]> git.ipfire.org Git - thirdparty/hostap.git/blame - wpa_supplicant/hs20_supplicant.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tests: Fix ap_ft_reassoc_replay for case where wlantest has the PSK
[thirdparty/hostap.git] / wpa_supplicant / hs20_supplicant.c
CommitLineData
25471fe3
JK		 1/*
2 * Copyright (c) 2009, Atheros Communications, Inc.
1d2215fc 3 * Copyright (c) 2011-2013, Qualcomm Atheros, Inc.
25471fe3
JK		 4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "includes.h"
d10b01d2 10#include <sys/stat.h>
25471fe3
JK		 11
12#include "common.h"
13#include "eloop.h"
14#include "common/ieee802_11_common.h"
15#include "common/ieee802_11_defs.h"
16#include "common/gas.h"
17#include "common/wpa_ctrl.h"
7ef69479 18#include "rsn_supp/wpa.h"
25471fe3
JK		 19#include "wpa_supplicant_i.h"
20#include "driver_i.h"
21#include "config.h"
b572df86 22#include "scan.h"
25471fe3 23#include "bss.h"
7ef69479 24#include "blacklist.h"
25471fe3
JK		 25#include "gas_query.h"
26#include "interworking.h"
27#include "hs20_supplicant.h"
8dd5c1b4 28#include "base64.h"
25471fe3
JK		 29
30
b572df86
JM		 31#define OSU_MAX_ITEMS 10
32
33struct osu_lang_string {
34 char lang[4];
35 char text[253];
36};
37
38struct osu_icon {
39 u16 width;
40 u16 height;
41 char lang[4];
42 char icon_type[256];
43 char filename[256];
44 unsigned int id;
45 unsigned int failed:1;
46};
47
48struct osu_provider {
49 u8 bssid[ETH_ALEN];
d9d1b952 50 u8 osu_ssid[SSID_MAX_LEN];
b572df86 51 u8 osu_ssid_len;
075926ec
JM		 52 u8 osu_ssid2[SSID_MAX_LEN];
53 u8 osu_ssid2_len;
b572df86
JM		 54 char server_uri[256];
55 u32 osu_methods; /* bit 0 = OMA-DM, bit 1 = SOAP-XML SPP */
56 char osu_nai[256];
baf4c863 57 char osu_nai2[256];
b572df86
JM		 58 struct osu_lang_string friendly_name[OSU_MAX_ITEMS];
59 size_t friendly_name_count;
60 struct osu_lang_string serv_desc[OSU_MAX_ITEMS];
61 size_t serv_desc_count;
62 struct osu_icon icon[OSU_MAX_ITEMS];
63 size_t icon_count;
64};
65
66
ece4ac5f
MG		 67void hs20_configure_frame_filters(struct wpa_supplicant *wpa_s)
68{
69 struct wpa_bss *bss = wpa_s->current_bss;
70 u8 *bssid = wpa_s->bssid;
71 const u8 *ie;
72 const u8 *ext_capa;
73 u32 filter = 0;
74
75 if (!bss || !is_hs20_network(wpa_s, wpa_s->current_ssid, bss)) {
76 wpa_printf(MSG_DEBUG,
77 "Not configuring frame filtering - BSS " MACSTR
78 " is not a Hotspot 2.0 network", MAC2STR(bssid));
79 return;
80 }
81
82 ie = wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE);
83
84 /* Check if DGAF disabled bit is zero (5th byte in the IE) */
85 if (!ie || ie[1] < 5)
86 wpa_printf(MSG_DEBUG,
87 "Not configuring frame filtering - Can't extract DGAF bit");
88 else if (!(ie[6] & HS20_DGAF_DISABLED))
89 filter |= WPA_DATA_FRAME_FILTER_FLAG_GTK;
90
91 ext_capa = wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB);
92 if (!ext_capa || ext_capa[1] < 2) {
93 wpa_printf(MSG_DEBUG,
94 "Not configuring frame filtering - Can't extract Proxy ARP bit");
95 return;
96 }
97
ed87f6a8 98 if (wpa_bss_ext_capab(bss, WLAN_EXT_CAPAB_PROXY_ARP))
ece4ac5f
MG		 99 filter |= WPA_DATA_FRAME_FILTER_FLAG_ARP |
100 WPA_DATA_FRAME_FILTER_FLAG_NA;
101
102 wpa_drv_configure_frame_filters(wpa_s, filter);
103}
104
105
ec2cf403 106void wpas_hs20_add_indication(struct wpabuf *buf, int pps_mo_id, int ap_release)
c923b8a5 107{
ec2cf403 108 int release;
f9cd147d
JM		 109 u8 conf;
110
ec2cf403
JM		 111 release = (HS20_VERSION >> 4) + 1;
112 if (ap_release > 0 && release > ap_release)
113 release = ap_release;
114 if (release < 2)
115 pps_mo_id = -1;
116
c923b8a5 117 wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC);
f9cd147d 118 wpabuf_put_u8(buf, pps_mo_id >= 0 ? 7 : 5);
c923b8a5
JK		 119 wpabuf_put_be24(buf, OUI_WFA);
120 wpabuf_put_u8(buf, HS20_INDICATION_OUI_TYPE);
ec2cf403 121 conf = (release - 1) << 4;
f9cd147d
JM		 122 if (pps_mo_id >= 0)
123 conf |= HS20_PPS_MO_ID_PRESENT;
124 wpabuf_put_u8(buf, conf);
125 if (pps_mo_id >= 0)
126 wpabuf_put_le16(buf, pps_mo_id);
c923b8a5
JK		 127}
128
129
4204669c
JM		 130void wpas_hs20_add_roam_cons_sel(struct wpabuf *buf,
131 const struct wpa_ssid *ssid)
132{
133 if (!ssid->roaming_consortium_selection ||
134 !ssid->roaming_consortium_selection_len)
135 return;
136
137 wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC);
138 wpabuf_put_u8(buf, 4 + ssid->roaming_consortium_selection_len);
139 wpabuf_put_be24(buf, OUI_WFA);
140 wpabuf_put_u8(buf, HS20_ROAMING_CONS_SEL_OUI_TYPE);
141 wpabuf_put_data(buf, ssid->roaming_consortium_selection,
142 ssid->roaming_consortium_selection_len);
143}
144
145
ec2cf403
JM		 146int get_hs20_version(struct wpa_bss *bss)
147{
148 const u8 *ie;
149
150 if (!bss)
151 return 0;
152
153 ie = wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE);
154 if (!ie || ie[1] < 5)
155 return 0;
156
157 return ((ie[6] >> 4) & 0x0f) + 1;
158}
159
160
55a2df43
JM		 161int is_hs20_network(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
162 struct wpa_bss *bss)
163{
164 if (!wpa_s->conf->hs20 || !ssid)
165 return 0;
166
167 if (ssid->parent_cred)
168 return 1;
169
170 if (bss && !wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE))
171 return 0;
172
173 /*
174 * This may catch some non-Hotspot 2.0 cases, but it is safer to do that
175 * than cause Hotspot 2.0 connections without indication element getting
176 * added. Non-Hotspot 2.0 APs should ignore the unknown vendor element.
177 */
178
179 if (!(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X))
180 return 0;
181 if (!(ssid->pairwise_cipher & WPA_CIPHER_CCMP))
182 return 0;
183 if (ssid->proto != WPA_PROTO_RSN)
184 return 0;
185
186 return 1;
187}
188
189
f9cd147d
JM		 190int hs20_get_pps_mo_id(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
191{
192 struct wpa_cred *cred;
193
e376290c
DS		 194 if (ssid == NULL)
195 return 0;
196
197 if (ssid->update_identifier)
198 return ssid->update_identifier;
199
200 if (ssid->parent_cred == NULL)
f9cd147d
JM		 201 return 0;
202
203 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
204 if (ssid->parent_cred == cred)
205 return cred->update_identifier;
206 }
207
208 return 0;
209}
210
211
cf28c66b
DS		 212void hs20_put_anqp_req(u32 stypes, const u8 *payload, size_t payload_len,
213 struct wpabuf *buf)
25471fe3 214{
25471fe3
JK		 215 u8 *len_pos;
216
25471fe3 217 if (buf == NULL)
cf28c66b 218 return;
25471fe3
JK		 219
220 len_pos = gas_anqp_add_element(buf, ANQP_VENDOR_SPECIFIC);
221 wpabuf_put_be24(buf, OUI_WFA);
222 wpabuf_put_u8(buf, HS20_ANQP_OUI_TYPE);
223 if (stypes == BIT(HS20_STYPE_NAI_HOME_REALM_QUERY)) {
224 wpabuf_put_u8(buf, HS20_STYPE_NAI_HOME_REALM_QUERY);
225 wpabuf_put_u8(buf, 0); /* Reserved */
226 if (payload)
227 wpabuf_put_data(buf, payload, payload_len);
184e110c
JM		 228 } else if (stypes == BIT(HS20_STYPE_ICON_REQUEST)) {
229 wpabuf_put_u8(buf, HS20_STYPE_ICON_REQUEST);
230 wpabuf_put_u8(buf, 0); /* Reserved */
231 if (payload)
232 wpabuf_put_data(buf, payload, payload_len);
25471fe3
JK		 233 } else {
234 u8 i;
235 wpabuf_put_u8(buf, HS20_STYPE_QUERY_LIST);
236 wpabuf_put_u8(buf, 0); /* Reserved */
237 for (i = 0; i < 32; i++) {
238 if (stypes & BIT(i))
239 wpabuf_put_u8(buf, i);
240 }
241 }
242 gas_anqp_set_element_len(buf, len_pos);
243
244 gas_anqp_set_len(buf);
cf28c66b
DS		 245}
246
247
99a9423c
JM		 248static struct wpabuf * hs20_build_anqp_req(u32 stypes, const u8 *payload,
249 size_t payload_len)
cf28c66b
DS		 250{
251 struct wpabuf *buf;
252
253 buf = gas_anqp_build_initial_req(0, 100 + payload_len);
254 if (buf == NULL)
255 return NULL;
256
257 hs20_put_anqp_req(stypes, payload, payload_len, buf);
25471fe3
JK		 258
259 return buf;
260}
261
262
263int hs20_anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst, u32 stypes,
8dd5c1b4 264 const u8 *payload, size_t payload_len, int inmem)
25471fe3
JK		 265{
266 struct wpabuf *buf;
267 int ret = 0;
268 int freq;
269 struct wpa_bss *bss;
270 int res;
8dd5c1b4 271 struct icon_entry *icon_entry;
25471fe3 272
25471fe3 273 bss = wpa_bss_get_bssid(wpa_s, dst);
0c280718
MG		 274 if (!bss) {
275 wpa_printf(MSG_WARNING,
276 "ANQP: Cannot send query to unknown BSS "
277 MACSTR, MAC2STR(dst));
25471fe3 278 return -1;
0c280718
MG		 279 }
280
281 wpa_bss_anqp_unshare_alloc(bss);
282 freq = bss->freq;
25471fe3
JK		 283
284 wpa_printf(MSG_DEBUG, "HS20: ANQP Query Request to " MACSTR " for "
285 "subtypes 0x%x", MAC2STR(dst), stypes);
286
287 buf = hs20_build_anqp_req(stypes, payload, payload_len);
288 if (buf == NULL)
289 return -1;
290
aca4d84e 291 res = gas_query_req(wpa_s->gas, dst, freq, 0, buf, anqp_resp_cb, wpa_s);
25471fe3
JK		 292 if (res < 0) {
293 wpa_printf(MSG_DEBUG, "ANQP: Failed to send Query Request");
24c694b4 294 wpabuf_free(buf);
8dd5c1b4 295 return -1;
25471fe3
JK		 296 } else
297 wpa_printf(MSG_DEBUG, "ANQP: Query started with dialog token "
298 "%u", res);
299
8dd5c1b4
JN		 300 if (inmem) {
301 icon_entry = os_zalloc(sizeof(struct icon_entry));
302 if (!icon_entry)
303 return -1;
304 os_memcpy(icon_entry->bssid, dst, ETH_ALEN);
305 icon_entry->file_name = os_malloc(payload_len + 1);
306 if (!icon_entry->file_name) {
307 os_free(icon_entry);
308 return -1;
309 }
310 os_memcpy(icon_entry->file_name, payload, payload_len);
311 icon_entry->file_name[payload_len] = '\0';
312 icon_entry->dialog_token = res;
313
ca9968a0 314 dl_list_add(&wpa_s->icon_head, &icon_entry->list);
8dd5c1b4
JN		 315 }
316
25471fe3
JK		 317 return ret;
318}
319
320
8dd5c1b4
JN		 321static struct icon_entry * hs20_find_icon(struct wpa_supplicant *wpa_s,
322 const u8 *bssid,
323 const char *file_name)
324{
325 struct icon_entry *icon;
326
ca9968a0 327 dl_list_for_each(icon, &wpa_s->icon_head, struct icon_entry, list) {
8dd5c1b4
JN		 328 if (os_memcmp(icon->bssid, bssid, ETH_ALEN) == 0 &&
329 os_strcmp(icon->file_name, file_name) == 0 && icon->image)
330 return icon;
331 }
332
333 return NULL;
334}
335
336
337int hs20_get_icon(struct wpa_supplicant *wpa_s, const u8 *bssid,
338 const char *file_name, size_t offset, size_t size,
339 char *reply, size_t buf_len)
340{
341 struct icon_entry *icon;
342 size_t out_size;
343 unsigned char *b64;
344 size_t b64_size;
345 int reply_size;
346
347 wpa_printf(MSG_DEBUG, "HS20: Get icon " MACSTR " %s @ %u +%u (%u)",
348 MAC2STR(bssid), file_name, (unsigned int) offset,
349 (unsigned int) size, (unsigned int) buf_len);
350
8dd5c1b4
JN		 351 icon = hs20_find_icon(wpa_s, bssid, file_name);
352 if (!icon || !icon->image || offset >= icon->image_len)
353 return -1;
354 if (size > icon->image_len - offset)
355 size = icon->image_len - offset;
356 out_size = buf_len - 3 /* max base64 padding */;
357 if (size * 4 > out_size * 3)
358 size = out_size * 3 / 4;
359 if (size == 0)
360 return -1;
361
362 b64 = base64_encode(&icon->image[offset], size, &b64_size);
75b2a879 363 if (b64 && buf_len >= b64_size) {
8dd5c1b4
JN		 364 os_memcpy(reply, b64, b64_size);
365 reply_size = b64_size;
366 } else {
367 reply_size = -1;
368 }
369 os_free(b64);
370 return reply_size;
371}
372
373
374static void hs20_free_icon_entry(struct icon_entry *icon)
375{
376 wpa_printf(MSG_DEBUG, "HS20: Free stored icon from " MACSTR
377 " dialog_token=%u file_name=%s image_len=%u",
378 MAC2STR(icon->bssid), icon->dialog_token,
379 icon->file_name ? icon->file_name : "N/A",
380 (unsigned int) icon->image_len);
381 os_free(icon->file_name);
382 os_free(icon->image);
383 os_free(icon);
384}
385
386
387int hs20_del_icon(struct wpa_supplicant *wpa_s, const u8 *bssid,
388 const char *file_name)
389{
ca9968a0 390 struct icon_entry *icon, *tmp;
8dd5c1b4
JN		 391 int count = 0;
392
393 if (!bssid)
394 wpa_printf(MSG_DEBUG, "HS20: Delete all stored icons");
395 else if (!file_name)
396 wpa_printf(MSG_DEBUG, "HS20: Delete all stored icons for "
397 MACSTR, MAC2STR(bssid));
398 else
399 wpa_printf(MSG_DEBUG, "HS20: Delete stored icons for "
400 MACSTR " file name %s", MAC2STR(bssid), file_name);
401
ca9968a0
JM		 402 dl_list_for_each_safe(icon, tmp, &wpa_s->icon_head, struct icon_entry,
403 list) {
404 if ((!bssid || os_memcmp(icon->bssid, bssid, ETH_ALEN) == 0) &&
8dd5c1b4 405 (!file_name ||
ca9968a0
JM		 406 os_strcmp(icon->file_name, file_name) == 0)) {
407 dl_list_del(&icon->list);
408 hs20_free_icon_entry(icon);
8dd5c1b4 409 count++;
8dd5c1b4 410 }
8dd5c1b4
JN		 411 }
412 return count == 0 ? -1 : 0;
413}
414
415
d10b01d2
AN		 416static void hs20_set_osu_access_permission(const char *osu_dir,
417 const char *fname)
418{
419 struct stat statbuf;
420
421 /* Get OSU directory information */
422 if (stat(osu_dir, &statbuf) < 0) {
423 wpa_printf(MSG_WARNING, "Cannot stat the OSU directory %s",
424 osu_dir);
425 return;
426 }
427
428 if (chmod(fname, statbuf.st_mode) < 0) {
429 wpa_printf(MSG_WARNING,
430 "Cannot change the permissions for %s", fname);
431 return;
432 }
433
02f52ab6 434 if (lchown(fname, statbuf.st_uid, statbuf.st_gid) < 0) {
d10b01d2
AN		 435 wpa_printf(MSG_WARNING, "Cannot change the ownership for %s",
436 fname);
437 }
438}
439
61f25f80
JM		 440
441static void hs20_remove_duplicate_icons(struct wpa_supplicant *wpa_s,
442 struct icon_entry *new_icon)
443{
444 struct icon_entry *icon, *tmp;
445
446 dl_list_for_each_safe(icon, tmp, &wpa_s->icon_head, struct icon_entry,
447 list) {
448 if (icon == new_icon)
449 continue;
450 if (os_memcmp(icon->bssid, new_icon->bssid, ETH_ALEN) == 0 &&
451 os_strcmp(icon->file_name, new_icon->file_name) == 0) {
452 dl_list_del(&icon->list);
453 hs20_free_icon_entry(icon);
454 }
455 }
456}
457
458
b572df86
JM		 459static int hs20_process_icon_binary_file(struct wpa_supplicant *wpa_s,
460 const u8 *sa, const u8 *pos,
8dd5c1b4 461 size_t slen, u8 dialog_token)
b572df86
JM		 462{
463 char fname[256];
464 int png;
465 FILE *f;
466 u16 data_len;
8dd5c1b4
JN		 467 struct icon_entry *icon;
468
ca9968a0 469 dl_list_for_each(icon, &wpa_s->icon_head, struct icon_entry, list) {
8dd5c1b4
JN		 470 if (icon->dialog_token == dialog_token && !icon->image &&
471 os_memcmp(icon->bssid, sa, ETH_ALEN) == 0) {
a1f11e34 472 icon->image = os_memdup(pos, slen);
8dd5c1b4
JN		 473 if (!icon->image)
474 return -1;
8dd5c1b4 475 icon->image_len = slen;
61f25f80 476 hs20_remove_duplicate_icons(wpa_s, icon);
8dd5c1b4 477 wpa_msg(wpa_s, MSG_INFO,
f465c32d 478 RX_HS20_ICON MACSTR " %s %u",
8dd5c1b4
JN		 479 MAC2STR(sa), icon->file_name,
480 (unsigned int) icon->image_len);
481 return 0;
482 }
483 }
b572df86 484
f465c32d 485 wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR " Icon Binary File",
b572df86
JM		 486 MAC2STR(sa));
487
488 if (slen < 4) {
489 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File "
490 "value from " MACSTR, MAC2STR(sa));
491 return -1;
492 }
493
494 wpa_printf(MSG_DEBUG, "HS 2.0: Download Status Code %u", *pos);
495 if (*pos != 0)
496 return -1;
497 pos++;
498 slen--;
499
500 if ((size_t) 1 + pos[0] > slen) {
501 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File "
502 "value from " MACSTR, MAC2STR(sa));
503 return -1;
504 }
505 wpa_hexdump_ascii(MSG_DEBUG, "Icon Type", pos + 1, pos[0]);
506 png = os_strncasecmp((char *) pos + 1, "image/png", 9) == 0;
507 slen -= 1 + pos[0];
508 pos += 1 + pos[0];
509
510 if (slen < 2) {
511 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File "
512 "value from " MACSTR, MAC2STR(sa));
513 return -1;
514 }
515 data_len = WPA_GET_LE16(pos);
516 pos += 2;
517 slen -= 2;
518
519 if (data_len > slen) {
520 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File "
521 "value from " MACSTR, MAC2STR(sa));
522 return -1;
523 }
524
525 wpa_printf(MSG_DEBUG, "Icon Binary Data: %u bytes", data_len);
526 if (wpa_s->conf->osu_dir == NULL)
527 return -1;
528
529 wpa_s->osu_icon_id++;
530 if (wpa_s->osu_icon_id == 0)
531 wpa_s->osu_icon_id++;
532 snprintf(fname, sizeof(fname), "%s/osu-icon-%u.%s",
533 wpa_s->conf->osu_dir, wpa_s->osu_icon_id,
534 png ? "png" : "icon");
535 f = fopen(fname, "wb");
536 if (f == NULL)
537 return -1;
d10b01d2
AN		 538
539 hs20_set_osu_access_permission(wpa_s->conf->osu_dir, fname);
540
b572df86
JM		 541 if (fwrite(pos, slen, 1, f) != 1) {
542 fclose(f);
543 unlink(fname);
544 return -1;
545 }
546 fclose(f);
547
f465c32d 548 wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP_ICON "%s", fname);
b572df86
JM		 549 return 0;
550}
551
552
553static void hs20_continue_icon_fetch(void *eloop_ctx, void *sock_ctx)
554{
555 struct wpa_supplicant *wpa_s = eloop_ctx;
556 if (wpa_s->fetch_osu_icon_in_progress)
557 hs20_next_osu_icon(wpa_s);
558}
559
560
561static void hs20_osu_icon_fetch_result(struct wpa_supplicant *wpa_s, int res)
562{
563 size_t i, j;
230e3735
JM		 564 struct os_reltime now, tmp;
565 int dur;
566
567 os_get_reltime(&now);
568 os_reltime_sub(&now, &wpa_s->osu_icon_fetch_start, &tmp);
569 dur = tmp.sec * 1000 + tmp.usec / 1000;
570 wpa_printf(MSG_DEBUG, "HS 2.0: Icon fetch dur=%d ms res=%d",
571 dur, res);
572
b572df86
JM		 573 for (i = 0; i < wpa_s->osu_prov_count; i++) {
574 struct osu_provider *osu = &wpa_s->osu_prov[i];
575 for (j = 0; j < osu->icon_count; j++) {
576 struct osu_icon *icon = &osu->icon[j];
577 if (icon->id || icon->failed)
578 continue;
579 if (res < 0)
580 icon->failed = 1;
581 else
582 icon->id = wpa_s->osu_icon_id;
583 return;
584 }
585 }
586}
587
588
25471fe3 589void hs20_parse_rx_hs20_anqp_resp(struct wpa_supplicant *wpa_s,
8266e6c6 590 struct wpa_bss *bss, const u8 *sa,
8dd5c1b4 591 const u8 *data, size_t slen, u8 dialog_token)
25471fe3
JK		 592{
593 const u8 *pos = data;
594 u8 subtype;
476aed35 595 struct wpa_bss_anqp *anqp = NULL;
b572df86 596 int ret;
25471fe3
JK		 597
598 if (slen < 2)
599 return;
600
476aed35
JM		 601 if (bss)
602 anqp = bss->anqp;
603
25471fe3
JK		 604 subtype = *pos++;
605 slen--;
606
607 pos++; /* Reserved */
608 slen--;
609
610 switch (subtype) {
611 case HS20_STYPE_CAPABILITY_LIST:
f465c32d 612 wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR
25471fe3
JK		 613 " HS Capability List", MAC2STR(sa));
614 wpa_hexdump_ascii(MSG_DEBUG, "HS Capability List", pos, slen);
185ada47
AN		 615 if (anqp) {
616 wpabuf_free(anqp->hs20_capability_list);
617 anqp->hs20_capability_list =
618 wpabuf_alloc_copy(pos, slen);
619 }
25471fe3
JK		 620 break;
621 case HS20_STYPE_OPERATOR_FRIENDLY_NAME:
f465c32d 622 wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR
25471fe3
JK		 623 " Operator Friendly Name", MAC2STR(sa));
624 wpa_hexdump_ascii(MSG_DEBUG, "oper friendly name", pos, slen);
476aed35
JM		 625 if (anqp) {
626 wpabuf_free(anqp->hs20_operator_friendly_name);
627 anqp->hs20_operator_friendly_name =
25471fe3
JK		 628 wpabuf_alloc_copy(pos, slen);
629 }
630 break;
631 case HS20_STYPE_WAN_METRICS:
2edcd504
JM		 632 wpa_hexdump(MSG_DEBUG, "WAN Metrics", pos, slen);
633 if (slen < 13) {
634 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short WAN "
635 "Metrics value from " MACSTR, MAC2STR(sa));
636 break;
637 }
f465c32d 638 wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR
2edcd504
JM		 639 " WAN Metrics %02x:%u:%u:%u:%u:%u", MAC2STR(sa),
640 pos[0], WPA_GET_LE32(pos + 1), WPA_GET_LE32(pos + 5),
641 pos[9], pos[10], WPA_GET_LE16(pos + 11));
476aed35
JM		 642 if (anqp) {
643 wpabuf_free(anqp->hs20_wan_metrics);
644 anqp->hs20_wan_metrics = wpabuf_alloc_copy(pos, slen);
25471fe3
JK		 645 }
646 break;
647 case HS20_STYPE_CONNECTION_CAPABILITY:
f465c32d 648 wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR
25471fe3
JK		 649 " Connection Capability", MAC2STR(sa));
650 wpa_hexdump_ascii(MSG_DEBUG, "conn capability", pos, slen);
476aed35
JM		 651 if (anqp) {
652 wpabuf_free(anqp->hs20_connection_capability);
653 anqp->hs20_connection_capability =
25471fe3
JK		 654 wpabuf_alloc_copy(pos, slen);
655 }
656 break;
657 case HS20_STYPE_OPERATING_CLASS:
f465c32d 658 wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR
25471fe3
JK		 659 " Operating Class", MAC2STR(sa));
660 wpa_hexdump_ascii(MSG_DEBUG, "Operating Class", pos, slen);
476aed35
JM		 661 if (anqp) {
662 wpabuf_free(anqp->hs20_operating_class);
663 anqp->hs20_operating_class =
25471fe3
JK		 664 wpabuf_alloc_copy(pos, slen);
665 }
666 break;
1d2215fc 667 case HS20_STYPE_OSU_PROVIDERS_LIST:
f465c32d 668 wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR
1d2215fc 669 " OSU Providers list", MAC2STR(sa));
a6739e19 670 wpa_s->num_prov_found++;
1d2215fc
JM		 671 if (anqp) {
672 wpabuf_free(anqp->hs20_osu_providers_list);
673 anqp->hs20_osu_providers_list =
674 wpabuf_alloc_copy(pos, slen);
675 }
676 break;
184e110c 677 case HS20_STYPE_ICON_BINARY_FILE:
8dd5c1b4
JN		 678 ret = hs20_process_icon_binary_file(wpa_s, sa, pos, slen,
679 dialog_token);
b572df86
JM		 680 if (wpa_s->fetch_osu_icon_in_progress) {
681 hs20_osu_icon_fetch_result(wpa_s, ret);
682 eloop_cancel_timeout(hs20_continue_icon_fetch,
683 wpa_s, NULL);
684 eloop_register_timeout(0, 0, hs20_continue_icon_fetch,
685 wpa_s, NULL);
686 }
687 break;
6a8a04d7
JM		 688 case HS20_STYPE_OPERATOR_ICON_METADATA:
689 wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR
690 " Operator Icon Metadata", MAC2STR(sa));
691 wpa_hexdump(MSG_DEBUG, "Operator Icon Metadata", pos, slen);
692 if (anqp) {
693 wpabuf_free(anqp->hs20_operator_icon_metadata);
694 anqp->hs20_operator_icon_metadata =
695 wpabuf_alloc_copy(pos, slen);
696 }
697 break;
baf4c863
JM		 698 case HS20_STYPE_OSU_PROVIDERS_NAI_LIST:
699 wpa_msg(wpa_s, MSG_INFO, RX_HS20_ANQP MACSTR
700 " OSU Providers NAI List", MAC2STR(sa));
701 if (anqp) {
702 wpabuf_free(anqp->hs20_osu_providers_nai_list);
703 anqp->hs20_osu_providers_nai_list =
704 wpabuf_alloc_copy(pos, slen);
705 }
706 break;
b572df86
JM		 707 default:
708 wpa_printf(MSG_DEBUG, "HS20: Unsupported subtype %u", subtype);
709 break;
710 }
711}
712
713
714void hs20_notify_parse_done(struct wpa_supplicant *wpa_s)
715{
716 if (!wpa_s->fetch_osu_icon_in_progress)
717 return;
718 if (eloop_is_timeout_registered(hs20_continue_icon_fetch, wpa_s, NULL))
719 return;
720 /*
721 * We are going through icon fetch, but no icon response was received.
722 * Assume this means the current AP could not provide an answer to avoid
723 * getting stuck in fetch iteration.
724 */
725 hs20_icon_fetch_failed(wpa_s);
726}
727
728
729static void hs20_free_osu_prov_entry(struct osu_provider *prov)
730{
731}
732
733
734void hs20_free_osu_prov(struct wpa_supplicant *wpa_s)
735{
736 size_t i;
737 for (i = 0; i < wpa_s->osu_prov_count; i++)
738 hs20_free_osu_prov_entry(&wpa_s->osu_prov[i]);
739 os_free(wpa_s->osu_prov);
740 wpa_s->osu_prov = NULL;
741 wpa_s->osu_prov_count = 0;
742}
743
744
745static void hs20_osu_fetch_done(struct wpa_supplicant *wpa_s)
746{
747 char fname[256];
748 FILE *f;
749 size_t i, j;
750
751 wpa_s->fetch_osu_info = 0;
752 wpa_s->fetch_osu_icon_in_progress = 0;
184e110c 753
b572df86
JM		 754 if (wpa_s->conf->osu_dir == NULL) {
755 hs20_free_osu_prov(wpa_s);
756 wpa_s->fetch_anqp_in_progress = 0;
757 return;
758 }
759
760 snprintf(fname, sizeof(fname), "%s/osu-providers.txt",
761 wpa_s->conf->osu_dir);
762 f = fopen(fname, "w");
763 if (f == NULL) {
9636b07a
JM		 764 wpa_msg(wpa_s, MSG_INFO,
765 "Could not write OSU provider information");
b572df86 766 hs20_free_osu_prov(wpa_s);
cbf8d181 767 wpa_s->fetch_anqp_in_progress = 0;
b572df86
JM		 768 return;
769 }
d10b01d2
AN		 770
771 hs20_set_osu_access_permission(wpa_s->conf->osu_dir, fname);
772
b572df86
JM		 773 for (i = 0; i < wpa_s->osu_prov_count; i++) {
774 struct osu_provider *osu = &wpa_s->osu_prov[i];
775 if (i > 0)
776 fprintf(f, "\n");
777 fprintf(f, "OSU-PROVIDER " MACSTR "\n"
778 "uri=%s\n"
779 "methods=%08x\n",
780 MAC2STR(osu->bssid), osu->server_uri, osu->osu_methods);
781 if (osu->osu_ssid_len) {
782 fprintf(f, "osu_ssid=%s\n",
783 wpa_ssid_txt(osu->osu_ssid,
784 osu->osu_ssid_len));
785 }
075926ec
JM		 786 if (osu->osu_ssid2_len) {
787 fprintf(f, "osu_ssid2=%s\n",
788 wpa_ssid_txt(osu->osu_ssid2,
789 osu->osu_ssid2_len));
790 }
b572df86
JM		 791 if (osu->osu_nai[0])
792 fprintf(f, "osu_nai=%s\n", osu->osu_nai);
baf4c863
JM		 793 if (osu->osu_nai2[0])
794 fprintf(f, "osu_nai2=%s\n", osu->osu_nai2);
b572df86
JM		 795 for (j = 0; j < osu->friendly_name_count; j++) {
796 fprintf(f, "friendly_name=%s:%s\n",
797 osu->friendly_name[j].lang,
798 osu->friendly_name[j].text);
799 }
800 for (j = 0; j < osu->serv_desc_count; j++) {
801 fprintf(f, "desc=%s:%s\n",
802 osu->serv_desc[j].lang,
803 osu->serv_desc[j].text);
804 }
805 for (j = 0; j < osu->icon_count; j++) {
806 struct osu_icon *icon = &osu->icon[j];
807 if (icon->failed)
808 continue; /* could not fetch icon */
809 fprintf(f, "icon=%u:%u:%u:%s:%s:%s\n",
810 icon->id, icon->width, icon->height, icon->lang,
811 icon->icon_type, icon->filename);
812 }
813 }
814 fclose(f);
815 hs20_free_osu_prov(wpa_s);
816
817 wpa_msg(wpa_s, MSG_INFO, "OSU provider fetch completed");
818 wpa_s->fetch_anqp_in_progress = 0;
819}
820
821
822void hs20_next_osu_icon(struct wpa_supplicant *wpa_s)
823{
824 size_t i, j;
825
826 wpa_printf(MSG_DEBUG, "HS 2.0: Ready to fetch next icon");
827
828 for (i = 0; i < wpa_s->osu_prov_count; i++) {
829 struct osu_provider *osu = &wpa_s->osu_prov[i];
830 for (j = 0; j < osu->icon_count; j++) {
831 struct osu_icon *icon = &osu->icon[j];
832 if (icon->id || icon->failed)
833 continue;
834
835 wpa_printf(MSG_DEBUG, "HS 2.0: Try to fetch icon '%s' "
836 "from " MACSTR, icon->filename,
837 MAC2STR(osu->bssid));
230e3735 838 os_get_reltime(&wpa_s->osu_icon_fetch_start);
b572df86
JM		 839 if (hs20_anqp_send_req(wpa_s, osu->bssid,
840 BIT(HS20_STYPE_ICON_REQUEST),
841 (u8 *) icon->filename,
8dd5c1b4
JN		 842 os_strlen(icon->filename),
843 0) < 0) {
b572df86
JM		 844 icon->failed = 1;
845 continue;
846 }
847 return;
848 }
849 }
850
851 wpa_printf(MSG_DEBUG, "HS 2.0: No more icons to fetch");
852 hs20_osu_fetch_done(wpa_s);
853}
854
855
856static void hs20_osu_add_prov(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
857 const u8 *osu_ssid, u8 osu_ssid_len,
075926ec 858 const u8 *osu_ssid2, u8 osu_ssid2_len,
b572df86
JM		 859 const u8 *pos, size_t len)
860{
861 struct osu_provider *prov;
862 const u8 *end = pos + len;
863 u16 len2;
864 const u8 *pos2;
0570a3ea 865 u8 uri_len, osu_method_len, osu_nai_len;
b572df86
JM		 866
867 wpa_hexdump(MSG_DEBUG, "HS 2.0: Parsing OSU Provider", pos, len);
868 prov = os_realloc_array(wpa_s->osu_prov,
869 wpa_s->osu_prov_count + 1,
870 sizeof(*prov));
871 if (prov == NULL)
872 return;
873 wpa_s->osu_prov = prov;
874 prov = &prov[wpa_s->osu_prov_count];
875 os_memset(prov, 0, sizeof(*prov));
876
877 os_memcpy(prov->bssid, bss->bssid, ETH_ALEN);
878 os_memcpy(prov->osu_ssid, osu_ssid, osu_ssid_len);
879 prov->osu_ssid_len = osu_ssid_len;
075926ec
JM		 880 if (osu_ssid2)
881 os_memcpy(prov->osu_ssid2, osu_ssid2, osu_ssid2_len);
882 prov->osu_ssid2_len = osu_ssid2_len;
b572df86
JM		 883
884 /* OSU Friendly Name Length */
619fdfac 885 if (end - pos < 2) {
b572df86
JM		 886 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
887 "Friendly Name Length");
888 return;
889 }
890 len2 = WPA_GET_LE16(pos);
891 pos += 2;
0570a3ea 892 if (len2 > end - pos) {
b572df86
JM		 893 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
894 "Friendly Name Duples");
895 return;
896 }
897 pos2 = pos;
898 pos += len2;
899
900 /* OSU Friendly Name Duples */
619fdfac 901 while (pos - pos2 >= 4 && prov->friendly_name_count < OSU_MAX_ITEMS) {
b572df86 902 struct osu_lang_string *f;
619fdfac 903 if (1 + pos2[0] > pos - pos2 || pos2[0] < 3) {
b572df86
JM		 904 wpa_printf(MSG_DEBUG, "Invalid OSU Friendly Name");
905 break;
906 }
907 f = &prov->friendly_name[prov->friendly_name_count++];
908 os_memcpy(f->lang, pos2 + 1, 3);
909 os_memcpy(f->text, pos2 + 1 + 3, pos2[0] - 3);
910 pos2 += 1 + pos2[0];
911 }
912
913 /* OSU Server URI */
619fdfac 914 if (end - pos < 1) {
355e17eb
JM		 915 wpa_printf(MSG_DEBUG,
916 "HS 2.0: Not enough room for OSU Server URI length");
917 return;
918 }
919 uri_len = *pos++;
920 if (uri_len > end - pos) {
b572df86
JM		 921 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Server "
922 "URI");
923 return;
924 }
355e17eb
JM		 925 os_memcpy(prov->server_uri, pos, uri_len);
926 pos += uri_len;
b572df86
JM		 927
928 /* OSU Method list */
619fdfac 929 if (end - pos < 1) {
0570a3ea
JM		 930 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Method "
931 "list length");
932 return;
933 }
934 osu_method_len = pos[0];
935 if (osu_method_len > end - pos - 1) {
b572df86
JM		 936 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Method "
937 "list");
938 return;
939 }
940 pos2 = pos + 1;
0570a3ea 941 pos += 1 + osu_method_len;
b572df86
JM		 942 while (pos2 < pos) {
943 if (*pos2 < 32)
944 prov->osu_methods |= BIT(*pos2);
945 pos2++;
946 }
947
948 /* Icons Available Length */
619fdfac 949 if (end - pos < 2) {
b572df86
JM		 950 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for Icons "
951 "Available Length");
952 return;
953 }
954 len2 = WPA_GET_LE16(pos);
955 pos += 2;
0570a3ea 956 if (len2 > end - pos) {
b572df86
JM		 957 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for Icons "
958 "Available");
959 return;
960 }
961 pos2 = pos;
962 pos += len2;
963
964 /* Icons Available */
965 while (pos2 < pos) {
966 struct osu_icon *icon = &prov->icon[prov->icon_count];
0570a3ea
JM		 967 u8 flen;
968
619fdfac 969 if (2 + 2 + 3 + 1 + 1 > pos - pos2) {
b572df86 970 wpa_printf(MSG_DEBUG, "HS 2.0: Invalid Icon Metadata");
184e110c
JM		 971 break;
972 }
973
b572df86
JM		 974 icon->width = WPA_GET_LE16(pos2);
975 pos2 += 2;
976 icon->height = WPA_GET_LE16(pos2);
977 pos2 += 2;
978 os_memcpy(icon->lang, pos2, 3);
979 pos2 += 3;
184e110c 980
619fdfac
JM		 981 flen = *pos2++;
982 if (flen > pos - pos2) {
b572df86 983 wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon Type");
184e110c
JM		 984 break;
985 }
619fdfac
JM		 986 os_memcpy(icon->icon_type, pos2, flen);
987 pos2 += flen;
184e110c 988
619fdfac 989 if (pos - pos2 < 1) {
0570a3ea
JM		 990 wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon "
991 "Filename length");
992 break;
993 }
619fdfac
JM		 994 flen = *pos2++;
995 if (flen > pos - pos2) {
b572df86
JM		 996 wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon "
997 "Filename");
184e110c
JM		 998 break;
999 }
619fdfac
JM		 1000 os_memcpy(icon->filename, pos2, flen);
1001 pos2 += flen;
184e110c 1002
b572df86
JM		 1003 prov->icon_count++;
1004 }
1005
1006 /* OSU_NAI */
619fdfac 1007 if (end - pos < 1) {
b572df86
JM		 1008 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU_NAI");
1009 return;
1010 }
619fdfac
JM		 1011 osu_nai_len = *pos++;
1012 if (osu_nai_len > end - pos) {
0570a3ea
JM		 1013 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU_NAI");
1014 return;
1015 }
619fdfac
JM		 1016 os_memcpy(prov->osu_nai, pos, osu_nai_len);
1017 pos += osu_nai_len;
b572df86
JM		 1018
1019 /* OSU Service Description Length */
619fdfac 1020 if (end - pos < 2) {
b572df86
JM		 1021 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
1022 "Service Description Length");
1023 return;
1024 }
1025 len2 = WPA_GET_LE16(pos);
1026 pos += 2;
0570a3ea 1027 if (len2 > end - pos) {
b572df86
JM		 1028 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
1029 "Service Description Duples");
1030 return;
1031 }
1032 pos2 = pos;
1033 pos += len2;
1034
1035 /* OSU Service Description Duples */
619fdfac 1036 while (pos - pos2 >= 4 && prov->serv_desc_count < OSU_MAX_ITEMS) {
b572df86 1037 struct osu_lang_string *f;
0570a3ea
JM		 1038 u8 descr_len;
1039
619fdfac
JM		 1040 descr_len = *pos2++;
1041 if (descr_len > pos - pos2 || descr_len < 3) {
b572df86
JM		 1042 wpa_printf(MSG_DEBUG, "Invalid OSU Service "
1043 "Description");
184e110c
JM		 1044 break;
1045 }
b572df86 1046 f = &prov->serv_desc[prov->serv_desc_count++];
619fdfac
JM		 1047 os_memcpy(f->lang, pos2, 3);
1048 os_memcpy(f->text, pos2 + 3, descr_len - 3);
1049 pos2 += descr_len;
b572df86 1050 }
184e110c 1051
b572df86
JM		 1052 wpa_printf(MSG_DEBUG, "HS 2.0: Added OSU Provider through " MACSTR,
1053 MAC2STR(bss->bssid));
1054 wpa_s->osu_prov_count++;
1055}
1056
1057
1058void hs20_osu_icon_fetch(struct wpa_supplicant *wpa_s)
1059{
1060 struct wpa_bss *bss;
1061 struct wpabuf *prov_anqp;
1062 const u8 *pos, *end;
1063 u16 len;
075926ec
JM		 1064 const u8 *osu_ssid, *osu_ssid2;
1065 u8 osu_ssid_len, osu_ssid2_len;
b572df86
JM		 1066 u8 num_providers;
1067
1068 hs20_free_osu_prov(wpa_s);
1069
1070 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
075926ec
JM		 1071 struct wpa_ie_data data;
1072 const u8 *ie;
1073
b572df86
JM		 1074 if (bss->anqp == NULL)
1075 continue;
1076 prov_anqp = bss->anqp->hs20_osu_providers_list;
1077 if (prov_anqp == NULL)
1078 continue;
075926ec
JM		 1079 ie = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1080 if (ie && wpa_parse_wpa_ie(ie, 2 + ie[1], &data) == 0 &&
1081 (data.key_mgmt & WPA_KEY_MGMT_OSEN)) {
1082 osu_ssid2 = bss->ssid;
1083 osu_ssid2_len = bss->ssid_len;
1084 } else {
1085 osu_ssid2 = NULL;
1086 osu_ssid2_len = 0;
1087 }
b572df86
JM		 1088 wpa_printf(MSG_DEBUG, "HS 2.0: Parsing OSU Providers list from "
1089 MACSTR, MAC2STR(bss->bssid));
1090 wpa_hexdump_buf(MSG_DEBUG, "HS 2.0: OSU Providers list",
1091 prov_anqp);
1092 pos = wpabuf_head(prov_anqp);
1093 end = pos + wpabuf_len(prov_anqp);
1094
1095 /* OSU SSID */
619fdfac 1096 if (end - pos < 1)
b572df86 1097 continue;
619fdfac 1098 if (1 + pos[0] > end - pos) {
b572df86
JM		 1099 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for "
1100 "OSU SSID");
1101 continue;
1102 }
1103 osu_ssid_len = *pos++;
d9d1b952 1104 if (osu_ssid_len > SSID_MAX_LEN) {
b572df86
JM		 1105 wpa_printf(MSG_DEBUG, "HS 2.0: Invalid OSU SSID "
1106 "Length %u", osu_ssid_len);
1107 continue;
1108 }
1109 osu_ssid = pos;
1110 pos += osu_ssid_len;
1111
619fdfac 1112 if (end - pos < 1) {
b572df86
JM		 1113 wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for "
1114 "Number of OSU Providers");
1115 continue;
1116 }
1117 num_providers = *pos++;
1118 wpa_printf(MSG_DEBUG, "HS 2.0: Number of OSU Providers: %u",
1119 num_providers);
1120
1121 /* OSU Providers */
619fdfac 1122 while (end - pos > 2 && num_providers > 0) {
b572df86
JM		 1123 num_providers--;
1124 len = WPA_GET_LE16(pos);
1125 pos += 2;
5c58c0ce 1126 if (len > (unsigned int) (end - pos))
b572df86
JM		 1127 break;
1128 hs20_osu_add_prov(wpa_s, bss, osu_ssid,
075926ec
JM		 1129 osu_ssid_len, osu_ssid2,
1130 osu_ssid2_len, pos, len);
b572df86
JM		 1131 pos += len;
1132 }
1133
1134 if (pos != end) {
1135 wpa_printf(MSG_DEBUG, "HS 2.0: Ignored %d bytes of "
1136 "extra data after OSU Providers",
1137 (int) (end - pos));
1138 }
baf4c863
JM		 1139
1140 prov_anqp = bss->anqp->hs20_osu_providers_nai_list;
1141 if (!prov_anqp)
1142 continue;
1143 wpa_printf(MSG_DEBUG,
1144 "HS 2.0: Parsing OSU Providers NAI List from "
1145 MACSTR, MAC2STR(bss->bssid));
1146 wpa_hexdump_buf(MSG_DEBUG, "HS 2.0: OSU Providers NAI List",
1147 prov_anqp);
1148 pos = wpabuf_head(prov_anqp);
1149 end = pos + wpabuf_len(prov_anqp);
1150 num_providers = 0;
1151 while (end - pos > 0) {
1152 len = *pos++;
1153 if (end - pos < len) {
1154 wpa_printf(MSG_DEBUG,
1155 "HS 2.0: Not enough room for OSU_NAI");
1156 break;
1157 }
1158 if (num_providers >= wpa_s->osu_prov_count) {
1159 wpa_printf(MSG_DEBUG,
1160 "HS 2.0: Ignore unexpected OSU Provider NAI List entries");
1161 break;
1162 }
1163 os_memcpy(wpa_s->osu_prov[num_providers].osu_nai2,
1164 pos, len);
1165 pos += len;
1166 num_providers++;
1167 }
b572df86
JM		 1168 }
1169
1170 wpa_s->fetch_osu_icon_in_progress = 1;
1171 hs20_next_osu_icon(wpa_s);
1172}
1173
1174
1175static void hs20_osu_scan_res_handler(struct wpa_supplicant *wpa_s,
1176 struct wpa_scan_results *scan_res)
1177{
1178 wpa_printf(MSG_DEBUG, "OSU provisioning fetch scan completed");
568475b7
JM		 1179 if (!wpa_s->fetch_osu_waiting_scan) {
1180 wpa_printf(MSG_DEBUG, "OSU fetch have been canceled");
1181 return;
1182 }
b572df86
JM		 1183 wpa_s->network_select = 0;
1184 wpa_s->fetch_all_anqp = 1;
1185 wpa_s->fetch_osu_info = 1;
1186 wpa_s->fetch_osu_icon_in_progress = 0;
1187
1188 interworking_start_fetch_anqp(wpa_s);
1189}
1190
1191
dd20eabd 1192int hs20_fetch_osu(struct wpa_supplicant *wpa_s, int skip_scan)
b572df86
JM		 1193{
1194 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
1195 wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
1196 "interface disabled");
1197 return -1;
1198 }
1199
1200 if (wpa_s->scanning) {
1201 wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
1202 "scanning");
1203 return -1;
25471fe3 1204 }
b572df86
JM		 1205
1206 if (wpa_s->conf->osu_dir == NULL) {
1207 wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
1208 "osu_dir not configured");
1209 return -1;
1210 }
1211
1212 if (wpa_s->fetch_anqp_in_progress || wpa_s->network_select) {
1213 wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
1214 "fetch in progress (%d, %d)",
1215 wpa_s->fetch_anqp_in_progress,
1216 wpa_s->network_select);
1217 return -1;
1218 }
1219
1220 wpa_msg(wpa_s, MSG_INFO, "Starting OSU provisioning information fetch");
a6739e19
JM		 1221 wpa_s->num_osu_scans = 0;
1222 wpa_s->num_prov_found = 0;
dd20eabd
JM		 1223 if (skip_scan) {
1224 wpa_s->network_select = 0;
1225 wpa_s->fetch_all_anqp = 1;
1226 wpa_s->fetch_osu_info = 1;
1227 wpa_s->fetch_osu_icon_in_progress = 0;
1228
1229 interworking_start_fetch_anqp(wpa_s);
1230 } else {
1231 hs20_start_osu_scan(wpa_s);
1232 }
a6739e19
JM		 1233
1234 return 0;
1235}
1236
1237
1238void hs20_start_osu_scan(struct wpa_supplicant *wpa_s)
1239{
568475b7 1240 wpa_s->fetch_osu_waiting_scan = 1;
a6739e19 1241 wpa_s->num_osu_scans++;
b572df86
JM		 1242 wpa_s->scan_req = MANUAL_SCAN_REQ;
1243 wpa_s->scan_res_handler = hs20_osu_scan_res_handler;
1244 wpa_supplicant_req_scan(wpa_s, 0, 0);
b572df86
JM		 1245}
1246
1247
1248void hs20_cancel_fetch_osu(struct wpa_supplicant *wpa_s)
1249{
1250 wpa_printf(MSG_DEBUG, "Cancel OSU fetch");
1251 interworking_stop_fetch_anqp(wpa_s);
568475b7 1252 wpa_s->fetch_osu_waiting_scan = 0;
b572df86
JM		 1253 wpa_s->network_select = 0;
1254 wpa_s->fetch_osu_info = 0;
1255 wpa_s->fetch_osu_icon_in_progress = 0;
1256}
1257
1258
1259void hs20_icon_fetch_failed(struct wpa_supplicant *wpa_s)
1260{
1261 hs20_osu_icon_fetch_result(wpa_s, -1);
1262 eloop_cancel_timeout(hs20_continue_icon_fetch, wpa_s, NULL);
1263 eloop_register_timeout(0, 0, hs20_continue_icon_fetch, wpa_s, NULL);
25471fe3 1264}
95a3ea94
JM		 1265
1266
1267void hs20_rx_subscription_remediation(struct wpa_supplicant *wpa_s,
1268 const char *url, u8 osu_method)
1269{
1270 if (url)
1271 wpa_msg(wpa_s, MSG_INFO, HS20_SUBSCRIPTION_REMEDIATION "%u %s",
1272 osu_method, url);
1273 else
1274 wpa_msg(wpa_s, MSG_INFO, HS20_SUBSCRIPTION_REMEDIATION);
1275}
7ef69479
JM		 1276
1277
1278void hs20_rx_deauth_imminent_notice(struct wpa_supplicant *wpa_s, u8 code,
1279 u16 reauth_delay, const char *url)
1280{
1281 if (!wpa_sm_pmf_enabled(wpa_s->wpa)) {
1282 wpa_printf(MSG_DEBUG, "HS 2.0: Ignore deauthentication imminent notice since PMF was not enabled");
1283 return;
1284 }
1285
1286 wpa_msg(wpa_s, MSG_INFO, HS20_DEAUTH_IMMINENT_NOTICE "%u %u %s",
1287 code, reauth_delay, url);
1288
1289 if (code == HS20_DEAUTH_REASON_CODE_BSS) {
1290 wpa_printf(MSG_DEBUG, "HS 2.0: Add BSS to blacklist");
1291 wpa_blacklist_add(wpa_s, wpa_s->bssid);
533536d8
JM		 1292 /* TODO: For now, disable full ESS since some drivers may not
1293 * support disabling per BSS. */
1294 if (wpa_s->current_ssid) {
06c7b7f0
JM		 1295 struct os_reltime now;
1296 os_get_reltime(&now);
533536d8
JM		 1297 if (now.sec + reauth_delay <=
1298 wpa_s->current_ssid->disabled_until.sec)
1299 return;
1300 wpa_printf(MSG_DEBUG, "HS 2.0: Disable network for %u seconds (BSS)",
1301 reauth_delay);
1302 wpa_s->current_ssid->disabled_until.sec =
1303 now.sec + reauth_delay;
1304 }
7ef69479
JM		 1305 }
1306
1307 if (code == HS20_DEAUTH_REASON_CODE_ESS && wpa_s->current_ssid) {
06c7b7f0
JM		 1308 struct os_reltime now;
1309 os_get_reltime(&now);
7ef69479
JM		 1310 if (now.sec + reauth_delay <=
1311 wpa_s->current_ssid->disabled_until.sec)
1312 return;
1313 wpa_printf(MSG_DEBUG, "HS 2.0: Disable network for %u seconds",
1314 reauth_delay);
1315 wpa_s->current_ssid->disabled_until.sec =
1316 now.sec + reauth_delay;
1317 }
1318}
fb2ac53d
AC		 1319
1320
7fc6a024
JM		 1321void hs20_rx_t_c_acceptance(struct wpa_supplicant *wpa_s, const char *url)
1322{
1323 if (!wpa_sm_pmf_enabled(wpa_s->wpa)) {
1324 wpa_printf(MSG_DEBUG,
1325 "HS 2.0: Ignore Terms and Conditions Acceptance since PMF was not enabled");
1326 return;
1327 }
1328
1329 wpa_msg(wpa_s, MSG_INFO, HS20_T_C_ACCEPTANCE "%s", url);
1330}
1331
1332
ca9968a0
JM		 1333void hs20_init(struct wpa_supplicant *wpa_s)
1334{
1335 dl_list_init(&wpa_s->icon_head);
1336}
1337
1338
fb2ac53d
AC		 1339void hs20_deinit(struct wpa_supplicant *wpa_s)
1340{
1341 eloop_cancel_timeout(hs20_continue_icon_fetch, wpa_s, NULL);
1342 hs20_free_osu_prov(wpa_s);
ca9968a0
JM		 1343 if (wpa_s->icon_head.next)
1344 hs20_del_icon(wpa_s, NULL, NULL);
fb2ac53d 1345}
Unnamed repository; edit this file 'description' to name the repository.