2019-06-14 22:12:05 +02:00
|
|
|
/*
|
|
|
|
*
|
|
|
|
* Wireless daemon for Linux
|
|
|
|
*
|
|
|
|
* Copyright (C) 2019 Intel Corporation. All rights reserved.
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
#include <config.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <stdint.h>
|
|
|
|
|
|
|
|
#include <ell/ell.h>
|
|
|
|
|
2019-11-07 23:33:51 +01:00
|
|
|
#include "src/module.h"
|
2019-06-14 22:12:05 +02:00
|
|
|
#include "src/anqp.h"
|
|
|
|
#include "src/util.h"
|
2019-06-27 00:15:54 +02:00
|
|
|
#include "src/ie.h"
|
|
|
|
#include "src/scan.h"
|
|
|
|
#include "src/iwd.h"
|
|
|
|
#include "src/mpdu.h"
|
2020-07-09 02:04:34 +02:00
|
|
|
#include "src/frame-xchg.h"
|
2019-06-27 00:15:54 +02:00
|
|
|
|
|
|
|
#include "linux/nl80211.h"
|
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
#define ANQP_GROUP 0
|
|
|
|
|
2019-06-27 00:15:54 +02:00
|
|
|
struct anqp_request {
|
2020-07-09 02:04:34 +02:00
|
|
|
uint64_t wdev_id;
|
2019-06-27 00:15:54 +02:00
|
|
|
anqp_response_func_t anqp_cb;
|
|
|
|
anqp_destroy_func_t anqp_destroy;
|
|
|
|
void *anqp_data;
|
|
|
|
uint8_t anqp_token;
|
2020-07-09 02:04:34 +02:00
|
|
|
uint32_t frequency;
|
|
|
|
uint8_t *frame;
|
|
|
|
size_t frame_len;
|
|
|
|
uint32_t id;
|
2019-06-27 00:15:54 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
static void anqp_destroy(void *user_data)
|
|
|
|
{
|
|
|
|
struct anqp_request *request = user_data;
|
|
|
|
|
|
|
|
if (request->anqp_destroy)
|
|
|
|
request->anqp_destroy(request->anqp_data);
|
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
l_free(request->frame);
|
2019-06-27 00:15:54 +02:00
|
|
|
l_free(request);
|
|
|
|
}
|
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
/*
|
|
|
|
* By using frame-xchg we should get called back here for any frame matching our
|
|
|
|
* prefix until the duration expires. If frame-xchg is never signalled 'done'
|
|
|
|
* (returning true) we should get a timeout in anqp_frame_timeout. This is
|
|
|
|
* why we drop any improperly formatted frames without cleaning up the request.
|
|
|
|
*/
|
|
|
|
static bool anqp_response_frame_event(const struct mmpdu_header *hdr,
|
|
|
|
const void *body, size_t body_len,
|
|
|
|
int rssi, void *user_data)
|
2019-06-27 00:15:54 +02:00
|
|
|
{
|
2020-07-09 02:04:34 +02:00
|
|
|
struct anqp_request *request = user_data;
|
2019-06-27 00:15:54 +02:00
|
|
|
const uint8_t *ptr = body;
|
|
|
|
uint16_t status_code;
|
|
|
|
uint16_t delay;
|
|
|
|
uint16_t qrlen;
|
|
|
|
uint8_t adv_proto_len;
|
|
|
|
uint8_t token;
|
|
|
|
|
|
|
|
if (body_len < 9)
|
2020-07-09 02:04:34 +02:00
|
|
|
return false;
|
2019-06-27 00:15:54 +02:00
|
|
|
|
|
|
|
/* Skip past category/action since this frame was prefixed matched */
|
|
|
|
ptr += 2;
|
|
|
|
body_len -= 2;
|
|
|
|
|
|
|
|
/* dialog token */
|
|
|
|
token = *ptr++;
|
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
if (request->anqp_token != token)
|
|
|
|
return false;
|
2019-06-27 00:15:54 +02:00
|
|
|
|
|
|
|
status_code = l_get_le16(ptr);
|
|
|
|
ptr += 2;
|
|
|
|
body_len -= 2;
|
|
|
|
|
|
|
|
if (status_code != 0) {
|
|
|
|
l_error("Bad status code on GAS response %u", status_code);
|
2020-07-09 02:04:34 +02:00
|
|
|
return false;
|
2019-06-27 00:15:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
delay = l_get_le16(ptr);
|
|
|
|
ptr += 2;
|
|
|
|
body_len -= 2;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* IEEE 80211-2016 Section 9.6.8.13
|
|
|
|
*
|
|
|
|
* The value 0 will be returned by the STA when a Query Response is
|
|
|
|
* provided in this frame
|
|
|
|
*/
|
|
|
|
if (delay != 0) {
|
|
|
|
l_error("GAS comeback delay was not zero");
|
2020-07-09 02:04:34 +02:00
|
|
|
return false;
|
2019-06-27 00:15:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (*ptr != IE_TYPE_ADVERTISEMENT_PROTOCOL) {
|
|
|
|
l_error("GAS request not advertisement protocol");
|
2020-07-09 02:04:34 +02:00
|
|
|
return false;
|
2019-06-27 00:15:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
ptr++;
|
|
|
|
body_len--;
|
|
|
|
|
|
|
|
adv_proto_len = *ptr++;
|
|
|
|
body_len--;
|
|
|
|
|
|
|
|
if (body_len < adv_proto_len)
|
2020-07-09 02:04:34 +02:00
|
|
|
return false;
|
2019-06-27 00:15:54 +02:00
|
|
|
|
|
|
|
ptr += adv_proto_len;
|
|
|
|
body_len -= adv_proto_len;
|
|
|
|
|
|
|
|
if (body_len < 2)
|
2020-07-09 02:04:34 +02:00
|
|
|
return false;
|
2019-06-27 00:15:54 +02:00
|
|
|
|
|
|
|
qrlen = l_get_le16(ptr);
|
|
|
|
ptr += 2;
|
|
|
|
|
|
|
|
if (body_len < qrlen)
|
2020-07-09 02:04:34 +02:00
|
|
|
return false;
|
2019-06-27 00:15:54 +02:00
|
|
|
|
2019-07-12 23:40:17 +02:00
|
|
|
l_debug("ANQP response received from "MAC, MAC_STR(hdr->address_2));
|
|
|
|
|
2019-06-27 00:15:54 +02:00
|
|
|
if (request->anqp_cb)
|
2020-07-09 02:04:34 +02:00
|
|
|
request->anqp_cb(ANQP_SUCCESS, ptr, qrlen, request->anqp_data);
|
2019-06-27 00:15:54 +02:00
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
anqp_destroy(request);
|
2019-06-27 00:15:54 +02:00
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
return true;
|
2019-06-27 00:15:54 +02:00
|
|
|
}
|
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
static const struct frame_xchg_prefix anqp_frame_prefix = {
|
2022-09-16 00:07:28 +02:00
|
|
|
.frame_type = 0x00d0,
|
2020-07-09 02:04:34 +02:00
|
|
|
.data = (uint8_t []) {
|
|
|
|
0x04, 0x0b,
|
|
|
|
},
|
|
|
|
.len = 2,
|
|
|
|
};
|
|
|
|
|
|
|
|
static void anqp_frame_timeout(int error, void *user_data)
|
2019-06-27 00:15:54 +02:00
|
|
|
{
|
|
|
|
struct anqp_request *request = user_data;
|
2020-07-09 02:04:34 +02:00
|
|
|
enum anqp_result result = ANQP_TIMEOUT;
|
2019-06-27 00:15:54 +02:00
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
if (error < 0) {
|
|
|
|
result = ANQP_FAILED;
|
|
|
|
l_error("Sending ANQP request failed: %s (%i)",
|
|
|
|
strerror(-error), -error);
|
|
|
|
}
|
2019-06-27 00:15:54 +02:00
|
|
|
|
|
|
|
if (request->anqp_cb)
|
2020-07-09 02:04:34 +02:00
|
|
|
request->anqp_cb(result, NULL, 0, request->anqp_data);
|
2019-06-27 00:15:54 +02:00
|
|
|
|
|
|
|
if (request->anqp_destroy)
|
|
|
|
request->anqp_destroy(request->anqp_data);
|
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
anqp_destroy(request);
|
2019-06-27 00:15:54 +02:00
|
|
|
}
|
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
static uint8_t *anqp_build_frame(const uint8_t *addr, struct scan_bss *bss,
|
2021-07-06 03:25:14 +02:00
|
|
|
uint8_t anqp_token,
|
2020-07-09 02:04:34 +02:00
|
|
|
const uint8_t *anqp, size_t len,
|
|
|
|
size_t *len_out)
|
2019-06-27 00:15:54 +02:00
|
|
|
{
|
2020-07-09 02:04:34 +02:00
|
|
|
uint8_t *frame = l_malloc(len + 33);
|
|
|
|
uint8_t *ptr;
|
2019-06-27 00:15:54 +02:00
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
memset(frame, 0, len + 33);
|
2019-06-27 00:15:54 +02:00
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
l_put_le16(0x00d0, frame + 0);
|
|
|
|
memcpy(frame + 4, bss->addr, 6);
|
|
|
|
memcpy(frame + 10, addr, 6);
|
|
|
|
memcpy(frame + 16, bss->addr, 6);
|
2019-06-27 00:15:54 +02:00
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
ptr = frame + 24;
|
2019-06-27 00:15:54 +02:00
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
*ptr++ = 0x04; /* Category: Public */
|
|
|
|
*ptr++ = 0x0a; /* Action: GAS initial Request */
|
2021-07-06 03:25:14 +02:00
|
|
|
*ptr++ = anqp_token; /* Dialog Token */
|
2020-07-09 02:04:34 +02:00
|
|
|
*ptr++ = IE_TYPE_ADVERTISEMENT_PROTOCOL;
|
|
|
|
*ptr++ = 2;
|
2019-06-27 00:15:54 +02:00
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
*ptr++ = 0x7f;
|
|
|
|
*ptr++ = IE_ADVERTISEMENT_ANQP;
|
|
|
|
l_put_le16(len, ptr);
|
|
|
|
ptr += 2;
|
2019-06-27 00:15:54 +02:00
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
memcpy(ptr, anqp, len);
|
|
|
|
ptr += len;
|
2019-06-27 00:15:54 +02:00
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
*len_out = ptr - frame;
|
2019-06-27 00:15:54 +02:00
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
return frame;
|
2019-06-27 00:15:54 +02:00
|
|
|
}
|
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
uint32_t anqp_request(uint64_t wdev_id, const uint8_t *addr,
|
|
|
|
struct scan_bss *bss, const uint8_t *anqp,
|
|
|
|
size_t len, anqp_response_func_t cb,
|
|
|
|
void *user_data, anqp_destroy_func_t destroy)
|
2019-06-27 00:15:54 +02:00
|
|
|
{
|
|
|
|
struct anqp_request *request;
|
|
|
|
struct iovec iov[2];
|
|
|
|
|
|
|
|
request = l_new(struct anqp_request, 1);
|
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
request->wdev_id = wdev_id;
|
|
|
|
request->frequency = bss->frequency;
|
2019-06-27 00:15:54 +02:00
|
|
|
request->anqp_cb = cb;
|
|
|
|
request->anqp_destroy = destroy;
|
2021-07-06 03:25:14 +02:00
|
|
|
/*
|
2024-11-07 14:26:12 +01:00
|
|
|
* WPA3 Specification version 3, Section 9.4:
|
2021-07-06 03:25:14 +02:00
|
|
|
* "A STA shall use a randomized dialog token for every new GAS
|
|
|
|
* exchange."
|
|
|
|
*/
|
|
|
|
l_getrandom(&request->anqp_token, sizeof(request->anqp_token));
|
2019-06-27 00:15:54 +02:00
|
|
|
request->anqp_data = user_data;
|
|
|
|
|
2021-07-06 03:25:14 +02:00
|
|
|
request->frame = anqp_build_frame(addr, bss, request->anqp_token,
|
|
|
|
anqp, len,
|
2020-07-09 02:04:34 +02:00
|
|
|
&request->frame_len);
|
2019-06-27 00:15:54 +02:00
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
iov[0].iov_base = request->frame;
|
|
|
|
iov[0].iov_len = request->frame_len;
|
|
|
|
iov[1].iov_base = NULL;
|
2019-06-27 00:15:54 +02:00
|
|
|
|
2021-08-19 00:09:27 +02:00
|
|
|
l_debug("Sending ANQP request to "MAC, MAC_STR(bss->addr));
|
2019-06-27 00:15:54 +02:00
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
request->id = frame_xchg_start(request->wdev_id, iov,
|
|
|
|
request->frequency, 0, 300, 0,
|
|
|
|
ANQP_GROUP, anqp_frame_timeout, request, NULL,
|
|
|
|
&anqp_frame_prefix, anqp_response_frame_event,
|
|
|
|
NULL);
|
2019-06-27 00:15:54 +02:00
|
|
|
|
2021-11-08 18:24:37 +01:00
|
|
|
return request->id;
|
2019-06-27 00:15:54 +02:00
|
|
|
}
|
|
|
|
|
2020-07-09 02:04:34 +02:00
|
|
|
void anqp_cancel(uint32_t id)
|
2019-06-27 00:15:54 +02:00
|
|
|
{
|
2020-07-09 02:04:34 +02:00
|
|
|
frame_xchg_cancel(id);
|
2019-06-27 00:15:54 +02:00
|
|
|
}
|