2 * Interworking (IEEE 802.11u)
3 * Copyright (c) 2011-2012, Qualcomm Atheros, Inc.
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "common/ieee802_11_defs.h"
13 #include "common/gas.h"
14 #include "common/wpa_ctrl.h"
15 #include "utils/pcsc_funcs.h"
16 #include "drivers/driver.h"
17 #include "eap_common/eap_defs.h"
18 #include "eap_peer/eap_methods.h"
19 #include "wpa_supplicant_i.h"
21 #include "config_ssid.h"
25 #include "gas_query.h"
26 #include "interworking.h"
29 #if defined(EAP_SIM) | defined(EAP_SIM_DYNAMIC)
30 #define INTERWORKING_3GPP
32 #if defined(EAP_AKA) | defined(EAP_AKA_DYNAMIC)
33 #define INTERWORKING_3GPP
35 #if defined(EAP_AKA_PRIME) | defined(EAP_AKA_PRIME_DYNAMIC)
36 #define INTERWORKING_3GPP
41 static void interworking_next_anqp_fetch(struct wpa_supplicant *wpa_s);
44 static void interworking_reconnect(struct wpa_supplicant *wpa_s)
46 if (wpa_s->wpa_state >= WPA_AUTHENTICATING) {
47 wpa_supplicant_cancel_sched_scan(wpa_s);
48 wpa_supplicant_deauthenticate(wpa_s,
49 WLAN_REASON_DEAUTH_LEAVING);
51 wpa_s->disconnected = 0;
52 wpa_s->reassociate = 1;
53 wpa_supplicant_req_scan(wpa_s, 0, 0);
57 static struct wpabuf * anqp_build_req(u16 info_ids[], size_t num_ids,
64 buf = gas_anqp_build_initial_req(0, 4 + num_ids * 2 +
65 (extra ? wpabuf_len(extra) : 0));
69 len_pos = gas_anqp_add_element(buf, ANQP_QUERY_LIST);
70 for (i = 0; i < num_ids; i++)
71 wpabuf_put_le16(buf, info_ids[i]);
72 gas_anqp_set_element_len(buf, len_pos);
74 wpabuf_put_buf(buf, extra);
76 gas_anqp_set_len(buf);
82 static void interworking_anqp_resp_cb(void *ctx, const u8 *dst,
84 enum gas_query_result result,
85 const struct wpabuf *adv_proto,
86 const struct wpabuf *resp,
89 struct wpa_supplicant *wpa_s = ctx;
91 anqp_resp_cb(wpa_s, dst, dialog_token, result, adv_proto, resp,
93 interworking_next_anqp_fetch(wpa_s);
97 static int interworking_anqp_send_req(struct wpa_supplicant *wpa_s,
104 ANQP_CAPABILITY_LIST,
106 ANQP_NETWORK_AUTH_TYPE,
107 ANQP_ROAMING_CONSORTIUM,
108 ANQP_IP_ADDR_TYPE_AVAILABILITY,
110 ANQP_3GPP_CELLULAR_NETWORK,
113 struct wpabuf *extra = NULL;
115 wpa_printf(MSG_DEBUG, "Interworking: ANQP Query Request to " MACSTR,
116 MAC2STR(bss->bssid));
118 buf = anqp_build_req(info_ids, sizeof(info_ids) / sizeof(info_ids[0]),
124 res = gas_query_req(wpa_s->gas, bss->bssid, bss->freq, buf,
125 interworking_anqp_resp_cb, wpa_s);
127 wpa_printf(MSG_DEBUG, "ANQP: Failed to send Query Request");
130 wpa_printf(MSG_DEBUG, "ANQP: Query started with dialog token "
138 struct nai_realm_eap {
141 enum nai_realm_eap_auth_inner_non_eap inner_non_eap;
143 u8 tunneled_cred_type;
150 struct nai_realm_eap *eap;
154 static void nai_realm_free(struct nai_realm *realms, u16 count)
160 for (i = 0; i < count; i++) {
161 os_free(realms[i].eap);
162 os_free(realms[i].realm);
168 static const u8 * nai_realm_parse_eap(struct nai_realm_eap *e, const u8 *pos,
171 u8 elen, auth_count, a;
175 wpa_printf(MSG_DEBUG, "No room for EAP Method fixed fields");
180 if (pos + elen > end || elen < 2) {
181 wpa_printf(MSG_DEBUG, "No room for EAP Method subfield");
187 wpa_printf(MSG_DEBUG, "EAP Method: len=%u method=%u auth_count=%u",
188 elen, e->method, auth_count);
190 for (a = 0; a < auth_count; a++) {
193 if (pos + 2 > end || pos + 2 + pos[1] > end) {
194 wpa_printf(MSG_DEBUG, "No room for Authentication "
195 "Parameter subfield");
203 case NAI_REALM_EAP_AUTH_NON_EAP_INNER_AUTH:
206 e->inner_non_eap = *pos;
207 if (e->method != EAP_TYPE_TTLS)
210 case NAI_REALM_INNER_NON_EAP_PAP:
211 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP");
213 case NAI_REALM_INNER_NON_EAP_CHAP:
214 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP");
216 case NAI_REALM_INNER_NON_EAP_MSCHAP:
217 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP");
219 case NAI_REALM_INNER_NON_EAP_MSCHAPV2:
220 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2");
224 case NAI_REALM_EAP_AUTH_INNER_AUTH_EAP_METHOD:
227 e->inner_method = *pos;
228 wpa_printf(MSG_DEBUG, "Inner EAP method: %u",
231 case NAI_REALM_EAP_AUTH_CRED_TYPE:
235 wpa_printf(MSG_DEBUG, "Credential Type: %u",
238 case NAI_REALM_EAP_AUTH_TUNNELED_CRED_TYPE:
241 e->tunneled_cred_type = *pos;
242 wpa_printf(MSG_DEBUG, "Tunneled EAP Method Credential "
243 "Type: %u", e->tunneled_cred_type);
246 wpa_printf(MSG_DEBUG, "Unsupported Authentication "
247 "Parameter: id=%u len=%u", id, len);
248 wpa_hexdump(MSG_DEBUG, "Authentication Parameter "
260 static const u8 * nai_realm_parse_realm(struct nai_realm *r, const u8 *pos,
268 wpa_printf(MSG_DEBUG, "No room for NAI Realm Data "
273 len = WPA_GET_LE16(pos); /* NAI Realm Data field Length */
275 if (pos + len > end || len < 3) {
276 wpa_printf(MSG_DEBUG, "No room for NAI Realm Data "
278 len, (unsigned int) (end - pos));
283 r->encoding = *pos++;
285 if (pos + realm_len > f_end) {
286 wpa_printf(MSG_DEBUG, "No room for NAI Realm "
288 realm_len, (unsigned int) (f_end - pos));
291 wpa_hexdump_ascii(MSG_DEBUG, "NAI Realm", pos, realm_len);
292 r->realm = os_malloc(realm_len + 1);
293 if (r->realm == NULL)
295 os_memcpy(r->realm, pos, realm_len);
296 r->realm[realm_len] = '\0';
299 if (pos + 1 > f_end) {
300 wpa_printf(MSG_DEBUG, "No room for EAP Method Count");
303 r->eap_count = *pos++;
304 wpa_printf(MSG_DEBUG, "EAP Count: %u", r->eap_count);
305 if (pos + r->eap_count * 3 > f_end) {
306 wpa_printf(MSG_DEBUG, "No room for EAP Methods");
309 r->eap = os_zalloc(r->eap_count * sizeof(struct nai_realm_eap));
313 for (e = 0; e < r->eap_count; e++) {
314 pos = nai_realm_parse_eap(&r->eap[e], pos, f_end);
323 static struct nai_realm * nai_realm_parse(struct wpabuf *anqp, u16 *count)
325 struct nai_realm *realm;
329 if (anqp == NULL || wpabuf_len(anqp) < 2)
332 pos = wpabuf_head_u8(anqp);
333 end = pos + wpabuf_len(anqp);
334 num = WPA_GET_LE16(pos);
335 wpa_printf(MSG_DEBUG, "NAI Realm Count: %u", num);
338 if (num * 5 > end - pos) {
339 wpa_printf(MSG_DEBUG, "Invalid NAI Realm Count %u - not "
340 "enough data (%u octets) for that many realms",
341 num, (unsigned int) (end - pos));
345 realm = os_zalloc(num * sizeof(struct nai_realm));
349 for (i = 0; i < num; i++) {
350 pos = nai_realm_parse_realm(&realm[i], pos, end);
352 nai_realm_free(realm, num);
362 static int nai_realm_match(struct nai_realm *realm, const char *home_realm)
364 char *tmp, *pos, *end;
367 if (realm->realm == NULL || home_realm == NULL)
370 if (os_strchr(realm->realm, ';') == NULL)
371 return os_strcasecmp(realm->realm, home_realm) == 0;
373 tmp = os_strdup(realm->realm);
379 end = os_strchr(pos, ';');
382 if (os_strcasecmp(pos, home_realm) == 0) {
397 static int nai_realm_cred_username(struct nai_realm_eap *eap)
399 if (eap_get_name(EAP_VENDOR_IETF, eap->method) == NULL)
400 return 0; /* method not supported */
402 if (eap->method != EAP_TYPE_TTLS && eap->method != EAP_TYPE_PEAP) {
403 /* Only tunneled methods with username/password supported */
407 if (eap->method == EAP_TYPE_PEAP &&
408 eap_get_name(EAP_VENDOR_IETF, eap->inner_method) == NULL)
411 if (eap->method == EAP_TYPE_TTLS) {
412 if (eap->inner_method == 0 && eap->inner_non_eap == 0)
414 if (eap->inner_method &&
415 eap_get_name(EAP_VENDOR_IETF, eap->inner_method) == NULL)
417 if (eap->inner_non_eap &&
418 eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_PAP &&
419 eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_CHAP &&
420 eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_MSCHAP &&
421 eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_MSCHAPV2)
425 if (eap->inner_method &&
426 eap->inner_method != EAP_TYPE_GTC &&
427 eap->inner_method != EAP_TYPE_MSCHAPV2)
434 static int nai_realm_cred_cert(struct nai_realm_eap *eap)
436 if (eap_get_name(EAP_VENDOR_IETF, eap->method) == NULL)
437 return 0; /* method not supported */
439 if (eap->method != EAP_TYPE_TLS) {
440 /* Only EAP-TLS supported for credential authentication */
448 static struct nai_realm_eap * nai_realm_find_eap(struct wpa_cred *cred,
449 struct nai_realm *realm)
454 cred->username == NULL ||
455 cred->username[0] == '\0' ||
456 ((cred->password == NULL ||
457 cred->password[0] == '\0') &&
458 (cred->private_key == NULL ||
459 cred->private_key[0] == '\0')))
462 for (e = 0; e < realm->eap_count; e++) {
463 struct nai_realm_eap *eap = &realm->eap[e];
464 if (cred->password && cred->password[0] &&
465 nai_realm_cred_username(eap))
467 if (cred->private_key && cred->private_key[0] &&
468 nai_realm_cred_cert(eap))
476 #ifdef INTERWORKING_3GPP
478 static int plmn_id_match(struct wpabuf *anqp, const char *imsi, int mnc_len)
484 /* See Annex A of 3GPP TS 24.234 v8.1.0 for description */
485 plmn[0] = (imsi[0] - '0') | ((imsi[1] - '0') << 4);
486 plmn[1] = imsi[2] - '0';
487 /* default to MNC length 3 if unknown */
489 plmn[1] |= (imsi[5] - '0') << 4;
492 plmn[2] = (imsi[3] - '0') | ((imsi[4] - '0') << 4);
496 pos = wpabuf_head_u8(anqp);
497 end = pos + wpabuf_len(anqp);
501 wpa_printf(MSG_DEBUG, "Unsupported GUD version 0x%x", *pos);
506 if (pos + udhl > end) {
507 wpa_printf(MSG_DEBUG, "Invalid UDHL");
512 while (pos + 2 <= end) {
521 if (iei == 0 && len > 0) {
525 for (i = 0; i < num; i++) {
528 if (os_memcmp(pos, plmn, 3) == 0)
529 return 1; /* Found matching PLMN */
540 static int build_root_nai(char *nai, size_t nai_len, const char *imsi,
543 const char *sep, *msin;
545 size_t msin_len, plmn_len;
548 * TS 23.003, Clause 14 (3GPP to WLAN Interworking)
550 * <aka:0|sim:1><IMSI>@wlan.mnc<MNC>.mcc<MCC>.3gppnetwork.org
551 * <MNC> is zero-padded to three digits in case two-digit MNC is used
554 if (imsi == NULL || os_strlen(imsi) > 16) {
555 wpa_printf(MSG_DEBUG, "No valid IMSI available");
558 sep = os_strchr(imsi, '-');
561 plmn_len = sep - imsi;
562 if (plmn_len != 5 && plmn_len != 6)
565 msin_len = os_strlen(msin);
571 os_memcpy(pos, imsi, plmn_len);
573 os_memcpy(pos, msin, msin_len);
575 pos += os_snprintf(pos, end - pos, "@wlan.mnc");
585 pos += os_snprintf(pos, end - pos, ".mcc%c%c%c.3gppnetwork.org",
586 imsi[0], imsi[1], imsi[2]);
592 static int set_root_nai(struct wpa_ssid *ssid, const char *imsi, char prefix)
595 if (build_root_nai(nai, sizeof(nai), imsi, prefix) < 0)
597 return wpa_config_set_quoted(ssid, "identity", nai);
600 #endif /* INTERWORKING_3GPP */
603 static int interworking_connect_3gpp(struct wpa_supplicant *wpa_s,
606 #ifdef INTERWORKING_3GPP
607 struct wpa_cred *cred;
608 struct wpa_ssid *ssid;
611 if (bss->anqp_3gpp == NULL)
614 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
620 if (cred->pcsc && wpa_s->conf->pcsc_reader && wpa_s->scard &&
623 mnc_len = wpa_s->mnc_len;
626 #endif /* PCSC_FUNCS */
628 if (cred->imsi == NULL || !cred->imsi[0] ||
629 cred->milenage == NULL || !cred->milenage[0])
632 sep = os_strchr(cred->imsi, '-');
634 (sep - cred->imsi != 5 && sep - cred->imsi != 6))
636 mnc_len = sep - cred->imsi - 3;
641 #endif /* PCSC_FUNCS */
642 if (plmn_id_match(bss->anqp_3gpp, imsi, mnc_len))
648 ie = wpa_bss_get_ie(bss, WLAN_EID_SSID);
651 wpa_printf(MSG_DEBUG, "Interworking: Connect with " MACSTR " (3GPP)",
652 MAC2STR(bss->bssid));
654 ssid = wpa_config_add_network(wpa_s->conf);
658 wpas_notify_network_added(wpa_s, ssid);
659 wpa_config_set_network_defaults(ssid);
660 ssid->priority = cred->priority;
662 ssid->ssid = os_zalloc(ie[1] + 1);
663 if (ssid->ssid == NULL)
665 os_memcpy(ssid->ssid, ie + 2, ie[1]);
666 ssid->ssid_len = ie[1];
668 /* TODO: figure out whether to use EAP-SIM, EAP-AKA, or EAP-AKA' */
669 if (wpa_config_set(ssid, "eap", "SIM", 0) < 0) {
670 wpa_printf(MSG_DEBUG, "EAP-SIM not supported");
673 if (cred->pcsc && wpa_s->scard && scard_supports_umts(wpa_s->scard))
674 wpa_config_set(ssid, "eap", "AKA", 0);
675 if (!cred->pcsc && set_root_nai(ssid, cred->imsi, '1') < 0) {
676 wpa_printf(MSG_DEBUG, "Failed to set Root NAI");
680 if (cred->milenage && cred->milenage[0]) {
681 if (wpa_config_set_quoted(ssid, "password",
684 } else if (cred->pcsc) {
685 if (wpa_config_set_quoted(ssid, "pcsc", "") < 0)
687 if (wpa_s->conf->pcsc_pin &&
688 wpa_config_set_quoted(ssid, "pin", wpa_s->conf->pcsc_pin)
693 if (cred->password && cred->password[0] &&
694 wpa_config_set_quoted(ssid, "password", cred->password) < 0)
697 wpa_config_update_prio_list(wpa_s->conf);
698 interworking_reconnect(wpa_s);
703 wpas_notify_network_removed(wpa_s, ssid);
704 wpa_config_remove_network(wpa_s->conf, ssid->id);
705 #endif /* INTERWORKING_3GPP */
710 int interworking_connect(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
712 struct wpa_cred *cred;
713 struct wpa_ssid *ssid;
714 struct nai_realm *realm;
715 struct nai_realm_eap *eap = NULL;
720 if (wpa_s->conf->cred == NULL || bss == NULL)
722 ie = wpa_bss_get_ie(bss, WLAN_EID_SSID);
723 if (ie == NULL || ie[1] == 0) {
724 wpa_printf(MSG_DEBUG, "Interworking: No SSID known for "
725 MACSTR, MAC2STR(bss->bssid));
729 realm = nai_realm_parse(bss->anqp_nai_realm, &count);
731 wpa_printf(MSG_DEBUG, "Interworking: Could not parse NAI "
732 "Realm list from " MACSTR, MAC2STR(bss->bssid));
736 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
737 for (i = 0; i < count; i++) {
738 if (!nai_realm_match(&realm[i], cred->realm))
740 eap = nai_realm_find_eap(cred, &realm[i]);
749 if (interworking_connect_3gpp(wpa_s, bss) == 0) {
751 nai_realm_free(realm, count);
755 wpa_printf(MSG_DEBUG, "Interworking: No matching credentials "
756 "and EAP method found for " MACSTR,
757 MAC2STR(bss->bssid));
758 nai_realm_free(realm, count);
762 wpa_printf(MSG_DEBUG, "Interworking: Connect with " MACSTR,
763 MAC2STR(bss->bssid));
765 ssid = wpa_config_add_network(wpa_s->conf);
767 nai_realm_free(realm, count);
770 wpas_notify_network_added(wpa_s, ssid);
771 wpa_config_set_network_defaults(ssid);
772 ssid->priority = cred->priority;
774 ssid->ssid = os_zalloc(ie[1] + 1);
775 if (ssid->ssid == NULL)
777 os_memcpy(ssid->ssid, ie + 2, ie[1]);
778 ssid->ssid_len = ie[1];
780 if (wpa_config_set(ssid, "eap", eap_get_name(EAP_VENDOR_IETF,
781 eap->method), 0) < 0)
784 if (eap->method == EAP_TYPE_TTLS &&
785 cred->username && cred->username[0]) {
788 /* Use anonymous NAI in Phase 1 */
789 pos = os_strchr(cred->username, '@');
791 size_t buflen = 9 + os_strlen(pos) + 1;
792 anon = os_malloc(buflen);
795 os_snprintf(anon, buflen, "anonymous%s", pos);
796 } else if (cred->realm) {
797 size_t buflen = 10 + os_strlen(cred->realm) + 1;
798 anon = os_malloc(buflen);
801 os_snprintf(anon, buflen, "anonymous@%s", cred->realm);
803 anon = os_strdup("anonymous");
807 if (wpa_config_set_quoted(ssid, "anonymous_identity", anon) <
815 if (cred->username && cred->username[0] &&
816 wpa_config_set_quoted(ssid, "identity", cred->username) < 0)
819 if (cred->password && cred->password[0] &&
820 wpa_config_set_quoted(ssid, "password", cred->password) < 0)
823 if (cred->client_cert && cred->client_cert[0] &&
824 wpa_config_set_quoted(ssid, "client_cert", cred->client_cert) < 0)
827 if (cred->private_key && cred->private_key[0] &&
828 wpa_config_set_quoted(ssid, "private_key", cred->private_key) < 0)
831 if (cred->private_key_passwd && cred->private_key_passwd[0] &&
832 wpa_config_set_quoted(ssid, "private_key_passwd",
833 cred->private_key_passwd) < 0)
836 switch (eap->method) {
838 if (eap->inner_method) {
839 os_snprintf(buf, sizeof(buf), "\"autheap=%s\"",
840 eap_get_name(EAP_VENDOR_IETF,
842 if (wpa_config_set(ssid, "phase2", buf, 0) < 0)
846 switch (eap->inner_non_eap) {
847 case NAI_REALM_INNER_NON_EAP_PAP:
848 if (wpa_config_set(ssid, "phase2", "\"auth=PAP\"", 0) <
852 case NAI_REALM_INNER_NON_EAP_CHAP:
853 if (wpa_config_set(ssid, "phase2", "\"auth=CHAP\"", 0)
857 case NAI_REALM_INNER_NON_EAP_MSCHAP:
858 if (wpa_config_set(ssid, "phase2", "\"auth=MSCHAP\"",
862 case NAI_REALM_INNER_NON_EAP_MSCHAPV2:
863 if (wpa_config_set(ssid, "phase2", "\"auth=MSCHAPV2\"",
870 os_snprintf(buf, sizeof(buf), "\"auth=%s\"",
871 eap_get_name(EAP_VENDOR_IETF, eap->inner_method));
872 if (wpa_config_set(ssid, "phase2", buf, 0) < 0)
879 if (cred->ca_cert && cred->ca_cert[0] &&
880 wpa_config_set_quoted(ssid, "ca_cert", cred->ca_cert) < 0)
883 nai_realm_free(realm, count);
885 wpa_config_update_prio_list(wpa_s->conf);
886 interworking_reconnect(wpa_s);
891 wpas_notify_network_removed(wpa_s, ssid);
892 wpa_config_remove_network(wpa_s->conf, ssid->id);
893 nai_realm_free(realm, count);
898 static struct wpa_cred * interworking_credentials_available_3gpp(
899 struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
901 struct wpa_cred *cred, *selected = NULL;
904 #ifdef INTERWORKING_3GPP
905 if (bss->anqp_3gpp == NULL)
908 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
914 if (cred->pcsc && wpa_s->conf->pcsc_reader && wpa_s->scard &&
917 mnc_len = wpa_s->mnc_len;
920 #endif /* PCSC_FUNCS */
922 if (cred->imsi == NULL || !cred->imsi[0] ||
923 cred->milenage == NULL || !cred->milenage[0])
926 sep = os_strchr(cred->imsi, '-');
928 (sep - cred->imsi != 5 && sep - cred->imsi != 6))
930 mnc_len = sep - cred->imsi - 3;
935 #endif /* PCSC_FUNCS */
936 wpa_printf(MSG_DEBUG, "Interworking: Parsing 3GPP info from "
937 MACSTR, MAC2STR(bss->bssid));
938 ret = plmn_id_match(bss->anqp_3gpp, imsi, mnc_len);
939 wpa_printf(MSG_DEBUG, "PLMN match %sfound", ret ? "" : "not ");
941 if (selected == NULL ||
942 selected->priority < cred->priority)
946 #endif /* INTERWORKING_3GPP */
951 static struct wpa_cred * interworking_credentials_available_realm(
952 struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
954 struct wpa_cred *cred, *selected = NULL;
955 struct nai_realm *realm;
958 if (bss->anqp_nai_realm == NULL)
961 if (wpa_s->conf->cred == NULL)
964 wpa_printf(MSG_DEBUG, "Interworking: Parsing NAI Realm list from "
965 MACSTR, MAC2STR(bss->bssid));
966 realm = nai_realm_parse(bss->anqp_nai_realm, &count);
968 wpa_printf(MSG_DEBUG, "Interworking: Could not parse NAI "
969 "Realm list from " MACSTR, MAC2STR(bss->bssid));
973 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
974 if (cred->realm == NULL)
977 for (i = 0; i < count; i++) {
978 if (!nai_realm_match(&realm[i], cred->realm))
980 if (nai_realm_find_eap(cred, &realm[i])) {
981 if (selected == NULL ||
982 selected->priority < cred->priority)
989 nai_realm_free(realm, count);
995 static struct wpa_cred * interworking_credentials_available(
996 struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
998 struct wpa_cred *cred, *cred2;
1000 cred = interworking_credentials_available_realm(wpa_s, bss);
1001 cred2 = interworking_credentials_available_3gpp(wpa_s, bss);
1002 if (cred && cred2 && cred2->priority >= cred->priority)
1011 static int domain_name_list_contains(struct wpabuf *domain_names,
1014 const u8 *pos, *end;
1017 len = os_strlen(domain);
1018 pos = wpabuf_head(domain_names);
1019 end = pos + wpabuf_len(domain_names);
1021 while (pos + 1 < end) {
1022 if (pos + 1 + pos[0] > end)
1025 wpa_hexdump_ascii(MSG_DEBUG, "Interworking: AP domain name",
1027 if (pos[0] == len &&
1028 os_strncasecmp(domain, (const char *) (pos + 1), len) == 0)
1038 static int interworking_home_sp(struct wpa_supplicant *wpa_s,
1039 struct wpabuf *domain_names)
1041 struct wpa_cred *cred;
1042 #ifdef INTERWORKING_3GPP
1043 char nai[100], *realm;
1044 #endif /* INTERWORKING_3GPP */
1046 if (domain_names == NULL || wpa_s->conf->cred == NULL)
1049 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
1050 #ifdef INTERWORKING_3GPP
1052 build_root_nai(nai, sizeof(nai), cred->imsi, 0) == 0) {
1053 realm = os_strchr(nai, '@');
1056 wpa_printf(MSG_DEBUG, "Interworking: Search for match "
1057 "with SIM/USIM domain %s", realm);
1059 domain_name_list_contains(domain_names, realm))
1062 #endif /* INTERWORKING_3GPP */
1064 if (cred->domain == NULL)
1067 wpa_printf(MSG_DEBUG, "Interworking: Search for match with "
1068 "home SP FQDN %s", cred->domain);
1069 if (domain_name_list_contains(domain_names, cred->domain))
1077 static int interworking_find_network_match(struct wpa_supplicant *wpa_s)
1079 struct wpa_bss *bss;
1080 struct wpa_ssid *ssid;
1082 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1083 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1084 if (wpas_network_disabled(ssid) ||
1085 ssid->mode != WPAS_MODE_INFRA)
1087 if (ssid->ssid_len != bss->ssid_len ||
1088 os_memcmp(ssid->ssid, bss->ssid, ssid->ssid_len) !=
1092 * TODO: Consider more accurate matching of security
1093 * configuration similarly to what is done in events.c
1103 static void interworking_select_network(struct wpa_supplicant *wpa_s)
1105 struct wpa_bss *bss, *selected = NULL, *selected_home = NULL;
1106 int selected_prio = -999999, selected_home_prio = -999999;
1107 unsigned int count = 0;
1110 struct wpa_cred *cred;
1112 wpa_s->network_select = 0;
1114 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1115 cred = interworking_credentials_available(wpa_s, bss);
1119 res = interworking_home_sp(wpa_s, bss->anqp_domain_name);
1126 wpa_msg(wpa_s, MSG_INFO, INTERWORKING_AP MACSTR " type=%s",
1127 MAC2STR(bss->bssid), type);
1128 if (wpa_s->auto_select) {
1129 if (selected == NULL ||
1130 cred->priority > selected_prio) {
1132 selected_prio = cred->priority;
1135 (selected_home == NULL ||
1136 cred->priority > selected_home_prio)) {
1137 selected_home = bss;
1138 selected_home_prio = cred->priority;
1143 if (selected_home && selected_home != selected &&
1144 selected_home_prio >= selected_prio) {
1145 /* Prefer network operated by the Home SP */
1146 selected = selected_home;
1151 * No matching network was found based on configured
1152 * credentials. Check whether any of the enabled network blocks
1153 * have matching APs.
1155 if (interworking_find_network_match(wpa_s)) {
1156 wpa_printf(MSG_DEBUG, "Interworking: Possible BSS "
1157 "match for enabled network configurations");
1158 interworking_reconnect(wpa_s);
1162 wpa_msg(wpa_s, MSG_INFO, INTERWORKING_NO_MATCH "No network "
1163 "with matching credentials found");
1167 interworking_connect(wpa_s, selected);
1171 static void interworking_next_anqp_fetch(struct wpa_supplicant *wpa_s)
1173 struct wpa_bss *bss;
1177 if (!wpa_s->fetch_anqp_in_progress)
1180 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1181 if (!(bss->caps & IEEE80211_CAP_ESS))
1183 ie = wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB);
1184 if (ie == NULL || ie[1] < 4 || !(ie[5] & 0x80))
1185 continue; /* AP does not support Interworking */
1187 if (!(bss->flags & WPA_BSS_ANQP_FETCH_TRIED)) {
1189 bss->flags |= WPA_BSS_ANQP_FETCH_TRIED;
1190 wpa_msg(wpa_s, MSG_INFO, "Starting ANQP fetch for "
1191 MACSTR, MAC2STR(bss->bssid));
1192 interworking_anqp_send_req(wpa_s, bss);
1198 wpa_msg(wpa_s, MSG_INFO, "ANQP fetch completed");
1199 wpa_s->fetch_anqp_in_progress = 0;
1200 if (wpa_s->network_select)
1201 interworking_select_network(wpa_s);
1206 static void interworking_start_fetch_anqp(struct wpa_supplicant *wpa_s)
1208 struct wpa_bss *bss;
1210 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list)
1211 bss->flags &= ~WPA_BSS_ANQP_FETCH_TRIED;
1213 wpa_s->fetch_anqp_in_progress = 1;
1214 interworking_next_anqp_fetch(wpa_s);
1218 int interworking_fetch_anqp(struct wpa_supplicant *wpa_s)
1220 if (wpa_s->fetch_anqp_in_progress || wpa_s->network_select)
1223 wpa_s->network_select = 0;
1225 interworking_start_fetch_anqp(wpa_s);
1231 void interworking_stop_fetch_anqp(struct wpa_supplicant *wpa_s)
1233 if (!wpa_s->fetch_anqp_in_progress)
1236 wpa_s->fetch_anqp_in_progress = 0;
1240 int anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst,
1241 u16 info_ids[], size_t num_ids)
1246 struct wpa_bss *bss;
1249 freq = wpa_s->assoc_freq;
1250 bss = wpa_bss_get_bssid(wpa_s, dst);
1256 wpa_printf(MSG_DEBUG, "ANQP: Query Request to " MACSTR " for %u id(s)",
1257 MAC2STR(dst), (unsigned int) num_ids);
1259 buf = anqp_build_req(info_ids, num_ids, NULL);
1263 res = gas_query_req(wpa_s->gas, dst, freq, buf, anqp_resp_cb, wpa_s);
1265 wpa_printf(MSG_DEBUG, "ANQP: Failed to send Query Request");
1268 wpa_printf(MSG_DEBUG, "ANQP: Query started with dialog token "
1276 static void interworking_parse_rx_anqp_resp(struct wpa_supplicant *wpa_s,
1277 const u8 *sa, u16 info_id,
1278 const u8 *data, size_t slen)
1280 const u8 *pos = data;
1281 struct wpa_bss *bss = wpa_bss_get_bssid(wpa_s, sa);
1284 case ANQP_CAPABILITY_LIST:
1285 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
1286 " ANQP Capability list", MAC2STR(sa));
1288 case ANQP_VENUE_NAME:
1289 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
1290 " Venue Name", MAC2STR(sa));
1291 wpa_hexdump_ascii(MSG_DEBUG, "ANQP: Venue Name", pos, slen);
1293 wpabuf_free(bss->anqp_venue_name);
1294 bss->anqp_venue_name = wpabuf_alloc_copy(pos, slen);
1297 case ANQP_NETWORK_AUTH_TYPE:
1298 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
1299 " Network Authentication Type information",
1301 wpa_hexdump_ascii(MSG_DEBUG, "ANQP: Network Authentication "
1304 wpabuf_free(bss->anqp_network_auth_type);
1305 bss->anqp_network_auth_type =
1306 wpabuf_alloc_copy(pos, slen);
1309 case ANQP_ROAMING_CONSORTIUM:
1310 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
1311 " Roaming Consortium list", MAC2STR(sa));
1312 wpa_hexdump_ascii(MSG_DEBUG, "ANQP: Roaming Consortium",
1315 wpabuf_free(bss->anqp_roaming_consortium);
1316 bss->anqp_roaming_consortium =
1317 wpabuf_alloc_copy(pos, slen);
1320 case ANQP_IP_ADDR_TYPE_AVAILABILITY:
1321 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
1322 " IP Address Type Availability information",
1324 wpa_hexdump(MSG_MSGDUMP, "ANQP: IP Address Availability",
1327 wpabuf_free(bss->anqp_ip_addr_type_availability);
1328 bss->anqp_ip_addr_type_availability =
1329 wpabuf_alloc_copy(pos, slen);
1332 case ANQP_NAI_REALM:
1333 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
1334 " NAI Realm list", MAC2STR(sa));
1335 wpa_hexdump_ascii(MSG_DEBUG, "ANQP: NAI Realm", pos, slen);
1337 wpabuf_free(bss->anqp_nai_realm);
1338 bss->anqp_nai_realm = wpabuf_alloc_copy(pos, slen);
1341 case ANQP_3GPP_CELLULAR_NETWORK:
1342 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
1343 " 3GPP Cellular Network information", MAC2STR(sa));
1344 wpa_hexdump_ascii(MSG_DEBUG, "ANQP: 3GPP Cellular Network",
1347 wpabuf_free(bss->anqp_3gpp);
1348 bss->anqp_3gpp = wpabuf_alloc_copy(pos, slen);
1351 case ANQP_DOMAIN_NAME:
1352 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
1353 " Domain Name list", MAC2STR(sa));
1354 wpa_hexdump_ascii(MSG_MSGDUMP, "ANQP: Domain Name", pos, slen);
1356 wpabuf_free(bss->anqp_domain_name);
1357 bss->anqp_domain_name = wpabuf_alloc_copy(pos, slen);
1360 case ANQP_VENDOR_SPECIFIC:
1364 switch (WPA_GET_BE24(pos)) {
1366 wpa_printf(MSG_DEBUG, "Interworking: Unsupported "
1367 "vendor-specific ANQP OUI %06x",
1373 wpa_printf(MSG_DEBUG, "Interworking: Unsupported ANQP Info ID "
1380 void anqp_resp_cb(void *ctx, const u8 *dst, u8 dialog_token,
1381 enum gas_query_result result,
1382 const struct wpabuf *adv_proto,
1383 const struct wpabuf *resp, u16 status_code)
1385 struct wpa_supplicant *wpa_s = ctx;
1391 if (result != GAS_QUERY_SUCCESS)
1394 pos = wpabuf_head(adv_proto);
1395 if (wpabuf_len(adv_proto) < 4 || pos[0] != WLAN_EID_ADV_PROTO ||
1396 pos[1] < 2 || pos[3] != ACCESS_NETWORK_QUERY_PROTOCOL) {
1397 wpa_printf(MSG_DEBUG, "ANQP: Unexpected Advertisement "
1398 "Protocol in response");
1402 pos = wpabuf_head(resp);
1403 end = pos + wpabuf_len(resp);
1406 if (pos + 4 > end) {
1407 wpa_printf(MSG_DEBUG, "ANQP: Invalid element");
1410 info_id = WPA_GET_LE16(pos);
1412 slen = WPA_GET_LE16(pos);
1414 if (pos + slen > end) {
1415 wpa_printf(MSG_DEBUG, "ANQP: Invalid element length "
1416 "for Info ID %u", info_id);
1419 interworking_parse_rx_anqp_resp(wpa_s, dst, info_id, pos,
1426 static void interworking_scan_res_handler(struct wpa_supplicant *wpa_s,
1427 struct wpa_scan_results *scan_res)
1429 wpa_printf(MSG_DEBUG, "Interworking: Scan results available - start "
1431 interworking_start_fetch_anqp(wpa_s);
1435 int interworking_select(struct wpa_supplicant *wpa_s, int auto_select)
1437 interworking_stop_fetch_anqp(wpa_s);
1438 wpa_s->network_select = 1;
1439 wpa_s->auto_select = !!auto_select;
1440 wpa_printf(MSG_DEBUG, "Interworking: Start scan for network "
1442 wpa_s->scan_res_handler = interworking_scan_res_handler;
1443 wpa_s->scan_req = 2;
1444 wpa_supplicant_req_scan(wpa_s, 0, 0);
projects / mech_eap.git / blob