1*03f9172cSAndroid Build Coastguard Worker /*
2*03f9172cSAndroid Build Coastguard Worker * Hotspot 2.0 AP ANQP processing
3*03f9172cSAndroid Build Coastguard Worker * Copyright (c) 2009, Atheros Communications, Inc.
4*03f9172cSAndroid Build Coastguard Worker * Copyright (c) 2011-2013, Qualcomm Atheros, Inc.
5*03f9172cSAndroid Build Coastguard Worker *
6*03f9172cSAndroid Build Coastguard Worker * This software may be distributed under the terms of the BSD license.
7*03f9172cSAndroid Build Coastguard Worker * See README for more details.
8*03f9172cSAndroid Build Coastguard Worker */
9*03f9172cSAndroid Build Coastguard Worker
10*03f9172cSAndroid Build Coastguard Worker #include "includes.h"
11*03f9172cSAndroid Build Coastguard Worker
12*03f9172cSAndroid Build Coastguard Worker #include "common.h"
13*03f9172cSAndroid Build Coastguard Worker #include "common/ieee802_11_defs.h"
14*03f9172cSAndroid Build Coastguard Worker #include "common/wpa_ctrl.h"
15*03f9172cSAndroid Build Coastguard Worker #include "hostapd.h"
16*03f9172cSAndroid Build Coastguard Worker #include "ap_config.h"
17*03f9172cSAndroid Build Coastguard Worker #include "ap_drv_ops.h"
18*03f9172cSAndroid Build Coastguard Worker #include "sta_info.h"
19*03f9172cSAndroid Build Coastguard Worker #include "hs20.h"
20*03f9172cSAndroid Build Coastguard Worker
21*03f9172cSAndroid Build Coastguard Worker
hostapd_eid_hs20_indication(struct hostapd_data * hapd,u8 * eid)22*03f9172cSAndroid Build Coastguard Worker u8 * hostapd_eid_hs20_indication(struct hostapd_data *hapd, u8 *eid)
23*03f9172cSAndroid Build Coastguard Worker {
24*03f9172cSAndroid Build Coastguard Worker u8 conf;
25*03f9172cSAndroid Build Coastguard Worker if (!hapd->conf->hs20)
26*03f9172cSAndroid Build Coastguard Worker return eid;
27*03f9172cSAndroid Build Coastguard Worker *eid++ = WLAN_EID_VENDOR_SPECIFIC;
28*03f9172cSAndroid Build Coastguard Worker *eid++ = hapd->conf->hs20_release < 2 ? 5 : 7;
29*03f9172cSAndroid Build Coastguard Worker WPA_PUT_BE24(eid, OUI_WFA);
30*03f9172cSAndroid Build Coastguard Worker eid += 3;
31*03f9172cSAndroid Build Coastguard Worker *eid++ = HS20_INDICATION_OUI_TYPE;
32*03f9172cSAndroid Build Coastguard Worker conf = (hapd->conf->hs20_release - 1) << 4; /* Release Number */
33*03f9172cSAndroid Build Coastguard Worker if (hapd->conf->hs20_release >= 2)
34*03f9172cSAndroid Build Coastguard Worker conf |= HS20_ANQP_DOMAIN_ID_PRESENT;
35*03f9172cSAndroid Build Coastguard Worker if (hapd->conf->disable_dgaf)
36*03f9172cSAndroid Build Coastguard Worker conf |= HS20_DGAF_DISABLED;
37*03f9172cSAndroid Build Coastguard Worker *eid++ = conf;
38*03f9172cSAndroid Build Coastguard Worker if (hapd->conf->hs20_release >= 2) {
39*03f9172cSAndroid Build Coastguard Worker WPA_PUT_LE16(eid, hapd->conf->anqp_domain_id);
40*03f9172cSAndroid Build Coastguard Worker eid += 2;
41*03f9172cSAndroid Build Coastguard Worker }
42*03f9172cSAndroid Build Coastguard Worker
43*03f9172cSAndroid Build Coastguard Worker return eid;
44*03f9172cSAndroid Build Coastguard Worker }
45*03f9172cSAndroid Build Coastguard Worker
46*03f9172cSAndroid Build Coastguard Worker
hostapd_eid_osen(struct hostapd_data * hapd,u8 * eid)47*03f9172cSAndroid Build Coastguard Worker u8 * hostapd_eid_osen(struct hostapd_data *hapd, u8 *eid)
48*03f9172cSAndroid Build Coastguard Worker {
49*03f9172cSAndroid Build Coastguard Worker u8 *len;
50*03f9172cSAndroid Build Coastguard Worker u16 capab;
51*03f9172cSAndroid Build Coastguard Worker
52*03f9172cSAndroid Build Coastguard Worker if (!hapd->conf->osen)
53*03f9172cSAndroid Build Coastguard Worker return eid;
54*03f9172cSAndroid Build Coastguard Worker
55*03f9172cSAndroid Build Coastguard Worker *eid++ = WLAN_EID_VENDOR_SPECIFIC;
56*03f9172cSAndroid Build Coastguard Worker len = eid++; /* to be filled */
57*03f9172cSAndroid Build Coastguard Worker WPA_PUT_BE24(eid, OUI_WFA);
58*03f9172cSAndroid Build Coastguard Worker eid += 3;
59*03f9172cSAndroid Build Coastguard Worker *eid++ = HS20_OSEN_OUI_TYPE;
60*03f9172cSAndroid Build Coastguard Worker
61*03f9172cSAndroid Build Coastguard Worker /* Group Data Cipher Suite */
62*03f9172cSAndroid Build Coastguard Worker RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED);
63*03f9172cSAndroid Build Coastguard Worker eid += RSN_SELECTOR_LEN;
64*03f9172cSAndroid Build Coastguard Worker
65*03f9172cSAndroid Build Coastguard Worker /* Pairwise Cipher Suite Count and List */
66*03f9172cSAndroid Build Coastguard Worker WPA_PUT_LE16(eid, 1);
67*03f9172cSAndroid Build Coastguard Worker eid += 2;
68*03f9172cSAndroid Build Coastguard Worker RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_CCMP);
69*03f9172cSAndroid Build Coastguard Worker eid += RSN_SELECTOR_LEN;
70*03f9172cSAndroid Build Coastguard Worker
71*03f9172cSAndroid Build Coastguard Worker /* AKM Suite Count and List */
72*03f9172cSAndroid Build Coastguard Worker WPA_PUT_LE16(eid, 1);
73*03f9172cSAndroid Build Coastguard Worker eid += 2;
74*03f9172cSAndroid Build Coastguard Worker RSN_SELECTOR_PUT(eid, RSN_AUTH_KEY_MGMT_OSEN);
75*03f9172cSAndroid Build Coastguard Worker eid += RSN_SELECTOR_LEN;
76*03f9172cSAndroid Build Coastguard Worker
77*03f9172cSAndroid Build Coastguard Worker /* RSN Capabilities */
78*03f9172cSAndroid Build Coastguard Worker capab = 0;
79*03f9172cSAndroid Build Coastguard Worker if (hapd->conf->wmm_enabled) {
80*03f9172cSAndroid Build Coastguard Worker /* 4 PTKSA replay counters when using WMM */
81*03f9172cSAndroid Build Coastguard Worker capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
82*03f9172cSAndroid Build Coastguard Worker }
83*03f9172cSAndroid Build Coastguard Worker if (hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
84*03f9172cSAndroid Build Coastguard Worker capab |= WPA_CAPABILITY_MFPC;
85*03f9172cSAndroid Build Coastguard Worker if (hapd->conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED)
86*03f9172cSAndroid Build Coastguard Worker capab |= WPA_CAPABILITY_MFPR;
87*03f9172cSAndroid Build Coastguard Worker }
88*03f9172cSAndroid Build Coastguard Worker #ifdef CONFIG_OCV
89*03f9172cSAndroid Build Coastguard Worker if (hapd->conf->ocv &&
90*03f9172cSAndroid Build Coastguard Worker (hapd->iface->drv_flags2 &
91*03f9172cSAndroid Build Coastguard Worker (WPA_DRIVER_FLAGS2_AP_SME | WPA_DRIVER_FLAGS2_OCV)))
92*03f9172cSAndroid Build Coastguard Worker capab |= WPA_CAPABILITY_OCVC;
93*03f9172cSAndroid Build Coastguard Worker #endif /* CONFIG_OCV */
94*03f9172cSAndroid Build Coastguard Worker WPA_PUT_LE16(eid, capab);
95*03f9172cSAndroid Build Coastguard Worker eid += 2;
96*03f9172cSAndroid Build Coastguard Worker
97*03f9172cSAndroid Build Coastguard Worker *len = eid - len - 1;
98*03f9172cSAndroid Build Coastguard Worker
99*03f9172cSAndroid Build Coastguard Worker return eid;
100*03f9172cSAndroid Build Coastguard Worker }
101*03f9172cSAndroid Build Coastguard Worker
102*03f9172cSAndroid Build Coastguard Worker
hs20_send_wnm_notification(struct hostapd_data * hapd,const u8 * addr,u8 osu_method,const char * url)103*03f9172cSAndroid Build Coastguard Worker int hs20_send_wnm_notification(struct hostapd_data *hapd, const u8 *addr,
104*03f9172cSAndroid Build Coastguard Worker u8 osu_method, const char *url)
105*03f9172cSAndroid Build Coastguard Worker {
106*03f9172cSAndroid Build Coastguard Worker struct wpabuf *buf;
107*03f9172cSAndroid Build Coastguard Worker size_t len = 0;
108*03f9172cSAndroid Build Coastguard Worker int ret;
109*03f9172cSAndroid Build Coastguard Worker
110*03f9172cSAndroid Build Coastguard Worker /* TODO: should refuse to send notification if the STA is not associated
111*03f9172cSAndroid Build Coastguard Worker * or if the STA did not indicate support for WNM-Notification */
112*03f9172cSAndroid Build Coastguard Worker
113*03f9172cSAndroid Build Coastguard Worker if (url) {
114*03f9172cSAndroid Build Coastguard Worker len = 1 + os_strlen(url);
115*03f9172cSAndroid Build Coastguard Worker if (5 + len > 255) {
116*03f9172cSAndroid Build Coastguard Worker wpa_printf(MSG_INFO, "HS 2.0: Too long URL for "
117*03f9172cSAndroid Build Coastguard Worker "WNM-Notification: '%s'", url);
118*03f9172cSAndroid Build Coastguard Worker return -1;
119*03f9172cSAndroid Build Coastguard Worker }
120*03f9172cSAndroid Build Coastguard Worker }
121*03f9172cSAndroid Build Coastguard Worker
122*03f9172cSAndroid Build Coastguard Worker buf = wpabuf_alloc(4 + 7 + len);
123*03f9172cSAndroid Build Coastguard Worker if (buf == NULL)
124*03f9172cSAndroid Build Coastguard Worker return -1;
125*03f9172cSAndroid Build Coastguard Worker
126*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, WLAN_ACTION_WNM);
127*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, WNM_NOTIFICATION_REQ);
128*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, 1); /* Dialog token */
129*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, 1); /* Type - 1 reserved for WFA */
130*03f9172cSAndroid Build Coastguard Worker
131*03f9172cSAndroid Build Coastguard Worker /* Subscription Remediation subelement */
132*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC);
133*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, 5 + len);
134*03f9172cSAndroid Build Coastguard Worker wpabuf_put_be24(buf, OUI_WFA);
135*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, HS20_WNM_SUB_REM_NEEDED);
136*03f9172cSAndroid Build Coastguard Worker if (url) {
137*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, len - 1);
138*03f9172cSAndroid Build Coastguard Worker wpabuf_put_data(buf, url, len - 1);
139*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, osu_method);
140*03f9172cSAndroid Build Coastguard Worker } else {
141*03f9172cSAndroid Build Coastguard Worker /* Server URL and Server Method fields not included */
142*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, 0);
143*03f9172cSAndroid Build Coastguard Worker }
144*03f9172cSAndroid Build Coastguard Worker
145*03f9172cSAndroid Build Coastguard Worker ret = hostapd_drv_send_action(hapd, hapd->iface->freq, 0, addr,
146*03f9172cSAndroid Build Coastguard Worker wpabuf_head(buf), wpabuf_len(buf));
147*03f9172cSAndroid Build Coastguard Worker
148*03f9172cSAndroid Build Coastguard Worker wpabuf_free(buf);
149*03f9172cSAndroid Build Coastguard Worker
150*03f9172cSAndroid Build Coastguard Worker return ret;
151*03f9172cSAndroid Build Coastguard Worker }
152*03f9172cSAndroid Build Coastguard Worker
153*03f9172cSAndroid Build Coastguard Worker
hs20_send_wnm_notification_deauth_req(struct hostapd_data * hapd,const u8 * addr,const struct wpabuf * payload)154*03f9172cSAndroid Build Coastguard Worker int hs20_send_wnm_notification_deauth_req(struct hostapd_data *hapd,
155*03f9172cSAndroid Build Coastguard Worker const u8 *addr,
156*03f9172cSAndroid Build Coastguard Worker const struct wpabuf *payload)
157*03f9172cSAndroid Build Coastguard Worker {
158*03f9172cSAndroid Build Coastguard Worker struct wpabuf *buf;
159*03f9172cSAndroid Build Coastguard Worker int ret;
160*03f9172cSAndroid Build Coastguard Worker
161*03f9172cSAndroid Build Coastguard Worker /* TODO: should refuse to send notification if the STA is not associated
162*03f9172cSAndroid Build Coastguard Worker * or if the STA did not indicate support for WNM-Notification */
163*03f9172cSAndroid Build Coastguard Worker
164*03f9172cSAndroid Build Coastguard Worker buf = wpabuf_alloc(4 + 6 + wpabuf_len(payload));
165*03f9172cSAndroid Build Coastguard Worker if (buf == NULL)
166*03f9172cSAndroid Build Coastguard Worker return -1;
167*03f9172cSAndroid Build Coastguard Worker
168*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, WLAN_ACTION_WNM);
169*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, WNM_NOTIFICATION_REQ);
170*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, 1); /* Dialog token */
171*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, 1); /* Type - 1 reserved for WFA */
172*03f9172cSAndroid Build Coastguard Worker
173*03f9172cSAndroid Build Coastguard Worker /* Deauthentication Imminent Notice subelement */
174*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC);
175*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, 4 + wpabuf_len(payload));
176*03f9172cSAndroid Build Coastguard Worker wpabuf_put_be24(buf, OUI_WFA);
177*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, HS20_WNM_DEAUTH_IMMINENT_NOTICE);
178*03f9172cSAndroid Build Coastguard Worker wpabuf_put_buf(buf, payload);
179*03f9172cSAndroid Build Coastguard Worker
180*03f9172cSAndroid Build Coastguard Worker ret = hostapd_drv_send_action(hapd, hapd->iface->freq, 0, addr,
181*03f9172cSAndroid Build Coastguard Worker wpabuf_head(buf), wpabuf_len(buf));
182*03f9172cSAndroid Build Coastguard Worker
183*03f9172cSAndroid Build Coastguard Worker wpabuf_free(buf);
184*03f9172cSAndroid Build Coastguard Worker
185*03f9172cSAndroid Build Coastguard Worker return ret;
186*03f9172cSAndroid Build Coastguard Worker }
187*03f9172cSAndroid Build Coastguard Worker
188*03f9172cSAndroid Build Coastguard Worker
hs20_send_wnm_notification_t_c(struct hostapd_data * hapd,const u8 * addr,const char * url)189*03f9172cSAndroid Build Coastguard Worker int hs20_send_wnm_notification_t_c(struct hostapd_data *hapd,
190*03f9172cSAndroid Build Coastguard Worker const u8 *addr, const char *url)
191*03f9172cSAndroid Build Coastguard Worker {
192*03f9172cSAndroid Build Coastguard Worker struct wpabuf *buf;
193*03f9172cSAndroid Build Coastguard Worker int ret;
194*03f9172cSAndroid Build Coastguard Worker size_t url_len;
195*03f9172cSAndroid Build Coastguard Worker
196*03f9172cSAndroid Build Coastguard Worker if (!url) {
197*03f9172cSAndroid Build Coastguard Worker wpa_printf(MSG_INFO, "HS 2.0: No T&C Server URL available");
198*03f9172cSAndroid Build Coastguard Worker return -1;
199*03f9172cSAndroid Build Coastguard Worker }
200*03f9172cSAndroid Build Coastguard Worker
201*03f9172cSAndroid Build Coastguard Worker url_len = os_strlen(url);
202*03f9172cSAndroid Build Coastguard Worker if (5 + url_len > 255) {
203*03f9172cSAndroid Build Coastguard Worker wpa_printf(MSG_INFO,
204*03f9172cSAndroid Build Coastguard Worker "HS 2.0: Too long T&C Server URL for WNM-Notification: '%s'",
205*03f9172cSAndroid Build Coastguard Worker url);
206*03f9172cSAndroid Build Coastguard Worker return -1;
207*03f9172cSAndroid Build Coastguard Worker }
208*03f9172cSAndroid Build Coastguard Worker
209*03f9172cSAndroid Build Coastguard Worker buf = wpabuf_alloc(4 + 7 + url_len);
210*03f9172cSAndroid Build Coastguard Worker if (!buf)
211*03f9172cSAndroid Build Coastguard Worker return -1;
212*03f9172cSAndroid Build Coastguard Worker
213*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, WLAN_ACTION_WNM);
214*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, WNM_NOTIFICATION_REQ);
215*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, 1); /* Dialog token */
216*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, 1); /* Type - 1 reserved for WFA */
217*03f9172cSAndroid Build Coastguard Worker
218*03f9172cSAndroid Build Coastguard Worker /* Terms and Conditions Acceptance subelement */
219*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC);
220*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, 4 + 1 + url_len);
221*03f9172cSAndroid Build Coastguard Worker wpabuf_put_be24(buf, OUI_WFA);
222*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, HS20_WNM_T_C_ACCEPTANCE);
223*03f9172cSAndroid Build Coastguard Worker wpabuf_put_u8(buf, url_len);
224*03f9172cSAndroid Build Coastguard Worker wpabuf_put_str(buf, url);
225*03f9172cSAndroid Build Coastguard Worker
226*03f9172cSAndroid Build Coastguard Worker ret = hostapd_drv_send_action(hapd, hapd->iface->freq, 0, addr,
227*03f9172cSAndroid Build Coastguard Worker wpabuf_head(buf), wpabuf_len(buf));
228*03f9172cSAndroid Build Coastguard Worker
229*03f9172cSAndroid Build Coastguard Worker wpabuf_free(buf);
230*03f9172cSAndroid Build Coastguard Worker
231*03f9172cSAndroid Build Coastguard Worker return ret;
232*03f9172cSAndroid Build Coastguard Worker }
233*03f9172cSAndroid Build Coastguard Worker
234*03f9172cSAndroid Build Coastguard Worker
hs20_t_c_filtering(struct hostapd_data * hapd,struct sta_info * sta,int enabled)235*03f9172cSAndroid Build Coastguard Worker void hs20_t_c_filtering(struct hostapd_data *hapd, struct sta_info *sta,
236*03f9172cSAndroid Build Coastguard Worker int enabled)
237*03f9172cSAndroid Build Coastguard Worker {
238*03f9172cSAndroid Build Coastguard Worker if (enabled) {
239*03f9172cSAndroid Build Coastguard Worker wpa_printf(MSG_DEBUG,
240*03f9172cSAndroid Build Coastguard Worker "HS 2.0: Terms and Conditions filtering required for "
241*03f9172cSAndroid Build Coastguard Worker MACSTR, MAC2STR(sta->addr));
242*03f9172cSAndroid Build Coastguard Worker sta->hs20_t_c_filtering = 1;
243*03f9172cSAndroid Build Coastguard Worker /* TODO: Enable firewall filtering for the STA */
244*03f9172cSAndroid Build Coastguard Worker wpa_msg(hapd->msg_ctx, MSG_INFO, HS20_T_C_FILTERING_ADD MACSTR,
245*03f9172cSAndroid Build Coastguard Worker MAC2STR(sta->addr));
246*03f9172cSAndroid Build Coastguard Worker } else {
247*03f9172cSAndroid Build Coastguard Worker wpa_printf(MSG_DEBUG,
248*03f9172cSAndroid Build Coastguard Worker "HS 2.0: Terms and Conditions filtering not required for "
249*03f9172cSAndroid Build Coastguard Worker MACSTR, MAC2STR(sta->addr));
250*03f9172cSAndroid Build Coastguard Worker sta->hs20_t_c_filtering = 0;
251*03f9172cSAndroid Build Coastguard Worker /* TODO: Disable firewall filtering for the STA */
252*03f9172cSAndroid Build Coastguard Worker wpa_msg(hapd->msg_ctx, MSG_INFO,
253*03f9172cSAndroid Build Coastguard Worker HS20_T_C_FILTERING_REMOVE MACSTR, MAC2STR(sta->addr));
254*03f9172cSAndroid Build Coastguard Worker }
255*03f9172cSAndroid Build Coastguard Worker }
256