | fprintf(f, "icon=%u:%u:%u:%s:%s:%s\n", | |
810 | icon->id, icon->width, icon->height, icon->lang, | |
811 | icon->icon_type, icon->filename); | |
812 | } | |
813 | } | |
814 | fclose(f); | |
815 | hs20_free_osu_prov(wpa_s); | |
816 | ||
817 | wpa_msg(wpa_s, MSG_INFO, "OSU provider fetch completed"); | |
818 | wpa_s->fetch_anqp_in_progress = 0; | |
819 | } | |
820 | ||
821 | ||
822 | void hs20_next_osu_icon(struct wpa_supplicant *wpa_s) | |
823 | { | |
824 | size_t i, j; | |
825 | ||
826 | wpa_printf(MSG_DEBUG, "HS 2.0: Ready to fetch next icon"); | |
827 | ||
828 | for (i = 0; i < wpa_s->osu_prov_count; i++) { | |
829 | struct osu_provider *osu = &wpa_s->osu_prov[i]; | |
830 | for (j = 0; j < osu->icon_count; j++) { | |
831 | struct osu_icon *icon = &osu->icon[j]; | |
832 | if (icon->id || icon->failed) | |
833 | continue; | |
834 | ||
835 | wpa_printf(MSG_DEBUG, "HS 2.0: Try to fetch icon '%s' " | |
836 | "from " MACSTR, icon->filename, | |
837 | MAC2STR(osu->bssid)); | |
230e3735 | 838 | os_get_reltime(&wpa_s->osu_icon_fetch_start); |
b572df86 JM |
839 | if (hs20_anqp_send_req(wpa_s, osu->bssid, |
840 | BIT(HS20_STYPE_ICON_REQUEST), | |
841 | (u8 *) icon->filename, | |
8dd5c1b4 JN |
842 | os_strlen(icon->filename), |
843 | 0) < 0) { | |
b572df86 JM |
844 | icon->failed = 1; |
845 | continue; | |
846 | } | |
847 | return; | |
848 | } | |
849 | } | |
850 | ||
851 | wpa_printf(MSG_DEBUG, "HS 2.0: No more icons to fetch"); | |
852 | hs20_osu_fetch_done(wpa_s); | |
853 | } | |
854 | ||
855 | ||
856 | static void hs20_osu_add_prov(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, | |
857 | const u8 *osu_ssid, u8 osu_ssid_len, | |
075926ec | 858 | const u8 *osu_ssid2, u8 osu_ssid2_len, |
b572df86 JM |
859 | const u8 *pos, size_t len) |
860 | { | |
861 | struct osu_provider *prov; | |
862 | const u8 *end = pos + len; | |
863 | u16 len2; | |
864 | const u8 *pos2; | |
0570a3ea | 865 | u8 uri_len, osu_method_len, osu_nai_len; |
b572df86 JM |
866 | |
867 | wpa_hexdump(MSG_DEBUG, "HS 2.0: Parsing OSU Provider", pos, len); | |
868 | prov = os_realloc_array(wpa_s->osu_prov, | |
869 | wpa_s->osu_prov_count + 1, | |
870 | sizeof(*prov)); | |
871 | if (prov == NULL) | |
872 | return; | |
873 | wpa_s->osu_prov = prov; | |
874 | prov = &prov[wpa_s->osu_prov_count]; | |
875 | os_memset(prov, 0, sizeof(*prov)); | |
876 | ||
877 | os_memcpy(prov->bssid, bss->bssid, ETH_ALEN); | |
878 | os_memcpy(prov->osu_ssid, osu_ssid, osu_ssid_len); | |
879 | prov->osu_ssid_len = osu_ssid_len; | |
075926ec JM |
880 | if (osu_ssid2) |
881 | os_memcpy(prov->osu_ssid2, osu_ssid2, osu_ssid2_len); | |
882 | prov->osu_ssid2_len = osu_ssid2_len; | |
b572df86 JM |
883 | |
884 | /* OSU Friendly Name Length */ | |
619fdfac | 885 | if (end - pos < 2) { |
b572df86 JM |
886 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU " |
887 | "Friendly Name Length"); | |
888 | return; | |
889 | } | |
890 | len2 = WPA_GET_LE16(pos); | |
891 | pos += 2; | |
0570a3ea | 892 | if (len2 > end - pos) { |
b572df86 JM |
893 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU " |
894 | "Friendly Name Duples"); | |
895 | return; | |
896 | } | |
897 | pos2 = pos; | |
898 | pos += len2; | |
899 | ||
900 | /* OSU Friendly Name Duples */ | |
619fdfac | 901 | while (pos - pos2 >= 4 && prov->friendly_name_count < OSU_MAX_ITEMS) { |
b572df86 | 902 | struct osu_lang_string *f; |
619fdfac | 903 | if (1 + pos2[0] > pos - pos2 || pos2[0] < 3) { |
b572df86 JM |
904 | wpa_printf(MSG_DEBUG, "Invalid OSU Friendly Name"); |
905 | break; | |
906 | } | |
907 | f = &prov->friendly_name[prov->friendly_name_count++]; | |
908 | os_memcpy(f->lang, pos2 + 1, 3); | |
909 | os_memcpy(f->text, pos2 + 1 + 3, pos2[0] - 3); | |
910 | pos2 += 1 + pos2[0]; | |
911 | } | |
912 | ||
913 | /* OSU Server URI */ | |
619fdfac | 914 | if (end - pos < 1) { |
355e17eb JM |
915 | wpa_printf(MSG_DEBUG, |
916 | "HS 2.0: Not enough room for OSU Server URI length"); | |
917 | return; | |
918 | } | |
919 | uri_len = *pos++; | |
920 | if (uri_len > end - pos) { | |
b572df86 JM |
921 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Server " |
922 | "URI"); | |
923 | return; | |
924 | } | |
355e17eb JM |
925 | os_memcpy(prov->server_uri, pos, uri_len); |
926 | pos += uri_len; | |
b572df86 JM |
927 | |
928 | /* OSU Method list */ | |
619fdfac | 929 | if (end - pos < 1) { |
0570a3ea JM |
930 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Method " |
931 | "list length"); | |
932 | return; | |
933 | } | |
934 | osu_method_len = pos[0]; | |
935 | if (osu_method_len > end - pos - 1) { | |
b572df86 JM |
936 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Method " |
937 | "list"); | |
938 | return; | |
939 | } | |
940 | pos2 = pos + 1; | |
0570a3ea | 941 | pos += 1 + osu_method_len; |
b572df86 JM |
942 | while (pos2 < pos) { |
943 | if (*pos2 < 32) | |
944 | prov->osu_methods |= BIT(*pos2); | |
945 | pos2++; | |
946 | } | |
947 | ||
948 | /* Icons Available Length */ | |
619fdfac | 949 | if (end - pos < 2) { |
b572df86 JM |
950 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for Icons " |
951 | "Available Length"); | |
952 | return; | |
953 | } | |
954 | len2 = WPA_GET_LE16(pos); | |
955 | pos += 2; | |
0570a3ea | 956 | if (len2 > end - pos) { |
b572df86 JM |
957 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for Icons " |
958 | "Available"); | |
959 | return; | |
960 | } | |
961 | pos2 = pos; | |
962 | pos += len2; | |
963 | ||
964 | /* Icons Available */ | |
965 | while (pos2 < pos) { | |
966 | struct osu_icon *icon = &prov->icon[prov->icon_count]; | |
0570a3ea JM |
967 | u8 flen; |
968 | ||
619fdfac | 969 | if (2 + 2 + 3 + 1 + 1 > pos - pos2) { |
b572df86 | 970 | wpa_printf(MSG_DEBUG, "HS 2.0: Invalid Icon Metadata"); |
184e110c JM |
971 | break; |
972 | } | |
973 | ||
b572df86 JM |
974 | icon->width = WPA_GET_LE16(pos2); |
975 | pos2 += 2; | |
976 | icon->height = WPA_GET_LE16(pos2); | |
977 | pos2 += 2; | |
978 | os_memcpy(icon->lang, pos2, 3); | |
979 | pos2 += 3; | |
184e110c | 980 | |
619fdfac JM |
981 | flen = *pos2++; |
982 | if (flen > pos - pos2) { | |
b572df86 | 983 | wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon Type"); |
184e110c JM |
984 | break; |
985 | } | |
619fdfac JM |
986 | os_memcpy(icon->icon_type, pos2, flen); |
987 | pos2 += flen; | |
184e110c | 988 | |
619fdfac | 989 | if (pos - pos2 < 1) { |
0570a3ea JM |
990 | wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon " |
991 | "Filename length"); | |
992 | break; | |
993 | } | |
619fdfac JM |
994 | flen = *pos2++; |
995 | if (flen > pos - pos2) { | |
b572df86 JM |
996 | wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon " |
997 | "Filename"); | |
184e110c JM |
998 | break; |
999 | } | |
619fdfac JM |
1000 | os_memcpy(icon->filename, pos2, flen); |
1001 | pos2 += flen; | |
184e110c | 1002 | |
b572df86 JM |
1003 | prov->icon_count++; |
1004 | } | |
1005 | ||
1006 | /* OSU_NAI */ | |
619fdfac | 1007 | if (end - pos < 1) { |
b572df86 JM |
1008 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU_NAI"); |
1009 | return; | |
1010 | } | |
619fdfac JM |
1011 | osu_nai_len = *pos++; |
1012 | if (osu_nai_len > end - pos) { | |
0570a3ea JM |
1013 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU_NAI"); |
1014 | return; | |
1015 | } | |
619fdfac JM |
1016 | os_memcpy(prov->osu_nai, pos, osu_nai_len); |
1017 | pos += osu_nai_len; | |
b572df86 JM |
1018 | |
1019 | /* OSU Service Description Length */ | |
619fdfac | 1020 | if (end - pos < 2) { |
b572df86 JM |
1021 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU " |
1022 | "Service Description Length"); | |
1023 | return; | |
1024 | } | |
1025 | len2 = WPA_GET_LE16(pos); | |
1026 | pos += 2; | |
0570a3ea | 1027 | if (len2 > end - pos) { |
b572df86 JM |
1028 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU " |
1029 | "Service Description Duples"); | |
1030 | return; | |
1031 | } | |
1032 | pos2 = pos; | |
1033 | pos += len2; | |
1034 | ||
1035 | /* OSU Service Description Duples */ | |
619fdfac | 1036 | while (pos - pos2 >= 4 && prov->serv_desc_count < OSU_MAX_ITEMS) { |
b572df86 | 1037 | struct osu_lang_string *f; |
0570a3ea JM |
1038 | u8 descr_len; |
1039 | ||
619fdfac JM |
1040 | descr_len = *pos2++; |
1041 | if (descr_len > pos - pos2 || descr_len < 3) { | |
b572df86 JM |
1042 | wpa_printf(MSG_DEBUG, "Invalid OSU Service " |
1043 | "Description"); | |
184e110c JM |
1044 | break; |
1045 | } | |
b572df86 | 1046 | f = &prov->serv_desc[prov->serv_desc_count++]; |
619fdfac JM |
1047 | os_memcpy(f->lang, pos2, 3); |
1048 | os_memcpy(f->text, pos2 + 3, descr_len - 3); | |
1049 | pos2 += descr_len; | |
b572df86 | 1050 | } |
184e110c | 1051 | |
b572df86 JM |
1052 | wpa_printf(MSG_DEBUG, "HS 2.0: Added OSU Provider through " MACSTR, |
1053 | MAC2STR(bss->bssid)); | |
1054 | wpa_s->osu_prov_count++; | |
1055 | } | |
1056 | ||
1057 | ||
1058 | void hs20_osu_icon_fetch(struct wpa_supplicant *wpa_s) | |
1059 | { | |
1060 | struct wpa_bss *bss; | |
1061 | struct wpabuf *prov_anqp; | |
1062 | const u8 *pos, *end; | |
1063 | u16 len; | |
075926ec JM |
1064 | const u8 *osu_ssid, *osu_ssid2; |
1065 | u8 osu_ssid_len, osu_ssid2_len; | |
b572df86 JM |
1066 | u8 num_providers; |
1067 | ||
1068 | hs20_free_osu_prov(wpa_s); | |
1069 | ||
1070 | dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { | |
075926ec JM |
1071 | struct wpa_ie_data data; |
1072 | const u8 *ie; | |
1073 | ||
b572df86 JM |
1074 | if (bss->anqp == NULL) |
1075 | continue; | |
1076 | prov_anqp = bss->anqp->hs20_osu_providers_list; | |
1077 | if (prov_anqp == NULL) | |
1078 | continue; | |
075926ec JM |
1079 | ie = wpa_bss_get_ie(bss, WLAN_EID_RSN); |
1080 | if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &data) == 0 && | |
1081 | (data.key_mgmt & WPA_KEY_MGMT_OSEN)) { | |
1082 | osu_ssid2 = bss->ssid; | |
1083 | osu_ssid2_len = bss->ssid_len; | |
1084 | } else { | |
1085 | osu_ssid2 = NULL; | |
1086 | osu_ssid2_len = 0; | |
1087 | } | |
b572df86 JM |
1088 | wpa_printf(MSG_DEBUG, "HS 2.0: Parsing OSU Providers list from " |
1089 | MACSTR, MAC2STR(bss->bssid)); | |
1090 | wpa_hexdump_buf(MSG_DEBUG, "HS 2.0: OSU Providers list", | |
1091 | prov_anqp); | |
1092 | pos = wpabuf_head(prov_anqp); | |
1093 | end = pos + wpabuf_len(prov_anqp); | |
1094 | ||
1095 | /* OSU SSID */ | |
619fdfac | 1096 | if (end - pos < 1) |
b572df86 | 1097 | continue; |
619fdfac | 1098 | if (1 + pos[0] > end - pos) { |
b572df86 JM |
1099 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for " |
1100 | "OSU SSID"); | |
1101 | continue; | |
1102 | } | |
1103 | osu_ssid_len = *pos++; | |
d9d1b952 | 1104 | if (osu_ssid_len > SSID_MAX_LEN) { |
b572df86 JM |
1105 | wpa_printf(MSG_DEBUG, "HS 2.0: Invalid OSU SSID " |
1106 | "Length %u", osu_ssid_len); | |
1107 | continue; | |
1108 | } | |
1109 | osu_ssid = pos; | |
1110 | pos += osu_ssid_len; | |
1111 | ||
619fdfac | 1112 | if (end - pos < 1) { |
b572df86 JM |
1113 | wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for " |
1114 | "Number of OSU Providers"); | |
1115 | continue; | |
1116 | } | |
1117 | num_providers = *pos++; | |
1118 | wpa_printf(MSG_DEBUG, "HS 2.0: Number of OSU Providers: %u", | |
1119 | num_providers); | |
1120 | ||
1121 | /* OSU Providers */ | |
619fdfac | 1122 | while (end - pos > 2 && num_providers > 0) { |
b572df86 JM |
1123 | num_providers--; |
1124 | len = WPA_GET_LE16(pos); | |
1125 | pos += 2; | |
5c58c0ce | 1126 | if (len > (unsigned int) (end - pos)) |
b572df86 JM |
1127 | break; |
1128 | hs20_osu_add_prov(wpa_s, bss, osu_ssid, | |
075926ec JM |
1129 | osu_ssid_len, osu_ssid2, |
1130 | osu_ssid2_len, pos, len); | |
b572df86 JM |
1131 | pos += len; |
1132 | } | |
1133 | ||
1134 | if (pos != end) { | |
1135 | wpa_printf(MSG_DEBUG, "HS 2.0: Ignored %d bytes of " | |
1136 | "extra data after OSU Providers", | |
1137 | (int) (end - pos)); | |
1138 | } | |
baf4c863 JM |
1139 | |
1140 | prov_anqp = bss->anqp->hs20_osu_providers_nai_list; | |
1141 | if (!prov_anqp) | |
1142 | continue; | |
1143 | wpa_printf(MSG_DEBUG, | |
1144 | "HS 2.0: Parsing OSU Providers NAI List from " | |
1145 | MACSTR, MAC2STR(bss->bssid)); | |
1146 | wpa_hexdump_buf(MSG_DEBUG, "HS 2.0: OSU Providers NAI List", | |
1147 | prov_anqp); | |
1148 | pos = wpabuf_head(prov_anqp); | |
1149 | end = pos + wpabuf_len(prov_anqp); | |
1150 | num_providers = 0; | |
1151 | while (end - pos > 0) { | |
1152 | len = *pos++; | |
1153 | if (end - pos < len) { | |
1154 | wpa_printf(MSG_DEBUG, | |
1155 | "HS 2.0: Not enough room for OSU_NAI"); | |
1156 | break; | |
1157 | } | |
1158 | if (num_providers >= wpa_s->osu_prov_count) { | |
1159 | wpa_printf(MSG_DEBUG, | |
1160 | "HS 2.0: Ignore unexpected OSU Provider NAI List entries"); | |
1161 | break; | |
1162 | } | |
1163 | os_memcpy(wpa_s->osu_prov[num_providers].osu_nai2, | |
1164 | pos, len); | |
1165 | pos += len; | |
1166 | num_providers++; | |
1167 | } | |
b572df86 JM |
1168 | } |
1169 | ||
1170 | wpa_s->fetch_osu_icon_in_progress = 1; | |
1171 | hs20_next_osu_icon(wpa_s); | |
1172 | } | |
1173 | ||
1174 | ||
1175 | static void hs20_osu_scan_res_handler(struct wpa_supplicant *wpa_s, | |
1176 | struct wpa_scan_results *scan_res) | |
1177 | { | |
1178 | wpa_printf(MSG_DEBUG, "OSU provisioning fetch scan completed"); | |
568475b7 JM |
1179 | if (!wpa_s->fetch_osu_waiting_scan) { |
1180 | wpa_printf(MSG_DEBUG, "OSU fetch have been canceled"); | |
1181 | return; | |
1182 | } | |
b572df86 JM |
1183 | wpa_s->network_select = 0; |
1184 | wpa_s->fetch_all_anqp = 1; | |
1185 | wpa_s->fetch_osu_info = 1; | |
1186 | wpa_s->fetch_osu_icon_in_progress = 0; | |
1187 | ||
1188 | interworking_start_fetch_anqp(wpa_s); | |
1189 | } | |
1190 | ||
1191 | ||
dd20eabd | 1192 | int hs20_fetch_osu(struct wpa_supplicant *wpa_s, int skip_scan) |
b572df86 JM |
1193 | { |
1194 | if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { | |
1195 | wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - " | |
1196 | "interface disabled"); | |
1197 | return -1; | |
1198 | } | |
1199 | ||
1200 | if (wpa_s->scanning) { | |
1201 | wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - " | |
1202 | "scanning"); | |
1203 | return -1; | |
25471fe3 | 1204 | } |
b572df86 JM |
1205 | |
1206 | if (wpa_s->conf->osu_dir == NULL) { | |
1207 | wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - " | |
1208 | "osu_dir not configured"); | |
1209 | return -1; | |
1210 | } | |
1211 | ||
1212 | if (wpa_s->fetch_anqp_in_progress || wpa_s->network_select) { | |
1213 | wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - " | |
1214 | "fetch in progress (%d, %d)", | |
1215 | wpa_s->fetch_anqp_in_progress, | |
1216 | wpa_s->network_select); | |
1217 | return -1; | |
1218 | } | |
1219 | ||
1220 | wpa_msg(wpa_s, MSG_INFO, "Starting OSU provisioning information fetch"); | |
a6739e19 JM |
1221 | wpa_s->num_osu_scans = 0; |
1222 | wpa_s->num_prov_found = 0; | |
dd20eabd JM |
1223 | if (skip_scan) { |
1224 | wpa_s->network_select = 0; | |
1225 | wpa_s->fetch_all_anqp = 1; | |
1226 | wpa_s->fetch_osu_info = 1; | |
1227 | wpa_s->fetch_osu_icon_in_progress = 0; | |
1228 | ||
1229 | interworking_start_fetch_anqp(wpa_s); | |
1230 | } else { | |
1231 | hs20_start_osu_scan(wpa_s); | |
1232 | } | |
a6739e19 JM |
1233 | |
1234 | return 0; | |
1235 | } | |
1236 | ||
1237 | ||
1238 | void hs20_start_osu_scan(struct wpa_supplicant *wpa_s) | |
1239 | { | |
568475b7 | 1240 | wpa_s->fetch_osu_waiting_scan = 1; |
a6739e19 | 1241 | wpa_s->num_osu_scans++; |
b572df86 JM |
1242 | wpa_s->scan_req = MANUAL_SCAN_REQ; |
1243 | wpa_s->scan_res_handler = hs20_osu_scan_res_handler; | |
1244 | wpa_supplicant_req_scan(wpa_s, 0, 0); | |
b572df86 JM |
1245 | } |
1246 | ||
1247 | ||
1248 | void hs20_cancel_fetch_osu(struct wpa_supplicant *wpa_s) | |
1249 | { | |
1250 | wpa_printf(MSG_DEBUG, "Cancel OSU fetch"); | |
1251 | interworking_stop_fetch_anqp(wpa_s); | |
568475b7 | 1252 | wpa_s->fetch_osu_waiting_scan = 0; |
b572df86 JM |
1253 | wpa_s->network_select = 0; |
1254 | wpa_s->fetch_osu_info = 0; | |
1255 | wpa_s->fetch_osu_icon_in_progress = 0; | |
1256 | } | |
1257 | ||
1258 | ||
1259 | void hs20_icon_fetch_failed(struct wpa_supplicant *wpa_s) | |
1260 | { | |
1261 | hs20_osu_icon_fetch_result(wpa_s, -1); | |
1262 | eloop_cancel_timeout(hs20_continue_icon_fetch, wpa_s, NULL); | |
1263 | eloop_register_timeout(0, 0, hs20_continue_icon_fetch, wpa_s, NULL); | |
25471fe3 | 1264 | } |
95a3ea94 JM |
1265 | |
1266 | ||
1267 | void hs20_rx_subscription_remediation(struct wpa_supplicant *wpa_s, | |
1268 | const char *url, u8 osu_method) | |
1269 | { | |
1270 | if (url) | |
1271 | wpa_msg(wpa_s, MSG_INFO, HS20_SUBSCRIPTION_REMEDIATION "%u %s", | |
1272 | osu_method, url); | |
1273 | else | |
1274 | wpa_msg(wpa_s, MSG_INFO, HS20_SUBSCRIPTION_REMEDIATION); | |
1275 | } | |
7ef69479 JM |
1276 | |
1277 | ||
1278 | void hs20_rx_deauth_imminent_notice(struct wpa_supplicant *wpa_s, u8 code, | |
1279 | u16 reauth_delay, const char *url) | |
1280 | { | |
1281 | if (!wpa_sm_pmf_enabled(wpa_s->wpa)) { | |
1282 | wpa_printf(MSG_DEBUG, "HS 2.0: Ignore deauthentication imminent notice since PMF was not enabled"); | |
1283 | return; | |
1284 | } | |
1285 | ||
1286 | wpa_msg(wpa_s, MSG_INFO, HS20_DEAUTH_IMMINENT_NOTICE "%u %u %s", | |
1287 | code, reauth_delay, url); | |
1288 | ||
1289 | if (code == HS20_DEAUTH_REASON_CODE_BSS) { | |
1290 | wpa_printf(MSG_DEBUG, "HS 2.0: Add BSS to blacklist"); | |
1291 | wpa_blacklist_add(wpa_s, wpa_s->bssid); | |
533536d8 JM |
1292 | /* TODO: For now, disable full ESS since some drivers may not |
1293 | * support disabling per BSS. */ | |
1294 | if (wpa_s->current_ssid) { | |
06c7b7f0 JM |
1295 | struct os_reltime now; |
1296 | os_get_reltime(&now); | |
533536d8 JM |
1297 | if (now.sec + reauth_delay <= |
1298 | wpa_s->current_ssid->disabled_until.sec) | |
1299 | return; | |
1300 | wpa_printf(MSG_DEBUG, "HS 2.0: Disable network for %u seconds (BSS)", | |
1301 | reauth_delay); | |
1302 | wpa_s->current_ssid->disabled_until.sec = | |
1303 | now.sec + reauth_delay; | |
1304 | } | |
7ef69479 JM |
1305 | } |
1306 | ||
1307 | if (code == HS20_DEAUTH_REASON_CODE_ESS && wpa_s->current_ssid) { | |
06c7b7f0 JM |
1308 | struct os_reltime now; |
1309 | os_get_reltime(&now); | |
7ef69479 JM |
1310 | if (now.sec + reauth_delay <= |
1311 | wpa_s->current_ssid->disabled_until.sec) | |
1312 | return; | |
1313 | wpa_printf(MSG_DEBUG, "HS 2.0: Disable network for %u seconds", | |
1314 | reauth_delay); | |
1315 | wpa_s->current_ssid->disabled_until.sec = | |
1316 | now.sec + reauth_delay; | |
1317 | } | |
1318 | } | |
fb2ac53d AC |
1319 | |
1320 | ||
7fc6a024 JM |
1321 | void hs20_rx_t_c_acceptance(struct wpa_supplicant *wpa_s, const char *url) |
1322 | { | |
1323 | if (!wpa_sm_pmf_enabled(wpa_s->wpa)) { | |
1324 | wpa_printf(MSG_DEBUG, | |
1325 | "HS 2.0: Ignore Terms and Conditions Acceptance since PMF was not enabled"); | |
1326 | return; | |
1327 | } | |
1328 | ||
1329 | wpa_msg(wpa_s, MSG_INFO, HS20_T_C_ACCEPTANCE "%s", url); | |
1330 | } | |
1331 | ||
1332 | ||
ca9968a0 JM |
1333 | void hs20_init(struct wpa_supplicant *wpa_s) |
1334 | { | |
1335 | dl_list_init(&wpa_s->icon_head); | |
1336 | } | |
1337 | ||
1338 | ||
fb2ac53d AC |
1339 | void hs20_deinit(struct wpa_supplicant *wpa_s) |
1340 | { | |
1341 | eloop_cancel_timeout(hs20_continue_icon_fetch, wpa_s, NULL); | |
1342 | hs20_free_osu_prov(wpa_s); | |
ca9968a0 JM |
1343 | if (wpa_s->icon_head.next) |
1344 | hs20_del_icon(wpa_s, NULL, NULL); | |
fb2ac53d | 1345 | } |