/*
 *
 *  Wireless daemon for Linux
 *
 *  Copyright (C) 2019  Intel Corporation. All rights reserved.
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; either
 *  version 2.1 of the License, or (at your option) any later version.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 *
 */

#ifdef HAVE_CONFIG_H
#include <config.h>
#endif

#include <stdint.h>

#include <ell/ell.h>

#include "src/module.h"
#include "src/anqp.h"
#include "src/util.h"
#include "src/ie.h"
#include "src/scan.h"
#include "src/iwd.h"
#include "src/mpdu.h"
#include "src/frame-xchg.h"

#include "linux/nl80211.h"

#define ANQP_GROUP	0

struct anqp_request {
	uint64_t wdev_id;
	anqp_response_func_t anqp_cb;
	anqp_destroy_func_t anqp_destroy;
	void *anqp_data;
	uint8_t anqp_token;
	uint32_t frequency;
	uint8_t *frame;
	size_t frame_len;
	uint32_t id;
};

static void anqp_destroy(void *user_data)
{
	struct anqp_request *request = user_data;

	if (request->anqp_destroy)
		request->anqp_destroy(request->anqp_data);

	l_free(request->frame);
	l_free(request);
}

/*
 * By using frame-xchg we should get called back here for any frame matching our
 * prefix until the duration expires. If frame-xchg is never signalled 'done'
 * (returning true) we should get a timeout in anqp_frame_timeout. This is
 * why we drop any improperly formatted frames without cleaning up the request.
 */
static bool anqp_response_frame_event(const struct mmpdu_header *hdr,
					const void *body, size_t body_len,
					int rssi, void *user_data)
{
	struct anqp_request *request = user_data;
	const uint8_t *ptr = body;
	uint16_t status_code;
	uint16_t delay;
	uint16_t qrlen;
	uint8_t adv_proto_len;
	uint8_t token;

	if (body_len < 9)
		return false;

	/* Skip past category/action since this frame was prefixed matched */
	ptr += 2;
	body_len -= 2;

	/* dialog token */
	token = *ptr++;

	if (request->anqp_token != token)
		return false;

	status_code = l_get_le16(ptr);
	ptr += 2;
	body_len -= 2;

	if (status_code != 0) {
		l_error("Bad status code on GAS response %u", status_code);
		return false;
	}

	delay = l_get_le16(ptr);
	ptr += 2;
	body_len -= 2;

	/*
	 * IEEE 80211-2016 Section 9.6.8.13
	 *
	 * The value 0 will be returned by the STA when a Query Response is
	 * provided in this frame
	 */
	if (delay != 0) {
		l_error("GAS comeback delay was not zero");
		return false;
	}

	if (*ptr != IE_TYPE_ADVERTISEMENT_PROTOCOL) {
		l_error("GAS request not advertisement protocol");
		return false;
	}

	ptr++;
	body_len--;

	adv_proto_len = *ptr++;
	body_len--;

	if (body_len < adv_proto_len)
		return false;

	ptr += adv_proto_len;
	body_len -= adv_proto_len;

	if (body_len < 2)
		return false;

	qrlen = l_get_le16(ptr);
	ptr += 2;

	if (body_len < qrlen)
		return false;

	l_debug("ANQP response received from "MAC, MAC_STR(hdr->address_2));

	if (request->anqp_cb)
		request->anqp_cb(ANQP_SUCCESS, ptr, qrlen, request->anqp_data);

	anqp_destroy(request);

	return true;
}

static const struct frame_xchg_prefix anqp_frame_prefix = {
	.frame_type = 0x00d0,
	.data = (uint8_t []) {
		0x04, 0x0b,
	},
	.len = 2,
};

static void anqp_frame_timeout(int error, void *user_data)
{
	struct anqp_request *request = user_data;
	enum anqp_result result = ANQP_TIMEOUT;

	if (error < 0) {
		result = ANQP_FAILED;
		l_error("Sending ANQP request failed: %s (%i)",
			strerror(-error), -error);
	}

	if (request->anqp_cb)
		request->anqp_cb(result, NULL, 0, request->anqp_data);

	if (request->anqp_destroy)
		request->anqp_destroy(request->anqp_data);

	anqp_destroy(request);
}

static uint8_t *anqp_build_frame(const uint8_t *addr, struct scan_bss *bss,
					uint8_t anqp_token,
					const uint8_t *anqp, size_t len,
					size_t *len_out)
{
	uint8_t *frame = l_malloc(len + 33);
	uint8_t *ptr;

	memset(frame, 0, len + 33);

	l_put_le16(0x00d0, frame + 0);
	memcpy(frame + 4, bss->addr, 6);
	memcpy(frame + 10, addr, 6);
	memcpy(frame + 16, bss->addr, 6);

	ptr = frame + 24;

	*ptr++ = 0x04;			/* Category: Public */
	*ptr++ = 0x0a;			/* Action: GAS initial Request */
	*ptr++ = anqp_token;		/* Dialog Token */
	*ptr++ = IE_TYPE_ADVERTISEMENT_PROTOCOL;
	*ptr++ = 2;

	*ptr++ = 0x7f;
	*ptr++ = IE_ADVERTISEMENT_ANQP;
	l_put_le16(len, ptr);
	ptr += 2;

	memcpy(ptr, anqp, len);
	ptr += len;

	*len_out = ptr - frame;

	return frame;
}

uint32_t anqp_request(uint64_t wdev_id, const uint8_t *addr,
			struct scan_bss *bss, const uint8_t *anqp,
			size_t len, anqp_response_func_t cb,
			void *user_data, anqp_destroy_func_t destroy)
{
	struct anqp_request *request;
	struct iovec iov[2];

	request = l_new(struct anqp_request, 1);

	request->wdev_id = wdev_id;
	request->frequency = bss->frequency;
	request->anqp_cb = cb;
	request->anqp_destroy = destroy;
	/*
	 * WPA3 Specification version 3, Section 9.4:
	 * "A STA shall use a randomized dialog token for every new GAS
	 * exchange."
	 */
	l_getrandom(&request->anqp_token, sizeof(request->anqp_token));
	request->anqp_data = user_data;

	request->frame = anqp_build_frame(addr, bss, request->anqp_token,
						anqp, len,
						&request->frame_len);

	iov[0].iov_base = request->frame;
	iov[0].iov_len = request->frame_len;
	iov[1].iov_base = NULL;

	l_debug("Sending ANQP request to "MAC, MAC_STR(bss->addr));

	request->id = frame_xchg_start(request->wdev_id, iov,
				request->frequency, 0, 300, 0,
				ANQP_GROUP, anqp_frame_timeout, request, NULL,
				&anqp_frame_prefix, anqp_response_frame_event,
				NULL);

	return request->id;
}

void anqp_cancel(uint32_t id)
{
	frame_xchg_cancel(id);
}