2 * Interworking (IEEE 802.11u)
3 * Copyright (c) 2011-2013, Qualcomm Atheros, Inc.
4 * Copyright (c) 2011-2014, Jouni Malinen <j@w1.fi>
6 * This software may be distributed under the terms of the BSD license.
7 * See README for more details.
13 #include "common/ieee802_11_defs.h"
14 #include "common/gas.h"
15 #include "common/wpa_ctrl.h"
16 #include "utils/pcsc_funcs.h"
17 #include "utils/eloop.h"
18 #include "drivers/driver.h"
19 #include "eap_common/eap_defs.h"
20 #include "eap_peer/eap.h"
21 #include "eap_peer/eap_methods.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "rsn_supp/wpa.h"
24 #include "wpa_supplicant_i.h"
26 #include "config_ssid.h"
31 #include "gas_query.h"
32 #include "hs20_supplicant.h"
33 #include "interworking.h"
36 #if defined(EAP_SIM) | defined(EAP_SIM_DYNAMIC)
37 #define INTERWORKING_3GPP
39 #if defined(EAP_AKA) | defined(EAP_AKA_DYNAMIC)
40 #define INTERWORKING_3GPP
42 #if defined(EAP_AKA_PRIME) | defined(EAP_AKA_PRIME_DYNAMIC)
43 #define INTERWORKING_3GPP
48 static void interworking_next_anqp_fetch(struct wpa_supplicant *wpa_s);
49 static struct wpa_cred * interworking_credentials_available_realm(
50 struct wpa_supplicant *wpa_s, struct wpa_bss *bss, int ignore_bw,
52 static struct wpa_cred * interworking_credentials_available_3gpp(
53 struct wpa_supplicant *wpa_s, struct wpa_bss *bss, int ignore_bw,
57 static int cred_prio_cmp(const struct wpa_cred *a, const struct wpa_cred *b)
59 if (a->priority > b->priority)
61 if (a->priority < b->priority)
63 if (a->provisioning_sp == NULL || b->provisioning_sp == NULL ||
64 os_strcmp(a->provisioning_sp, b->provisioning_sp) != 0)
66 if (a->sp_priority < b->sp_priority)
68 if (a->sp_priority > b->sp_priority)
74 static void interworking_reconnect(struct wpa_supplicant *wpa_s)
78 if (wpa_s->wpa_state >= WPA_AUTHENTICATING) {
79 wpa_supplicant_cancel_sched_scan(wpa_s);
80 wpa_s->own_disconnect_req = 1;
81 wpa_supplicant_deauthenticate(wpa_s,
82 WLAN_REASON_DEAUTH_LEAVING);
84 wpa_s->disconnected = 0;
85 wpa_s->reassociate = 1;
86 tried = wpa_s->interworking_fast_assoc_tried;
87 wpa_s->interworking_fast_assoc_tried = 1;
89 if (!tried && wpa_supplicant_fast_associate(wpa_s) >= 0)
92 wpa_s->interworking_fast_assoc_tried = 0;
93 wpa_supplicant_req_scan(wpa_s, 0, 0);
97 static struct wpabuf * anqp_build_req(u16 info_ids[], size_t num_ids,
104 buf = gas_anqp_build_initial_req(0, 4 + num_ids * 2 +
105 (extra ? wpabuf_len(extra) : 0));
110 len_pos = gas_anqp_add_element(buf, ANQP_QUERY_LIST);
111 for (i = 0; i < num_ids; i++)
112 wpabuf_put_le16(buf, info_ids[i]);
113 gas_anqp_set_element_len(buf, len_pos);
116 wpabuf_put_buf(buf, extra);
118 gas_anqp_set_len(buf);
124 static void interworking_anqp_resp_cb(void *ctx, const u8 *dst,
126 enum gas_query_result result,
127 const struct wpabuf *adv_proto,
128 const struct wpabuf *resp,
131 struct wpa_supplicant *wpa_s = ctx;
133 wpa_printf(MSG_DEBUG, "ANQP: Response callback dst=" MACSTR
134 " dialog_token=%u result=%d status_code=%u",
135 MAC2STR(dst), dialog_token, result, status_code);
136 anqp_resp_cb(wpa_s, dst, dialog_token, result, adv_proto, resp,
138 interworking_next_anqp_fetch(wpa_s);
142 static int cred_with_roaming_consortium(struct wpa_supplicant *wpa_s)
144 struct wpa_cred *cred;
146 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
147 if (cred->roaming_consortium_len)
149 if (cred->required_roaming_consortium_len)
151 if (cred->num_roaming_consortiums)
158 static int cred_with_3gpp(struct wpa_supplicant *wpa_s)
160 struct wpa_cred *cred;
162 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
163 if (cred->pcsc || cred->imsi)
170 static int cred_with_nai_realm(struct wpa_supplicant *wpa_s)
172 struct wpa_cred *cred;
174 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
175 if (cred->pcsc || cred->imsi)
177 if (!cred->eap_method)
179 if (cred->realm && cred->roaming_consortium_len == 0)
186 static int cred_with_domain(struct wpa_supplicant *wpa_s)
188 struct wpa_cred *cred;
190 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
191 if (cred->domain || cred->pcsc || cred->imsi ||
192 cred->roaming_partner)
201 static int cred_with_min_backhaul(struct wpa_supplicant *wpa_s)
203 struct wpa_cred *cred;
205 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
206 if (cred->min_dl_bandwidth_home ||
207 cred->min_ul_bandwidth_home ||
208 cred->min_dl_bandwidth_roaming ||
209 cred->min_ul_bandwidth_roaming)
216 static int cred_with_conn_capab(struct wpa_supplicant *wpa_s)
218 struct wpa_cred *cred;
220 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
221 if (cred->num_req_conn_capab)
227 #endif /* CONFIG_HS20 */
230 static int additional_roaming_consortiums(struct wpa_bss *bss)
233 ie = wpa_bss_get_ie(bss, WLAN_EID_ROAMING_CONSORTIUM);
234 if (ie == NULL || ie[1] == 0)
236 return ie[2]; /* Number of ANQP OIs */
240 static void interworking_continue_anqp(void *eloop_ctx, void *sock_ctx)
242 struct wpa_supplicant *wpa_s = eloop_ctx;
243 interworking_next_anqp_fetch(wpa_s);
247 static int interworking_anqp_send_req(struct wpa_supplicant *wpa_s,
254 size_t num_info_ids = 0;
255 struct wpabuf *extra = NULL;
256 int all = wpa_s->fetch_all_anqp;
258 wpa_msg(wpa_s, MSG_DEBUG, "Interworking: ANQP Query Request to " MACSTR,
259 MAC2STR(bss->bssid));
260 wpa_s->interworking_gas_bss = bss;
262 info_ids[num_info_ids++] = ANQP_CAPABILITY_LIST;
264 info_ids[num_info_ids++] = ANQP_VENUE_NAME;
265 info_ids[num_info_ids++] = ANQP_NETWORK_AUTH_TYPE;
267 if (all || (cred_with_roaming_consortium(wpa_s) &&
268 additional_roaming_consortiums(bss)))
269 info_ids[num_info_ids++] = ANQP_ROAMING_CONSORTIUM;
271 info_ids[num_info_ids++] = ANQP_IP_ADDR_TYPE_AVAILABILITY;
272 if (all || cred_with_nai_realm(wpa_s))
273 info_ids[num_info_ids++] = ANQP_NAI_REALM;
274 if (all || cred_with_3gpp(wpa_s)) {
275 info_ids[num_info_ids++] = ANQP_3GPP_CELLULAR_NETWORK;
276 wpa_supplicant_scard_init(wpa_s, NULL);
278 if (all || cred_with_domain(wpa_s))
279 info_ids[num_info_ids++] = ANQP_DOMAIN_NAME;
280 wpa_hexdump(MSG_DEBUG, "Interworking: ANQP Query info",
281 (u8 *) info_ids, num_info_ids * 2);
284 if (wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE)) {
287 extra = wpabuf_alloc(100);
291 len_pos = gas_anqp_add_element(extra, ANQP_VENDOR_SPECIFIC);
292 wpabuf_put_be24(extra, OUI_WFA);
293 wpabuf_put_u8(extra, HS20_ANQP_OUI_TYPE);
294 wpabuf_put_u8(extra, HS20_STYPE_QUERY_LIST);
295 wpabuf_put_u8(extra, 0); /* Reserved */
296 wpabuf_put_u8(extra, HS20_STYPE_CAPABILITY_LIST);
299 HS20_STYPE_OPERATOR_FRIENDLY_NAME);
300 if (all || cred_with_min_backhaul(wpa_s))
301 wpabuf_put_u8(extra, HS20_STYPE_WAN_METRICS);
302 if (all || cred_with_conn_capab(wpa_s))
303 wpabuf_put_u8(extra, HS20_STYPE_CONNECTION_CAPABILITY);
305 wpabuf_put_u8(extra, HS20_STYPE_OPERATING_CLASS);
307 wpabuf_put_u8(extra, HS20_STYPE_OSU_PROVIDERS_LIST);
308 wpabuf_put_u8(extra, HS20_STYPE_OSU_PROVIDERS_NAI_LIST);
310 gas_anqp_set_element_len(extra, len_pos);
312 #endif /* CONFIG_HS20 */
314 buf = anqp_build_req(info_ids, num_info_ids, extra);
319 res = gas_query_req(wpa_s->gas, bss->bssid, bss->freq, 0, buf,
320 interworking_anqp_resp_cb, wpa_s);
322 wpa_msg(wpa_s, MSG_DEBUG, "ANQP: Failed to send Query Request");
325 eloop_register_timeout(0, 0, interworking_continue_anqp, wpa_s,
328 wpa_msg(wpa_s, MSG_DEBUG,
329 "ANQP: Query started with dialog token %u", res);
335 struct nai_realm_eap {
338 enum nai_realm_eap_auth_inner_non_eap inner_non_eap;
340 u8 tunneled_cred_type;
347 struct nai_realm_eap *eap;
351 static void nai_realm_free(struct nai_realm *realms, u16 count)
357 for (i = 0; i < count; i++) {
358 os_free(realms[i].eap);
359 os_free(realms[i].realm);
365 static const u8 * nai_realm_parse_eap(struct nai_realm_eap *e, const u8 *pos,
368 u8 elen, auth_count, a;
372 wpa_printf(MSG_DEBUG, "No room for EAP Method fixed fields");
377 if (elen > end - pos || elen < 2) {
378 wpa_printf(MSG_DEBUG, "No room for EAP Method subfield");
384 wpa_printf(MSG_DEBUG, "EAP Method: len=%u method=%u auth_count=%u",
385 elen, e->method, auth_count);
387 for (a = 0; a < auth_count; a++) {
391 wpa_printf(MSG_DEBUG,
392 "No room for Authentication Parameter subfield header");
398 if (len > end - pos) {
399 wpa_printf(MSG_DEBUG,
400 "No room for Authentication Parameter subfield");
405 case NAI_REALM_EAP_AUTH_NON_EAP_INNER_AUTH:
408 e->inner_non_eap = *pos;
409 if (e->method != EAP_TYPE_TTLS)
412 case NAI_REALM_INNER_NON_EAP_PAP:
413 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP");
415 case NAI_REALM_INNER_NON_EAP_CHAP:
416 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP");
418 case NAI_REALM_INNER_NON_EAP_MSCHAP:
419 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP");
421 case NAI_REALM_INNER_NON_EAP_MSCHAPV2:
422 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2");
426 case NAI_REALM_EAP_AUTH_INNER_AUTH_EAP_METHOD:
429 e->inner_method = *pos;
430 wpa_printf(MSG_DEBUG, "Inner EAP method: %u",
433 case NAI_REALM_EAP_AUTH_CRED_TYPE:
437 wpa_printf(MSG_DEBUG, "Credential Type: %u",
440 case NAI_REALM_EAP_AUTH_TUNNELED_CRED_TYPE:
443 e->tunneled_cred_type = *pos;
444 wpa_printf(MSG_DEBUG, "Tunneled EAP Method Credential "
445 "Type: %u", e->tunneled_cred_type);
448 wpa_printf(MSG_DEBUG, "Unsupported Authentication "
449 "Parameter: id=%u len=%u", id, len);
450 wpa_hexdump(MSG_DEBUG, "Authentication Parameter "
462 static const u8 * nai_realm_parse_realm(struct nai_realm *r, const u8 *pos,
470 wpa_printf(MSG_DEBUG, "No room for NAI Realm Data "
475 len = WPA_GET_LE16(pos); /* NAI Realm Data field Length */
477 if (len > end - pos || len < 3) {
478 wpa_printf(MSG_DEBUG, "No room for NAI Realm Data "
480 len, (unsigned int) (end - pos));
485 r->encoding = *pos++;
487 if (realm_len > f_end - pos) {
488 wpa_printf(MSG_DEBUG, "No room for NAI Realm "
490 realm_len, (unsigned int) (f_end - pos));
493 wpa_hexdump_ascii(MSG_DEBUG, "NAI Realm", pos, realm_len);
494 r->realm = dup_binstr(pos, realm_len);
495 if (r->realm == NULL)
499 if (f_end - pos < 1) {
500 wpa_printf(MSG_DEBUG, "No room for EAP Method Count");
503 r->eap_count = *pos++;
504 wpa_printf(MSG_DEBUG, "EAP Count: %u", r->eap_count);
505 if (r->eap_count * 3 > f_end - pos) {
506 wpa_printf(MSG_DEBUG, "No room for EAP Methods");
509 r->eap = os_calloc(r->eap_count, sizeof(struct nai_realm_eap));
513 for (e = 0; e < r->eap_count; e++) {
514 pos = nai_realm_parse_eap(&r->eap[e], pos, f_end);
523 static struct nai_realm * nai_realm_parse(struct wpabuf *anqp, u16 *count)
525 struct nai_realm *realm;
532 left = wpabuf_len(anqp);
536 pos = wpabuf_head_u8(anqp);
538 num = WPA_GET_LE16(pos);
539 wpa_printf(MSG_DEBUG, "NAI Realm Count: %u", num);
543 if (num > left / 5) {
544 wpa_printf(MSG_DEBUG, "Invalid NAI Realm Count %u - not "
545 "enough data (%u octets) for that many realms",
546 num, (unsigned int) left);
550 realm = os_calloc(num, sizeof(struct nai_realm));
554 for (i = 0; i < num; i++) {
555 pos = nai_realm_parse_realm(&realm[i], pos, end);
557 nai_realm_free(realm, num);
567 static int nai_realm_match(struct nai_realm *realm, const char *home_realm)
569 char *tmp, *pos, *end;
572 if (realm->realm == NULL || home_realm == NULL)
575 if (os_strchr(realm->realm, ';') == NULL)
576 return os_strcasecmp(realm->realm, home_realm) == 0;
578 tmp = os_strdup(realm->realm);
584 end = os_strchr(pos, ';');
587 if (os_strcasecmp(pos, home_realm) == 0) {
602 static int nai_realm_cred_username(struct wpa_supplicant *wpa_s,
603 struct nai_realm_eap *eap)
605 if (eap_get_name(EAP_VENDOR_IETF, eap->method) == NULL) {
606 wpa_msg(wpa_s, MSG_DEBUG,
607 "nai-realm-cred-username: EAP method not supported: %d",
609 return 0; /* method not supported */
612 if (eap->method != EAP_TYPE_TTLS && eap->method != EAP_TYPE_PEAP &&
613 eap->method != EAP_TYPE_FAST) {
614 /* Only tunneled methods with username/password supported */
615 wpa_msg(wpa_s, MSG_DEBUG,
616 "nai-realm-cred-username: Method: %d is not TTLS, PEAP, or FAST",
621 if (eap->method == EAP_TYPE_PEAP || eap->method == EAP_TYPE_FAST) {
622 if (eap->inner_method &&
623 eap_get_name(EAP_VENDOR_IETF, eap->inner_method) == NULL) {
624 wpa_msg(wpa_s, MSG_DEBUG,
625 "nai-realm-cred-username: PEAP/FAST: Inner method not supported: %d",
629 if (!eap->inner_method &&
630 eap_get_name(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2) == NULL) {
631 wpa_msg(wpa_s, MSG_DEBUG,
632 "nai-realm-cred-username: MSCHAPv2 not supported");
637 if (eap->method == EAP_TYPE_TTLS) {
638 if (eap->inner_method == 0 && eap->inner_non_eap == 0)
639 return 1; /* Assume TTLS/MSCHAPv2 is used */
640 if (eap->inner_method &&
641 eap_get_name(EAP_VENDOR_IETF, eap->inner_method) == NULL) {
642 wpa_msg(wpa_s, MSG_DEBUG,
643 "nai-realm-cred-username: TTLS, but inner not supported: %d",
647 if (eap->inner_non_eap &&
648 eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_PAP &&
649 eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_CHAP &&
650 eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_MSCHAP &&
651 eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_MSCHAPV2) {
652 wpa_msg(wpa_s, MSG_DEBUG,
653 "nai-realm-cred-username: TTLS, inner-non-eap not supported: %d",
659 if (eap->inner_method &&
660 eap->inner_method != EAP_TYPE_GTC &&
661 eap->inner_method != EAP_TYPE_MSCHAPV2) {
662 wpa_msg(wpa_s, MSG_DEBUG,
663 "nai-realm-cred-username: inner-method not GTC or MSCHAPv2: %d",
672 static int nai_realm_cred_cert(struct wpa_supplicant *wpa_s,
673 struct nai_realm_eap *eap)
675 if (eap_get_name(EAP_VENDOR_IETF, eap->method) == NULL) {
676 wpa_msg(wpa_s, MSG_DEBUG,
677 "nai-realm-cred-cert: Method not supported: %d",
679 return 0; /* method not supported */
682 if (eap->method != EAP_TYPE_TLS) {
683 /* Only EAP-TLS supported for credential authentication */
684 wpa_msg(wpa_s, MSG_DEBUG,
685 "nai-realm-cred-cert: Method not TLS: %d",
694 static struct nai_realm_eap * nai_realm_find_eap(struct wpa_supplicant *wpa_s,
695 struct wpa_cred *cred,
696 struct nai_realm *realm)
700 if (cred->username == NULL ||
701 cred->username[0] == '\0' ||
702 ((cred->password == NULL ||
703 cred->password[0] == '\0') &&
704 (cred->private_key == NULL ||
705 cred->private_key[0] == '\0'))) {
706 wpa_msg(wpa_s, MSG_DEBUG,
707 "nai-realm-find-eap: incomplete cred info: username: %s password: %s private_key: %s",
708 cred->username ? cred->username : "NULL",
709 cred->password ? cred->password : "NULL",
710 cred->private_key ? cred->private_key : "NULL");
714 for (e = 0; e < realm->eap_count; e++) {
715 struct nai_realm_eap *eap = &realm->eap[e];
716 if (cred->password && cred->password[0] &&
717 nai_realm_cred_username(wpa_s, eap))
719 if (cred->private_key && cred->private_key[0] &&
720 nai_realm_cred_cert(wpa_s, eap))
728 #ifdef INTERWORKING_3GPP
730 static int plmn_id_match(struct wpabuf *anqp, const char *imsi, int mnc_len)
732 u8 plmn[3], plmn2[3];
737 * See Annex A of 3GPP TS 24.234 v8.1.0 for description. The network
738 * operator is allowed to include only two digits of the MNC, so allow
739 * matches based on both two and three digit MNC assumptions. Since some
740 * SIM/USIM cards may not expose MNC length conveniently, we may be
741 * provided the default MNC length 3 here and as such, checking with MNC
742 * length 2 is justifiable even though 3GPP TS 24.234 does not mention
743 * that case. Anyway, MCC/MNC pair where both 2 and 3 digit MNC is used
744 * with otherwise matching values would not be good idea in general, so
745 * this should not result in selecting incorrect networks.
747 /* Match with 3 digit MNC */
748 plmn[0] = (imsi[0] - '0') | ((imsi[1] - '0') << 4);
749 plmn[1] = (imsi[2] - '0') | ((imsi[5] - '0') << 4);
750 plmn[2] = (imsi[3] - '0') | ((imsi[4] - '0') << 4);
751 /* Match with 2 digit MNC */
752 plmn2[0] = (imsi[0] - '0') | ((imsi[1] - '0') << 4);
753 plmn2[1] = (imsi[2] - '0') | 0xf0;
754 plmn2[2] = (imsi[3] - '0') | ((imsi[4] - '0') << 4);
758 pos = wpabuf_head_u8(anqp);
759 end = pos + wpabuf_len(anqp);
763 wpa_printf(MSG_DEBUG, "Unsupported GUD version 0x%x", *pos);
768 if (udhl > end - pos) {
769 wpa_printf(MSG_DEBUG, "Invalid UDHL");
774 wpa_printf(MSG_DEBUG, "Interworking: Matching against MCC/MNC alternatives: %02x:%02x:%02x or %02x:%02x:%02x (IMSI %s, MNC length %d)",
775 plmn[0], plmn[1], plmn[2], plmn2[0], plmn2[1], plmn2[2],
778 while (end - pos >= 2) {
787 if (iei == 0 && len > 0) {
790 wpa_hexdump(MSG_DEBUG, "Interworking: PLMN List information element",
793 for (i = 0; i < num; i++) {
796 if (os_memcmp(pos, plmn, 3) == 0 ||
797 os_memcmp(pos, plmn2, 3) == 0)
798 return 1; /* Found matching PLMN */
802 wpa_hexdump(MSG_DEBUG, "Interworking: Unrecognized 3GPP information element",
813 static int build_root_nai(char *nai, size_t nai_len, const char *imsi,
814 size_t mnc_len, char prefix)
816 const char *sep, *msin;
818 size_t msin_len, plmn_len;
821 * TS 23.003, Clause 14 (3GPP to WLAN Interworking)
823 * <aka:0|sim:1><IMSI>@wlan.mnc<MNC>.mcc<MCC>.3gppnetwork.org
824 * <MNC> is zero-padded to three digits in case two-digit MNC is used
827 if (imsi == NULL || os_strlen(imsi) > 16) {
828 wpa_printf(MSG_DEBUG, "No valid IMSI available");
831 sep = os_strchr(imsi, '-');
833 plmn_len = sep - imsi;
835 } else if (mnc_len && os_strlen(imsi) >= 3 + mnc_len) {
836 plmn_len = 3 + mnc_len;
837 msin = imsi + plmn_len;
840 if (plmn_len != 5 && plmn_len != 6)
842 msin_len = os_strlen(msin);
848 os_memcpy(pos, imsi, plmn_len);
850 os_memcpy(pos, msin, msin_len);
852 pos += os_snprintf(pos, end - pos, "@wlan.mnc");
862 os_snprintf(pos, end - pos, ".mcc%c%c%c.3gppnetwork.org",
863 imsi[0], imsi[1], imsi[2]);
869 static int set_root_nai(struct wpa_ssid *ssid, const char *imsi, char prefix)
872 if (build_root_nai(nai, sizeof(nai), imsi, 0, prefix) < 0)
874 return wpa_config_set_quoted(ssid, "identity", nai);
877 #endif /* INTERWORKING_3GPP */
880 static int already_connected(struct wpa_supplicant *wpa_s,
881 struct wpa_cred *cred, struct wpa_bss *bss)
883 struct wpa_ssid *ssid, *sel_ssid;
884 struct wpa_bss *selected;
886 if (wpa_s->wpa_state < WPA_ASSOCIATED || wpa_s->current_ssid == NULL)
889 ssid = wpa_s->current_ssid;
890 if (ssid->parent_cred != cred)
893 if (ssid->ssid_len != bss->ssid_len ||
894 os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) != 0)
898 selected = wpa_supplicant_pick_network(wpa_s, &sel_ssid);
899 if (selected && sel_ssid && sel_ssid->priority > ssid->priority)
900 return 0; /* higher priority network in scan results */
906 static void remove_duplicate_network(struct wpa_supplicant *wpa_s,
907 struct wpa_cred *cred,
910 struct wpa_ssid *ssid;
912 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
913 if (ssid->parent_cred != cred)
915 if (ssid->ssid_len != bss->ssid_len ||
916 os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) != 0)
925 wpa_printf(MSG_DEBUG, "Interworking: Remove duplicate network entry for the same credential");
927 if (ssid == wpa_s->current_ssid) {
928 wpa_sm_set_config(wpa_s->wpa, NULL);
929 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
930 wpa_s->own_disconnect_req = 1;
931 wpa_supplicant_deauthenticate(wpa_s,
932 WLAN_REASON_DEAUTH_LEAVING);
935 wpas_notify_network_removed(wpa_s, ssid);
936 wpa_config_remove_network(wpa_s->conf, ssid->id);
940 static int interworking_set_hs20_params(struct wpa_supplicant *wpa_s,
941 struct wpa_ssid *ssid)
943 const char *key_mgmt = NULL;
944 #ifdef CONFIG_IEEE80211R
946 struct wpa_driver_capa capa;
948 res = wpa_drv_get_capa(wpa_s, &capa);
949 if (res == 0 && capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_FT) {
950 key_mgmt = wpa_s->conf->pmf != NO_MGMT_FRAME_PROTECTION ?
951 "WPA-EAP WPA-EAP-SHA256 FT-EAP" :
954 #endif /* CONFIG_IEEE80211R */
957 key_mgmt = wpa_s->conf->pmf != NO_MGMT_FRAME_PROTECTION ?
958 "WPA-EAP WPA-EAP-SHA256" : "WPA-EAP";
959 if (wpa_config_set(ssid, "key_mgmt", key_mgmt, 0) < 0 ||
960 wpa_config_set(ssid, "proto", "RSN", 0) < 0 ||
961 wpa_config_set(ssid, "ieee80211w", "1", 0) < 0 ||
962 wpa_config_set(ssid, "pairwise", "CCMP", 0) < 0)
968 static int interworking_connect_3gpp(struct wpa_supplicant *wpa_s,
969 struct wpa_cred *cred,
970 struct wpa_bss *bss, int only_add)
972 #ifdef INTERWORKING_3GPP
973 struct wpa_ssid *ssid;
978 if (bss->anqp == NULL || bss->anqp->anqp_3gpp == NULL)
981 wpa_msg(wpa_s, MSG_DEBUG, "Interworking: Connect with " MACSTR
982 " (3GPP)", MAC2STR(bss->bssid));
984 if (already_connected(wpa_s, cred, bss)) {
985 wpa_msg(wpa_s, MSG_INFO, INTERWORKING_ALREADY_CONNECTED MACSTR,
986 MAC2STR(bss->bssid));
987 return wpa_s->current_ssid->id;
990 remove_duplicate_network(wpa_s, cred, bss);
992 ssid = wpa_config_add_network(wpa_s->conf);
995 ssid->parent_cred = cred;
997 wpas_notify_network_added(wpa_s, ssid);
998 wpa_config_set_network_defaults(ssid);
999 ssid->priority = cred->priority;
1000 ssid->temporary = 1;
1001 ssid->ssid = os_zalloc(bss->ssid_len + 1);
1002 if (ssid->ssid == NULL)
1004 os_memcpy(ssid->ssid, bss->ssid, bss->ssid_len);
1005 ssid->ssid_len = bss->ssid_len;
1006 ssid->eap.sim_num = cred->sim_num;
1008 if (interworking_set_hs20_params(wpa_s, ssid) < 0)
1011 eap_type = EAP_TYPE_SIM;
1012 if (cred->pcsc && wpa_s->scard && scard_supports_umts(wpa_s->scard))
1013 eap_type = EAP_TYPE_AKA;
1014 if (cred->eap_method && cred->eap_method[0].vendor == EAP_VENDOR_IETF) {
1015 if (cred->eap_method[0].method == EAP_TYPE_SIM ||
1016 cred->eap_method[0].method == EAP_TYPE_AKA ||
1017 cred->eap_method[0].method == EAP_TYPE_AKA_PRIME)
1018 eap_type = cred->eap_method[0].method;
1024 res = wpa_config_set(ssid, "eap", "SIM", 0);
1028 res = wpa_config_set(ssid, "eap", "AKA", 0);
1030 case EAP_TYPE_AKA_PRIME:
1032 res = wpa_config_set(ssid, "eap", "AKA'", 0);
1039 wpa_msg(wpa_s, MSG_DEBUG,
1040 "Selected EAP method (%d) not supported", eap_type);
1044 if (!cred->pcsc && set_root_nai(ssid, cred->imsi, prefix) < 0) {
1045 wpa_msg(wpa_s, MSG_DEBUG, "Failed to set Root NAI");
1049 if (cred->milenage && cred->milenage[0]) {
1050 if (wpa_config_set_quoted(ssid, "password",
1051 cred->milenage) < 0)
1053 } else if (cred->pcsc) {
1054 if (wpa_config_set_quoted(ssid, "pcsc", "") < 0)
1056 if (wpa_s->conf->pcsc_pin &&
1057 wpa_config_set_quoted(ssid, "pin", wpa_s->conf->pcsc_pin)
1062 wpa_s->next_ssid = ssid;
1063 wpa_config_update_prio_list(wpa_s->conf);
1065 interworking_reconnect(wpa_s);
1070 wpas_notify_network_removed(wpa_s, ssid);
1071 wpa_config_remove_network(wpa_s->conf, ssid->id);
1072 #endif /* INTERWORKING_3GPP */
1077 static int roaming_consortium_element_match(const u8 *ie, const u8 *rc_id,
1080 const u8 *pos, *end;
1087 end = ie + 2 + ie[1];
1089 /* Roaming Consortium element:
1090 * Number of ANQP OIs
1091 * OI #1 and #2 lengths
1092 * OI #1, [OI #2], [OI #3]
1098 pos++; /* skip Number of ANQP OIs */
1100 if ((lens & 0x0f) + (lens >> 4) > end - pos)
1103 if ((lens & 0x0f) == rc_len && os_memcmp(pos, rc_id, rc_len) == 0)
1107 if ((lens >> 4) == rc_len && os_memcmp(pos, rc_id, rc_len) == 0)
1111 if (pos < end && (size_t) (end - pos) == rc_len &&
1112 os_memcmp(pos, rc_id, rc_len) == 0)
1119 static int roaming_consortium_anqp_match(const struct wpabuf *anqp,
1120 const u8 *rc_id, size_t rc_len)
1122 const u8 *pos, *end;
1128 pos = wpabuf_head(anqp);
1129 end = pos + wpabuf_len(anqp);
1131 /* Set of <OI Length, OI> duples */
1134 if (len > end - pos)
1136 if (len == rc_len && os_memcmp(pos, rc_id, rc_len) == 0)
1145 static int roaming_consortium_match(const u8 *ie, const struct wpabuf *anqp,
1146 const u8 *rc_id, size_t rc_len)
1148 return roaming_consortium_element_match(ie, rc_id, rc_len) ||
1149 roaming_consortium_anqp_match(anqp, rc_id, rc_len);
1153 static int cred_roaming_consortiums_match(const u8 *ie,
1154 const struct wpabuf *anqp,
1155 const struct wpa_cred *cred)
1159 for (i = 0; i < cred->num_roaming_consortiums; i++) {
1160 if (roaming_consortium_match(ie, anqp,
1161 cred->roaming_consortiums[i],
1162 cred->roaming_consortiums_len[i]))
1170 static int cred_no_required_oi_match(struct wpa_cred *cred, struct wpa_bss *bss)
1174 if (cred->required_roaming_consortium_len == 0)
1177 ie = wpa_bss_get_ie(bss, WLAN_EID_ROAMING_CONSORTIUM);
1180 (bss->anqp == NULL || bss->anqp->roaming_consortium == NULL))
1183 return !roaming_consortium_match(ie,
1185 bss->anqp->roaming_consortium : NULL,
1186 cred->required_roaming_consortium,
1187 cred->required_roaming_consortium_len);
1191 static int cred_excluded_ssid(struct wpa_cred *cred, struct wpa_bss *bss)
1195 if (!cred->excluded_ssid)
1198 for (i = 0; i < cred->num_excluded_ssid; i++) {
1199 struct excluded_ssid *e = &cred->excluded_ssid[i];
1200 if (bss->ssid_len == e->ssid_len &&
1201 os_memcmp(bss->ssid, e->ssid, e->ssid_len) == 0)
1209 static int cred_below_min_backhaul(struct wpa_supplicant *wpa_s,
1210 struct wpa_cred *cred, struct wpa_bss *bss)
1214 unsigned int dl_bandwidth, ul_bandwidth;
1216 u8 wan_info, dl_load, ul_load;
1218 u32 ul_speed, dl_speed;
1220 if (!cred->min_dl_bandwidth_home &&
1221 !cred->min_ul_bandwidth_home &&
1222 !cred->min_dl_bandwidth_roaming &&
1223 !cred->min_ul_bandwidth_roaming)
1224 return 0; /* No bandwidth constraint specified */
1226 if (bss->anqp == NULL || bss->anqp->hs20_wan_metrics == NULL)
1227 return 0; /* No WAN Metrics known - ignore constraint */
1229 wan = wpabuf_head(bss->anqp->hs20_wan_metrics);
1231 if (wan_info & BIT(3))
1232 return 1; /* WAN link at capacity */
1233 lmd = WPA_GET_LE16(wan + 11);
1235 return 0; /* Downlink/Uplink Load was not measured */
1236 dl_speed = WPA_GET_LE32(wan + 1);
1237 ul_speed = WPA_GET_LE32(wan + 5);
1241 if (dl_speed >= 0xffffff)
1242 dl_bandwidth = dl_speed / 255 * (255 - dl_load);
1244 dl_bandwidth = dl_speed * (255 - dl_load) / 255;
1246 if (ul_speed >= 0xffffff)
1247 ul_bandwidth = ul_speed / 255 * (255 - ul_load);
1249 ul_bandwidth = ul_speed * (255 - ul_load) / 255;
1251 res = interworking_home_sp_cred(wpa_s, cred, bss->anqp ?
1252 bss->anqp->domain_name : NULL);
1254 if (cred->min_dl_bandwidth_home > dl_bandwidth)
1256 if (cred->min_ul_bandwidth_home > ul_bandwidth)
1259 if (cred->min_dl_bandwidth_roaming > dl_bandwidth)
1261 if (cred->min_ul_bandwidth_roaming > ul_bandwidth)
1264 #endif /* CONFIG_HS20 */
1270 static int cred_over_max_bss_load(struct wpa_supplicant *wpa_s,
1271 struct wpa_cred *cred, struct wpa_bss *bss)
1276 if (!cred->max_bss_load)
1277 return 0; /* No BSS Load constraint specified */
1279 ie = wpa_bss_get_ie(bss, WLAN_EID_BSS_LOAD);
1280 if (ie == NULL || ie[1] < 3)
1281 return 0; /* No BSS Load advertised */
1283 res = interworking_home_sp_cred(wpa_s, cred, bss->anqp ?
1284 bss->anqp->domain_name : NULL);
1286 return 0; /* Not a home network */
1288 return ie[4] > cred->max_bss_load;
1294 static int has_proto_match(const u8 *pos, const u8 *end, u8 proto)
1296 while (end - pos >= 4) {
1297 if (pos[0] == proto && pos[3] == 1 /* Open */)
1306 static int has_proto_port_match(const u8 *pos, const u8 *end, u8 proto,
1309 while (end - pos >= 4) {
1310 if (pos[0] == proto && WPA_GET_LE16(&pos[1]) == port &&
1311 pos[3] == 1 /* Open */)
1319 #endif /* CONFIG_HS20 */
1322 static int cred_conn_capab_missing(struct wpa_supplicant *wpa_s,
1323 struct wpa_cred *cred, struct wpa_bss *bss)
1327 const u8 *capab, *end;
1331 if (!cred->num_req_conn_capab)
1332 return 0; /* No connection capability constraint specified */
1334 if (bss->anqp == NULL || bss->anqp->hs20_connection_capability == NULL)
1335 return 0; /* No Connection Capability known - ignore constraint
1338 res = interworking_home_sp_cred(wpa_s, cred, bss->anqp ?
1339 bss->anqp->domain_name : NULL);
1341 return 0; /* No constraint in home network */
1343 capab = wpabuf_head(bss->anqp->hs20_connection_capability);
1344 end = capab + wpabuf_len(bss->anqp->hs20_connection_capability);
1346 for (i = 0; i < cred->num_req_conn_capab; i++) {
1347 ports = cred->req_conn_capab_port[i];
1349 if (!has_proto_match(capab, end,
1350 cred->req_conn_capab_proto[i]))
1353 for (j = 0; ports[j] > -1; j++) {
1354 if (!has_proto_port_match(
1356 cred->req_conn_capab_proto[i],
1362 #endif /* CONFIG_HS20 */
1368 static struct wpa_cred * interworking_credentials_available_roaming_consortium(
1369 struct wpa_supplicant *wpa_s, struct wpa_bss *bss, int ignore_bw,
1372 struct wpa_cred *cred, *selected = NULL;
1374 const struct wpabuf *anqp;
1375 int is_excluded = 0;
1377 ie = wpa_bss_get_ie(bss, WLAN_EID_ROAMING_CONSORTIUM);
1378 anqp = bss->anqp ? bss->anqp->roaming_consortium : NULL;
1383 if (wpa_s->conf->cred == NULL)
1386 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
1387 if (cred->roaming_consortium_len == 0 &&
1388 cred->num_roaming_consortiums == 0)
1391 if (!cred->eap_method)
1394 if ((cred->roaming_consortium_len == 0 ||
1395 !roaming_consortium_match(ie, anqp,
1396 cred->roaming_consortium,
1397 cred->roaming_consortium_len)) &&
1398 !cred_roaming_consortiums_match(ie, anqp, cred))
1401 if (cred_no_required_oi_match(cred, bss))
1403 if (!ignore_bw && cred_below_min_backhaul(wpa_s, cred, bss))
1405 if (!ignore_bw && cred_over_max_bss_load(wpa_s, cred, bss))
1407 if (!ignore_bw && cred_conn_capab_missing(wpa_s, cred, bss))
1409 if (cred_excluded_ssid(cred, bss)) {
1410 if (excluded == NULL)
1412 if (selected == NULL) {
1417 if (selected == NULL || is_excluded ||
1418 cred_prio_cmp(selected, cred) < 0) {
1426 *excluded = is_excluded;
1432 static int interworking_set_eap_params(struct wpa_ssid *ssid,
1433 struct wpa_cred *cred, int ttls)
1435 if (cred->eap_method) {
1436 ttls = cred->eap_method->vendor == EAP_VENDOR_IETF &&
1437 cred->eap_method->method == EAP_TYPE_TTLS;
1439 os_free(ssid->eap.eap_methods);
1440 ssid->eap.eap_methods =
1441 os_malloc(sizeof(struct eap_method_type) * 2);
1442 if (ssid->eap.eap_methods == NULL)
1444 os_memcpy(ssid->eap.eap_methods, cred->eap_method,
1445 sizeof(*cred->eap_method));
1446 ssid->eap.eap_methods[1].vendor = EAP_VENDOR_IETF;
1447 ssid->eap.eap_methods[1].method = EAP_TYPE_NONE;
1450 if (ttls && cred->username && cred->username[0]) {
1453 /* Use anonymous NAI in Phase 1 */
1454 pos = os_strchr(cred->username, '@');
1456 size_t buflen = 9 + os_strlen(pos) + 1;
1457 anon = os_malloc(buflen);
1460 os_snprintf(anon, buflen, "anonymous%s", pos);
1461 } else if (cred->realm) {
1462 size_t buflen = 10 + os_strlen(cred->realm) + 1;
1463 anon = os_malloc(buflen);
1466 os_snprintf(anon, buflen, "anonymous@%s", cred->realm);
1468 anon = os_strdup("anonymous");
1472 if (wpa_config_set_quoted(ssid, "anonymous_identity", anon) <
1480 if (!ttls && cred->username && cred->username[0] && cred->realm &&
1481 !os_strchr(cred->username, '@')) {
1486 buflen = os_strlen(cred->username) + 1 +
1487 os_strlen(cred->realm) + 1;
1489 id = os_malloc(buflen);
1492 os_snprintf(id, buflen, "%s@%s", cred->username, cred->realm);
1493 res = wpa_config_set_quoted(ssid, "identity", id);
1497 } else if (cred->username && cred->username[0] &&
1498 wpa_config_set_quoted(ssid, "identity", cred->username) < 0)
1501 if (cred->password && cred->password[0]) {
1502 if (cred->ext_password &&
1503 wpa_config_set(ssid, "password", cred->password, 0) < 0)
1505 if (!cred->ext_password &&
1506 wpa_config_set_quoted(ssid, "password", cred->password) <
1511 if (cred->client_cert && cred->client_cert[0] &&
1512 wpa_config_set_quoted(ssid, "client_cert", cred->client_cert) < 0)
1516 if (cred->private_key &&
1517 os_strncmp(cred->private_key, "keystore://", 11) == 0) {
1518 /* Use OpenSSL engine configuration for Android keystore */
1519 if (wpa_config_set_quoted(ssid, "engine_id", "keystore") < 0 ||
1520 wpa_config_set_quoted(ssid, "key_id",
1521 cred->private_key + 11) < 0 ||
1522 wpa_config_set(ssid, "engine", "1", 0) < 0)
1525 #endif /* ANDROID */
1526 if (cred->private_key && cred->private_key[0] &&
1527 wpa_config_set_quoted(ssid, "private_key", cred->private_key) < 0)
1530 if (cred->private_key_passwd && cred->private_key_passwd[0] &&
1531 wpa_config_set_quoted(ssid, "private_key_passwd",
1532 cred->private_key_passwd) < 0)
1536 os_free(ssid->eap.phase1);
1537 ssid->eap.phase1 = os_strdup(cred->phase1);
1540 os_free(ssid->eap.phase2);
1541 ssid->eap.phase2 = os_strdup(cred->phase2);
1544 if (cred->ca_cert && cred->ca_cert[0] &&
1545 wpa_config_set_quoted(ssid, "ca_cert", cred->ca_cert) < 0)
1548 if (cred->domain_suffix_match && cred->domain_suffix_match[0] &&
1549 wpa_config_set_quoted(ssid, "domain_suffix_match",
1550 cred->domain_suffix_match) < 0)
1553 ssid->eap.ocsp = cred->ocsp;
1559 static int interworking_connect_roaming_consortium(
1560 struct wpa_supplicant *wpa_s, struct wpa_cred *cred,
1561 struct wpa_bss *bss, int only_add)
1563 struct wpa_ssid *ssid;
1565 const struct wpabuf *anqp;
1568 wpa_msg(wpa_s, MSG_DEBUG, "Interworking: Connect with " MACSTR
1569 " based on roaming consortium match", MAC2STR(bss->bssid));
1571 if (already_connected(wpa_s, cred, bss)) {
1572 wpa_msg(wpa_s, MSG_INFO, INTERWORKING_ALREADY_CONNECTED MACSTR,
1573 MAC2STR(bss->bssid));
1574 return wpa_s->current_ssid->id;
1577 remove_duplicate_network(wpa_s, cred, bss);
1579 ssid = wpa_config_add_network(wpa_s->conf);
1582 ssid->parent_cred = cred;
1583 wpas_notify_network_added(wpa_s, ssid);
1584 wpa_config_set_network_defaults(ssid);
1585 ssid->priority = cred->priority;
1586 ssid->temporary = 1;
1587 ssid->ssid = os_zalloc(bss->ssid_len + 1);
1588 if (ssid->ssid == NULL)
1590 os_memcpy(ssid->ssid, bss->ssid, bss->ssid_len);
1591 ssid->ssid_len = bss->ssid_len;
1593 if (interworking_set_hs20_params(wpa_s, ssid) < 0)
1596 ie = wpa_bss_get_ie(bss, WLAN_EID_ROAMING_CONSORTIUM);
1597 anqp = bss->anqp ? bss->anqp->roaming_consortium : NULL;
1598 for (i = 0; (ie || anqp) && i < cred->num_roaming_consortiums; i++) {
1599 if (!roaming_consortium_match(
1600 ie, anqp, cred->roaming_consortiums[i],
1601 cred->roaming_consortiums_len[i]))
1604 ssid->roaming_consortium_selection =
1605 os_malloc(cred->roaming_consortiums_len[i]);
1606 if (!ssid->roaming_consortium_selection)
1608 os_memcpy(ssid->roaming_consortium_selection,
1609 cred->roaming_consortiums[i],
1610 cred->roaming_consortiums_len[i]);
1611 ssid->roaming_consortium_selection_len =
1612 cred->roaming_consortiums_len[i];
1616 if (cred->eap_method == NULL) {
1617 wpa_msg(wpa_s, MSG_DEBUG,
1618 "Interworking: No EAP method set for credential using roaming consortium");
1622 if (interworking_set_eap_params(
1624 cred->eap_method->vendor == EAP_VENDOR_IETF &&
1625 cred->eap_method->method == EAP_TYPE_TTLS) < 0)
1628 wpa_s->next_ssid = ssid;
1629 wpa_config_update_prio_list(wpa_s->conf);
1631 interworking_reconnect(wpa_s);
1636 wpas_notify_network_removed(wpa_s, ssid);
1637 wpa_config_remove_network(wpa_s->conf, ssid->id);
1642 int interworking_connect(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
1645 struct wpa_cred *cred, *cred_rc, *cred_3gpp;
1646 struct wpa_ssid *ssid;
1647 struct nai_realm *realm;
1648 struct nai_realm_eap *eap = NULL;
1651 int excluded = 0, *excl = &excluded;
1654 if (wpa_s->conf->cred == NULL || bss == NULL)
1656 if (disallowed_bssid(wpa_s, bss->bssid) ||
1657 disallowed_ssid(wpa_s, bss->ssid, bss->ssid_len)) {
1658 wpa_msg(wpa_s, MSG_DEBUG,
1659 "Interworking: Reject connection to disallowed BSS "
1660 MACSTR, MAC2STR(bss->bssid));
1664 wpa_printf(MSG_DEBUG, "Interworking: Considering BSS " MACSTR
1666 MAC2STR(bss->bssid));
1668 if (!wpa_bss_get_ie(bss, WLAN_EID_RSN)) {
1670 * We currently support only HS 2.0 networks and those are
1671 * required to use WPA2-Enterprise.
1673 wpa_msg(wpa_s, MSG_DEBUG,
1674 "Interworking: Network does not use RSN");
1678 cred_rc = interworking_credentials_available_roaming_consortium(
1679 wpa_s, bss, 0, excl);
1681 wpa_msg(wpa_s, MSG_DEBUG,
1682 "Interworking: Highest roaming consortium matching credential priority %d sp_priority %d",
1683 cred_rc->priority, cred_rc->sp_priority);
1684 if (excl && !(*excl))
1688 cred = interworking_credentials_available_realm(wpa_s, bss, 0, excl);
1690 wpa_msg(wpa_s, MSG_DEBUG,
1691 "Interworking: Highest NAI Realm list matching credential priority %d sp_priority %d",
1692 cred->priority, cred->sp_priority);
1693 if (excl && !(*excl))
1697 cred_3gpp = interworking_credentials_available_3gpp(wpa_s, bss, 0,
1700 wpa_msg(wpa_s, MSG_DEBUG,
1701 "Interworking: Highest 3GPP matching credential priority %d sp_priority %d",
1702 cred_3gpp->priority, cred_3gpp->sp_priority);
1703 if (excl && !(*excl))
1707 if (!cred_rc && !cred && !cred_3gpp) {
1708 wpa_msg(wpa_s, MSG_DEBUG,
1709 "Interworking: No full credential matches - consider options without BW(etc.) limits");
1710 cred_rc = interworking_credentials_available_roaming_consortium(
1711 wpa_s, bss, 1, excl);
1713 wpa_msg(wpa_s, MSG_DEBUG,
1714 "Interworking: Highest roaming consortium matching credential priority %d sp_priority %d (ignore BW)",
1715 cred_rc->priority, cred_rc->sp_priority);
1716 if (excl && !(*excl))
1720 cred = interworking_credentials_available_realm(wpa_s, bss, 1,
1723 wpa_msg(wpa_s, MSG_DEBUG,
1724 "Interworking: Highest NAI Realm list matching credential priority %d sp_priority %d (ignore BW)",
1725 cred->priority, cred->sp_priority);
1726 if (excl && !(*excl))
1730 cred_3gpp = interworking_credentials_available_3gpp(wpa_s, bss,
1733 wpa_msg(wpa_s, MSG_DEBUG,
1734 "Interworking: Highest 3GPP matching credential priority %d sp_priority %d (ignore BW)",
1735 cred_3gpp->priority, cred_3gpp->sp_priority);
1736 if (excl && !(*excl))
1742 (cred == NULL || cred_prio_cmp(cred_rc, cred) >= 0) &&
1743 (cred_3gpp == NULL || cred_prio_cmp(cred_rc, cred_3gpp) >= 0))
1744 return interworking_connect_roaming_consortium(wpa_s, cred_rc,
1748 (cred == NULL || cred_prio_cmp(cred_3gpp, cred) >= 0)) {
1749 return interworking_connect_3gpp(wpa_s, cred_3gpp, bss,
1754 wpa_msg(wpa_s, MSG_DEBUG,
1755 "Interworking: No matching credentials found for "
1756 MACSTR, MAC2STR(bss->bssid));
1760 realm = nai_realm_parse(bss->anqp ? bss->anqp->nai_realm : NULL,
1762 if (realm == NULL) {
1763 wpa_msg(wpa_s, MSG_DEBUG,
1764 "Interworking: Could not parse NAI Realm list from "
1765 MACSTR, MAC2STR(bss->bssid));
1769 for (i = 0; i < count; i++) {
1770 if (!nai_realm_match(&realm[i], cred->realm))
1772 eap = nai_realm_find_eap(wpa_s, cred, &realm[i]);
1778 wpa_msg(wpa_s, MSG_DEBUG,
1779 "Interworking: No matching credentials and EAP method found for "
1780 MACSTR, MAC2STR(bss->bssid));
1781 nai_realm_free(realm, count);
1785 wpa_msg(wpa_s, MSG_DEBUG, "Interworking: Connect with " MACSTR,
1786 MAC2STR(bss->bssid));
1788 if (already_connected(wpa_s, cred, bss)) {
1789 wpa_msg(wpa_s, MSG_INFO, INTERWORKING_ALREADY_CONNECTED MACSTR,
1790 MAC2STR(bss->bssid));
1791 nai_realm_free(realm, count);
1795 remove_duplicate_network(wpa_s, cred, bss);
1797 ssid = wpa_config_add_network(wpa_s->conf);
1799 nai_realm_free(realm, count);
1802 ssid->parent_cred = cred;
1803 wpas_notify_network_added(wpa_s, ssid);
1804 wpa_config_set_network_defaults(ssid);
1805 ssid->priority = cred->priority;
1806 ssid->temporary = 1;
1807 ssid->ssid = os_zalloc(bss->ssid_len + 1);
1808 if (ssid->ssid == NULL)
1810 os_memcpy(ssid->ssid, bss->ssid, bss->ssid_len);
1811 ssid->ssid_len = bss->ssid_len;
1813 if (interworking_set_hs20_params(wpa_s, ssid) < 0)
1816 if (wpa_config_set(ssid, "eap", eap_get_name(EAP_VENDOR_IETF,
1817 eap->method), 0) < 0)
1820 switch (eap->method) {
1822 if (eap->inner_method) {
1823 name = eap_get_name(EAP_VENDOR_IETF, eap->inner_method);
1826 os_snprintf(buf, sizeof(buf), "\"autheap=%s\"", name);
1827 if (wpa_config_set(ssid, "phase2", buf, 0) < 0)
1831 switch (eap->inner_non_eap) {
1832 case NAI_REALM_INNER_NON_EAP_PAP:
1833 if (wpa_config_set(ssid, "phase2", "\"auth=PAP\"", 0) <
1837 case NAI_REALM_INNER_NON_EAP_CHAP:
1838 if (wpa_config_set(ssid, "phase2", "\"auth=CHAP\"", 0)
1842 case NAI_REALM_INNER_NON_EAP_MSCHAP:
1843 if (wpa_config_set(ssid, "phase2", "\"auth=MSCHAP\"",
1847 case NAI_REALM_INNER_NON_EAP_MSCHAPV2:
1848 if (wpa_config_set(ssid, "phase2", "\"auth=MSCHAPV2\"",
1853 /* EAP params were not set - assume TTLS/MSCHAPv2 */
1854 if (wpa_config_set(ssid, "phase2", "\"auth=MSCHAPV2\"",
1862 if (wpa_config_set(ssid, "phase1", "\"fast_provisioning=2\"",
1865 if (wpa_config_set(ssid, "pac_file",
1866 "\"blob://pac_interworking\"", 0) < 0)
1868 name = eap_get_name(EAP_VENDOR_IETF,
1869 eap->inner_method ? eap->inner_method :
1873 os_snprintf(buf, sizeof(buf), "\"auth=%s\"", name);
1874 if (wpa_config_set(ssid, "phase2", buf, 0) < 0)
1881 if (interworking_set_eap_params(ssid, cred,
1882 eap->method == EAP_TYPE_TTLS) < 0)
1885 nai_realm_free(realm, count);
1887 wpa_s->next_ssid = ssid;
1888 wpa_config_update_prio_list(wpa_s->conf);
1890 interworking_reconnect(wpa_s);
1895 wpas_notify_network_removed(wpa_s, ssid);
1896 wpa_config_remove_network(wpa_s->conf, ssid->id);
1897 nai_realm_free(realm, count);
1903 static int interworking_pcsc_read_imsi(struct wpa_supplicant *wpa_s)
1907 if (wpa_s->imsi[0] && wpa_s->mnc_len)
1910 len = sizeof(wpa_s->imsi) - 1;
1911 if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
1912 scard_deinit(wpa_s->scard);
1913 wpa_s->scard = NULL;
1914 wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
1917 wpa_s->imsi[len] = '\0';
1918 wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
1919 wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
1920 wpa_s->imsi, wpa_s->mnc_len);
1924 #endif /* PCSC_FUNCS */
1927 static struct wpa_cred * interworking_credentials_available_3gpp(
1928 struct wpa_supplicant *wpa_s, struct wpa_bss *bss, int ignore_bw,
1931 struct wpa_cred *selected = NULL;
1932 #ifdef INTERWORKING_3GPP
1933 struct wpa_cred *cred;
1935 int is_excluded = 0;
1937 if (bss->anqp == NULL || bss->anqp->anqp_3gpp == NULL) {
1938 wpa_msg(wpa_s, MSG_DEBUG,
1939 "interworking-avail-3gpp: not avail, anqp: %p anqp_3gpp: %p",
1940 bss->anqp, bss->anqp ? bss->anqp->anqp_3gpp : NULL);
1944 #ifdef CONFIG_EAP_PROXY
1945 if (!wpa_s->imsi[0]) {
1947 wpa_msg(wpa_s, MSG_DEBUG,
1948 "Interworking: IMSI not available - try to read again through eap_proxy");
1949 wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol, -1,
1952 if (wpa_s->mnc_len > 0) {
1953 wpa_s->imsi[len] = '\0';
1954 wpa_msg(wpa_s, MSG_DEBUG,
1955 "eap_proxy: IMSI %s (MNC length %d)",
1956 wpa_s->imsi, wpa_s->mnc_len);
1958 wpa_msg(wpa_s, MSG_DEBUG,
1959 "eap_proxy: IMSI not available");
1962 #endif /* CONFIG_EAP_PROXY */
1964 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
1972 if (cred->pcsc && wpa_s->scard) {
1973 if (interworking_pcsc_read_imsi(wpa_s) < 0)
1976 mnc_len = wpa_s->mnc_len;
1979 #endif /* PCSC_FUNCS */
1980 #ifdef CONFIG_EAP_PROXY
1981 if (cred->pcsc && wpa_s->mnc_len > 0 && wpa_s->imsi[0]) {
1983 mnc_len = wpa_s->mnc_len;
1986 #endif /* CONFIG_EAP_PROXY */
1988 if (cred->imsi == NULL || !cred->imsi[0] ||
1989 (!wpa_s->conf->external_sim &&
1990 (cred->milenage == NULL || !cred->milenage[0])))
1993 sep = os_strchr(cred->imsi, '-');
1995 (sep - cred->imsi != 5 && sep - cred->imsi != 6))
1997 mnc_len = sep - cred->imsi - 3;
1998 os_memcpy(imsi_buf, cred->imsi, 3 + mnc_len);
2000 msin_len = os_strlen(cred->imsi);
2001 if (3 + mnc_len + msin_len >= sizeof(imsi_buf) - 1)
2002 msin_len = sizeof(imsi_buf) - 3 - mnc_len - 1;
2003 os_memcpy(&imsi_buf[3 + mnc_len], sep, msin_len);
2004 imsi_buf[3 + mnc_len + msin_len] = '\0';
2007 #if defined(PCSC_FUNCS) || defined(CONFIG_EAP_PROXY)
2009 #endif /* PCSC_FUNCS || CONFIG_EAP_PROXY */
2010 wpa_msg(wpa_s, MSG_DEBUG,
2011 "Interworking: Parsing 3GPP info from " MACSTR,
2012 MAC2STR(bss->bssid));
2013 ret = plmn_id_match(bss->anqp->anqp_3gpp, imsi, mnc_len);
2014 wpa_msg(wpa_s, MSG_DEBUG, "PLMN match %sfound",
2017 if (cred_no_required_oi_match(cred, bss))
2020 cred_below_min_backhaul(wpa_s, cred, bss))
2023 cred_over_max_bss_load(wpa_s, cred, bss))
2026 cred_conn_capab_missing(wpa_s, cred, bss))
2028 if (cred_excluded_ssid(cred, bss)) {
2029 if (excluded == NULL)
2031 if (selected == NULL) {
2036 if (selected == NULL || is_excluded ||
2037 cred_prio_cmp(selected, cred) < 0) {
2046 *excluded = is_excluded;
2047 #endif /* INTERWORKING_3GPP */
2052 static struct wpa_cred * interworking_credentials_available_realm(
2053 struct wpa_supplicant *wpa_s, struct wpa_bss *bss, int ignore_bw,
2056 struct wpa_cred *cred, *selected = NULL;
2057 struct nai_realm *realm;
2059 int is_excluded = 0;
2061 if (bss->anqp == NULL || bss->anqp->nai_realm == NULL)
2064 if (wpa_s->conf->cred == NULL)
2067 wpa_msg(wpa_s, MSG_DEBUG, "Interworking: Parsing NAI Realm list from "
2068 MACSTR, MAC2STR(bss->bssid));
2069 realm = nai_realm_parse(bss->anqp->nai_realm, &count);
2070 if (realm == NULL) {
2071 wpa_msg(wpa_s, MSG_DEBUG,
2072 "Interworking: Could not parse NAI Realm list from "
2073 MACSTR, MAC2STR(bss->bssid));
2077 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
2078 if (cred->realm == NULL)
2081 for (i = 0; i < count; i++) {
2082 if (!nai_realm_match(&realm[i], cred->realm))
2084 if (nai_realm_find_eap(wpa_s, cred, &realm[i])) {
2085 if (cred_no_required_oi_match(cred, bss))
2088 cred_below_min_backhaul(wpa_s, cred, bss))
2091 cred_over_max_bss_load(wpa_s, cred, bss))
2094 cred_conn_capab_missing(wpa_s, cred, bss))
2096 if (cred_excluded_ssid(cred, bss)) {
2097 if (excluded == NULL)
2099 if (selected == NULL) {
2104 if (selected == NULL || is_excluded ||
2105 cred_prio_cmp(selected, cred) < 0)
2113 wpa_msg(wpa_s, MSG_DEBUG,
2114 "Interworking: realm-find-eap returned false");
2119 nai_realm_free(realm, count);
2122 *excluded = is_excluded;
2128 static struct wpa_cred * interworking_credentials_available_helper(
2129 struct wpa_supplicant *wpa_s, struct wpa_bss *bss, int ignore_bw,
2132 struct wpa_cred *cred, *cred2;
2133 int excluded1, excluded2 = 0;
2135 if (disallowed_bssid(wpa_s, bss->bssid) ||
2136 disallowed_ssid(wpa_s, bss->ssid, bss->ssid_len)) {
2137 wpa_printf(MSG_DEBUG, "Interworking: Ignore disallowed BSS "
2138 MACSTR, MAC2STR(bss->bssid));
2142 cred = interworking_credentials_available_realm(wpa_s, bss, ignore_bw,
2144 cred2 = interworking_credentials_available_3gpp(wpa_s, bss, ignore_bw,
2146 if (cred && cred2 &&
2147 (cred_prio_cmp(cred2, cred) >= 0 || (!excluded2 && excluded1))) {
2149 excluded1 = excluded2;
2153 excluded1 = excluded2;
2156 cred2 = interworking_credentials_available_roaming_consortium(
2157 wpa_s, bss, ignore_bw, &excluded2);
2158 if (cred && cred2 &&
2159 (cred_prio_cmp(cred2, cred) >= 0 || (!excluded2 && excluded1))) {
2161 excluded1 = excluded2;
2165 excluded1 = excluded2;
2169 *excluded = excluded1;
2174 static struct wpa_cred * interworking_credentials_available(
2175 struct wpa_supplicant *wpa_s, struct wpa_bss *bss, int *excluded)
2177 struct wpa_cred *cred;
2181 cred = interworking_credentials_available_helper(wpa_s, bss, 0,
2185 return interworking_credentials_available_helper(wpa_s, bss, 1,
2190 int domain_name_list_contains(struct wpabuf *domain_names,
2191 const char *domain, int exact_match)
2193 const u8 *pos, *end;
2196 len = os_strlen(domain);
2197 pos = wpabuf_head(domain_names);
2198 end = pos + wpabuf_len(domain_names);
2200 while (end - pos > 1) {
2204 if (elen > end - pos)
2207 wpa_hexdump_ascii(MSG_DEBUG, "Interworking: AP domain name",
2210 os_strncasecmp(domain, (const char *) pos, len) == 0)
2212 if (!exact_match && elen > len && pos[elen - len - 1] == '.') {
2213 const char *ap = (const char *) pos;
2214 int offset = elen - len;
2216 if (os_strncasecmp(domain, ap + offset, len) == 0)
2227 int interworking_home_sp_cred(struct wpa_supplicant *wpa_s,
2228 struct wpa_cred *cred,
2229 struct wpabuf *domain_names)
2233 #ifdef INTERWORKING_3GPP
2234 char nai[100], *realm;
2241 else if (cred->pcsc && wpa_s->scard) {
2242 if (interworking_pcsc_read_imsi(wpa_s) < 0)
2245 mnc_len = wpa_s->mnc_len;
2247 #endif /* PCSC_FUNCS */
2248 #ifdef CONFIG_EAP_PROXY
2249 else if (cred->pcsc && wpa_s->mnc_len > 0 && wpa_s->imsi[0]) {
2251 mnc_len = wpa_s->mnc_len;
2253 #endif /* CONFIG_EAP_PROXY */
2255 imsi && build_root_nai(nai, sizeof(nai), imsi, mnc_len, 0) == 0) {
2256 realm = os_strchr(nai, '@');
2259 wpa_msg(wpa_s, MSG_DEBUG,
2260 "Interworking: Search for match with SIM/USIM domain %s",
2263 domain_name_list_contains(domain_names, realm, 1))
2268 #endif /* INTERWORKING_3GPP */
2270 if (domain_names == NULL || cred->domain == NULL)
2273 for (i = 0; i < cred->num_domain; i++) {
2274 wpa_msg(wpa_s, MSG_DEBUG,
2275 "Interworking: Search for match with home SP FQDN %s",
2277 if (domain_name_list_contains(domain_names, cred->domain[i], 1))
2285 static int interworking_home_sp(struct wpa_supplicant *wpa_s,
2286 struct wpabuf *domain_names)
2288 struct wpa_cred *cred;
2290 if (domain_names == NULL || wpa_s->conf->cred == NULL)
2293 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
2294 int res = interworking_home_sp_cred(wpa_s, cred, domain_names);
2303 static int interworking_find_network_match(struct wpa_supplicant *wpa_s)
2305 struct wpa_bss *bss;
2306 struct wpa_ssid *ssid;
2308 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
2309 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
2310 if (wpas_network_disabled(wpa_s, ssid) ||
2311 ssid->mode != WPAS_MODE_INFRA)
2313 if (ssid->ssid_len != bss->ssid_len ||
2314 os_memcmp(ssid->ssid, bss->ssid, ssid->ssid_len) !=
2318 * TODO: Consider more accurate matching of security
2319 * configuration similarly to what is done in events.c
2329 static int roaming_partner_match(struct wpa_supplicant *wpa_s,
2330 struct roaming_partner *partner,
2331 struct wpabuf *domain_names)
2333 wpa_printf(MSG_DEBUG, "Interworking: Comparing roaming_partner info fqdn='%s' exact_match=%d priority=%u country='%s'",
2334 partner->fqdn, partner->exact_match, partner->priority,
2336 wpa_hexdump_ascii(MSG_DEBUG, "Interworking: Domain names",
2337 wpabuf_head(domain_names),
2338 wpabuf_len(domain_names));
2339 if (!domain_name_list_contains(domain_names, partner->fqdn,
2340 partner->exact_match))
2342 /* TODO: match Country */
2347 static u8 roaming_prio(struct wpa_supplicant *wpa_s, struct wpa_cred *cred,
2348 struct wpa_bss *bss)
2352 if (bss->anqp == NULL || bss->anqp->domain_name == NULL) {
2353 wpa_printf(MSG_DEBUG, "Interworking: No ANQP domain name info -> use default roaming partner priority 128");
2354 return 128; /* cannot check preference with domain name */
2357 if (interworking_home_sp_cred(wpa_s, cred, bss->anqp->domain_name) > 0)
2359 wpa_printf(MSG_DEBUG, "Interworking: Determined to be home SP -> use maximum preference 0 as roaming partner priority");
2360 return 0; /* max preference for home SP network */
2363 for (i = 0; i < cred->num_roaming_partner; i++) {
2364 if (roaming_partner_match(wpa_s, &cred->roaming_partner[i],
2365 bss->anqp->domain_name)) {
2366 wpa_printf(MSG_DEBUG, "Interworking: Roaming partner preference match - priority %u",
2367 cred->roaming_partner[i].priority);
2368 return cred->roaming_partner[i].priority;
2372 wpa_printf(MSG_DEBUG, "Interworking: No roaming partner preference match - use default roaming partner priority 128");
2377 static struct wpa_bss * pick_best_roaming_partner(struct wpa_supplicant *wpa_s,
2378 struct wpa_bss *selected,
2379 struct wpa_cred *cred)
2381 struct wpa_bss *bss;
2383 struct wpa_cred *cred2;
2386 * Check if any other BSS is operated by a more preferred roaming
2390 best_prio = roaming_prio(wpa_s, cred, selected);
2391 wpa_printf(MSG_DEBUG, "Interworking: roaming_prio=%u for selected BSS "
2392 MACSTR " (cred=%d)", best_prio, MAC2STR(selected->bssid),
2395 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
2396 if (bss == selected)
2398 cred2 = interworking_credentials_available(wpa_s, bss, NULL);
2401 if (!wpa_bss_get_ie(bss, WLAN_EID_RSN))
2403 prio = roaming_prio(wpa_s, cred2, bss);
2404 wpa_printf(MSG_DEBUG, "Interworking: roaming_prio=%u for BSS "
2405 MACSTR " (cred=%d)", prio, MAC2STR(bss->bssid),
2407 if (prio < best_prio) {
2408 int bh1, bh2, load1, load2, conn1, conn2;
2409 bh1 = cred_below_min_backhaul(wpa_s, cred, selected);
2410 load1 = cred_over_max_bss_load(wpa_s, cred, selected);
2411 conn1 = cred_conn_capab_missing(wpa_s, cred, selected);
2412 bh2 = cred_below_min_backhaul(wpa_s, cred2, bss);
2413 load2 = cred_over_max_bss_load(wpa_s, cred2, bss);
2414 conn2 = cred_conn_capab_missing(wpa_s, cred2, bss);
2415 wpa_printf(MSG_DEBUG, "Interworking: old: %d %d %d new: %d %d %d",
2416 bh1, load1, conn1, bh2, load2, conn2);
2417 if (bh1 || load1 || conn1 || !(bh2 || load2 || conn2)) {
2418 wpa_printf(MSG_DEBUG, "Interworking: Better roaming partner " MACSTR " selected", MAC2STR(bss->bssid));
2429 static void interworking_select_network(struct wpa_supplicant *wpa_s)
2431 struct wpa_bss *bss, *selected = NULL, *selected_home = NULL;
2432 struct wpa_bss *selected2 = NULL, *selected2_home = NULL;
2433 unsigned int count = 0;
2436 struct wpa_cred *cred, *selected_cred = NULL;
2437 struct wpa_cred *selected_home_cred = NULL;
2438 struct wpa_cred *selected2_cred = NULL;
2439 struct wpa_cred *selected2_home_cred = NULL;
2441 wpa_s->network_select = 0;
2443 wpa_printf(MSG_DEBUG, "Interworking: Select network (auto_select=%d)",
2444 wpa_s->auto_select);
2445 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
2447 int bh, bss_load, conn_capab;
2448 cred = interworking_credentials_available(wpa_s, bss,
2453 if (!wpa_bss_get_ie(bss, WLAN_EID_RSN)) {
2455 * We currently support only HS 2.0 networks and those
2456 * are required to use WPA2-Enterprise.
2458 wpa_msg(wpa_s, MSG_DEBUG,
2459 "Interworking: Credential match with " MACSTR
2460 " but network does not use RSN",
2461 MAC2STR(bss->bssid));
2466 res = interworking_home_sp(wpa_s, bss->anqp ?
2467 bss->anqp->domain_name : NULL);
2474 bh = cred_below_min_backhaul(wpa_s, cred, bss);
2475 bss_load = cred_over_max_bss_load(wpa_s, cred, bss);
2476 conn_capab = cred_conn_capab_missing(wpa_s, cred, bss);
2477 wpa_msg(wpa_s, MSG_INFO, "%s" MACSTR " type=%s%s%s%s id=%d priority=%d sp_priority=%d",
2478 excluded ? INTERWORKING_BLACKLISTED : INTERWORKING_AP,
2479 MAC2STR(bss->bssid), type,
2480 bh ? " below_min_backhaul=1" : "",
2481 bss_load ? " over_max_bss_load=1" : "",
2482 conn_capab ? " conn_capab_missing=1" : "",
2483 cred->id, cred->priority, cred->sp_priority);
2486 if (wpa_s->auto_select ||
2487 (wpa_s->conf->auto_interworking &&
2488 wpa_s->auto_network_select)) {
2489 if (bh || bss_load || conn_capab) {
2490 if (selected2_cred == NULL ||
2491 cred_prio_cmp(cred, selected2_cred) > 0) {
2492 wpa_printf(MSG_DEBUG, "Interworking: Mark as selected2");
2494 selected2_cred = cred;
2497 (selected2_home_cred == NULL ||
2498 cred_prio_cmp(cred, selected2_home_cred) >
2500 wpa_printf(MSG_DEBUG, "Interworking: Mark as selected2_home");
2501 selected2_home = bss;
2502 selected2_home_cred = cred;
2505 if (selected_cred == NULL ||
2506 cred_prio_cmp(cred, selected_cred) > 0) {
2507 wpa_printf(MSG_DEBUG, "Interworking: Mark as selected");
2509 selected_cred = cred;
2512 (selected_home_cred == NULL ||
2513 cred_prio_cmp(cred, selected_home_cred) >
2515 wpa_printf(MSG_DEBUG, "Interworking: Mark as selected_home");
2516 selected_home = bss;
2517 selected_home_cred = cred;
2523 if (selected_home && selected_home != selected &&
2524 selected_home_cred &&
2525 (selected_cred == NULL ||
2526 cred_prio_cmp(selected_home_cred, selected_cred) >= 0)) {
2527 /* Prefer network operated by the Home SP */
2528 wpa_printf(MSG_DEBUG, "Interworking: Overrided selected with selected_home");
2529 selected = selected_home;
2530 selected_cred = selected_home_cred;
2534 if (selected2_home) {
2535 wpa_printf(MSG_DEBUG, "Interworking: Use home BSS with BW limit mismatch since no other network could be selected");
2536 selected = selected2_home;
2537 selected_cred = selected2_home_cred;
2538 } else if (selected2) {
2539 wpa_printf(MSG_DEBUG, "Interworking: Use visited BSS with BW limit mismatch since no other network could be selected");
2540 selected = selected2;
2541 selected_cred = selected2_cred;
2547 * No matching network was found based on configured
2548 * credentials. Check whether any of the enabled network blocks
2549 * have matching APs.
2551 if (interworking_find_network_match(wpa_s)) {
2552 wpa_msg(wpa_s, MSG_DEBUG,
2553 "Interworking: Possible BSS match for enabled network configurations");
2554 if (wpa_s->auto_select) {
2555 interworking_reconnect(wpa_s);
2560 if (wpa_s->auto_network_select) {
2561 wpa_msg(wpa_s, MSG_DEBUG,
2562 "Interworking: Continue scanning after ANQP fetch");
2563 wpa_supplicant_req_scan(wpa_s, wpa_s->scan_interval,
2568 wpa_msg(wpa_s, MSG_INFO, INTERWORKING_NO_MATCH "No network "
2569 "with matching credentials found");
2570 if (wpa_s->wpa_state == WPA_SCANNING)
2571 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
2575 wpa_printf(MSG_DEBUG, "Interworking: Selected " MACSTR,
2576 MAC2STR(selected->bssid));
2577 selected = pick_best_roaming_partner(wpa_s, selected,
2579 wpa_printf(MSG_DEBUG, "Interworking: Selected " MACSTR
2580 " (after best roaming partner selection)",
2581 MAC2STR(selected->bssid));
2582 wpa_msg(wpa_s, MSG_INFO, INTERWORKING_SELECTED MACSTR,
2583 MAC2STR(selected->bssid));
2584 interworking_connect(wpa_s, selected, 0);
2585 } else if (wpa_s->wpa_state == WPA_SCANNING)
2586 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
2590 static struct wpa_bss_anqp *
2591 interworking_match_anqp_info(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
2593 struct wpa_bss *other;
2595 if (is_zero_ether_addr(bss->hessid))
2596 return NULL; /* Cannot be in the same homegenous ESS */
2598 dl_list_for_each(other, &wpa_s->bss, struct wpa_bss, list) {
2601 if (other->anqp == NULL)
2603 if (other->anqp->roaming_consortium == NULL &&
2604 other->anqp->nai_realm == NULL &&
2605 other->anqp->anqp_3gpp == NULL &&
2606 other->anqp->domain_name == NULL)
2608 if (!(other->flags & WPA_BSS_ANQP_FETCH_TRIED))
2610 if (os_memcmp(bss->hessid, other->hessid, ETH_ALEN) != 0)
2612 if (bss->ssid_len != other->ssid_len ||
2613 os_memcmp(bss->ssid, other->ssid, bss->ssid_len) != 0)
2616 wpa_msg(wpa_s, MSG_DEBUG,
2617 "Interworking: Share ANQP data with already fetched BSSID "
2618 MACSTR " and " MACSTR,
2619 MAC2STR(other->bssid), MAC2STR(bss->bssid));
2620 other->anqp->users++;
2628 static void interworking_next_anqp_fetch(struct wpa_supplicant *wpa_s)
2630 struct wpa_bss *bss;
2633 wpa_printf(MSG_DEBUG, "Interworking: next_anqp_fetch - "
2634 "fetch_anqp_in_progress=%d fetch_osu_icon_in_progress=%d",
2635 wpa_s->fetch_anqp_in_progress,
2636 wpa_s->fetch_osu_icon_in_progress);
2638 if (eloop_terminated() || !wpa_s->fetch_anqp_in_progress) {
2639 wpa_printf(MSG_DEBUG, "Interworking: Stop next-ANQP-fetch");
2644 if (wpa_s->fetch_osu_icon_in_progress) {
2645 wpa_printf(MSG_DEBUG, "Interworking: Next icon (in progress)");
2646 hs20_next_osu_icon(wpa_s);
2649 #endif /* CONFIG_HS20 */
2651 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
2652 if (!(bss->caps & IEEE80211_CAP_ESS))
2654 if (!wpa_bss_ext_capab(bss, WLAN_EXT_CAPAB_INTERWORKING))
2655 continue; /* AP does not support Interworking */
2656 if (disallowed_bssid(wpa_s, bss->bssid) ||
2657 disallowed_ssid(wpa_s, bss->ssid, bss->ssid_len))
2658 continue; /* Disallowed BSS */
2660 if (!(bss->flags & WPA_BSS_ANQP_FETCH_TRIED)) {
2661 if (bss->anqp == NULL) {
2662 bss->anqp = interworking_match_anqp_info(wpa_s,
2665 /* Shared data already fetched */
2668 bss->anqp = wpa_bss_anqp_alloc();
2669 if (bss->anqp == NULL)
2673 bss->flags |= WPA_BSS_ANQP_FETCH_TRIED;
2674 wpa_msg(wpa_s, MSG_INFO, "Starting ANQP fetch for "
2675 MACSTR " (HESSID " MACSTR ")",
2676 MAC2STR(bss->bssid), MAC2STR(bss->hessid));
2677 interworking_anqp_send_req(wpa_s, bss);
2684 if (wpa_s->fetch_osu_info) {
2685 if (wpa_s->num_prov_found == 0 &&
2686 wpa_s->fetch_osu_waiting_scan &&
2687 wpa_s->num_osu_scans < 3) {
2688 wpa_printf(MSG_DEBUG, "HS 2.0: No OSU providers seen - try to scan again");
2689 hs20_start_osu_scan(wpa_s);
2692 wpa_printf(MSG_DEBUG, "Interworking: Next icon");
2693 hs20_osu_icon_fetch(wpa_s);
2696 #endif /* CONFIG_HS20 */
2697 wpa_msg(wpa_s, MSG_INFO, "ANQP fetch completed");
2698 wpa_s->fetch_anqp_in_progress = 0;
2699 if (wpa_s->network_select)
2700 interworking_select_network(wpa_s);
2705 void interworking_start_fetch_anqp(struct wpa_supplicant *wpa_s)
2707 struct wpa_bss *bss;
2709 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list)
2710 bss->flags &= ~WPA_BSS_ANQP_FETCH_TRIED;
2712 wpa_s->fetch_anqp_in_progress = 1;
2715 * Start actual ANQP operation from eloop call to make sure the loop
2716 * does not end up using excessive recursion.
2718 eloop_register_timeout(0, 0, interworking_continue_anqp, wpa_s, NULL);
2722 int interworking_fetch_anqp(struct wpa_supplicant *wpa_s)
2724 if (wpa_s->fetch_anqp_in_progress || wpa_s->network_select)
2727 wpa_s->network_select = 0;
2728 wpa_s->fetch_all_anqp = 1;
2729 wpa_s->fetch_osu_info = 0;
2731 interworking_start_fetch_anqp(wpa_s);
2737 void interworking_stop_fetch_anqp(struct wpa_supplicant *wpa_s)
2739 if (!wpa_s->fetch_anqp_in_progress)
2742 wpa_s->fetch_anqp_in_progress = 0;
2746 int anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst,
2747 u16 info_ids[], size_t num_ids, u32 subtypes,
2751 struct wpabuf *extra_buf = NULL;
2754 struct wpa_bss *bss;
2757 bss = wpa_bss_get_bssid(wpa_s, dst);
2759 wpa_printf(MSG_WARNING,
2760 "ANQP: Cannot send query to unknown BSS "
2761 MACSTR, MAC2STR(dst));
2765 wpa_bss_anqp_unshare_alloc(bss);
2768 wpa_msg(wpa_s, MSG_DEBUG,
2769 "ANQP: Query Request to " MACSTR " for %u id(s)",
2770 MAC2STR(dst), (unsigned int) num_ids);
2773 if (subtypes != 0) {
2774 extra_buf = wpabuf_alloc(100);
2775 if (extra_buf == NULL)
2777 hs20_put_anqp_req(subtypes, NULL, 0, extra_buf);
2779 #endif /* CONFIG_HS20 */
2785 mbo = mbo_build_anqp_buf(wpa_s, bss, mbo_subtypes);
2787 if (wpabuf_resize(&extra_buf, wpabuf_len(mbo))) {
2788 wpabuf_free(extra_buf);
2792 wpabuf_put_buf(extra_buf, mbo);
2796 #endif /* CONFIG_MBO */
2798 buf = anqp_build_req(info_ids, num_ids, extra_buf);
2799 wpabuf_free(extra_buf);
2803 res = gas_query_req(wpa_s->gas, dst, freq, 0, buf, anqp_resp_cb, wpa_s);
2805 wpa_msg(wpa_s, MSG_DEBUG, "ANQP: Failed to send Query Request");
2809 wpa_msg(wpa_s, MSG_DEBUG,
2810 "ANQP: Query started with dialog token %u", res);
2817 static void anqp_add_extra(struct wpa_supplicant *wpa_s,
2818 struct wpa_bss_anqp *anqp, u16 info_id,
2819 const u8 *data, size_t slen)
2821 struct wpa_bss_anqp_elem *tmp, *elem = NULL;
2826 dl_list_for_each(tmp, &anqp->anqp_elems, struct wpa_bss_anqp_elem,
2828 if (tmp->infoid == info_id) {
2835 elem = os_zalloc(sizeof(*elem));
2838 elem->infoid = info_id;
2839 dl_list_add(&anqp->anqp_elems, &elem->list);
2841 wpabuf_free(elem->payload);
2844 elem->payload = wpabuf_alloc_copy(data, slen);
2845 if (!elem->payload) {
2846 dl_list_del(&elem->list);
2852 static void interworking_parse_venue_url(struct wpa_supplicant *wpa_s,
2853 const u8 *data, size_t len)
2855 const u8 *pos = data, *end = data + len;
2858 while (end - pos >= 2) {
2862 if (slen < 1 || slen > end - pos) {
2863 wpa_printf(MSG_DEBUG,
2864 "ANQP: Truncated Venue URL Duple field");
2869 os_memcpy(url, pos, slen - 1);
2870 url[slen - 1] = '\0';
2871 wpa_msg(wpa_s, MSG_INFO, RX_VENUE_URL "%u %s", num, url);
2877 static void interworking_parse_rx_anqp_resp(struct wpa_supplicant *wpa_s,
2878 struct wpa_bss *bss, const u8 *sa,
2880 const u8 *data, size_t slen,
2883 const u8 *pos = data;
2884 struct wpa_bss_anqp *anqp = NULL;
2891 case ANQP_CAPABILITY_LIST:
2892 wpa_msg(wpa_s, MSG_INFO, RX_ANQP MACSTR
2893 " ANQP Capability list", MAC2STR(sa));
2894 wpa_hexdump_ascii(MSG_DEBUG, "ANQP: Capability list",
2897 wpabuf_free(anqp->capability_list);
2898 anqp->capability_list = wpabuf_alloc_copy(pos, slen);
2901 case ANQP_VENUE_NAME:
2902 wpa_msg(wpa_s, MSG_INFO, RX_ANQP MACSTR
2903 " Venue Name", MAC2STR(sa));
2904 wpa_hexdump_ascii(MSG_DEBUG, "ANQP: Venue Name", pos, slen);
2906 wpabuf_free(anqp->venue_name);
2907 anqp->venue_name = wpabuf_alloc_copy(pos, slen);
2910 case ANQP_NETWORK_AUTH_TYPE:
2911 wpa_msg(wpa_s, MSG_INFO, RX_ANQP MACSTR
2912 " Network Authentication Type information",
2914 wpa_hexdump_ascii(MSG_DEBUG, "ANQP: Network Authentication "
2917 wpabuf_free(anqp->network_auth_type);
2918 anqp->network_auth_type = wpabuf_alloc_copy(pos, slen);
2921 case ANQP_ROAMING_CONSORTIUM:
2922 wpa_msg(wpa_s, MSG_INFO, RX_ANQP MACSTR
2923 " Roaming Consortium list", MAC2STR(sa));
2924 wpa_hexdump_ascii(MSG_DEBUG, "ANQP: Roaming Consortium",
2927 wpabuf_free(anqp->roaming_consortium);
2928 anqp->roaming_consortium = wpabuf_alloc_copy(pos, slen);
2931 case ANQP_IP_ADDR_TYPE_AVAILABILITY:
2932 wpa_msg(wpa_s, MSG_INFO, RX_ANQP MACSTR
2933 " IP Address Type Availability information",
2935 wpa_hexdump(MSG_MSGDUMP, "ANQP: IP Address Availability",
2938 wpabuf_free(anqp->ip_addr_type_availability);
2939 anqp->ip_addr_type_availability =
2940 wpabuf_alloc_copy(pos, slen);
2943 case ANQP_NAI_REALM:
2944 wpa_msg(wpa_s, MSG_INFO, RX_ANQP MACSTR
2945 " NAI Realm list", MAC2STR(sa));
2946 wpa_hexdump_ascii(MSG_DEBUG, "ANQP: NAI Realm", pos, slen);
2948 wpabuf_free(anqp->nai_realm);
2949 anqp->nai_realm = wpabuf_alloc_copy(pos, slen);
2952 case ANQP_3GPP_CELLULAR_NETWORK:
2953 wpa_msg(wpa_s, MSG_INFO, RX_ANQP MACSTR
2954 " 3GPP Cellular Network information", MAC2STR(sa));
2955 wpa_hexdump_ascii(MSG_DEBUG, "ANQP: 3GPP Cellular Network",
2958 wpabuf_free(anqp->anqp_3gpp);
2959 anqp->anqp_3gpp = wpabuf_alloc_copy(pos, slen);
2962 case ANQP_DOMAIN_NAME:
2963 wpa_msg(wpa_s, MSG_INFO, RX_ANQP MACSTR
2964 " Domain Name list", MAC2STR(sa));
2965 wpa_hexdump_ascii(MSG_MSGDUMP, "ANQP: Domain Name", pos, slen);
2967 wpabuf_free(anqp->domain_name);
2968 anqp->domain_name = wpabuf_alloc_copy(pos, slen);
2972 case ANQP_FILS_REALM_INFO:
2973 wpa_msg(wpa_s, MSG_INFO, RX_ANQP MACSTR
2974 " FILS Realm Information", MAC2STR(sa));
2975 wpa_hexdump_ascii(MSG_MSGDUMP, "ANQP: FILS Realm Information",
2978 wpabuf_free(anqp->fils_realm_info);
2979 anqp->fils_realm_info = wpabuf_alloc_copy(pos, slen);
2982 #endif /* CONFIG_FILS */
2983 case ANQP_VENUE_URL:
2984 wpa_msg(wpa_s, MSG_INFO, RX_ANQP MACSTR " Venue URL",
2986 anqp_add_extra(wpa_s, anqp, info_id, pos, slen);
2988 if (!pmf_in_use(wpa_s, sa)) {
2989 wpa_printf(MSG_DEBUG,
2990 "ANQP: Ignore Venue URL since PMF was not enabled");
2993 interworking_parse_venue_url(wpa_s, pos, slen);
2995 case ANQP_VENDOR_SPECIFIC:
2999 switch (WPA_GET_BE24(pos)) {
3011 case HS20_ANQP_OUI_TYPE:
3012 hs20_parse_rx_hs20_anqp_resp(wpa_s, bss, sa,
3016 #endif /* CONFIG_HS20 */
3018 case MBO_ANQP_OUI_TYPE:
3019 mbo_parse_rx_anqp_resp(wpa_s, bss, sa,
3022 #endif /* CONFIG_MBO */
3024 wpa_msg(wpa_s, MSG_DEBUG,
3025 "ANQP: Unsupported ANQP vendor type %u",
3031 wpa_msg(wpa_s, MSG_DEBUG,
3032 "Interworking: Unsupported vendor-specific ANQP OUI %06x",
3038 wpa_msg(wpa_s, MSG_DEBUG,
3039 "Interworking: Unsupported ANQP Info ID %u", info_id);
3040 anqp_add_extra(wpa_s, anqp, info_id, data, slen);
3046 void anqp_resp_cb(void *ctx, const u8 *dst, u8 dialog_token,
3047 enum gas_query_result result,
3048 const struct wpabuf *adv_proto,
3049 const struct wpabuf *resp, u16 status_code)
3051 struct wpa_supplicant *wpa_s = ctx;
3056 struct wpa_bss *bss = NULL, *tmp;
3057 const char *anqp_result = "SUCCESS";
3059 wpa_printf(MSG_DEBUG, "Interworking: anqp_resp_cb dst=" MACSTR
3060 " dialog_token=%u result=%d status_code=%u",
3061 MAC2STR(dst), dialog_token, result, status_code);
3062 if (result != GAS_QUERY_SUCCESS) {
3064 if (wpa_s->fetch_osu_icon_in_progress)
3065 hs20_icon_fetch_failed(wpa_s);
3066 #endif /* CONFIG_HS20 */
3067 anqp_result = "FAILURE";
3071 pos = wpabuf_head(adv_proto);
3072 if (wpabuf_len(adv_proto) < 4 || pos[0] != WLAN_EID_ADV_PROTO ||
3073 pos[1] < 2 || pos[3] != ACCESS_NETWORK_QUERY_PROTOCOL) {
3074 wpa_msg(wpa_s, MSG_DEBUG,
3075 "ANQP: Unexpected Advertisement Protocol in response");
3077 if (wpa_s->fetch_osu_icon_in_progress)
3078 hs20_icon_fetch_failed(wpa_s);
3079 #endif /* CONFIG_HS20 */
3080 anqp_result = "INVALID_FRAME";
3085 * If possible, select the BSS entry based on which BSS entry was used
3086 * for the request. This can help in cases where multiple BSS entries
3087 * may exist for the same AP.
3089 dl_list_for_each_reverse(tmp, &wpa_s->bss, struct wpa_bss, list) {
3090 if (tmp == wpa_s->interworking_gas_bss &&
3091 os_memcmp(tmp->bssid, dst, ETH_ALEN) == 0) {
3097 bss = wpa_bss_get_bssid(wpa_s, dst);
3099 pos = wpabuf_head(resp);
3100 end = pos + wpabuf_len(resp);
3103 unsigned int left = end - pos;
3106 wpa_msg(wpa_s, MSG_DEBUG, "ANQP: Invalid element");
3107 anqp_result = "INVALID_FRAME";
3108 goto out_parse_done;
3110 info_id = WPA_GET_LE16(pos);
3112 slen = WPA_GET_LE16(pos);
3116 wpa_msg(wpa_s, MSG_DEBUG,
3117 "ANQP: Invalid element length for Info ID %u",
3119 anqp_result = "INVALID_FRAME";
3120 goto out_parse_done;
3122 interworking_parse_rx_anqp_resp(wpa_s, bss, dst, info_id, pos,
3123 slen, dialog_token);
3129 hs20_notify_parse_done(wpa_s);
3130 #endif /* CONFIG_HS20 */
3132 wpa_msg(wpa_s, MSG_INFO, ANQP_QUERY_DONE "addr=" MACSTR " result=%s",
3133 MAC2STR(dst), anqp_result);
3137 static void interworking_scan_res_handler(struct wpa_supplicant *wpa_s,
3138 struct wpa_scan_results *scan_res)
3140 wpa_msg(wpa_s, MSG_DEBUG,
3141 "Interworking: Scan results available - start ANQP fetch");
3142 interworking_start_fetch_anqp(wpa_s);
3146 int interworking_select(struct wpa_supplicant *wpa_s, int auto_select,
3149 interworking_stop_fetch_anqp(wpa_s);
3150 wpa_s->network_select = 1;
3151 wpa_s->auto_network_select = 0;
3152 wpa_s->auto_select = !!auto_select;
3153 wpa_s->fetch_all_anqp = 0;
3154 wpa_s->fetch_osu_info = 0;
3155 wpa_msg(wpa_s, MSG_DEBUG,
3156 "Interworking: Start scan for network selection");
3157 wpa_s->scan_res_handler = interworking_scan_res_handler;
3158 wpa_s->normal_scans = 0;
3159 wpa_s->scan_req = MANUAL_SCAN_REQ;
3160 os_free(wpa_s->manual_scan_freqs);
3161 wpa_s->manual_scan_freqs = freqs;
3162 wpa_s->after_wps = 0;
3163 wpa_s->known_wps_freq = 0;
3164 wpa_supplicant_req_scan(wpa_s, 0, 0);
3170 static void gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token,
3171 enum gas_query_result result,
3172 const struct wpabuf *adv_proto,
3173 const struct wpabuf *resp, u16 status_code)
3175 struct wpa_supplicant *wpa_s = ctx;
3178 wpa_msg(wpa_s, MSG_INFO, GAS_RESPONSE_INFO "addr=" MACSTR
3179 " dialog_token=%d status_code=%d resp_len=%d",
3180 MAC2STR(addr), dialog_token, status_code,
3181 resp ? (int) wpabuf_len(resp) : -1);
3185 n = wpabuf_dup(resp);
3188 wpabuf_free(wpa_s->prev_gas_resp);
3189 wpa_s->prev_gas_resp = wpa_s->last_gas_resp;
3190 os_memcpy(wpa_s->prev_gas_addr, wpa_s->last_gas_addr, ETH_ALEN);
3191 wpa_s->prev_gas_dialog_token = wpa_s->last_gas_dialog_token;
3192 wpa_s->last_gas_resp = n;
3193 os_memcpy(wpa_s->last_gas_addr, addr, ETH_ALEN);
3194 wpa_s->last_gas_dialog_token = dialog_token;
3198 int gas_send_request(struct wpa_supplicant *wpa_s, const u8 *dst,
3199 const struct wpabuf *adv_proto,
3200 const struct wpabuf *query)
3205 struct wpa_bss *bss;
3208 u8 query_resp_len_limit = 0;
3210 freq = wpa_s->assoc_freq;
3211 bss = wpa_bss_get_bssid(wpa_s, dst);
3217 wpa_msg(wpa_s, MSG_DEBUG, "GAS request to " MACSTR " (freq %d MHz)",
3218 MAC2STR(dst), freq);
3219 wpa_hexdump_buf(MSG_DEBUG, "Advertisement Protocol ID", adv_proto);
3220 wpa_hexdump_buf(MSG_DEBUG, "GAS Query", query);
3222 len = 3 + wpabuf_len(adv_proto) + 2;
3224 len += wpabuf_len(query);
3225 buf = gas_build_initial_req(0, len);
3229 /* Advertisement Protocol IE */
3230 wpabuf_put_u8(buf, WLAN_EID_ADV_PROTO);
3231 wpabuf_put_u8(buf, 1 + wpabuf_len(adv_proto)); /* Length */
3232 wpabuf_put_u8(buf, query_resp_len_limit & 0x7f);
3233 wpabuf_put_buf(buf, adv_proto);
3237 wpabuf_put_le16(buf, wpabuf_len(query));
3238 wpabuf_put_buf(buf, query);
3240 wpabuf_put_le16(buf, 0);
3242 res = gas_query_req(wpa_s->gas, dst, freq, 0, buf, gas_resp_cb, wpa_s);
3244 wpa_msg(wpa_s, MSG_DEBUG, "GAS: Failed to send Query Request");
3248 wpa_msg(wpa_s, MSG_DEBUG,
3249 "GAS: Query started with dialog token %u", res);
projects / FreeBSD / FreeBSD.git / blob