+
+
+void hs20_notify_parse_done(struct wpa_supplicant *wpa_s)
+{
+ if (!wpa_s->fetch_osu_icon_in_progress)
+ return;
+ if (eloop_is_timeout_registered(hs20_continue_icon_fetch, wpa_s, NULL))
+ return;
+ /*
+ * We are going through icon fetch, but no icon response was received.
+ * Assume this means the current AP could not provide an answer to avoid
+ * getting stuck in fetch iteration.
+ */
+ hs20_icon_fetch_failed(wpa_s);
+}
+
+
+static void hs20_free_osu_prov_entry(struct osu_provider *prov)
+{
+}
+
+
+void hs20_free_osu_prov(struct wpa_supplicant *wpa_s)
+{
+ size_t i;
+ for (i = 0; i < wpa_s->osu_prov_count; i++)
+ hs20_free_osu_prov_entry(&wpa_s->osu_prov[i]);
+ os_free(wpa_s->osu_prov);
+ wpa_s->osu_prov = NULL;
+ wpa_s->osu_prov_count = 0;
+}
+
+
+static void hs20_osu_fetch_done(struct wpa_supplicant *wpa_s)
+{
+ char fname[256];
+ FILE *f;
+ size_t i, j;
+
+ wpa_s->fetch_osu_info = 0;
+ wpa_s->fetch_osu_icon_in_progress = 0;
+
+ if (wpa_s->conf->osu_dir == NULL) {
+ hs20_free_osu_prov(wpa_s);
+ wpa_s->fetch_anqp_in_progress = 0;
+ return;
+ }
+
+ snprintf(fname, sizeof(fname), "%s/osu-providers.txt",
+ wpa_s->conf->osu_dir);
+ f = fopen(fname, "w");
+ if (f == NULL) {
+ wpa_msg(wpa_s, MSG_INFO,
+ "Could not write OSU provider information");
+ hs20_free_osu_prov(wpa_s);
+ wpa_s->fetch_anqp_in_progress = 0;
+ return;
+ }
+
+ hs20_set_osu_access_permission(wpa_s->conf->osu_dir, fname);
+
+ for (i = 0; i < wpa_s->osu_prov_count; i++) {
+ struct osu_provider *osu = &wpa_s->osu_prov[i];
+ if (i > 0)
+ fprintf(f, "\n");
+ fprintf(f, "OSU-PROVIDER " MACSTR "\n"
+ "uri=%s\n"
+ "methods=%08x\n",
+ MAC2STR(osu->bssid), osu->server_uri, osu->osu_methods);
+ if (osu->osu_ssid_len) {
+ fprintf(f, "osu_ssid=%s\n",
+ wpa_ssid_txt(osu->osu_ssid,
+ osu->osu_ssid_len));
+ }
+ if (osu->osu_nai[0])
+ fprintf(f, "osu_nai=%s\n", osu->osu_nai);
+ for (j = 0; j < osu->friendly_name_count; j++) {
+ fprintf(f, "friendly_name=%s:%s\n",
+ osu->friendly_name[j].lang,
+ osu->friendly_name[j].text);
+ }
+ for (j = 0; j < osu->serv_desc_count; j++) {
+ fprintf(f, "desc=%s:%s\n",
+ osu->serv_desc[j].lang,
+ osu->serv_desc[j].text);
+ }
+ for (j = 0; j < osu->icon_count; j++) {
+ struct osu_icon *icon = &osu->icon[j];
+ if (icon->failed)
+ continue; /* could not fetch icon */
+ fprintf(f, "icon=%u:%u:%u:%s:%s:%s\n",
+ icon->id, icon->width, icon->height, icon->lang,
+ icon->icon_type, icon->filename);
+ }
+ }
+ fclose(f);
+ hs20_free_osu_prov(wpa_s);
+
+ wpa_msg(wpa_s, MSG_INFO, "OSU provider fetch completed");
+ wpa_s->fetch_anqp_in_progress = 0;
+}
+
+
+void hs20_next_osu_icon(struct wpa_supplicant *wpa_s)
+{
+ size_t i, j;
+
+ wpa_printf(MSG_DEBUG, "HS 2.0: Ready to fetch next icon");
+
+ for (i = 0; i < wpa_s->osu_prov_count; i++) {
+ struct osu_provider *osu = &wpa_s->osu_prov[i];
+ for (j = 0; j < osu->icon_count; j++) {
+ struct osu_icon *icon = &osu->icon[j];
+ if (icon->id || icon->failed)
+ continue;
+
+ wpa_printf(MSG_DEBUG, "HS 2.0: Try to fetch icon '%s' "
+ "from " MACSTR, icon->filename,
+ MAC2STR(osu->bssid));
+ os_get_reltime(&wpa_s->osu_icon_fetch_start);
+ if (hs20_anqp_send_req(wpa_s, osu->bssid,
+ BIT(HS20_STYPE_ICON_REQUEST),
+ (u8 *) icon->filename,
+ os_strlen(icon->filename),
+ 0) < 0) {
+ icon->failed = 1;
+ continue;
+ }
+ return;
+ }
+ }
+
+ wpa_printf(MSG_DEBUG, "HS 2.0: No more icons to fetch");
+ hs20_osu_fetch_done(wpa_s);
+}
+
+
+static void hs20_osu_add_prov(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
+ const u8 *osu_ssid, u8 osu_ssid_len,
+ const u8 *pos, size_t len)
+{
+ struct osu_provider *prov;
+ const u8 *end = pos + len;
+ u16 len2;
+ const u8 *pos2;
+ u8 uri_len, osu_method_len, osu_nai_len;
+
+ wpa_hexdump(MSG_DEBUG, "HS 2.0: Parsing OSU Provider", pos, len);
+ prov = os_realloc_array(wpa_s->osu_prov,
+ wpa_s->osu_prov_count + 1,
+ sizeof(*prov));
+ if (prov == NULL)
+ return;
+ wpa_s->osu_prov = prov;
+ prov = &prov[wpa_s->osu_prov_count];
+ os_memset(prov, 0, sizeof(*prov));
+
+ os_memcpy(prov->bssid, bss->bssid, ETH_ALEN);
+ os_memcpy(prov->osu_ssid, osu_ssid, osu_ssid_len);
+ prov->osu_ssid_len = osu_ssid_len;
+
+ /* OSU Friendly Name Length */
+ if (end - pos < 2) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
+ "Friendly Name Length");
+ return;
+ }
+ len2 = WPA_GET_LE16(pos);
+ pos += 2;
+ if (len2 > end - pos) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
+ "Friendly Name Duples");
+ return;
+ }
+ pos2 = pos;
+ pos += len2;
+
+ /* OSU Friendly Name Duples */
+ while (pos - pos2 >= 4 && prov->friendly_name_count < OSU_MAX_ITEMS) {
+ struct osu_lang_string *f;
+ if (1 + pos2[0] > pos - pos2 || pos2[0] < 3) {
+ wpa_printf(MSG_DEBUG, "Invalid OSU Friendly Name");
+ break;
+ }
+ f = &prov->friendly_name[prov->friendly_name_count++];
+ os_memcpy(f->lang, pos2 + 1, 3);
+ os_memcpy(f->text, pos2 + 1 + 3, pos2[0] - 3);
+ pos2 += 1 + pos2[0];
+ }
+
+ /* OSU Server URI */
+ if (end - pos < 1) {
+ wpa_printf(MSG_DEBUG,
+ "HS 2.0: Not enough room for OSU Server URI length");
+ return;
+ }
+ uri_len = *pos++;
+ if (uri_len > end - pos) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Server "
+ "URI");
+ return;
+ }
+ os_memcpy(prov->server_uri, pos, uri_len);
+ pos += uri_len;
+
+ /* OSU Method list */
+ if (end - pos < 1) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Method "
+ "list length");
+ return;
+ }
+ osu_method_len = pos[0];
+ if (osu_method_len > end - pos - 1) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Method "
+ "list");
+ return;
+ }
+ pos2 = pos + 1;
+ pos += 1 + osu_method_len;
+ while (pos2 < pos) {
+ if (*pos2 < 32)
+ prov->osu_methods |= BIT(*pos2);
+ pos2++;
+ }
+
+ /* Icons Available Length */
+ if (end - pos < 2) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for Icons "
+ "Available Length");
+ return;
+ }
+ len2 = WPA_GET_LE16(pos);
+ pos += 2;
+ if (len2 > end - pos) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for Icons "
+ "Available");
+ return;
+ }
+ pos2 = pos;
+ pos += len2;
+
+ /* Icons Available */
+ while (pos2 < pos) {
+ struct osu_icon *icon = &prov->icon[prov->icon_count];
+ u8 flen;
+
+ if (2 + 2 + 3 + 1 + 1 > pos - pos2) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Invalid Icon Metadata");
+ break;
+ }
+
+ icon->width = WPA_GET_LE16(pos2);
+ pos2 += 2;
+ icon->height = WPA_GET_LE16(pos2);
+ pos2 += 2;
+ os_memcpy(icon->lang, pos2, 3);
+ pos2 += 3;
+
+ flen = *pos2++;
+ if (flen > pos - pos2) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon Type");
+ break;
+ }
+ os_memcpy(icon->icon_type, pos2, flen);
+ pos2 += flen;
+
+ if (pos - pos2 < 1) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon "
+ "Filename length");
+ break;
+ }
+ flen = *pos2++;
+ if (flen > pos - pos2) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Not room for Icon "
+ "Filename");
+ break;
+ }
+ os_memcpy(icon->filename, pos2, flen);
+ pos2 += flen;
+
+ prov->icon_count++;
+ }
+
+ /* OSU_NAI */
+ if (end - pos < 1) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU_NAI");
+ return;
+ }
+ osu_nai_len = *pos++;
+ if (osu_nai_len > end - pos) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU_NAI");
+ return;
+ }
+ os_memcpy(prov->osu_nai, pos, osu_nai_len);
+ pos += osu_nai_len;
+
+ /* OSU Service Description Length */
+ if (end - pos < 2) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
+ "Service Description Length");
+ return;
+ }
+ len2 = WPA_GET_LE16(pos);
+ pos += 2;
+ if (len2 > end - pos) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU "
+ "Service Description Duples");
+ return;
+ }
+ pos2 = pos;
+ pos += len2;
+
+ /* OSU Service Description Duples */
+ while (pos - pos2 >= 4 && prov->serv_desc_count < OSU_MAX_ITEMS) {
+ struct osu_lang_string *f;
+ u8 descr_len;
+
+ descr_len = *pos2++;
+ if (descr_len > pos - pos2 || descr_len < 3) {
+ wpa_printf(MSG_DEBUG, "Invalid OSU Service "
+ "Description");
+ break;
+ }
+ f = &prov->serv_desc[prov->serv_desc_count++];
+ os_memcpy(f->lang, pos2, 3);
+ os_memcpy(f->text, pos2 + 3, descr_len - 3);
+ pos2 += descr_len;
+ }
+
+ wpa_printf(MSG_DEBUG, "HS 2.0: Added OSU Provider through " MACSTR,
+ MAC2STR(bss->bssid));
+ wpa_s->osu_prov_count++;
+}
+
+
+void hs20_osu_icon_fetch(struct wpa_supplicant *wpa_s)
+{
+ struct wpa_bss *bss;
+ struct wpabuf *prov_anqp;
+ const u8 *pos, *end;
+ u16 len;
+ const u8 *osu_ssid;
+ u8 osu_ssid_len;
+ u8 num_providers;
+
+ hs20_free_osu_prov(wpa_s);
+
+ dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
+ if (bss->anqp == NULL)
+ continue;
+ prov_anqp = bss->anqp->hs20_osu_providers_list;
+ if (prov_anqp == NULL)
+ continue;
+ wpa_printf(MSG_DEBUG, "HS 2.0: Parsing OSU Providers list from "
+ MACSTR, MAC2STR(bss->bssid));
+ wpa_hexdump_buf(MSG_DEBUG, "HS 2.0: OSU Providers list",
+ prov_anqp);
+ pos = wpabuf_head(prov_anqp);
+ end = pos + wpabuf_len(prov_anqp);
+
+ /* OSU SSID */
+ if (end - pos < 1)
+ continue;
+ if (1 + pos[0] > end - pos) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for "
+ "OSU SSID");
+ continue;
+ }
+ osu_ssid_len = *pos++;
+ if (osu_ssid_len > SSID_MAX_LEN) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Invalid OSU SSID "
+ "Length %u", osu_ssid_len);
+ continue;
+ }
+ osu_ssid = pos;
+ pos += osu_ssid_len;
+
+ if (end - pos < 1) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for "
+ "Number of OSU Providers");
+ continue;
+ }
+ num_providers = *pos++;
+ wpa_printf(MSG_DEBUG, "HS 2.0: Number of OSU Providers: %u",
+ num_providers);
+
+ /* OSU Providers */
+ while (end - pos > 2 && num_providers > 0) {
+ num_providers--;
+ len = WPA_GET_LE16(pos);
+ pos += 2;
+ if (len > (unsigned int) (end - pos))
+ break;
+ hs20_osu_add_prov(wpa_s, bss, osu_ssid,
+ osu_ssid_len, pos, len);
+ pos += len;
+ }
+
+ if (pos != end) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Ignored %d bytes of "
+ "extra data after OSU Providers",
+ (int) (end - pos));
+ }
+ }
+
+ wpa_s->fetch_osu_icon_in_progress = 1;
+ hs20_next_osu_icon(wpa_s);
+}
+
+
+static void hs20_osu_scan_res_handler(struct wpa_supplicant *wpa_s,
+ struct wpa_scan_results *scan_res)
+{
+ wpa_printf(MSG_DEBUG, "OSU provisioning fetch scan completed");
+ if (!wpa_s->fetch_osu_waiting_scan) {
+ wpa_printf(MSG_DEBUG, "OSU fetch have been canceled");
+ return;
+ }
+ wpa_s->network_select = 0;
+ wpa_s->fetch_all_anqp = 1;
+ wpa_s->fetch_osu_info = 1;
+ wpa_s->fetch_osu_icon_in_progress = 0;
+
+ interworking_start_fetch_anqp(wpa_s);
+}
+
+
+int hs20_fetch_osu(struct wpa_supplicant *wpa_s, int skip_scan)
+{
+ if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
+ "interface disabled");
+ return -1;
+ }
+
+ if (wpa_s->scanning) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
+ "scanning");
+ return -1;
+ }
+
+ if (wpa_s->conf->osu_dir == NULL) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
+ "osu_dir not configured");
+ return -1;
+ }
+
+ if (wpa_s->fetch_anqp_in_progress || wpa_s->network_select) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Cannot start fetch_osu - "
+ "fetch in progress (%d, %d)",
+ wpa_s->fetch_anqp_in_progress,
+ wpa_s->network_select);
+ return -1;
+ }
+
+ wpa_msg(wpa_s, MSG_INFO, "Starting OSU provisioning information fetch");
+ wpa_s->num_osu_scans = 0;
+ wpa_s->num_prov_found = 0;
+ if (skip_scan) {
+ wpa_s->network_select = 0;
+ wpa_s->fetch_all_anqp = 1;
+ wpa_s->fetch_osu_info = 1;
+ wpa_s->fetch_osu_icon_in_progress = 0;
+
+ interworking_start_fetch_anqp(wpa_s);
+ } else {
+ hs20_start_osu_scan(wpa_s);
+ }
+
+ return 0;
+}
+
+
+void hs20_start_osu_scan(struct wpa_supplicant *wpa_s)
+{
+ wpa_s->fetch_osu_waiting_scan = 1;
+ wpa_s->num_osu_scans++;
+ wpa_s->scan_req = MANUAL_SCAN_REQ;
+ wpa_s->scan_res_handler = hs20_osu_scan_res_handler;
+ wpa_supplicant_req_scan(wpa_s, 0, 0);
+}
+
+
+void hs20_cancel_fetch_osu(struct wpa_supplicant *wpa_s)
+{
+ wpa_printf(MSG_DEBUG, "Cancel OSU fetch");
+ interworking_stop_fetch_anqp(wpa_s);
+ wpa_s->fetch_osu_waiting_scan = 0;
+ wpa_s->network_select = 0;
+ wpa_s->fetch_osu_info = 0;
+ wpa_s->fetch_osu_icon_in_progress = 0;
+}
+
+
+void hs20_icon_fetch_failed(struct wpa_supplicant *wpa_s)
+{
+ hs20_osu_icon_fetch_result(wpa_s, -1);
+ eloop_cancel_timeout(hs20_continue_icon_fetch, wpa_s, NULL);
+ eloop_register_timeout(0, 0, hs20_continue_icon_fetch, wpa_s, NULL);
+}
+
+
+void hs20_rx_subscription_remediation(struct wpa_supplicant *wpa_s,
+ const char *url, u8 osu_method)
+{
+ if (url)
+ wpa_msg(wpa_s, MSG_INFO, HS20_SUBSCRIPTION_REMEDIATION "%u %s",
+ osu_method, url);
+ else
+ wpa_msg(wpa_s, MSG_INFO, HS20_SUBSCRIPTION_REMEDIATION);
+}
+
+
+void hs20_rx_deauth_imminent_notice(struct wpa_supplicant *wpa_s, u8 code,
+ u16 reauth_delay, const char *url)
+{
+ if (!wpa_sm_pmf_enabled(wpa_s->wpa)) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Ignore deauthentication imminent notice since PMF was not enabled");
+ return;
+ }
+
+ wpa_msg(wpa_s, MSG_INFO, HS20_DEAUTH_IMMINENT_NOTICE "%u %u %s",
+ code, reauth_delay, url);
+
+ if (code == HS20_DEAUTH_REASON_CODE_BSS) {
+ wpa_printf(MSG_DEBUG, "HS 2.0: Add BSS to blacklist");
+ wpa_blacklist_add(wpa_s, wpa_s->bssid);
+ /* TODO: For now, disable full ESS since some drivers may not
+ * support disabling per BSS. */
+ if (wpa_s->current_ssid) {
+ struct os_reltime now;
+ os_get_reltime(&now);
+ if (now.sec + reauth_delay <=
+ wpa_s->current_ssid->disabled_until.sec)
+ return;
+ wpa_printf(MSG_DEBUG, "HS 2.0: Disable network for %u seconds (BSS)",
+ reauth_delay);
+ wpa_s->current_ssid->disabled_until.sec =
+ now.sec + reauth_delay;
+ }
+ }
+
+ if (code == HS20_DEAUTH_REASON_CODE_ESS && wpa_s->current_ssid) {
+ struct os_reltime now;
+ os_get_reltime(&now);
+ if (now.sec + reauth_delay <=
+ wpa_s->current_ssid->disabled_until.sec)
+ return;
+ wpa_printf(MSG_DEBUG, "HS 2.0: Disable network for %u seconds",
+ reauth_delay);
+ wpa_s->current_ssid->disabled_until.sec =
+ now.sec + reauth_delay;
+ }
+}
+
+
+void hs20_init(struct wpa_supplicant *wpa_s)
+{
+ dl_list_init(&wpa_s->icon_head);
+}
+
+
+void hs20_deinit(struct wpa_supplicant *wpa_s)
+{
+ eloop_cancel_timeout(hs20_continue_icon_fetch, wpa_s, NULL);
+ hs20_free_osu_prov(wpa_s);
+ if (wpa_s->icon_head.next)
+ hs20_del_icon(wpa_s, NULL, NULL);
+}