Line data Source code
1 : /*
2 : * Copyright (c) 2009, Atheros Communications, Inc.
3 : * Copyright (c) 2011-2013, Qualcomm Atheros, Inc.
4 : *
5 : * This software may be distributed under the terms of the BSD license.
6 : * See README for more details.
7 : */
8 :
9 : #include "includes.h"
10 : #include <sys/stat.h>
11 :
12 : #include "common.h"
13 : #include "eloop.h"
14 : #include "common/ieee802_11_common.h"
15 : #include "common/ieee802_11_defs.h"
16 : #include "common/gas.h"
17 : #include "common/wpa_ctrl.h"
18 : #include "rsn_supp/wpa.h"
19 : #include "wpa_supplicant_i.h"
20 : #include "driver_i.h"
21 : #include "config.h"
22 : #include "scan.h"
23 : #include "bss.h"
24 : #include "blacklist.h"
25 : #include "gas_query.h"
26 : #include "interworking.h"
27 : #include "hs20_supplicant.h"
28 :
29 :
30 : #define OSU_MAX_ITEMS 10
31 :
32 : struct osu_lang_string {
33 : char lang[4];
34 : char text[253];
35 : };
36 :
37 : struct osu_icon {
38 : u16 width;
39 : u16 height;
40 : char lang[4];
41 : char icon_type[256];
42 : char filename[256];
43 : unsigned int id;
44 : unsigned int failed:1;
45 : };
46 :
47 : struct osu_provider {
48 : u8 bssid[ETH_ALEN];
49 : u8 osu_ssid[32];
50 : u8 osu_ssid_len;
51 : char server_uri[256];
52 : u32 osu_methods; /* bit 0 = OMA-DM, bit 1 = SOAP-XML SPP */
53 : char osu_nai[256];
54 : struct osu_lang_string friendly_name[OSU_MAX_ITEMS];
55 : size_t friendly_name_count;
56 : struct osu_lang_string serv_desc[OSU_MAX_ITEMS];
57 : size_t serv_desc_count;
58 : struct osu_icon icon[OSU_MAX_ITEMS];
59 : size_t icon_count;
60 : };
61 :
62 :
63 723 : void wpas_hs20_add_indication(struct wpabuf *buf, int pps_mo_id)
64 : {
65 : u8 conf;
66 :
67 723 : wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC);
68 723 : wpabuf_put_u8(buf, pps_mo_id >= 0 ? 7 : 5);
69 723 : wpabuf_put_be24(buf, OUI_WFA);
70 723 : wpabuf_put_u8(buf, HS20_INDICATION_OUI_TYPE);
71 723 : conf = HS20_VERSION;
72 723 : if (pps_mo_id >= 0)
73 90 : conf |= HS20_PPS_MO_ID_PRESENT;
74 723 : wpabuf_put_u8(buf, conf);
75 723 : if (pps_mo_id >= 0)
76 90 : wpabuf_put_le16(buf, pps_mo_id);
77 723 : }
78 :
79 :
80 2461 : int is_hs20_network(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
81 : struct wpa_bss *bss)
82 : {
83 2461 : if (!wpa_s->conf->hs20 || !ssid)
84 1787 : return 0;
85 :
86 674 : if (ssid->parent_cred)
87 89 : return 1;
88 :
89 585 : if (bss && !wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE))
90 584 : return 0;
91 :
92 : /*
93 : * This may catch some non-Hotspot 2.0 cases, but it is safer to do that
94 : * than cause Hotspot 2.0 connections without indication element getting
95 : * added. Non-Hotspot 2.0 APs should ignore the unknown vendor element.
96 : */
97 :
98 1 : if (!(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X))
99 0 : return 0;
100 1 : if (!(ssid->pairwise_cipher & WPA_CIPHER_CCMP))
101 0 : return 0;
102 1 : if (ssid->proto != WPA_PROTO_RSN)
103 0 : return 0;
104 :
105 1 : return 1;
106 : }
107 :
108 :
109 90 : int hs20_get_pps_mo_id(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
110 : {
111 : struct wpa_cred *cred;
112 :
113 90 : if (ssid == NULL)
114 0 : return 0;
115 :
116 90 : if (ssid->update_identifier)
117 1 : return ssid->update_identifier;
118 :
119 89 : if (ssid->parent_cred == NULL)
120 0 : return 0;
121 :
122 93 : for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
123 93 : if (ssid->parent_cred == cred)
124 89 : return cred->update_identifier;
125 : }
126 :
127 0 : return 0;
128 : }
129 :
130 :
131 9 : void hs20_put_anqp_req(u32 stypes, const u8 *payload, size_t payload_len,
132 : struct wpabuf *buf)
133 : {
134 : u8 *len_pos;
135 :
136 9 : if (buf == NULL)
137 9 : return;
138 :
139 9 : len_pos = gas_anqp_add_element(buf, ANQP_VENDOR_SPECIFIC);
140 9 : wpabuf_put_be24(buf, OUI_WFA);
141 9 : wpabuf_put_u8(buf, HS20_ANQP_OUI_TYPE);
142 9 : if (stypes == BIT(HS20_STYPE_NAI_HOME_REALM_QUERY)) {
143 4 : wpabuf_put_u8(buf, HS20_STYPE_NAI_HOME_REALM_QUERY);
144 4 : wpabuf_put_u8(buf, 0); /* Reserved */
145 4 : if (payload)
146 4 : wpabuf_put_data(buf, payload, payload_len);
147 5 : } else if (stypes == BIT(HS20_STYPE_ICON_REQUEST)) {
148 3 : wpabuf_put_u8(buf, HS20_STYPE_ICON_REQUEST);
149 3 : wpabuf_put_u8(buf, 0); /* Reserved */
150 3 : if (payload)
151 3 : wpabuf_put_data(buf, payload, payload_len);
152 : } else {
153 : u8 i;
154 2 : wpabuf_put_u8(buf, HS20_STYPE_QUERY_LIST);
155 2 : wpabuf_put_u8(buf, 0); /* Reserved */
156 66 : for (i = 0; i < 32; i++) {
157 64 : if (stypes & BIT(i))
158 4 : wpabuf_put_u8(buf, i);
159 : }
160 : }
161 9 : gas_anqp_set_element_len(buf, len_pos);
162 :
163 9 : gas_anqp_set_len(buf);
164 : }
165 :
166 :
167 8 : struct wpabuf * hs20_build_anqp_req(u32 stypes, const u8 *payload,
168 : size_t payload_len)
169 : {
170 : struct wpabuf *buf;
171 :
172 8 : buf = gas_anqp_build_initial_req(0, 100 + payload_len);
173 8 : if (buf == NULL)
174 0 : return NULL;
175 :
176 8 : hs20_put_anqp_req(stypes, payload, payload_len, buf);
177 :
178 8 : return buf;
179 : }
180 :
181 :
182 8 : int hs20_anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst, u32 stypes,
183 : const u8 *payload, size_t payload_len)
184 : {
185 : struct wpabuf *buf;
186 8 : int ret = 0;
187 : int freq;
188 : struct wpa_bss *bss;
189 : int res;
190 :
191 8 : freq = wpa_s->assoc_freq;
192 8 : bss = wpa_bss_get_bssid(wpa_s, dst);
193 8 : if (bss) {
194 8 : wpa_bss_anqp_unshare_alloc(bss);
195 8 : freq = bss->freq;
196 : }
197 8 : if (freq <= 0)
198 0 : return -1;
199 :
200 48 : wpa_printf(MSG_DEBUG, "HS20: ANQP Query Request to " MACSTR " for "
201 48 : "subtypes 0x%x", MAC2STR(dst), stypes);
202 :
203 8 : buf = hs20_build_anqp_req(stypes, payload, payload_len);
204 8 : if (buf == NULL)
205 0 : return -1;
206 :
207 8 : res = gas_query_req(wpa_s->gas, dst, freq, buf, anqp_resp_cb, wpa_s);
208 8 : if (res < 0) {
209 0 : wpa_printf(MSG_DEBUG, "ANQP: Failed to send Query Request");
210 0 : wpabuf_free(buf);
211 0 : ret = -1;
212 : } else
213 8 : wpa_printf(MSG_DEBUG, "ANQP: Query started with dialog token "
214 : "%u", res);
215 :
216 8 : return ret;
217 : }
218 :
219 :
220 3 : static void hs20_set_osu_access_permission(const char *osu_dir,
221 : const char *fname)
222 : {
223 : struct stat statbuf;
224 :
225 : /* Get OSU directory information */
226 3 : if (stat(osu_dir, &statbuf) < 0) {
227 0 : wpa_printf(MSG_WARNING, "Cannot stat the OSU directory %s",
228 : osu_dir);
229 0 : return;
230 : }
231 :
232 3 : if (chmod(fname, statbuf.st_mode) < 0) {
233 0 : wpa_printf(MSG_WARNING,
234 : "Cannot change the permissions for %s", fname);
235 0 : return;
236 : }
237 :
238 3 : if (chown(fname, statbuf.st_uid, statbuf.st_gid) < 0) {
239 0 : wpa_printf(MSG_WARNING, "Cannot change the ownership for %s",
240 : fname);
241 : }
242 : }
243 :
244 3 : static int hs20_process_icon_binary_file(struct wpa_supplicant *wpa_s,
245 : const u8 *sa, const u8 *pos,
246 : size_t slen)
247 : {
248 : char fname[256];
249 : int png;
250 : FILE *f;
251 : u16 data_len;
252 :
253 18 : wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR " Icon Binary File",
254 18 : MAC2STR(sa));
255 :
256 3 : if (slen < 4) {
257 0 : wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File "
258 : "value from " MACSTR, MAC2STR(sa));
259 0 : return -1;
260 : }
261 :
262 3 : wpa_printf(MSG_DEBUG, "HS 2.0: Download Status Code %u", *pos);
263 3 : if (*pos != 0)
264 0 : return -1;
265 3 : pos++;
266 3 : slen--;
267 :
268 3 : if ((size_t) 1 + pos[0] > slen) {
269 0 : wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File "
270 : "value from " MACSTR, MAC2STR(sa));
271 0 : return -1;
272 : }
273 3 : wpa_hexdump_ascii(MSG_DEBUG, "Icon Type", pos + 1, pos[0]);
274 3 : png = os_strncasecmp((char *) pos + 1, "image/png", 9) == 0;
275 3 : slen -= 1 + pos[0];
276 3 : pos += 1 + pos[0];
277 :
278 3 : if (slen < 2) {
279 0 : wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File "
280 : "value from " MACSTR, MAC2STR(sa));
281 0 : return -1;
282 : }
283 3 : data_len = WPA_GET_LE16(pos);
284 3 : pos += 2;
285 3 : slen -= 2;
286 :
287 3 : if (data_len > slen) {
288 0 : wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short Icon Binary File "
289 : "value from " MACSTR, MAC2STR(sa));
290 0 : return -1;
291 : }
292 :
293 3 : wpa_printf(MSG_DEBUG, "Icon Binary Data: %u bytes", data_len);
294 3 : if (wpa_s->conf->osu_dir == NULL)
295 1 : return -1;
296 :
297 2 : wpa_s->osu_icon_id++;
298 2 : if (wpa_s->osu_icon_id == 0)
299 0 : wpa_s->osu_icon_id++;
300 4 : snprintf(fname, sizeof(fname), "%s/osu-icon-%u.%s",
301 2 : wpa_s->conf->osu_dir, wpa_s->osu_icon_id,
302 : png ? "png" : "icon");
303 2 : f = fopen(fname, "wb");
304 2 : if (f == NULL)
305 0 : return -1;
306 :
307 2 : hs20_set_osu_access_permission(wpa_s->conf->osu_dir, fname);
308 :
309 2 : if (fwrite(pos, slen, 1, f) != 1) {
310 0 : fclose(f);
311 0 : unlink(fname);
312 0 : return -1;
313 : }
314 2 : fclose(f);
315 :
316 2 : wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP-ICON %s", fname);
317 2 : return 0;
318 : }
319 :
320 :
321 2 : static void hs20_continue_icon_fetch(void *eloop_ctx, void *sock_ctx)
322 : {
323 2 : struct wpa_supplicant *wpa_s = eloop_ctx;
324 2 : if (wpa_s->fetch_osu_icon_in_progress)
325 2 : hs20_next_osu_icon(wpa_s);
326 2 : }
327 :
328 :
329 2 : static void hs20_osu_icon_fetch_result(struct wpa_supplicant *wpa_s, int res)
330 : {
331 : size_t i, j;
332 : struct os_reltime now, tmp;
333 : int dur;
334 :
335 2 : os_get_reltime(&now);
336 2 : os_reltime_sub(&now, &wpa_s->osu_icon_fetch_start, &tmp);
337 2 : dur = tmp.sec * 1000 + tmp.usec / 1000;
338 2 : wpa_printf(MSG_DEBUG, "HS 2.0: Icon fetch dur=%d ms res=%d",
339 : dur, res);
340 :
341 3 : for (i = 0; i < wpa_s->osu_prov_count; i++) {
342 3 : struct osu_provider *osu = &wpa_s->osu_prov[i];
343 8 : for (j = 0; j < osu->icon_count; j++) {
344 3 : struct osu_icon *icon = &osu->icon[j];
345 3 : if (icon->id || icon->failed)
346 1 : continue;
347 2 : if (res < 0)
348 0 : icon->failed = 1;
349 : else
350 2 : icon->id = wpa_s->osu_icon_id;
351 4 : return;
352 : }
353 : }
354 : }
355 :
356 :
357 247 : void hs20_parse_rx_hs20_anqp_resp(struct wpa_supplicant *wpa_s,
358 : struct wpa_bss *bss, const u8 *sa,
359 : const u8 *data, size_t slen)
360 : {
361 247 : const u8 *pos = data;
362 : u8 subtype;
363 247 : struct wpa_bss_anqp *anqp = NULL;
364 : int ret;
365 :
366 247 : if (slen < 2)
367 247 : return;
368 :
369 247 : if (bss)
370 247 : anqp = bss->anqp;
371 :
372 247 : subtype = *pos++;
373 247 : slen--;
374 :
375 247 : pos++; /* Reserved */
376 247 : slen--;
377 :
378 247 : switch (subtype) {
379 : case HS20_STYPE_CAPABILITY_LIST:
380 1032 : wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR
381 1032 : " HS Capability List", MAC2STR(sa));
382 172 : wpa_hexdump_ascii(MSG_DEBUG, "HS Capability List", pos, slen);
383 172 : break;
384 : case HS20_STYPE_OPERATOR_FRIENDLY_NAME:
385 30 : wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR
386 30 : " Operator Friendly Name", MAC2STR(sa));
387 5 : wpa_hexdump_ascii(MSG_DEBUG, "oper friendly name", pos, slen);
388 5 : if (anqp) {
389 5 : wpabuf_free(anqp->hs20_operator_friendly_name);
390 5 : anqp->hs20_operator_friendly_name =
391 5 : wpabuf_alloc_copy(pos, slen);
392 : }
393 5 : break;
394 : case HS20_STYPE_WAN_METRICS:
395 36 : wpa_hexdump(MSG_DEBUG, "WAN Metrics", pos, slen);
396 36 : if (slen < 13) {
397 0 : wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short WAN "
398 : "Metrics value from " MACSTR, MAC2STR(sa));
399 0 : break;
400 : }
401 360 : wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR
402 216 : " WAN Metrics %02x:%u:%u:%u:%u:%u", MAC2STR(sa),
403 36 : pos[0], WPA_GET_LE32(pos + 1), WPA_GET_LE32(pos + 5),
404 108 : pos[9], pos[10], WPA_GET_LE16(pos + 11));
405 36 : if (anqp) {
406 36 : wpabuf_free(anqp->hs20_wan_metrics);
407 36 : anqp->hs20_wan_metrics = wpabuf_alloc_copy(pos, slen);
408 : }
409 36 : break;
410 : case HS20_STYPE_CONNECTION_CAPABILITY:
411 120 : wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR
412 120 : " Connection Capability", MAC2STR(sa));
413 20 : wpa_hexdump_ascii(MSG_DEBUG, "conn capability", pos, slen);
414 20 : if (anqp) {
415 20 : wpabuf_free(anqp->hs20_connection_capability);
416 20 : anqp->hs20_connection_capability =
417 20 : wpabuf_alloc_copy(pos, slen);
418 : }
419 20 : break;
420 : case HS20_STYPE_OPERATING_CLASS:
421 54 : wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR
422 54 : " Operating Class", MAC2STR(sa));
423 9 : wpa_hexdump_ascii(MSG_DEBUG, "Operating Class", pos, slen);
424 9 : if (anqp) {
425 9 : wpabuf_free(anqp->hs20_operating_class);
426 9 : anqp->hs20_operating_class =
427 9 : wpabuf_alloc_copy(pos, slen);
428 : }
429 9 : break;
430 : case HS20_STYPE_OSU_PROVIDERS_LIST:
431 12 : wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR
432 12 : " OSU Providers list", MAC2STR(sa));
433 2 : wpa_s->num_prov_found++;
434 2 : if (anqp) {
435 2 : wpabuf_free(anqp->hs20_osu_providers_list);
436 2 : anqp->hs20_osu_providers_list =
437 2 : wpabuf_alloc_copy(pos, slen);
438 : }
439 2 : break;
440 : case HS20_STYPE_ICON_BINARY_FILE:
441 3 : ret = hs20_process_icon_binary_file(wpa_s, sa, pos, slen);
442 3 : if (wpa_s->fetch_osu_icon_in_progress) {
443 2 : hs20_osu_icon_fetch_result(wpa_s, ret);
444 2 : eloop_cancel_timeout(hs20_continue_icon_fetch,
445 : wpa_s, NULL);
446 2 : eloop_register_timeout(0, 0, hs20_continue_icon_fetch,
447 : wpa_s, NULL);
448 : }
449 3 : break;
450 : default:
451 0 : wpa_printf(MSG_DEBUG, "HS20: Unsupported subtype %u", subtype);
452 0 : break;
453 : }
454 : }
455 :
456 :
457 188 : void hs20_notify_parse_done(struct wpa_supplicant *wpa_s)
458 : {
459 188 : if (!wpa_s->fetch_osu_icon_in_progress)
460 186 : return;
461 2 : if (eloop_is_timeout_registered(hs20_continue_icon_fetch, wpa_s, NULL))
462 2 : return;
463 : /*
464 : * We are going through icon fetch, but no icon response was received.
465 : * Assume this means the current AP could not provide an answer to avoid
466 : * getting stuck in fetch iteration.
467 : */
468 0 : hs20_icon_fetch_failed(wpa_s);
469 : }
470 :
471 :
472 2 : static void hs20_free_osu_prov_entry(struct osu_provider *prov)
473 : {
474 2 : }
475 :
476 :
477 214 : void hs20_free_osu_prov(struct wpa_supplicant *wpa_s)
478 : {
479 : size_t i;
480 216 : for (i = 0; i < wpa_s->osu_prov_count; i++)
481 2 : hs20_free_osu_prov_entry(&wpa_s->osu_prov[i]);
482 214 : os_free(wpa_s->osu_prov);
483 214 : wpa_s->osu_prov = NULL;
484 214 : wpa_s->osu_prov_count = 0;
485 214 : }
486 :
487 :
488 1 : static void hs20_osu_fetch_done(struct wpa_supplicant *wpa_s)
489 : {
490 : char fname[256];
491 : FILE *f;
492 : size_t i, j;
493 :
494 1 : wpa_s->fetch_osu_info = 0;
495 1 : wpa_s->fetch_osu_icon_in_progress = 0;
496 :
497 1 : if (wpa_s->conf->osu_dir == NULL) {
498 0 : hs20_free_osu_prov(wpa_s);
499 0 : wpa_s->fetch_anqp_in_progress = 0;
500 0 : return;
501 : }
502 :
503 1 : snprintf(fname, sizeof(fname), "%s/osu-providers.txt",
504 1 : wpa_s->conf->osu_dir);
505 1 : f = fopen(fname, "w");
506 1 : if (f == NULL) {
507 0 : hs20_free_osu_prov(wpa_s);
508 0 : return;
509 : }
510 :
511 1 : hs20_set_osu_access_permission(wpa_s->conf->osu_dir, fname);
512 :
513 3 : for (i = 0; i < wpa_s->osu_prov_count; i++) {
514 2 : struct osu_provider *osu = &wpa_s->osu_prov[i];
515 2 : if (i > 0)
516 1 : fprintf(f, "\n");
517 14 : fprintf(f, "OSU-PROVIDER " MACSTR "\n"
518 : "uri=%s\n"
519 : "methods=%08x\n",
520 12 : MAC2STR(osu->bssid), osu->server_uri, osu->osu_methods);
521 2 : if (osu->osu_ssid_len) {
522 4 : fprintf(f, "osu_ssid=%s\n",
523 2 : wpa_ssid_txt(osu->osu_ssid,
524 2 : osu->osu_ssid_len));
525 : }
526 2 : if (osu->osu_nai[0])
527 1 : fprintf(f, "osu_nai=%s\n", osu->osu_nai);
528 6 : for (j = 0; j < osu->friendly_name_count; j++) {
529 4 : fprintf(f, "friendly_name=%s:%s\n",
530 4 : osu->friendly_name[j].lang,
531 4 : osu->friendly_name[j].text);
532 : }
533 6 : for (j = 0; j < osu->serv_desc_count; j++) {
534 4 : fprintf(f, "desc=%s:%s\n",
535 4 : osu->serv_desc[j].lang,
536 4 : osu->serv_desc[j].text);
537 : }
538 4 : for (j = 0; j < osu->icon_count; j++) {
539 2 : struct osu_icon *icon = &osu->icon[j];
540 2 : if (icon->failed)
541 0 : continue; /* could not fetch icon */
542 4 : fprintf(f, "icon=%u:%u:%u:%s:%s:%s\n",
543 4 : icon->id, icon->width, icon->height, icon->lang,
544 2 : icon->icon_type, icon->filename);
545 : }
546 : }
547 1 : fclose(f);
548 1 : hs20_free_osu_prov(wpa_s);
549 :
550 1 : wpa_msg(wpa_s, MSG_INFO, "OSU provider fetch completed");
551 1 : wpa_s->fetch_anqp_in_progress = 0;
552 : }
553 :
554 :
555 3 : void hs20_next_osu_icon(struct wpa_supplicant *wpa_s)
556 : {
557 : size_t i, j;
558 :
559 3 : wpa_printf(MSG_DEBUG, "HS 2.0: Ready to fetch next icon");
560 :
561 6 : for (i = 0; i < wpa_s->osu_prov_count; i++) {
562 5 : struct osu_provider *osu = &wpa_s->osu_prov[i];
563 8 : for (j = 0; j < osu->icon_count; j++) {
564 5 : struct osu_icon *icon = &osu->icon[j];
565 5 : if (icon->id || icon->failed)
566 3 : continue;
567 :
568 14 : wpa_printf(MSG_DEBUG, "HS 2.0: Try to fetch icon '%s' "
569 2 : "from " MACSTR, icon->filename,
570 12 : MAC2STR(osu->bssid));
571 2 : os_get_reltime(&wpa_s->osu_icon_fetch_start);
572 4 : if (hs20_anqp_send_req(wpa_s, osu->bssid,
573 : BIT(HS20_STYPE_ICON_REQUEST),
574 2 : (u8 *) icon->filename,
575 2 : os_strlen(icon->filename)) < 0) {
576 0 : icon->failed = 1;
577 0 : continue;
578 : }
579 5 : return;
580 : }
581 : }
582 :
583 1 : wpa_printf(MSG_DEBUG, "HS 2.0: No more icons to fetch");
584 1 : hs20_osu_fetch_done(wpa_s);
585 : }
586 :
587 :
588 2 : static void hs20_osu_add_prov(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
589 : const u8 *osu_ssid, u8 osu_ssid_len,
590 : const u8 *pos, size_t len)
591 : {
592 : struct osu_provider *prov;
593 2 : const u8 *end = pos + len;
594 : u16 len2;
595 : const u8 *pos2;
596 : u8 uri_len, osu_method_len, osu_nai_len;
597 :
598 2 : wpa_hexdump(MSG_DEBUG, "HS 2.0: Parsing OSU Provider", pos, len);
599 2 : prov = os_realloc_array(wpa_s->osu_prov,
600 2 : wpa_s->osu_prov_count + 1,
601 : sizeof(*prov));
602 2 : if (prov == NULL)
603 0 : return;
604 2 : wpa_s->osu_prov = prov;
605 2 : prov = &prov[wpa_s->osu_prov_count];
606 2 : os_memset(prov, 0, sizeof(*prov));
607 :
608 2 : os_memcpy(prov->bssid, bss->bssid, ETH_ALEN);
609 2 : os_memcpy(prov->osu_ssid, osu_ssid, osu_ssid_len);
610 2 : prov->osu_ssid_len = osu_ssid_len;
611 :
612 : /* OSU Friendly Name Length */
613 2 : if (pos + 2 > end) {
614 0 : wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
615 : "Friendly Name Length");
616 0 : return;
617 : }
618 2 : len2 = WPA_GET_LE16(pos);
619 2 : pos += 2;
620 2 : if (len2 > end - pos) {
621 0 : wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
622 : "Friendly Name Duples");
623 0 : return;
624 : }
625 2 : pos2 = pos;
626 2 : pos += len2;
627 :
628 : /* OSU Friendly Name Duples */
629 8 : while (pos2 + 4 <= pos && prov->friendly_name_count < OSU_MAX_ITEMS) {
630 : struct osu_lang_string *f;
631 4 : if (pos2 + 1 + pos2[0] > pos || pos2[0] < 3) {
632 0 : wpa_printf(MSG_DEBUG, "Invalid OSU Friendly Name");
633 0 : break;
634 : }
635 4 : f = &prov->friendly_name[prov->friendly_name_count++];
636 4 : os_memcpy(f->lang, pos2 + 1, 3);
637 4 : os_memcpy(f->text, pos2 + 1 + 3, pos2[0] - 3);
638 4 : pos2 += 1 + pos2[0];
639 : }
640 :
641 : /* OSU Server URI */
642 2 : if (pos + 1 > end) {
643 0 : wpa_printf(MSG_DEBUG,
644 : "HS 2.0: Not enough room for OSU Server URI length");
645 0 : return;
646 : }
647 2 : uri_len = *pos++;
648 2 : if (uri_len > end - pos) {
649 0 : wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Server "
650 : "URI");
651 0 : return;
652 : }
653 2 : os_memcpy(prov->server_uri, pos, uri_len);
654 2 : pos += uri_len;
655 :
656 : /* OSU Method list */
657 2 : if (pos + 1 > end) {
658 0 : wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Method "
659 : "list length");
660 0 : return;
661 : }
662 2 : osu_method_len = pos[0];
663 2 : if (osu_method_len > end - pos - 1) {
664 0 : wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Method "
665 : "list");
666 0 : return;
667 : }
668 2 : pos2 = pos + 1;
669 2 : pos += 1 + osu_method_len;
670 6 : while (pos2 < pos) {
671 2 : if (*pos2 < 32)
672 2 : prov->osu_methods |= BIT(*pos2);
673 2 : pos2++;
674 : }
675 :
676 : /* Icons Available Length */
677 2 : if (pos + 2 > end) {
678 0 : wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for Icons "
679 : "Available Length");
680 0 : return;
681 : }
682 2 : len2 = WPA_GET_LE16(pos);
683 2 : pos += 2;
684 2 : if (len2 > end - pos) {
685 0 : wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for Icons "
686 : "Available");
687 0 : return;
688 : }
689 2 : pos2 = pos;
690 2 : pos += len2;
691 :
692 : /* Icons Available */
693 6 : while (pos2 < pos) {
694 2 : struct osu_icon *icon = &prov->icon[prov->icon_count];
695 : u8 flen;
696 :
697 2 : if (pos2 + 2 + 2 + 3 + 1 + 1 > pos) {
698 0 : wpa_printf(MSG_DEBUG, "HS 2.0: Invalid Icon Metadata");
699 0 : break;
700 : }
701 :
702 2 : icon->width = WPA_GET_LE16(pos2);
703 2 : pos2 += 2;
704 2 : icon->height = WPA_GET_LE16(pos2);
705 2 : pos2 += 2;
706 2 : os_memcpy(icon->lang, pos2, 3);
707 2 : pos2 += 3;
708 :
709 2 : flen = pos2[0];
710 2 : if (flen > pos - pos2 - 1) {
711 0 : wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon Type");
712 0 : break;
713 : }
714 2 : os_memcpy(icon->icon_type, pos2 + 1, flen);
715 2 : pos2 += 1 + flen;
716 :
717 2 : if (pos2 + 1 > pos) {
718 0 : wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon "
719 : "Filename length");
720 0 : break;
721 : }
722 2 : flen = pos2[0];
723 2 : if (flen > pos - pos2 - 1) {
724 0 : wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon "
725 : "Filename");
726 0 : break;
727 : }
728 2 : os_memcpy(icon->filename, pos2 + 1, flen);
729 2 : pos2 += 1 + flen;
730 :
731 2 : prov->icon_count++;
732 : }
733 :
734 : /* OSU_NAI */
735 2 : if (pos + 1 > end) {
736 0 : wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU_NAI");
737 0 : return;
738 : }
739 2 : osu_nai_len = pos[0];
740 2 : if (osu_nai_len > end - pos - 1) {
741 0 : wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU_NAI");
742 0 : return;
743 : }
744 2 : os_memcpy(prov->osu_nai, pos + 1, osu_nai_len);
745 2 : pos += 1 + osu_nai_len;
746 :
747 : /* OSU Service Description Length */
748 2 : if (pos + 2 > end) {
749 0 : wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
750 : "Service Description Length");
751 0 : return;
752 : }
753 2 : len2 = WPA_GET_LE16(pos);
754 2 : pos += 2;
755 2 : if (len2 > end - pos) {
756 0 : wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
757 : "Service Description Duples");
758 0 : return;
759 : }
760 2 : pos2 = pos;
761 2 : pos += len2;
762 :
763 : /* OSU Service Description Duples */
764 8 : while (pos2 + 4 <= pos && prov->serv_desc_count < OSU_MAX_ITEMS) {
765 : struct osu_lang_string *f;
766 : u8 descr_len;
767 :
768 4 : descr_len = pos2[0];
769 4 : if (descr_len > pos - pos2 - 1 || descr_len < 3) {
770 0 : wpa_printf(MSG_DEBUG, "Invalid OSU Service "
771 : "Description");
772 0 : break;
773 : }
774 4 : f = &prov->serv_desc[prov->serv_desc_count++];
775 4 : os_memcpy(f->lang, pos2 + 1, 3);
776 4 : os_memcpy(f->text, pos2 + 1 + 3, descr_len - 3);
777 4 : pos2 += 1 + descr_len;
778 : }
779 :
780 12 : wpa_printf(MSG_DEBUG, "HS 2.0: Added OSU Provider through " MACSTR,
781 12 : MAC2STR(bss->bssid));
782 2 : wpa_s->osu_prov_count++;
783 : }
784 :
785 :
786 1 : void hs20_osu_icon_fetch(struct wpa_supplicant *wpa_s)
787 : {
788 : struct wpa_bss *bss;
789 : struct wpabuf *prov_anqp;
790 : const u8 *pos, *end;
791 : u16 len;
792 : const u8 *osu_ssid;
793 : u8 osu_ssid_len;
794 : u8 num_providers;
795 :
796 1 : hs20_free_osu_prov(wpa_s);
797 :
798 3 : dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
799 2 : if (bss->anqp == NULL)
800 0 : continue;
801 2 : prov_anqp = bss->anqp->hs20_osu_providers_list;
802 2 : if (prov_anqp == NULL)
803 0 : continue;
804 12 : wpa_printf(MSG_DEBUG, "HS 2.0: Parsing OSU Providers list from "
805 12 : MACSTR, MAC2STR(bss->bssid));
806 2 : wpa_hexdump_buf(MSG_DEBUG, "HS 2.0: OSU Providers list",
807 : prov_anqp);
808 2 : pos = wpabuf_head(prov_anqp);
809 2 : end = pos + wpabuf_len(prov_anqp);
810 :
811 : /* OSU SSID */
812 2 : if (pos + 1 > end)
813 0 : continue;
814 2 : if (pos + 1 + pos[0] > end) {
815 0 : wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for "
816 : "OSU SSID");
817 0 : continue;
818 : }
819 2 : osu_ssid_len = *pos++;
820 2 : if (osu_ssid_len > 32) {
821 0 : wpa_printf(MSG_DEBUG, "HS 2.0: Invalid OSU SSID "
822 : "Length %u", osu_ssid_len);
823 0 : continue;
824 : }
825 2 : osu_ssid = pos;
826 2 : pos += osu_ssid_len;
827 :
828 2 : if (pos + 1 > end) {
829 0 : wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for "
830 : "Number of OSU Providers");
831 0 : continue;
832 : }
833 2 : num_providers = *pos++;
834 2 : wpa_printf(MSG_DEBUG, "HS 2.0: Number of OSU Providers: %u",
835 : num_providers);
836 :
837 : /* OSU Providers */
838 6 : while (pos + 2 < end && num_providers > 0) {
839 2 : num_providers--;
840 2 : len = WPA_GET_LE16(pos);
841 2 : pos += 2;
842 2 : if (len > (unsigned int) (end - pos))
843 0 : break;
844 2 : hs20_osu_add_prov(wpa_s, bss, osu_ssid,
845 : osu_ssid_len, pos, len);
846 2 : pos += len;
847 : }
848 :
849 2 : if (pos != end) {
850 0 : wpa_printf(MSG_DEBUG, "HS 2.0: Ignored %d bytes of "
851 : "extra data after OSU Providers",
852 0 : (int) (end - pos));
853 : }
854 : }
855 :
856 1 : wpa_s->fetch_osu_icon_in_progress = 1;
857 1 : hs20_next_osu_icon(wpa_s);
858 1 : }
859 :
860 :
861 3 : static void hs20_osu_scan_res_handler(struct wpa_supplicant *wpa_s,
862 : struct wpa_scan_results *scan_res)
863 : {
864 3 : wpa_printf(MSG_DEBUG, "OSU provisioning fetch scan completed");
865 3 : if (!wpa_s->fetch_osu_waiting_scan) {
866 1 : wpa_printf(MSG_DEBUG, "OSU fetch have been canceled");
867 4 : return;
868 : }
869 2 : wpa_s->network_select = 0;
870 2 : wpa_s->fetch_all_anqp = 1;
871 2 : wpa_s->fetch_osu_info = 1;
872 2 : wpa_s->fetch_osu_icon_in_progress = 0;
873 :
874 2 : interworking_start_fetch_anqp(wpa_s);
875 : }
876 :
877 :
878 9 : int hs20_fetch_osu(struct wpa_supplicant *wpa_s)
879 : {
880 9 : if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
881 1 : wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
882 : "interface disabled");
883 1 : return -1;
884 : }
885 :
886 8 : if (wpa_s->scanning) {
887 2 : wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
888 : "scanning");
889 2 : return -1;
890 : }
891 :
892 6 : if (wpa_s->conf->osu_dir == NULL) {
893 0 : wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
894 : "osu_dir not configured");
895 0 : return -1;
896 : }
897 :
898 6 : if (wpa_s->fetch_anqp_in_progress || wpa_s->network_select) {
899 6 : wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
900 : "fetch in progress (%d, %d)",
901 3 : wpa_s->fetch_anqp_in_progress,
902 3 : wpa_s->network_select);
903 3 : return -1;
904 : }
905 :
906 3 : wpa_msg(wpa_s, MSG_INFO, "Starting OSU provisioning information fetch");
907 3 : wpa_s->num_osu_scans = 0;
908 3 : wpa_s->num_prov_found = 0;
909 3 : hs20_start_osu_scan(wpa_s);
910 :
911 3 : return 0;
912 : }
913 :
914 :
915 3 : void hs20_start_osu_scan(struct wpa_supplicant *wpa_s)
916 : {
917 3 : wpa_s->fetch_osu_waiting_scan = 1;
918 3 : wpa_s->num_osu_scans++;
919 3 : wpa_s->scan_req = MANUAL_SCAN_REQ;
920 3 : wpa_s->scan_res_handler = hs20_osu_scan_res_handler;
921 3 : wpa_supplicant_req_scan(wpa_s, 0, 0);
922 3 : }
923 :
924 :
925 3173 : void hs20_cancel_fetch_osu(struct wpa_supplicant *wpa_s)
926 : {
927 3173 : wpa_printf(MSG_DEBUG, "Cancel OSU fetch");
928 3173 : interworking_stop_fetch_anqp(wpa_s);
929 3173 : wpa_s->fetch_osu_waiting_scan = 0;
930 3173 : wpa_s->network_select = 0;
931 3173 : wpa_s->fetch_osu_info = 0;
932 3173 : wpa_s->fetch_osu_icon_in_progress = 0;
933 3173 : }
934 :
935 :
936 0 : void hs20_icon_fetch_failed(struct wpa_supplicant *wpa_s)
937 : {
938 0 : hs20_osu_icon_fetch_result(wpa_s, -1);
939 0 : eloop_cancel_timeout(hs20_continue_icon_fetch, wpa_s, NULL);
940 0 : eloop_register_timeout(0, 0, hs20_continue_icon_fetch, wpa_s, NULL);
941 0 : }
942 :
943 :
944 4 : void hs20_rx_subscription_remediation(struct wpa_supplicant *wpa_s,
945 : const char *url, u8 osu_method)
946 : {
947 4 : if (url)
948 3 : wpa_msg(wpa_s, MSG_INFO, HS20_SUBSCRIPTION_REMEDIATION "%u %s",
949 : osu_method, url);
950 : else
951 1 : wpa_msg(wpa_s, MSG_INFO, HS20_SUBSCRIPTION_REMEDIATION);
952 4 : }
953 :
954 :
955 3 : void hs20_rx_deauth_imminent_notice(struct wpa_supplicant *wpa_s, u8 code,
956 : u16 reauth_delay, const char *url)
957 : {
958 3 : if (!wpa_sm_pmf_enabled(wpa_s->wpa)) {
959 0 : wpa_printf(MSG_DEBUG, "HS 2.0: Ignore deauthentication imminent notice since PMF was not enabled");
960 0 : return;
961 : }
962 :
963 3 : wpa_msg(wpa_s, MSG_INFO, HS20_DEAUTH_IMMINENT_NOTICE "%u %u %s",
964 : code, reauth_delay, url);
965 :
966 3 : if (code == HS20_DEAUTH_REASON_CODE_BSS) {
967 1 : wpa_printf(MSG_DEBUG, "HS 2.0: Add BSS to blacklist");
968 1 : wpa_blacklist_add(wpa_s, wpa_s->bssid);
969 : /* TODO: For now, disable full ESS since some drivers may not
970 : * support disabling per BSS. */
971 1 : if (wpa_s->current_ssid) {
972 : struct os_reltime now;
973 1 : os_get_reltime(&now);
974 2 : if (now.sec + reauth_delay <=
975 1 : wpa_s->current_ssid->disabled_until.sec)
976 0 : return;
977 1 : wpa_printf(MSG_DEBUG, "HS 2.0: Disable network for %u seconds (BSS)",
978 : reauth_delay);
979 2 : wpa_s->current_ssid->disabled_until.sec =
980 1 : now.sec + reauth_delay;
981 : }
982 : }
983 :
984 3 : if (code == HS20_DEAUTH_REASON_CODE_ESS && wpa_s->current_ssid) {
985 : struct os_reltime now;
986 2 : os_get_reltime(&now);
987 4 : if (now.sec + reauth_delay <=
988 2 : wpa_s->current_ssid->disabled_until.sec)
989 0 : return;
990 2 : wpa_printf(MSG_DEBUG, "HS 2.0: Disable network for %u seconds",
991 : reauth_delay);
992 4 : wpa_s->current_ssid->disabled_until.sec =
993 2 : now.sec + reauth_delay;
994 : }
995 : }
996 :
997 :
998 212 : void hs20_deinit(struct wpa_supplicant *wpa_s)
999 : {
1000 212 : eloop_cancel_timeout(hs20_continue_icon_fetch, wpa_s, NULL);
1001 212 : hs20_free_osu_prov(wpa_s);
1002 212 : }
|
