1 /* 2 * Copyright (c) 2009, Atheros Communications, Inc. 3 * Copyright (c) 2011-2012, Qualcomm Atheros, Inc. 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "eloop.h" 13 #include "common/ieee802_11_common.h" 14 #include "common/ieee802_11_defs.h" 15 #include "common/gas.h" 16 #include "common/wpa_ctrl.h" 17 #include "wpa_supplicant_i.h" 18 #include "driver_i.h" 19 #include "config.h" 20 #include "bss.h" 21 #include "gas_query.h" 22 #include "interworking.h" 23 #include "hs20_supplicant.h" 24 25 26 void wpas_hs20_add_indication(struct wpabuf *buf) 27 { 28 wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC); 29 wpabuf_put_u8(buf, 5); 30 wpabuf_put_be24(buf, OUI_WFA); 31 wpabuf_put_u8(buf, HS20_INDICATION_OUI_TYPE); 32 wpabuf_put_u8(buf, 0x00); /* Hotspot Configuration */ 33 } 34 35 36 int is_hs20_network(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, 37 struct wpa_bss *bss) 38 { 39 if (!wpa_s->conf->hs20 || !ssid) 40 return 0; 41 42 if (ssid->parent_cred) 43 return 1; 44 45 if (bss && !wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE)) 46 return 0; 47 48 /* 49 * This may catch some non-Hotspot 2.0 cases, but it is safer to do that 50 * than cause Hotspot 2.0 connections without indication element getting 51 * added. Non-Hotspot 2.0 APs should ignore the unknown vendor element. 52 */ 53 54 if (!(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X)) 55 return 0; 56 if (!(ssid->pairwise_cipher & WPA_CIPHER_CCMP)) 57 return 0; 58 if (ssid->proto != WPA_PROTO_RSN) 59 return 0; 60 61 return 1; 62 } 63 64 65 struct wpabuf * hs20_build_anqp_req(u32 stypes, const u8 *payload, 66 size_t payload_len) 67 { 68 struct wpabuf *buf; 69 u8 *len_pos; 70 71 buf = gas_anqp_build_initial_req(0, 100 + payload_len); 72 if (buf == NULL) 73 return NULL; 74 75 len_pos = gas_anqp_add_element(buf, ANQP_VENDOR_SPECIFIC); 76 wpabuf_put_be24(buf, OUI_WFA); 77 wpabuf_put_u8(buf, HS20_ANQP_OUI_TYPE); 78 if (stypes == BIT(HS20_STYPE_NAI_HOME_REALM_QUERY)) { 79 wpabuf_put_u8(buf, HS20_STYPE_NAI_HOME_REALM_QUERY); 80 wpabuf_put_u8(buf, 0); /* Reserved */ 81 if (payload) 82 wpabuf_put_data(buf, payload, payload_len); 83 } else { 84 u8 i; 85 wpabuf_put_u8(buf, HS20_STYPE_QUERY_LIST); 86 wpabuf_put_u8(buf, 0); /* Reserved */ 87 for (i = 0; i < 32; i++) { 88 if (stypes & BIT(i)) 89 wpabuf_put_u8(buf, i); 90 } 91 } 92 gas_anqp_set_element_len(buf, len_pos); 93 94 gas_anqp_set_len(buf); 95 96 return buf; 97 } 98 99 100 int hs20_anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst, u32 stypes, 101 const u8 *payload, size_t payload_len) 102 { 103 struct wpabuf *buf; 104 int ret = 0; 105 int freq; 106 struct wpa_bss *bss; 107 int res; 108 109 freq = wpa_s->assoc_freq; 110 bss = wpa_bss_get_bssid(wpa_s, dst); 111 if (bss) { 112 wpa_bss_anqp_unshare_alloc(bss); 113 freq = bss->freq; 114 } 115 if (freq <= 0) 116 return -1; 117 118 wpa_printf(MSG_DEBUG, "HS20: ANQP Query Request to " MACSTR " for " 119 "subtypes 0x%x", MAC2STR(dst), stypes); 120 121 buf = hs20_build_anqp_req(stypes, payload, payload_len); 122 if (buf == NULL) 123 return -1; 124 125 res = gas_query_req(wpa_s->gas, dst, freq, buf, anqp_resp_cb, wpa_s); 126 if (res < 0) { 127 wpa_printf(MSG_DEBUG, "ANQP: Failed to send Query Request"); 128 wpabuf_free(buf); 129 ret = -1; 130 } else 131 wpa_printf(MSG_DEBUG, "ANQP: Query started with dialog token " 132 "%u", res); 133 134 return ret; 135 } 136 137 138 void hs20_parse_rx_hs20_anqp_resp(struct wpa_supplicant *wpa_s, 139 const u8 *sa, const u8 *data, size_t slen) 140 { 141 const u8 *pos = data; 142 u8 subtype; 143 struct wpa_bss *bss = wpa_bss_get_bssid(wpa_s, sa); 144 struct wpa_bss_anqp *anqp = NULL; 145 146 if (slen < 2) 147 return; 148 149 if (bss) 150 anqp = bss->anqp; 151 152 subtype = *pos++; 153 slen--; 154 155 pos++; /* Reserved */ 156 slen--; 157 158 switch (subtype) { 159 case HS20_STYPE_CAPABILITY_LIST: 160 wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR 161 " HS Capability List", MAC2STR(sa)); 162 wpa_hexdump_ascii(MSG_DEBUG, "HS Capability List", pos, slen); 163 break; 164 case HS20_STYPE_OPERATOR_FRIENDLY_NAME: 165 wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR 166 " Operator Friendly Name", MAC2STR(sa)); 167 wpa_hexdump_ascii(MSG_DEBUG, "oper friendly name", pos, slen); 168 if (anqp) { 169 wpabuf_free(anqp->hs20_operator_friendly_name); 170 anqp->hs20_operator_friendly_name = 171 wpabuf_alloc_copy(pos, slen); 172 } 173 break; 174 case HS20_STYPE_WAN_METRICS: 175 wpa_hexdump(MSG_DEBUG, "WAN Metrics", pos, slen); 176 if (slen < 13) { 177 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: Too short WAN " 178 "Metrics value from " MACSTR, MAC2STR(sa)); 179 break; 180 } 181 wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR 182 " WAN Metrics %02x:%u:%u:%u:%u:%u", MAC2STR(sa), 183 pos[0], WPA_GET_LE32(pos + 1), WPA_GET_LE32(pos + 5), 184 pos[9], pos[10], WPA_GET_LE16(pos + 11)); 185 if (anqp) { 186 wpabuf_free(anqp->hs20_wan_metrics); 187 anqp->hs20_wan_metrics = wpabuf_alloc_copy(pos, slen); 188 } 189 break; 190 case HS20_STYPE_CONNECTION_CAPABILITY: 191 wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR 192 " Connection Capability", MAC2STR(sa)); 193 wpa_hexdump_ascii(MSG_DEBUG, "conn capability", pos, slen); 194 if (anqp) { 195 wpabuf_free(anqp->hs20_connection_capability); 196 anqp->hs20_connection_capability = 197 wpabuf_alloc_copy(pos, slen); 198 } 199 break; 200 case HS20_STYPE_OPERATING_CLASS: 201 wpa_msg(wpa_s, MSG_INFO, "RX-HS20-ANQP " MACSTR 202 " Operating Class", MAC2STR(sa)); 203 wpa_hexdump_ascii(MSG_DEBUG, "Operating Class", pos, slen); 204 if (anqp) { 205 wpabuf_free(anqp->hs20_operating_class); 206 anqp->hs20_operating_class = 207 wpabuf_alloc_copy(pos, slen); 208 } 209 break; 210 default: 211 wpa_printf(MSG_DEBUG, "HS20: Unsupported subtype %u", subtype); 212 break; 213 } 214 } 215