1 /*
2 * Hotspot 2.0 OSU client
3 * Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10 #include <time.h>
11 #include <sys/stat.h>
12 #ifdef ANDROID
13 #include "private/android_filesystem_config.h"
14 #endif /* ANDROID */
15
16 #include "common.h"
17 #include "utils/browser.h"
18 #include "utils/base64.h"
19 #include "utils/xml-utils.h"
20 #include "utils/http-utils.h"
21 #include "common/wpa_ctrl.h"
22 #include "common/wpa_helpers.h"
23 #include "eap_common/eap_defs.h"
24 #include "crypto/crypto.h"
25 #include "crypto/sha256.h"
26 #include "osu_client.h"
27
28 const char *spp_xsd_fname = "spp.xsd";
29
30
write_result(struct hs20_osu_client * ctx,const char * fmt,...)31 void write_result(struct hs20_osu_client *ctx, const char *fmt, ...)
32 {
33 va_list ap;
34 FILE *f;
35 char buf[500];
36
37 va_start(ap, fmt);
38 vsnprintf(buf, sizeof(buf), fmt, ap);
39 va_end(ap);
40 write_summary(ctx, "%s", buf);
41
42 if (!ctx->result_file)
43 return;
44
45 f = fopen(ctx->result_file, "w");
46 if (f == NULL)
47 return;
48
49 va_start(ap, fmt);
50 vfprintf(f, fmt, ap);
51 va_end(ap);
52 fprintf(f, "\n");
53 fclose(f);
54 }
55
56
write_summary(struct hs20_osu_client * ctx,const char * fmt,...)57 void write_summary(struct hs20_osu_client *ctx, const char *fmt, ...)
58 {
59 va_list ap;
60 FILE *f;
61
62 if (!ctx->summary_file)
63 return;
64
65 f = fopen(ctx->summary_file, "a");
66 if (f == NULL)
67 return;
68
69 va_start(ap, fmt);
70 vfprintf(f, fmt, ap);
71 va_end(ap);
72 fprintf(f, "\n");
73 fclose(f);
74 }
75
76
debug_dump_node(struct hs20_osu_client * ctx,const char * title,xml_node_t * node)77 void debug_dump_node(struct hs20_osu_client *ctx, const char *title,
78 xml_node_t *node)
79 {
80 char *str = xml_node_to_str(ctx->xml, node);
81 wpa_printf(MSG_DEBUG, "[hs20] %s: '%s'", title, str);
82 free(str);
83 }
84
85
valid_fqdn(const char * fqdn)86 static int valid_fqdn(const char *fqdn)
87 {
88 const char *pos;
89
90 /* TODO: could make this more complete.. */
91 if (strchr(fqdn, '.') == 0 || strlen(fqdn) > 255)
92 return 0;
93 for (pos = fqdn; *pos; pos++) {
94 if (*pos >= 'a' && *pos <= 'z')
95 continue;
96 if (*pos >= 'A' && *pos <= 'Z')
97 continue;
98 if (*pos >= '0' && *pos <= '9')
99 continue;
100 if (*pos == '-' || *pos == '.' || *pos == '_')
101 continue;
102 return 0;
103 }
104 return 1;
105 }
106
107
android_update_permission(const char * path,mode_t mode)108 static int android_update_permission(const char *path, mode_t mode)
109 {
110 #ifdef ANDROID
111 /* we need to change file/folder permission for Android */
112
113 if (!path) {
114 wpa_printf(MSG_ERROR, "file path null");
115 return -1;
116 }
117
118 /* Allow processes running with Group ID as AID_WIFI,
119 * to read files from SP, SP/<fqdn>, Cert and osu-info directories */
120 if (lchown(path, -1, AID_WIFI)) {
121 wpa_printf(MSG_INFO, "CTRL: Could not lchown directory: %s",
122 strerror(errno));
123 return -1;
124 }
125
126 if (chmod(path, mode) < 0) {
127 wpa_printf(MSG_INFO, "CTRL: Could not chmod directory: %s",
128 strerror(errno));
129 return -1;
130 }
131 #endif /* ANDROID */
132
133 return 0;
134 }
135
136
osu_get_certificate(struct hs20_osu_client * ctx,xml_node_t * getcert)137 int osu_get_certificate(struct hs20_osu_client *ctx, xml_node_t *getcert)
138 {
139 xml_node_t *node;
140 char *url, *user = NULL, *pw = NULL;
141 char *proto;
142 int ret = -1;
143
144 proto = xml_node_get_attr_value(ctx->xml, getcert,
145 "enrollmentProtocol");
146 if (!proto)
147 return -1;
148 wpa_printf(MSG_INFO, "getCertificate - enrollmentProtocol=%s", proto);
149 write_summary(ctx, "getCertificate - enrollmentProtocol=%s", proto);
150 if (os_strcasecmp(proto, "EST") != 0) {
151 wpa_printf(MSG_INFO, "Unsupported enrollmentProtocol");
152 xml_node_get_attr_value_free(ctx->xml, proto);
153 return -1;
154 }
155 xml_node_get_attr_value_free(ctx->xml, proto);
156
157 node = get_node(ctx->xml, getcert, "enrollmentServerURI");
158 if (node == NULL) {
159 wpa_printf(MSG_INFO, "Could not find enrollmentServerURI node");
160 xml_node_get_attr_value_free(ctx->xml, proto);
161 return -1;
162 }
163 url = xml_node_get_text(ctx->xml, node);
164 if (url == NULL) {
165 wpa_printf(MSG_INFO, "Could not get URL text");
166 return -1;
167 }
168 wpa_printf(MSG_INFO, "enrollmentServerURI: %s", url);
169 write_summary(ctx, "enrollmentServerURI: %s", url);
170
171 node = get_node(ctx->xml, getcert, "estUserID");
172 if (node == NULL && !ctx->client_cert_present) {
173 wpa_printf(MSG_INFO, "Could not find estUserID node");
174 goto fail;
175 }
176 if (node) {
177 user = xml_node_get_text(ctx->xml, node);
178 if (user == NULL) {
179 wpa_printf(MSG_INFO, "Could not get estUserID text");
180 goto fail;
181 }
182 wpa_printf(MSG_INFO, "estUserID: %s", user);
183 write_summary(ctx, "estUserID: %s", user);
184 }
185
186 node = get_node(ctx->xml, getcert, "estPassword");
187 if (node == NULL && !ctx->client_cert_present) {
188 wpa_printf(MSG_INFO, "Could not find estPassword node");
189 goto fail;
190 }
191 if (node) {
192 pw = xml_node_get_base64_text(ctx->xml, node, NULL);
193 if (pw == NULL) {
194 wpa_printf(MSG_INFO, "Could not get estPassword text");
195 goto fail;
196 }
197 wpa_printf(MSG_INFO, "estPassword: %s", pw);
198 }
199
200 mkdir("Cert", S_IRWXU);
201 android_update_permission("Cert", S_IRWXU | S_IRWXG);
202
203 if (est_load_cacerts(ctx, url) < 0 ||
204 est_build_csr(ctx, url) < 0 ||
205 est_simple_enroll(ctx, url, user, pw) < 0)
206 goto fail;
207
208 ret = 0;
209 fail:
210 xml_node_get_text_free(ctx->xml, url);
211 xml_node_get_text_free(ctx->xml, user);
212 xml_node_get_text_free(ctx->xml, pw);
213
214 return ret;
215 }
216
217
process_est_cert(struct hs20_osu_client * ctx,xml_node_t * cert,const char * fqdn)218 static int process_est_cert(struct hs20_osu_client *ctx, xml_node_t *cert,
219 const char *fqdn)
220 {
221 u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
222 char *der, *pem;
223 size_t der_len, pem_len;
224 char *fingerprint;
225 char buf[200];
226
227 wpa_printf(MSG_INFO, "PPS for certificate credential - fqdn=%s", fqdn);
228
229 fingerprint = xml_node_get_text(ctx->xml, cert);
230 if (fingerprint == NULL)
231 return -1;
232 if (hexstr2bin(fingerprint, digest1, SHA256_MAC_LEN) < 0) {
233 wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
234 write_result(ctx, "Invalid client certificate SHA256 hash value in PPS");
235 xml_node_get_text_free(ctx->xml, fingerprint);
236 return -1;
237 }
238 xml_node_get_text_free(ctx->xml, fingerprint);
239
240 der = os_readfile("Cert/est_cert.der", &der_len);
241 if (der == NULL) {
242 wpa_printf(MSG_INFO, "Could not find client certificate from EST");
243 write_result(ctx, "Could not find client certificate from EST");
244 return -1;
245 }
246
247 if (sha256_vector(1, (const u8 **) &der, &der_len, digest2) < 0) {
248 os_free(der);
249 return -1;
250 }
251 os_free(der);
252
253 if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
254 wpa_printf(MSG_INFO, "Client certificate from EST does not match fingerprint from PPS MO");
255 write_result(ctx, "Client certificate from EST does not match fingerprint from PPS MO");
256 return -1;
257 }
258
259 wpa_printf(MSG_INFO, "Client certificate from EST matches PPS MO");
260 unlink("Cert/est_cert.der");
261
262 os_snprintf(buf, sizeof(buf), "SP/%s/client-ca.pem", fqdn);
263 if (rename("Cert/est-cacerts.pem", buf) < 0) {
264 wpa_printf(MSG_INFO, "Could not move est-cacerts.pem to client-ca.pem: %s",
265 strerror(errno));
266 return -1;
267 }
268 pem = os_readfile(buf, &pem_len);
269
270 os_snprintf(buf, sizeof(buf), "SP/%s/client-cert.pem", fqdn);
271 if (rename("Cert/est_cert.pem", buf) < 0) {
272 wpa_printf(MSG_INFO, "Could not move est_cert.pem to client-cert.pem: %s",
273 strerror(errno));
274 os_free(pem);
275 return -1;
276 }
277
278 if (pem) {
279 FILE *f = fopen(buf, "a");
280 if (f) {
281 fwrite(pem, pem_len, 1, f);
282 fclose(f);
283 }
284 os_free(pem);
285 }
286
287 os_snprintf(buf, sizeof(buf), "SP/%s/client-key.pem", fqdn);
288 if (rename("Cert/privkey-plain.pem", buf) < 0) {
289 wpa_printf(MSG_INFO, "Could not move privkey-plain.pem to client-key.pem: %s",
290 strerror(errno));
291 return -1;
292 }
293
294 unlink("Cert/est-req.b64");
295 unlink("Cert/est-req.pem");
296 rmdir("Cert");
297
298 return 0;
299 }
300
301
302 #define TMP_CERT_DL_FILE "tmp-cert-download"
303
download_cert(struct hs20_osu_client * ctx,xml_node_t * params,const char * fname)304 static int download_cert(struct hs20_osu_client *ctx, xml_node_t *params,
305 const char *fname)
306 {
307 xml_node_t *url_node, *hash_node;
308 char *url, *hash;
309 char *cert;
310 size_t len;
311 u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
312 int res;
313 char *b64;
314 FILE *f;
315
316 url_node = get_node(ctx->xml, params, "CertURL");
317 hash_node = get_node(ctx->xml, params, "CertSHA256Fingerprint");
318 if (url_node == NULL || hash_node == NULL)
319 return -1;
320 url = xml_node_get_text(ctx->xml, url_node);
321 hash = xml_node_get_text(ctx->xml, hash_node);
322 if (url == NULL || hash == NULL) {
323 xml_node_get_text_free(ctx->xml, url);
324 xml_node_get_text_free(ctx->xml, hash);
325 return -1;
326 }
327
328 wpa_printf(MSG_INFO, "CertURL: %s", url);
329 wpa_printf(MSG_INFO, "SHA256 hash: %s", hash);
330
331 if (hexstr2bin(hash, digest1, SHA256_MAC_LEN) < 0) {
332 wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
333 write_result(ctx, "Invalid SHA256 hash value for downloaded certificate");
334 xml_node_get_text_free(ctx->xml, hash);
335 return -1;
336 }
337 xml_node_get_text_free(ctx->xml, hash);
338
339 write_summary(ctx, "Download certificate from %s", url);
340 ctx->no_osu_cert_validation = 1;
341 http_ocsp_set(ctx->http, 1);
342 res = http_download_file(ctx->http, url, TMP_CERT_DL_FILE, NULL);
343 http_ocsp_set(ctx->http,
344 (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
345 ctx->no_osu_cert_validation = 0;
346 xml_node_get_text_free(ctx->xml, url);
347 if (res < 0)
348 return -1;
349
350 cert = os_readfile(TMP_CERT_DL_FILE, &len);
351 remove(TMP_CERT_DL_FILE);
352 if (cert == NULL)
353 return -1;
354
355 if (sha256_vector(1, (const u8 **) &cert, &len, digest2) < 0) {
356 os_free(cert);
357 return -1;
358 }
359
360 if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
361 wpa_printf(MSG_INFO, "Downloaded certificate fingerprint did not match");
362 write_result(ctx, "Downloaded certificate fingerprint did not match");
363 os_free(cert);
364 return -1;
365 }
366
367 b64 = base64_encode(cert, len, NULL);
368 os_free(cert);
369 if (b64 == NULL)
370 return -1;
371
372 f = fopen(fname, "wb");
373 if (f == NULL) {
374 os_free(b64);
375 return -1;
376 }
377
378 fprintf(f, "-----BEGIN CERTIFICATE-----\n"
379 "%s"
380 "-----END CERTIFICATE-----\n",
381 b64);
382
383 os_free(b64);
384 fclose(f);
385
386 wpa_printf(MSG_INFO, "Downloaded certificate into %s and validated fingerprint",
387 fname);
388 write_summary(ctx, "Downloaded certificate into %s and validated fingerprint",
389 fname);
390
391 return 0;
392 }
393
394
cmd_dl_osu_ca(struct hs20_osu_client * ctx,const char * pps_fname,const char * ca_fname)395 static int cmd_dl_osu_ca(struct hs20_osu_client *ctx, const char *pps_fname,
396 const char *ca_fname)
397 {
398 xml_node_t *pps, *node;
399 int ret;
400
401 pps = node_from_file(ctx->xml, pps_fname);
402 if (pps == NULL) {
403 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
404 return -1;
405 }
406
407 node = get_child_node(ctx->xml, pps,
408 "SubscriptionUpdate/TrustRoot");
409 if (node == NULL) {
410 wpa_printf(MSG_INFO, "No SubscriptionUpdate/TrustRoot/CertURL found from PPS");
411 xml_node_free(ctx->xml, pps);
412 return -1;
413 }
414
415 ret = download_cert(ctx, node, ca_fname);
416 xml_node_free(ctx->xml, pps);
417
418 return ret;
419 }
420
421
cmd_dl_polupd_ca(struct hs20_osu_client * ctx,const char * pps_fname,const char * ca_fname)422 static int cmd_dl_polupd_ca(struct hs20_osu_client *ctx, const char *pps_fname,
423 const char *ca_fname)
424 {
425 xml_node_t *pps, *node;
426 int ret;
427
428 pps = node_from_file(ctx->xml, pps_fname);
429 if (pps == NULL) {
430 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
431 return -1;
432 }
433
434 node = get_child_node(ctx->xml, pps,
435 "Policy/PolicyUpdate/TrustRoot");
436 if (node == NULL) {
437 wpa_printf(MSG_INFO, "No Policy/PolicyUpdate/TrustRoot/CertURL found from PPS");
438 xml_node_free(ctx->xml, pps);
439 return -2;
440 }
441
442 ret = download_cert(ctx, node, ca_fname);
443 xml_node_free(ctx->xml, pps);
444
445 return ret;
446 }
447
448
cmd_dl_aaa_ca(struct hs20_osu_client * ctx,const char * pps_fname,const char * ca_fname)449 static int cmd_dl_aaa_ca(struct hs20_osu_client *ctx, const char *pps_fname,
450 const char *ca_fname)
451 {
452 xml_node_t *pps, *node, *aaa;
453 int ret;
454
455 pps = node_from_file(ctx->xml, pps_fname);
456 if (pps == NULL) {
457 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
458 return -1;
459 }
460
461 node = get_child_node(ctx->xml, pps,
462 "AAAServerTrustRoot");
463 if (node == NULL) {
464 wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
465 xml_node_free(ctx->xml, pps);
466 return -2;
467 }
468
469 aaa = xml_node_first_child(ctx->xml, node);
470 if (aaa == NULL) {
471 wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
472 xml_node_free(ctx->xml, pps);
473 return -1;
474 }
475
476 ret = download_cert(ctx, aaa, ca_fname);
477 xml_node_free(ctx->xml, pps);
478
479 return ret;
480 }
481
482
download_trust_roots(struct hs20_osu_client * ctx,const char * pps_fname)483 static int download_trust_roots(struct hs20_osu_client *ctx,
484 const char *pps_fname)
485 {
486 char *dir, *pos;
487 char fname[300];
488 int ret, ret1;
489
490 dir = os_strdup(pps_fname);
491 if (dir == NULL)
492 return -1;
493 pos = os_strrchr(dir, '/');
494 if (pos == NULL) {
495 os_free(dir);
496 return -1;
497 }
498 *pos = '\0';
499
500 snprintf(fname, sizeof(fname), "%s/ca.pem", dir);
501 ret = cmd_dl_osu_ca(ctx, pps_fname, fname);
502 snprintf(fname, sizeof(fname), "%s/polupd-ca.pem", dir);
503 ret1 = cmd_dl_polupd_ca(ctx, pps_fname, fname);
504 if (ret == 0 && ret1 == -1)
505 ret = -1;
506 snprintf(fname, sizeof(fname), "%s/aaa-ca.pem", dir);
507 ret1 = cmd_dl_aaa_ca(ctx, pps_fname, fname);
508 if (ret == 0 && ret1 == -1)
509 ret = -1;
510
511 os_free(dir);
512
513 return ret;
514 }
515
516
server_dnsname_suffix_match(struct hs20_osu_client * ctx,const char * fqdn)517 static int server_dnsname_suffix_match(struct hs20_osu_client *ctx,
518 const char *fqdn)
519 {
520 size_t match_len, len, i;
521 const char *val;
522
523 match_len = os_strlen(fqdn);
524
525 for (i = 0; i < ctx->server_dnsname_count; i++) {
526 wpa_printf(MSG_INFO,
527 "Checking suffix match against server dNSName %s",
528 ctx->server_dnsname[i]);
529 val = ctx->server_dnsname[i];
530 len = os_strlen(val);
531
532 if (match_len > len)
533 continue;
534
535 if (os_strncasecmp(val + len - match_len, fqdn, match_len) != 0)
536 continue; /* no match */
537
538 if (match_len == len)
539 return 1; /* exact match */
540
541 if (val[len - match_len - 1] == '.')
542 return 1; /* full label match completes suffix match */
543
544 /* Reject due to incomplete label match */
545 }
546
547 /* None of the dNSName(s) matched */
548 return 0;
549 }
550
551
hs20_add_pps_mo(struct hs20_osu_client * ctx,const char * uri,xml_node_t * add_mo,char * fname,size_t fname_len)552 int hs20_add_pps_mo(struct hs20_osu_client *ctx, const char *uri,
553 xml_node_t *add_mo, char *fname, size_t fname_len)
554 {
555 char *str;
556 char *fqdn, *pos;
557 xml_node_t *tnds, *mo, *cert;
558 const char *name;
559 int ret;
560
561 if (strncmp(uri, "./Wi-Fi/", 8) != 0) {
562 wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO: '%s'",
563 uri);
564 write_result(ctx, "Unsupported location for addMO to add PPS MO: '%s'",
565 uri);
566 return -1;
567 }
568
569 fqdn = strdup(uri + 8);
570 if (fqdn == NULL)
571 return -1;
572 pos = strchr(fqdn, '/');
573 if (pos) {
574 if (os_strcasecmp(pos, "/PerProviderSubscription") != 0) {
575 wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO (extra directory): '%s'",
576 uri);
577 write_result(ctx, "Unsupported location for addMO to "
578 "add PPS MO (extra directory): '%s'", uri);
579 free(fqdn);
580 return -1;
581 }
582 *pos = '\0'; /* remove trailing slash and PPS node name */
583 }
584 wpa_printf(MSG_INFO, "SP FQDN: %s", fqdn);
585
586 if (!server_dnsname_suffix_match(ctx, fqdn)) {
587 wpa_printf(MSG_INFO,
588 "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values, count: %d",
589 fqdn, (int) ctx->server_dnsname_count);
590 write_result(ctx, "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values",
591 fqdn);
592 free(fqdn);
593 return -1;
594 }
595
596 if (!valid_fqdn(fqdn)) {
597 wpa_printf(MSG_INFO, "Invalid FQDN '%s'", fqdn);
598 write_result(ctx, "Invalid FQDN '%s'", fqdn);
599 free(fqdn);
600 return -1;
601 }
602
603 mkdir("SP", S_IRWXU);
604 snprintf(fname, fname_len, "SP/%s", fqdn);
605 if (mkdir(fname, S_IRWXU) < 0) {
606 if (errno != EEXIST) {
607 int err = errno;
608 wpa_printf(MSG_INFO, "mkdir(%s) failed: %s",
609 fname, strerror(err));
610 free(fqdn);
611 return -1;
612 }
613 }
614
615 android_update_permission("SP", S_IRWXU | S_IRWXG);
616 android_update_permission(fname, S_IRWXU | S_IRWXG);
617
618 snprintf(fname, fname_len, "SP/%s/pps.xml", fqdn);
619
620 if (os_file_exists(fname)) {
621 wpa_printf(MSG_INFO, "PPS file '%s' exists - reject addMO",
622 fname);
623 write_result(ctx, "PPS file '%s' exists - reject addMO",
624 fname);
625 free(fqdn);
626 return -2;
627 }
628 wpa_printf(MSG_INFO, "Using PPS file: %s", fname);
629
630 str = xml_node_get_text(ctx->xml, add_mo);
631 if (str == NULL) {
632 wpa_printf(MSG_INFO, "Could not extract MO text");
633 free(fqdn);
634 return -1;
635 }
636 wpa_printf(MSG_DEBUG, "[hs20] addMO text: '%s'", str);
637
638 tnds = xml_node_from_buf(ctx->xml, str);
639 xml_node_get_text_free(ctx->xml, str);
640 if (tnds == NULL) {
641 wpa_printf(MSG_INFO, "[hs20] Could not parse addMO text");
642 free(fqdn);
643 return -1;
644 }
645
646 mo = tnds_to_mo(ctx->xml, tnds);
647 if (mo == NULL) {
648 wpa_printf(MSG_INFO, "[hs20] Could not parse addMO TNDS text");
649 free(fqdn);
650 return -1;
651 }
652
653 debug_dump_node(ctx, "Parsed TNDS", mo);
654
655 name = xml_node_get_localname(ctx->xml, mo);
656 if (os_strcasecmp(name, "PerProviderSubscription") != 0) {
657 wpa_printf(MSG_INFO, "[hs20] Unexpected PPS MO root node name '%s'",
658 name);
659 free(fqdn);
660 return -1;
661 }
662
663 cert = get_child_node(ctx->xml, mo,
664 "Credential/DigitalCertificate/"
665 "CertSHA256Fingerprint");
666 if (cert && process_est_cert(ctx, cert, fqdn) < 0) {
667 xml_node_free(ctx->xml, mo);
668 free(fqdn);
669 return -1;
670 }
671 free(fqdn);
672
673 if (node_to_file(ctx->xml, fname, mo) < 0) {
674 wpa_printf(MSG_INFO, "Could not write MO to file");
675 xml_node_free(ctx->xml, mo);
676 return -1;
677 }
678 xml_node_free(ctx->xml, mo);
679
680 wpa_printf(MSG_INFO, "A new PPS MO added as '%s'", fname);
681 write_summary(ctx, "A new PPS MO added as '%s'", fname);
682
683 ret = download_trust_roots(ctx, fname);
684 if (ret < 0) {
685 wpa_printf(MSG_INFO, "Remove invalid PPS MO file");
686 write_summary(ctx, "Remove invalid PPS MO file");
687 unlink(fname);
688 }
689
690 return ret;
691 }
692
693
update_pps_file(struct hs20_osu_client * ctx,const char * pps_fname,xml_node_t * pps)694 int update_pps_file(struct hs20_osu_client *ctx, const char *pps_fname,
695 xml_node_t *pps)
696 {
697 char *str;
698 FILE *f;
699 char backup[300];
700
701 if (ctx->client_cert_present) {
702 xml_node_t *cert;
703 cert = get_child_node(ctx->xml, pps,
704 "Credential/DigitalCertificate/"
705 "CertSHA256Fingerprint");
706 if (cert && os_file_exists("Cert/est_cert.der") &&
707 process_est_cert(ctx, cert, ctx->fqdn) < 0) {
708 wpa_printf(MSG_INFO, "EST certificate update processing failed on PPS MO update");
709 return -1;
710 }
711 }
712
713 wpa_printf(MSG_INFO, "Updating PPS MO %s", pps_fname);
714
715 str = xml_node_to_str(ctx->xml, pps);
716 if (str == NULL) {
717 wpa_printf(MSG_ERROR, "No node found");
718 return -1;
719 }
720 wpa_printf(MSG_MSGDUMP, "[hs20] Updated PPS: '%s'", str);
721
722 snprintf(backup, sizeof(backup), "%s.bak", pps_fname);
723 rename(pps_fname, backup);
724 f = fopen(pps_fname, "w");
725 if (f == NULL) {
726 wpa_printf(MSG_INFO, "Could not write PPS");
727 rename(backup, pps_fname);
728 free(str);
729 return -1;
730 }
731 fprintf(f, "%s\n", str);
732 fclose(f);
733
734 free(str);
735
736 return 0;
737 }
738
739
get_user_pw(struct hs20_osu_client * ctx,xml_node_t * pps,const char * alt_loc,char ** user,char ** pw)740 void get_user_pw(struct hs20_osu_client *ctx, xml_node_t *pps,
741 const char *alt_loc, char **user, char **pw)
742 {
743 xml_node_t *node;
744
745 node = get_child_node(ctx->xml, pps,
746 "Credential/UsernamePassword/Username");
747 if (node)
748 *user = xml_node_get_text(ctx->xml, node);
749
750 node = get_child_node(ctx->xml, pps,
751 "Credential/UsernamePassword/Password");
752 if (node)
753 *pw = xml_node_get_base64_text(ctx->xml, node, NULL);
754
755 node = get_child_node(ctx->xml, pps, alt_loc);
756 if (node) {
757 xml_node_t *a;
758 a = get_node(ctx->xml, node, "Username");
759 if (a) {
760 xml_node_get_text_free(ctx->xml, *user);
761 *user = xml_node_get_text(ctx->xml, a);
762 wpa_printf(MSG_INFO, "Use OSU username '%s'", anonymize_common(*user));
763 }
764
765 a = get_node(ctx->xml, node, "Password");
766 if (a) {
767 free(*pw);
768 *pw = xml_node_get_base64_text(ctx->xml, a, NULL);
769 wpa_printf(MSG_INFO, "Use OSU password");
770 }
771 }
772 }
773
774
775 /* Remove old credentials based on HomeSP/FQDN */
remove_sp_creds(struct hs20_osu_client * ctx,const char * fqdn)776 static void remove_sp_creds(struct hs20_osu_client *ctx, const char *fqdn)
777 {
778 char cmd[300];
779 os_snprintf(cmd, sizeof(cmd), "REMOVE_CRED provisioning_sp=%s", fqdn);
780 if (wpa_command(ctx->ifname, cmd) < 0)
781 wpa_printf(MSG_INFO, "Failed to remove old credential(s)");
782 }
783
784
set_pps_cred_policy_spe(struct hs20_osu_client * ctx,int id,xml_node_t * spe)785 static void set_pps_cred_policy_spe(struct hs20_osu_client *ctx, int id,
786 xml_node_t *spe)
787 {
788 xml_node_t *ssid;
789 char *txt;
790
791 ssid = get_node(ctx->xml, spe, "SSID");
792 if (ssid == NULL)
793 return;
794 txt = xml_node_get_text(ctx->xml, ssid);
795 if (txt == NULL)
796 return;
797 wpa_printf(MSG_DEBUG, "- Policy/SPExclusionList/<X+>/SSID = %s", anonymize_ssid(txt));
798 if (set_cred_quoted(ctx->ifname, id, "excluded_ssid", txt) < 0)
799 wpa_printf(MSG_INFO, "Failed to set cred excluded_ssid");
800 xml_node_get_text_free(ctx->xml, txt);
801 }
802
803
set_pps_cred_policy_spel(struct hs20_osu_client * ctx,int id,xml_node_t * spel)804 static void set_pps_cred_policy_spel(struct hs20_osu_client *ctx, int id,
805 xml_node_t *spel)
806 {
807 xml_node_t *child;
808
809 xml_node_for_each_child(ctx->xml, child, spel) {
810 xml_node_for_each_check(ctx->xml, child);
811 set_pps_cred_policy_spe(ctx, id, child);
812 }
813 }
814
815
set_pps_cred_policy_prp(struct hs20_osu_client * ctx,int id,xml_node_t * prp)816 static void set_pps_cred_policy_prp(struct hs20_osu_client *ctx, int id,
817 xml_node_t *prp)
818 {
819 xml_node_t *node;
820 char *txt = NULL, *pos;
821 char *prio, *country_buf = NULL;
822 const char *country;
823 char val[200];
824 int priority;
825
826 node = get_node(ctx->xml, prp, "Priority");
827 if (node == NULL)
828 return;
829 prio = xml_node_get_text(ctx->xml, node);
830 if (prio == NULL)
831 return;
832 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Priority = %s",
833 prio);
834 priority = atoi(prio);
835 xml_node_get_text_free(ctx->xml, prio);
836
837 node = get_node(ctx->xml, prp, "Country");
838 if (node) {
839 country_buf = xml_node_get_text(ctx->xml, node);
840 if (country_buf == NULL)
841 return;
842 country = country_buf;
843 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Country = **");
844 } else {
845 country = "*";
846 }
847
848 node = get_node(ctx->xml, prp, "FQDN_Match");
849 if (node == NULL)
850 goto out;
851 txt = xml_node_get_text(ctx->xml, node);
852 if (txt == NULL)
853 goto out;
854 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/FQDN_Match = %s",
855 txt);
856 pos = strrchr(txt, ',');
857 if (pos == NULL)
858 goto out;
859 *pos++ = '\0';
860
861 snprintf(val, sizeof(val), "%s,%d,%d,%s", txt,
862 strcmp(pos, "includeSubdomains") != 0, priority, country);
863 if (set_cred_quoted(ctx->ifname, id, "roaming_partner", val) < 0)
864 wpa_printf(MSG_INFO, "Failed to set cred roaming_partner");
865 out:
866 xml_node_get_text_free(ctx->xml, country_buf);
867 xml_node_get_text_free(ctx->xml, txt);
868 }
869
870
set_pps_cred_policy_prpl(struct hs20_osu_client * ctx,int id,xml_node_t * prpl)871 static void set_pps_cred_policy_prpl(struct hs20_osu_client *ctx, int id,
872 xml_node_t *prpl)
873 {
874 xml_node_t *child;
875
876 xml_node_for_each_child(ctx->xml, child, prpl) {
877 xml_node_for_each_check(ctx->xml, child);
878 set_pps_cred_policy_prp(ctx, id, child);
879 }
880 }
881
882
set_pps_cred_policy_min_backhaul(struct hs20_osu_client * ctx,int id,xml_node_t * min_backhaul)883 static void set_pps_cred_policy_min_backhaul(struct hs20_osu_client *ctx, int id,
884 xml_node_t *min_backhaul)
885 {
886 xml_node_t *node;
887 char *type, *dl = NULL, *ul = NULL;
888 int home;
889
890 node = get_node(ctx->xml, min_backhaul, "NetworkType");
891 if (node == NULL) {
892 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without mandatory NetworkType node");
893 return;
894 }
895
896 type = xml_node_get_text(ctx->xml, node);
897 if (type == NULL)
898 return;
899 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/NetworkType = %s",
900 type);
901 if (os_strcasecmp(type, "home") == 0)
902 home = 1;
903 else if (os_strcasecmp(type, "roaming") == 0)
904 home = 0;
905 else {
906 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold with invalid NetworkType");
907 xml_node_get_text_free(ctx->xml, type);
908 return;
909 }
910 xml_node_get_text_free(ctx->xml, type);
911
912 node = get_node(ctx->xml, min_backhaul, "DLBandwidth");
913 if (node)
914 dl = xml_node_get_text(ctx->xml, node);
915
916 node = get_node(ctx->xml, min_backhaul, "ULBandwidth");
917 if (node)
918 ul = xml_node_get_text(ctx->xml, node);
919
920 if (dl == NULL && ul == NULL) {
921 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without either DLBandwidth or ULBandwidth nodes");
922 return;
923 }
924
925 if (dl)
926 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/DLBandwidth = %s",
927 dl);
928 if (ul)
929 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/ULBandwidth = %s",
930 ul);
931
932 if (home) {
933 if (dl &&
934 set_cred(ctx->ifname, id, "min_dl_bandwidth_home", dl) < 0)
935 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
936 if (ul &&
937 set_cred(ctx->ifname, id, "min_ul_bandwidth_home", ul) < 0)
938 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
939 } else {
940 if (dl &&
941 set_cred(ctx->ifname, id, "min_dl_bandwidth_roaming", dl) <
942 0)
943 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
944 if (ul &&
945 set_cred(ctx->ifname, id, "min_ul_bandwidth_roaming", ul) <
946 0)
947 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
948 }
949
950 xml_node_get_text_free(ctx->xml, dl);
951 xml_node_get_text_free(ctx->xml, ul);
952 }
953
954
set_pps_cred_policy_min_backhaul_list(struct hs20_osu_client * ctx,int id,xml_node_t * node)955 static void set_pps_cred_policy_min_backhaul_list(struct hs20_osu_client *ctx,
956 int id, xml_node_t *node)
957 {
958 xml_node_t *child;
959
960 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold");
961
962 xml_node_for_each_child(ctx->xml, child, node) {
963 xml_node_for_each_check(ctx->xml, child);
964 set_pps_cred_policy_min_backhaul(ctx, id, child);
965 }
966 }
967
968
set_pps_cred_policy_update(struct hs20_osu_client * ctx,int id,xml_node_t * node)969 static void set_pps_cred_policy_update(struct hs20_osu_client *ctx, int id,
970 xml_node_t *node)
971 {
972 wpa_printf(MSG_INFO, "- Policy/PolicyUpdate");
973 /* Not used in wpa_supplicant */
974 }
975
976
set_pps_cred_policy_required_proto_port(struct hs20_osu_client * ctx,int id,xml_node_t * tuple)977 static void set_pps_cred_policy_required_proto_port(struct hs20_osu_client *ctx,
978 int id, xml_node_t *tuple)
979 {
980 xml_node_t *node;
981 char *proto, *port;
982 char *buf;
983 size_t buflen;
984
985 node = get_node(ctx->xml, tuple, "IPProtocol");
986 if (node == NULL) {
987 wpa_printf(MSG_INFO, "Ignore RequiredProtoPortTuple without mandatory IPProtocol node");
988 return;
989 }
990
991 proto = xml_node_get_text(ctx->xml, node);
992 if (proto == NULL)
993 return;
994
995 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/IPProtocol = %s",
996 proto);
997
998 node = get_node(ctx->xml, tuple, "PortNumber");
999 port = node ? xml_node_get_text(ctx->xml, node) : NULL;
1000 if (port) {
1001 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/PortNumber = %s",
1002 port);
1003 buflen = os_strlen(proto) + os_strlen(port) + 10;
1004 buf = os_malloc(buflen);
1005 if (buf)
1006 os_snprintf(buf, buflen, "%s:%s", proto, port);
1007 xml_node_get_text_free(ctx->xml, port);
1008 } else {
1009 buflen = os_strlen(proto) + 10;
1010 buf = os_malloc(buflen);
1011 if (buf)
1012 os_snprintf(buf, buflen, "%s", proto);
1013 }
1014
1015 xml_node_get_text_free(ctx->xml, proto);
1016
1017 if (buf == NULL)
1018 return;
1019
1020 if (set_cred(ctx->ifname, id, "req_conn_capab", buf) < 0)
1021 wpa_printf(MSG_INFO, "Could not set req_conn_capab");
1022
1023 os_free(buf);
1024 }
1025
1026
set_pps_cred_policy_required_proto_ports(struct hs20_osu_client * ctx,int id,xml_node_t * node)1027 static void set_pps_cred_policy_required_proto_ports(struct hs20_osu_client *ctx,
1028 int id, xml_node_t *node)
1029 {
1030 xml_node_t *child;
1031
1032 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple");
1033
1034 xml_node_for_each_child(ctx->xml, child, node) {
1035 xml_node_for_each_check(ctx->xml, child);
1036 set_pps_cred_policy_required_proto_port(ctx, id, child);
1037 }
1038 }
1039
1040
set_pps_cred_policy_max_bss_load(struct hs20_osu_client * ctx,int id,xml_node_t * node)1041 static void set_pps_cred_policy_max_bss_load(struct hs20_osu_client *ctx, int id,
1042 xml_node_t *node)
1043 {
1044 char *str = xml_node_get_text(ctx->xml, node);
1045 if (str == NULL)
1046 return;
1047 wpa_printf(MSG_INFO, "- Policy/MaximumBSSLoadValue - %s", str);
1048 if (set_cred(ctx->ifname, id, "max_bss_load", str) < 0)
1049 wpa_printf(MSG_INFO, "Failed to set cred max_bss_load limit");
1050 xml_node_get_text_free(ctx->xml, str);
1051 }
1052
1053
set_pps_cred_policy(struct hs20_osu_client * ctx,int id,xml_node_t * node)1054 static void set_pps_cred_policy(struct hs20_osu_client *ctx, int id,
1055 xml_node_t *node)
1056 {
1057 xml_node_t *child;
1058 const char *name;
1059
1060 wpa_printf(MSG_INFO, "- Policy");
1061
1062 xml_node_for_each_child(ctx->xml, child, node) {
1063 xml_node_for_each_check(ctx->xml, child);
1064 name = xml_node_get_localname(ctx->xml, child);
1065 if (os_strcasecmp(name, "PreferredRoamingPartnerList") == 0)
1066 set_pps_cred_policy_prpl(ctx, id, child);
1067 else if (os_strcasecmp(name, "MinBackhaulThreshold") == 0)
1068 set_pps_cred_policy_min_backhaul_list(ctx, id, child);
1069 else if (os_strcasecmp(name, "PolicyUpdate") == 0)
1070 set_pps_cred_policy_update(ctx, id, child);
1071 else if (os_strcasecmp(name, "SPExclusionList") == 0)
1072 set_pps_cred_policy_spel(ctx, id, child);
1073 else if (os_strcasecmp(name, "RequiredProtoPortTuple") == 0)
1074 set_pps_cred_policy_required_proto_ports(ctx, id, child);
1075 else if (os_strcasecmp(name, "MaximumBSSLoadValue") == 0)
1076 set_pps_cred_policy_max_bss_load(ctx, id, child);
1077 else
1078 wpa_printf(MSG_INFO, "Unknown Policy node '%s'", name);
1079 }
1080 }
1081
1082
set_pps_cred_priority(struct hs20_osu_client * ctx,int id,xml_node_t * node)1083 static void set_pps_cred_priority(struct hs20_osu_client *ctx, int id,
1084 xml_node_t *node)
1085 {
1086 char *str = xml_node_get_text(ctx->xml, node);
1087 if (str == NULL)
1088 return;
1089 wpa_printf(MSG_INFO, "- CredentialPriority = %s", str);
1090 if (set_cred(ctx->ifname, id, "sp_priority", str) < 0)
1091 wpa_printf(MSG_INFO, "Failed to set cred sp_priority");
1092 xml_node_get_text_free(ctx->xml, str);
1093 }
1094
1095
set_pps_cred_aaa_server_trust_root(struct hs20_osu_client * ctx,int id,xml_node_t * node)1096 static void set_pps_cred_aaa_server_trust_root(struct hs20_osu_client *ctx,
1097 int id, xml_node_t *node)
1098 {
1099 wpa_printf(MSG_INFO, "- AAAServerTrustRoot - TODO");
1100 }
1101
1102
set_pps_cred_sub_update(struct hs20_osu_client * ctx,int id,xml_node_t * node)1103 static void set_pps_cred_sub_update(struct hs20_osu_client *ctx, int id,
1104 xml_node_t *node)
1105 {
1106 wpa_printf(MSG_INFO, "- SubscriptionUpdate");
1107 /* not used within wpa_supplicant */
1108 }
1109
1110
set_pps_cred_home_sp_network_id(struct hs20_osu_client * ctx,int id,xml_node_t * node)1111 static void set_pps_cred_home_sp_network_id(struct hs20_osu_client *ctx,
1112 int id, xml_node_t *node)
1113 {
1114 xml_node_t *ssid_node, *hessid_node;
1115 char *ssid, *hessid;
1116
1117 ssid_node = get_node(ctx->xml, node, "SSID");
1118 if (ssid_node == NULL) {
1119 wpa_printf(MSG_INFO, "Ignore HomeSP/NetworkID without mandatory SSID node");
1120 return;
1121 }
1122
1123 hessid_node = get_node(ctx->xml, node, "HESSID");
1124
1125 ssid = xml_node_get_text(ctx->xml, ssid_node);
1126 if (ssid == NULL)
1127 return;
1128 hessid = hessid_node ? xml_node_get_text(ctx->xml, hessid_node) : NULL;
1129
1130 wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/SSID = %s", anonymize_ssid(ssid));
1131 if (hessid)
1132 wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/HESSID = %s",
1133 anonymize_common(hessid));
1134 /* TODO: Configure to wpa_supplicant */
1135
1136 xml_node_get_text_free(ctx->xml, ssid);
1137 xml_node_get_text_free(ctx->xml, hessid);
1138 }
1139
1140
set_pps_cred_home_sp_network_ids(struct hs20_osu_client * ctx,int id,xml_node_t * node)1141 static void set_pps_cred_home_sp_network_ids(struct hs20_osu_client *ctx,
1142 int id, xml_node_t *node)
1143 {
1144 xml_node_t *child;
1145
1146 wpa_printf(MSG_INFO, "- HomeSP/NetworkID");
1147
1148 xml_node_for_each_child(ctx->xml, child, node) {
1149 xml_node_for_each_check(ctx->xml, child);
1150 set_pps_cred_home_sp_network_id(ctx, id, child);
1151 }
1152 }
1153
1154
set_pps_cred_home_sp_friendly_name(struct hs20_osu_client * ctx,int id,xml_node_t * node)1155 static void set_pps_cred_home_sp_friendly_name(struct hs20_osu_client *ctx,
1156 int id, xml_node_t *node)
1157 {
1158 char *str = xml_node_get_text(ctx->xml, node);
1159 if (str == NULL)
1160 return;
1161 wpa_printf(MSG_INFO, "- HomeSP/FriendlyName = %s", str);
1162 /* not used within wpa_supplicant(?) */
1163 xml_node_get_text_free(ctx->xml, str);
1164 }
1165
1166
set_pps_cred_home_sp_icon_url(struct hs20_osu_client * ctx,int id,xml_node_t * node)1167 static void set_pps_cred_home_sp_icon_url(struct hs20_osu_client *ctx,
1168 int id, xml_node_t *node)
1169 {
1170 char *str = xml_node_get_text(ctx->xml, node);
1171 if (str == NULL)
1172 return;
1173 wpa_printf(MSG_INFO, "- HomeSP/IconURL = %s", str);
1174 /* not used within wpa_supplicant */
1175 xml_node_get_text_free(ctx->xml, str);
1176 }
1177
1178
set_pps_cred_home_sp_fqdn(struct hs20_osu_client * ctx,int id,xml_node_t * node)1179 static void set_pps_cred_home_sp_fqdn(struct hs20_osu_client *ctx, int id,
1180 xml_node_t *node)
1181 {
1182 char *str = xml_node_get_text(ctx->xml, node);
1183 if (str == NULL)
1184 return;
1185 wpa_printf(MSG_INFO, "- HomeSP/FQDN = %s", str);
1186 if (set_cred_quoted(ctx->ifname, id, "domain", str) < 0)
1187 wpa_printf(MSG_INFO, "Failed to set cred domain");
1188 if (set_cred_quoted(ctx->ifname, id, "domain_suffix_match", str) < 0)
1189 wpa_printf(MSG_INFO, "Failed to set cred domain_suffix_match");
1190 xml_node_get_text_free(ctx->xml, str);
1191 }
1192
1193
set_pps_cred_home_sp_oi(struct hs20_osu_client * ctx,int id,xml_node_t * node)1194 static void set_pps_cred_home_sp_oi(struct hs20_osu_client *ctx, int id,
1195 xml_node_t *node)
1196 {
1197 xml_node_t *child;
1198 const char *name;
1199 char *homeoi = NULL;
1200 int required = 0;
1201 char *str;
1202
1203 xml_node_for_each_child(ctx->xml, child, node) {
1204 xml_node_for_each_check(ctx->xml, child);
1205 name = xml_node_get_localname(ctx->xml, child);
1206 if (strcasecmp(name, "HomeOI") == 0 && !homeoi) {
1207 homeoi = xml_node_get_text(ctx->xml, child);
1208 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOI = %s",
1209 homeoi);
1210 } else if (strcasecmp(name, "HomeOIRequired") == 0) {
1211 str = xml_node_get_text(ctx->xml, child);
1212 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOIRequired = '%s'",
1213 str);
1214 if (str == NULL)
1215 continue;
1216 required = strcasecmp(str, "true") == 0;
1217 xml_node_get_text_free(ctx->xml, str);
1218 } else
1219 wpa_printf(MSG_INFO, "Unknown HomeOIList node '%s'",
1220 name);
1221 }
1222
1223 if (homeoi == NULL) {
1224 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> without HomeOI ignored");
1225 return;
1226 }
1227
1228 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> '%s' required=%d",
1229 homeoi, required);
1230
1231 if (required) {
1232 if (set_cred_quoted(ctx->ifname, id, "required_home_ois",
1233 homeoi) < 0)
1234 wpa_printf(MSG_INFO,
1235 "Failed to set cred required_home_ois");
1236 } else {
1237 if (set_cred_quoted(ctx->ifname, id, "home_ois", homeoi) < 0)
1238 wpa_printf(MSG_INFO, "Failed to set cred home_ois");
1239 }
1240
1241 xml_node_get_text_free(ctx->xml, homeoi);
1242 }
1243
1244
set_pps_cred_home_sp_oi_list(struct hs20_osu_client * ctx,int id,xml_node_t * node)1245 static void set_pps_cred_home_sp_oi_list(struct hs20_osu_client *ctx, int id,
1246 xml_node_t *node)
1247 {
1248 xml_node_t *child;
1249
1250 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList");
1251
1252 xml_node_for_each_child(ctx->xml, child, node) {
1253 xml_node_for_each_check(ctx->xml, child);
1254 set_pps_cred_home_sp_oi(ctx, id, child);
1255 }
1256 }
1257
1258
set_pps_cred_home_sp_other_partner(struct hs20_osu_client * ctx,int id,xml_node_t * node)1259 static void set_pps_cred_home_sp_other_partner(struct hs20_osu_client *ctx,
1260 int id, xml_node_t *node)
1261 {
1262 xml_node_t *child;
1263 const char *name;
1264 char *fqdn = NULL;
1265
1266 xml_node_for_each_child(ctx->xml, child, node) {
1267 xml_node_for_each_check(ctx->xml, child);
1268 name = xml_node_get_localname(ctx->xml, child);
1269 if (os_strcasecmp(name, "FQDN") == 0 && !fqdn) {
1270 fqdn = xml_node_get_text(ctx->xml, child);
1271 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+>/FQDN = %s",
1272 fqdn);
1273 } else
1274 wpa_printf(MSG_INFO, "Unknown OtherHomePartners node '%s'",
1275 name);
1276 }
1277
1278 if (fqdn == NULL) {
1279 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+> without FQDN ignored");
1280 return;
1281 }
1282
1283 if (set_cred_quoted(ctx->ifname, id, "domain", fqdn) < 0)
1284 wpa_printf(MSG_INFO, "Failed to set cred domain for OtherHomePartners node");
1285
1286 xml_node_get_text_free(ctx->xml, fqdn);
1287 }
1288
1289
set_pps_cred_home_sp_other_partners(struct hs20_osu_client * ctx,int id,xml_node_t * node)1290 static void set_pps_cred_home_sp_other_partners(struct hs20_osu_client *ctx,
1291 int id,
1292 xml_node_t *node)
1293 {
1294 xml_node_t *child;
1295
1296 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners");
1297
1298 xml_node_for_each_child(ctx->xml, child, node) {
1299 xml_node_for_each_check(ctx->xml, child);
1300 set_pps_cred_home_sp_other_partner(ctx, id, child);
1301 }
1302 }
1303
1304
set_pps_cred_home_sp_roaming_consortium_oi(struct hs20_osu_client * ctx,int id,xml_node_t * node)1305 static void set_pps_cred_home_sp_roaming_consortium_oi(
1306 struct hs20_osu_client *ctx, int id, xml_node_t *node)
1307 {
1308 char *str = xml_node_get_text(ctx->xml, node);
1309 if (str == NULL)
1310 return;
1311 wpa_printf(MSG_INFO, "- HomeSP/RoamingConsortiumOI = %s", str);
1312 if (set_cred_quoted(ctx->ifname, id, "roaming_consortiums",
1313 str) < 0)
1314 wpa_printf(MSG_INFO, "Failed to set cred roaming_consortiums");
1315 xml_node_get_text_free(ctx->xml, str);
1316 }
1317
1318
set_pps_cred_home_sp(struct hs20_osu_client * ctx,int id,xml_node_t * node)1319 static void set_pps_cred_home_sp(struct hs20_osu_client *ctx, int id,
1320 xml_node_t *node)
1321 {
1322 xml_node_t *child;
1323 const char *name;
1324
1325 wpa_printf(MSG_INFO, "- HomeSP");
1326
1327 xml_node_for_each_child(ctx->xml, child, node) {
1328 xml_node_for_each_check(ctx->xml, child);
1329 name = xml_node_get_localname(ctx->xml, child);
1330 if (os_strcasecmp(name, "NetworkID") == 0)
1331 set_pps_cred_home_sp_network_ids(ctx, id, child);
1332 else if (os_strcasecmp(name, "FriendlyName") == 0)
1333 set_pps_cred_home_sp_friendly_name(ctx, id, child);
1334 else if (os_strcasecmp(name, "IconURL") == 0)
1335 set_pps_cred_home_sp_icon_url(ctx, id, child);
1336 else if (os_strcasecmp(name, "FQDN") == 0)
1337 set_pps_cred_home_sp_fqdn(ctx, id, child);
1338 else if (os_strcasecmp(name, "HomeOIList") == 0)
1339 set_pps_cred_home_sp_oi_list(ctx, id, child);
1340 else if (os_strcasecmp(name, "OtherHomePartners") == 0)
1341 set_pps_cred_home_sp_other_partners(ctx, id, child);
1342 else if (os_strcasecmp(name, "RoamingConsortiumOI") == 0)
1343 set_pps_cred_home_sp_roaming_consortium_oi(ctx, id,
1344 child);
1345 else
1346 wpa_printf(MSG_INFO, "Unknown HomeSP node '%s'", name);
1347 }
1348 }
1349
1350
set_pps_cred_sub_params(struct hs20_osu_client * ctx,int id,xml_node_t * node)1351 static void set_pps_cred_sub_params(struct hs20_osu_client *ctx, int id,
1352 xml_node_t *node)
1353 {
1354 wpa_printf(MSG_INFO, "- SubscriptionParameters");
1355 /* not used within wpa_supplicant */
1356 }
1357
1358
set_pps_cred_creation_date(struct hs20_osu_client * ctx,int id,xml_node_t * node)1359 static void set_pps_cred_creation_date(struct hs20_osu_client *ctx, int id,
1360 xml_node_t *node)
1361 {
1362 char *str = xml_node_get_text(ctx->xml, node);
1363 if (str == NULL)
1364 return;
1365 wpa_printf(MSG_INFO, "- Credential/CreationDate = %s", str);
1366 /* not used within wpa_supplicant */
1367 xml_node_get_text_free(ctx->xml, str);
1368 }
1369
1370
set_pps_cred_expiration_date(struct hs20_osu_client * ctx,int id,xml_node_t * node)1371 static void set_pps_cred_expiration_date(struct hs20_osu_client *ctx, int id,
1372 xml_node_t *node)
1373 {
1374 char *str = xml_node_get_text(ctx->xml, node);
1375 if (str == NULL)
1376 return;
1377 wpa_printf(MSG_INFO, "- Credential/ExpirationDate = %s", str);
1378 /* not used within wpa_supplicant */
1379 xml_node_get_text_free(ctx->xml, str);
1380 }
1381
1382
set_pps_cred_username(struct hs20_osu_client * ctx,int id,xml_node_t * node)1383 static void set_pps_cred_username(struct hs20_osu_client *ctx, int id,
1384 xml_node_t *node)
1385 {
1386 char *str = xml_node_get_text(ctx->xml, node);
1387 if (str == NULL)
1388 return;
1389 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Username = %s",
1390 str);
1391 if (set_cred_quoted(ctx->ifname, id, "username", str) < 0)
1392 wpa_printf(MSG_INFO, "Failed to set cred username");
1393 xml_node_get_text_free(ctx->xml, str);
1394 }
1395
1396
set_pps_cred_password(struct hs20_osu_client * ctx,int id,xml_node_t * node)1397 static void set_pps_cred_password(struct hs20_osu_client *ctx, int id,
1398 xml_node_t *node)
1399 {
1400 int len, i;
1401 char *pw, *hex, *pos, *end;
1402
1403 pw = xml_node_get_base64_text(ctx->xml, node, &len);
1404 if (pw == NULL)
1405 return;
1406
1407 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Password = %s", pw);
1408
1409 hex = malloc(len * 2 + 1);
1410 if (hex == NULL) {
1411 free(pw);
1412 return;
1413 }
1414 end = hex + len * 2 + 1;
1415 pos = hex;
1416 for (i = 0; i < len; i++) {
1417 snprintf(pos, end - pos, "%02x", pw[i]);
1418 pos += 2;
1419 }
1420 free(pw);
1421
1422 if (set_cred(ctx->ifname, id, "password", hex) < 0)
1423 wpa_printf(MSG_INFO, "Failed to set cred password");
1424 free(hex);
1425 }
1426
1427
set_pps_cred_machine_managed(struct hs20_osu_client * ctx,int id,xml_node_t * node)1428 static void set_pps_cred_machine_managed(struct hs20_osu_client *ctx, int id,
1429 xml_node_t *node)
1430 {
1431 char *str = xml_node_get_text(ctx->xml, node);
1432 if (str == NULL)
1433 return;
1434 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/MachineManaged = %s",
1435 str);
1436 /* not used within wpa_supplicant */
1437 xml_node_get_text_free(ctx->xml, str);
1438 }
1439
1440
set_pps_cred_soft_token_app(struct hs20_osu_client * ctx,int id,xml_node_t * node)1441 static void set_pps_cred_soft_token_app(struct hs20_osu_client *ctx, int id,
1442 xml_node_t *node)
1443 {
1444 char *str = xml_node_get_text(ctx->xml, node);
1445 if (str == NULL)
1446 return;
1447 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/SoftTokenApp = %s",
1448 str);
1449 /* not used within wpa_supplicant */
1450 xml_node_get_text_free(ctx->xml, str);
1451 }
1452
1453
set_pps_cred_able_to_share(struct hs20_osu_client * ctx,int id,xml_node_t * node)1454 static void set_pps_cred_able_to_share(struct hs20_osu_client *ctx, int id,
1455 xml_node_t *node)
1456 {
1457 char *str = xml_node_get_text(ctx->xml, node);
1458 if (str == NULL)
1459 return;
1460 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/AbleToShare = %s",
1461 str);
1462 /* not used within wpa_supplicant */
1463 xml_node_get_text_free(ctx->xml, str);
1464 }
1465
1466
set_pps_cred_eap_method_eap_type(struct hs20_osu_client * ctx,int id,xml_node_t * node)1467 static void set_pps_cred_eap_method_eap_type(struct hs20_osu_client *ctx,
1468 int id, xml_node_t *node)
1469 {
1470 char *str = xml_node_get_text(ctx->xml, node);
1471 int type;
1472 const char *eap_method = NULL;
1473
1474 if (!str)
1475 return;
1476 wpa_printf(MSG_INFO,
1477 "- Credential/UsernamePassword/EAPMethod/EAPType = %s", str);
1478 type = atoi(str);
1479 switch (type) {
1480 case EAP_TYPE_TLS:
1481 eap_method = "TLS";
1482 break;
1483 case EAP_TYPE_TTLS:
1484 eap_method = "TTLS";
1485 break;
1486 case EAP_TYPE_PEAP:
1487 eap_method = "PEAP";
1488 break;
1489 case EAP_TYPE_PWD:
1490 eap_method = "PWD";
1491 break;
1492 }
1493 xml_node_get_text_free(ctx->xml, str);
1494 if (!eap_method) {
1495 wpa_printf(MSG_INFO, "Unknown EAPType value");
1496 return;
1497 }
1498
1499 if (set_cred(ctx->ifname, id, "eap", eap_method) < 0)
1500 wpa_printf(MSG_INFO, "Failed to set cred eap");
1501 }
1502
1503
set_pps_cred_eap_method_inner_method(struct hs20_osu_client * ctx,int id,xml_node_t * node)1504 static void set_pps_cred_eap_method_inner_method(struct hs20_osu_client *ctx,
1505 int id, xml_node_t *node)
1506 {
1507 char *str = xml_node_get_text(ctx->xml, node);
1508 const char *phase2 = NULL;
1509
1510 if (!str)
1511 return;
1512 wpa_printf(MSG_INFO,
1513 "- Credential/UsernamePassword/EAPMethod/InnerMethod = %s",
1514 str);
1515 if (os_strcmp(str, "PAP") == 0)
1516 phase2 = "auth=PAP";
1517 else if (os_strcmp(str, "CHAP") == 0)
1518 phase2 = "auth=CHAP";
1519 else if (os_strcmp(str, "MS-CHAP") == 0)
1520 phase2 = "auth=MSCHAP";
1521 else if (os_strcmp(str, "MS-CHAP-V2") == 0)
1522 phase2 = "auth=MSCHAPV2";
1523 xml_node_get_text_free(ctx->xml, str);
1524 if (!phase2) {
1525 wpa_printf(MSG_INFO, "Unknown InnerMethod value");
1526 return;
1527 }
1528
1529 if (set_cred_quoted(ctx->ifname, id, "phase2", phase2) < 0)
1530 wpa_printf(MSG_INFO, "Failed to set cred phase2");
1531 }
1532
1533
set_pps_cred_eap_method(struct hs20_osu_client * ctx,int id,xml_node_t * node)1534 static void set_pps_cred_eap_method(struct hs20_osu_client *ctx, int id,
1535 xml_node_t *node)
1536 {
1537 xml_node_t *child;
1538 const char *name;
1539
1540 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/EAPMethod");
1541
1542 xml_node_for_each_child(ctx->xml, child, node) {
1543 xml_node_for_each_check(ctx->xml, child);
1544 name = xml_node_get_localname(ctx->xml, child);
1545 if (os_strcasecmp(name, "EAPType") == 0)
1546 set_pps_cred_eap_method_eap_type(ctx, id, child);
1547 else if (os_strcasecmp(name, "InnerMethod") == 0)
1548 set_pps_cred_eap_method_inner_method(ctx, id, child);
1549 else
1550 wpa_printf(MSG_INFO, "Unknown Credential/UsernamePassword/EAPMethod node '%s'",
1551 name);
1552 }
1553 }
1554
1555
set_pps_cred_username_password(struct hs20_osu_client * ctx,int id,xml_node_t * node)1556 static void set_pps_cred_username_password(struct hs20_osu_client *ctx, int id,
1557 xml_node_t *node)
1558 {
1559 xml_node_t *child;
1560 const char *name;
1561
1562 wpa_printf(MSG_INFO, "- Credential/UsernamePassword");
1563
1564 xml_node_for_each_child(ctx->xml, child, node) {
1565 xml_node_for_each_check(ctx->xml, child);
1566 name = xml_node_get_localname(ctx->xml, child);
1567 if (os_strcasecmp(name, "Username") == 0)
1568 set_pps_cred_username(ctx, id, child);
1569 else if (os_strcasecmp(name, "Password") == 0)
1570 set_pps_cred_password(ctx, id, child);
1571 else if (os_strcasecmp(name, "MachineManaged") == 0)
1572 set_pps_cred_machine_managed(ctx, id, child);
1573 else if (os_strcasecmp(name, "SoftTokenApp") == 0)
1574 set_pps_cred_soft_token_app(ctx, id, child);
1575 else if (os_strcasecmp(name, "AbleToShare") == 0)
1576 set_pps_cred_able_to_share(ctx, id, child);
1577 else if (os_strcasecmp(name, "EAPMethod") == 0)
1578 set_pps_cred_eap_method(ctx, id, child);
1579 else
1580 wpa_printf(MSG_INFO, "Unknown Credential/UsernamePassword node '%s'",
1581 name);
1582 }
1583 }
1584
1585
set_pps_cred_digital_cert(struct hs20_osu_client * ctx,int id,xml_node_t * node,const char * fqdn)1586 static void set_pps_cred_digital_cert(struct hs20_osu_client *ctx, int id,
1587 xml_node_t *node, const char *fqdn)
1588 {
1589 char buf[200], dir[200];
1590 int res;
1591
1592 wpa_printf(MSG_INFO, "- Credential/DigitalCertificate");
1593
1594 if (getcwd(dir, sizeof(dir)) == NULL)
1595 return;
1596
1597 /* TODO: could build username from Subject of Subject AltName */
1598 if (set_cred_quoted(ctx->ifname, id, "username", "cert") < 0) {
1599 wpa_printf(MSG_INFO, "Failed to set username");
1600 }
1601
1602 res = os_snprintf(buf, sizeof(buf), "%s/SP/%s/client-cert.pem", dir,
1603 fqdn);
1604 if (os_snprintf_error(sizeof(buf), res))
1605 return;
1606 if (os_file_exists(buf)) {
1607 if (set_cred_quoted(ctx->ifname, id, "client_cert", buf) < 0) {
1608 wpa_printf(MSG_INFO, "Failed to set client_cert");
1609 }
1610 }
1611
1612 res = os_snprintf(buf, sizeof(buf), "%s/SP/%s/client-key.pem", dir,
1613 fqdn);
1614 if (os_snprintf_error(sizeof(buf), res))
1615 return;
1616 if (os_file_exists(buf)) {
1617 if (set_cred_quoted(ctx->ifname, id, "private_key", buf) < 0) {
1618 wpa_printf(MSG_INFO, "Failed to set private_key");
1619 }
1620 }
1621 }
1622
1623
set_pps_cred_realm(struct hs20_osu_client * ctx,int id,xml_node_t * node,const char * fqdn,int sim)1624 static void set_pps_cred_realm(struct hs20_osu_client *ctx, int id,
1625 xml_node_t *node, const char *fqdn, int sim)
1626 {
1627 char *str = xml_node_get_text(ctx->xml, node);
1628 char buf[200], dir[200];
1629 int res;
1630
1631 if (str == NULL)
1632 return;
1633
1634 wpa_printf(MSG_INFO, "- Credential/Realm = %s", str);
1635 if (set_cred_quoted(ctx->ifname, id, "realm", str) < 0)
1636 wpa_printf(MSG_INFO, "Failed to set cred realm");
1637 xml_node_get_text_free(ctx->xml, str);
1638
1639 if (sim)
1640 return;
1641
1642 if (getcwd(dir, sizeof(dir)) == NULL)
1643 return;
1644 res = os_snprintf(buf, sizeof(buf), "%s/SP/%s/aaa-ca.pem", dir, fqdn);
1645 if (os_snprintf_error(sizeof(buf), res))
1646 return;
1647 if (os_file_exists(buf)) {
1648 if (set_cred_quoted(ctx->ifname, id, "ca_cert", buf) < 0) {
1649 wpa_printf(MSG_INFO, "Failed to set CA cert");
1650 }
1651 }
1652 }
1653
1654
set_pps_cred_check_aaa_cert_status(struct hs20_osu_client * ctx,int id,xml_node_t * node)1655 static void set_pps_cred_check_aaa_cert_status(struct hs20_osu_client *ctx,
1656 int id, xml_node_t *node)
1657 {
1658 char *str = xml_node_get_text(ctx->xml, node);
1659
1660 if (str == NULL)
1661 return;
1662
1663 wpa_printf(MSG_INFO, "- Credential/CheckAAAServerCertStatus = %s", str);
1664 if (os_strcasecmp(str, "true") == 0 &&
1665 set_cred(ctx->ifname, id, "ocsp", "2") < 0)
1666 wpa_printf(MSG_INFO, "Failed to set cred ocsp");
1667 xml_node_get_text_free(ctx->xml, str);
1668 }
1669
1670
set_pps_cred_sim(struct hs20_osu_client * ctx,int id,xml_node_t * sim,xml_node_t * realm)1671 static void set_pps_cred_sim(struct hs20_osu_client *ctx, int id,
1672 xml_node_t *sim, xml_node_t *realm)
1673 {
1674 xml_node_t *node;
1675 char *imsi, *eaptype, *str, buf[20];
1676 int type;
1677 int mnc_len = 3;
1678 size_t imsi_len;
1679
1680 node = get_node(ctx->xml, sim, "EAPType");
1681 if (node == NULL) {
1682 wpa_printf(MSG_INFO, "No SIM/EAPType node in credential");
1683 return;
1684 }
1685 eaptype = xml_node_get_text(ctx->xml, node);
1686 if (eaptype == NULL) {
1687 wpa_printf(MSG_INFO, "Could not extract SIM/EAPType");
1688 return;
1689 }
1690 wpa_printf(MSG_INFO, " - Credential/SIM/EAPType = %s", eaptype);
1691 type = atoi(eaptype);
1692 xml_node_get_text_free(ctx->xml, eaptype);
1693
1694 switch (type) {
1695 case EAP_TYPE_SIM:
1696 if (set_cred(ctx->ifname, id, "eap", "SIM") < 0)
1697 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1698 break;
1699 case EAP_TYPE_AKA:
1700 if (set_cred(ctx->ifname, id, "eap", "AKA") < 0)
1701 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1702 break;
1703 case EAP_TYPE_AKA_PRIME:
1704 if (set_cred(ctx->ifname, id, "eap", "AKA'") < 0)
1705 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1706 break;
1707 default:
1708 wpa_printf(MSG_INFO, "Unsupported SIM/EAPType %d", type);
1709 return;
1710 }
1711
1712 node = get_node(ctx->xml, sim, "IMSI");
1713 if (node == NULL) {
1714 wpa_printf(MSG_INFO, "No SIM/IMSI node in credential");
1715 return;
1716 }
1717 imsi = xml_node_get_text(ctx->xml, node);
1718 if (imsi == NULL) {
1719 wpa_printf(MSG_INFO, "Could not extract SIM/IMSI");
1720 return;
1721 }
1722 wpa_printf(MSG_INFO, " - Credential/SIM/IMSI = %s", anonymize_common(imsi));
1723 imsi_len = os_strlen(imsi);
1724 if (imsi_len < 7 || imsi_len + 2 > sizeof(buf)) {
1725 wpa_printf(MSG_INFO, "Invalid IMSI length");
1726 xml_node_get_text_free(ctx->xml, imsi);
1727 return;
1728 }
1729
1730 str = xml_node_get_text(ctx->xml, node);
1731 if (str) {
1732 char *pos;
1733 pos = os_strstr(str, "mnc");
1734 if (pos && os_strlen(pos) >= 6) {
1735 if (os_strncmp(imsi + 3, pos + 3, 3) == 0)
1736 mnc_len = 3;
1737 else if (os_strncmp(imsi + 3, pos + 4, 2) == 0)
1738 mnc_len = 2;
1739 }
1740 xml_node_get_text_free(ctx->xml, str);
1741 }
1742
1743 os_memcpy(buf, imsi, 3 + mnc_len);
1744 buf[3 + mnc_len] = '-';
1745 os_strlcpy(buf + 3 + mnc_len + 1, imsi + 3 + mnc_len,
1746 sizeof(buf) - 3 - mnc_len - 1);
1747
1748 xml_node_get_text_free(ctx->xml, imsi);
1749
1750 if (set_cred_quoted(ctx->ifname, id, "imsi", buf) < 0)
1751 wpa_printf(MSG_INFO, "Could not set IMSI");
1752
1753 if (set_cred_quoted(ctx->ifname, id, "milenage",
1754 "90dca4eda45b53cf0f12d7c9c3bc6a89:"
1755 "cb9cccc4b9258e6dca4760379fb82581:000000000123") <
1756 0)
1757 wpa_printf(MSG_INFO, "Could not set Milenage parameters");
1758 }
1759
1760
set_pps_cred_credential(struct hs20_osu_client * ctx,int id,xml_node_t * node,const char * fqdn)1761 static void set_pps_cred_credential(struct hs20_osu_client *ctx, int id,
1762 xml_node_t *node, const char *fqdn)
1763 {
1764 xml_node_t *child, *sim, *realm;
1765 const char *name;
1766
1767 wpa_printf(MSG_INFO, "- Credential");
1768
1769 sim = get_node(ctx->xml, node, "SIM");
1770 realm = get_node(ctx->xml, node, "Realm");
1771
1772 xml_node_for_each_child(ctx->xml, child, node) {
1773 xml_node_for_each_check(ctx->xml, child);
1774 name = xml_node_get_localname(ctx->xml, child);
1775 if (os_strcasecmp(name, "CreationDate") == 0)
1776 set_pps_cred_creation_date(ctx, id, child);
1777 else if (os_strcasecmp(name, "ExpirationDate") == 0)
1778 set_pps_cred_expiration_date(ctx, id, child);
1779 else if (os_strcasecmp(name, "UsernamePassword") == 0)
1780 set_pps_cred_username_password(ctx, id, child);
1781 else if (os_strcasecmp(name, "DigitalCertificate") == 0)
1782 set_pps_cred_digital_cert(ctx, id, child, fqdn);
1783 else if (os_strcasecmp(name, "Realm") == 0)
1784 set_pps_cred_realm(ctx, id, child, fqdn, sim != NULL);
1785 else if (os_strcasecmp(name, "CheckAAAServerCertStatus") == 0)
1786 set_pps_cred_check_aaa_cert_status(ctx, id, child);
1787 else if (os_strcasecmp(name, "SIM") == 0)
1788 set_pps_cred_sim(ctx, id, child, realm);
1789 else
1790 wpa_printf(MSG_INFO, "Unknown Credential node '%s'",
1791 name);
1792 }
1793 }
1794
1795
set_pps_credential(struct hs20_osu_client * ctx,int id,xml_node_t * cred,const char * fqdn)1796 static void set_pps_credential(struct hs20_osu_client *ctx, int id,
1797 xml_node_t *cred, const char *fqdn)
1798 {
1799 xml_node_t *child;
1800 const char *name;
1801
1802 xml_node_for_each_child(ctx->xml, child, cred) {
1803 xml_node_for_each_check(ctx->xml, child);
1804 name = xml_node_get_localname(ctx->xml, child);
1805 if (os_strcasecmp(name, "Policy") == 0)
1806 set_pps_cred_policy(ctx, id, child);
1807 else if (os_strcasecmp(name, "CredentialPriority") == 0)
1808 set_pps_cred_priority(ctx, id, child);
1809 else if (os_strcasecmp(name, "AAAServerTrustRoot") == 0)
1810 set_pps_cred_aaa_server_trust_root(ctx, id, child);
1811 else if (os_strcasecmp(name, "SubscriptionUpdate") == 0)
1812 set_pps_cred_sub_update(ctx, id, child);
1813 else if (os_strcasecmp(name, "HomeSP") == 0)
1814 set_pps_cred_home_sp(ctx, id, child);
1815 else if (os_strcasecmp(name, "SubscriptionParameters") == 0)
1816 set_pps_cred_sub_params(ctx, id, child);
1817 else if (os_strcasecmp(name, "Credential") == 0)
1818 set_pps_cred_credential(ctx, id, child, fqdn);
1819 else
1820 wpa_printf(MSG_INFO, "Unknown credential node '%s'",
1821 name);
1822 }
1823 }
1824
1825
set_pps(struct hs20_osu_client * ctx,xml_node_t * pps,const char * fqdn)1826 static void set_pps(struct hs20_osu_client *ctx, xml_node_t *pps,
1827 const char *fqdn)
1828 {
1829 xml_node_t *child;
1830 const char *name;
1831 int id;
1832 char *update_identifier = NULL;
1833
1834 /*
1835 * TODO: Could consider more complex mechanism that would remove
1836 * credentials only if there are changes in the information sent to
1837 * wpa_supplicant.
1838 */
1839 remove_sp_creds(ctx, fqdn);
1840
1841 xml_node_for_each_child(ctx->xml, child, pps) {
1842 xml_node_for_each_check(ctx->xml, child);
1843 name = xml_node_get_localname(ctx->xml, child);
1844 if (os_strcasecmp(name, "UpdateIdentifier") == 0) {
1845 update_identifier = xml_node_get_text(ctx->xml, child);
1846 if (update_identifier) {
1847 wpa_printf(MSG_INFO, "- UpdateIdentifier = %s",
1848 update_identifier);
1849 break;
1850 }
1851 }
1852 }
1853
1854 xml_node_for_each_child(ctx->xml, child, pps) {
1855 xml_node_for_each_check(ctx->xml, child);
1856 name = xml_node_get_localname(ctx->xml, child);
1857 if (os_strcasecmp(name, "UpdateIdentifier") == 0)
1858 continue;
1859 id = add_cred(ctx->ifname);
1860 if (id < 0) {
1861 wpa_printf(MSG_INFO, "Failed to add credential to wpa_supplicant");
1862 write_summary(ctx, "Failed to add credential to wpa_supplicant");
1863 break;
1864 }
1865 write_summary(ctx, "Add a credential to wpa_supplicant");
1866 if (update_identifier &&
1867 set_cred(ctx->ifname, id, "update_identifier",
1868 update_identifier) < 0)
1869 wpa_printf(MSG_INFO, "Failed to set update_identifier");
1870 if (set_cred_quoted(ctx->ifname, id, "provisioning_sp", fqdn) <
1871 0)
1872 wpa_printf(MSG_INFO, "Failed to set provisioning_sp");
1873 wpa_printf(MSG_INFO, "credential localname: '%s'", name);
1874 set_pps_credential(ctx, id, child, fqdn);
1875 ctx->pps_cred_set = 1;
1876 }
1877
1878 xml_node_get_text_free(ctx->xml, update_identifier);
1879 }
1880
1881
cmd_set_pps(struct hs20_osu_client * ctx,const char * pps_fname)1882 void cmd_set_pps(struct hs20_osu_client *ctx, const char *pps_fname)
1883 {
1884 xml_node_t *pps;
1885 const char *fqdn;
1886 char *fqdn_buf = NULL, *pos;
1887
1888 pps = node_from_file(ctx->xml, pps_fname);
1889 if (pps == NULL) {
1890 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
1891 return;
1892 }
1893
1894 fqdn = os_strstr(pps_fname, "SP/");
1895 if (fqdn) {
1896 fqdn_buf = os_strdup(fqdn + 3);
1897 if (fqdn_buf == NULL)
1898 return;
1899 pos = os_strchr(fqdn_buf, '/');
1900 if (pos)
1901 *pos = '\0';
1902 fqdn = fqdn_buf;
1903 } else
1904 fqdn = "wi-fi.org";
1905
1906 wpa_printf(MSG_INFO, "Set PPS MO info to wpa_supplicant - SP FQDN %s",
1907 fqdn);
1908 set_pps(ctx, pps, fqdn);
1909
1910 os_free(fqdn_buf);
1911 xml_node_free(ctx->xml, pps);
1912 }
1913
1914
cmd_get_fqdn(struct hs20_osu_client * ctx,const char * pps_fname)1915 static int cmd_get_fqdn(struct hs20_osu_client *ctx, const char *pps_fname)
1916 {
1917 xml_node_t *pps, *node;
1918 char *fqdn = NULL;
1919
1920 pps = node_from_file(ctx->xml, pps_fname);
1921 if (pps == NULL) {
1922 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
1923 return -1;
1924 }
1925
1926 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
1927 if (node)
1928 fqdn = xml_node_get_text(ctx->xml, node);
1929
1930 xml_node_free(ctx->xml, pps);
1931
1932 if (fqdn) {
1933 FILE *f = fopen("pps-fqdn", "w");
1934 if (f) {
1935 fprintf(f, "%s", fqdn);
1936 fclose(f);
1937 }
1938 xml_node_get_text_free(ctx->xml, fqdn);
1939 return 0;
1940 }
1941
1942 xml_node_get_text_free(ctx->xml, fqdn);
1943 return -1;
1944 }
1945
1946
cmd_to_tnds(struct hs20_osu_client * ctx,const char * in_fname,const char * out_fname,const char * urn,int use_path)1947 static void cmd_to_tnds(struct hs20_osu_client *ctx, const char *in_fname,
1948 const char *out_fname, const char *urn, int use_path)
1949 {
1950 xml_node_t *mo, *node;
1951
1952 mo = node_from_file(ctx->xml, in_fname);
1953 if (mo == NULL) {
1954 wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
1955 return;
1956 }
1957
1958 node = mo_to_tnds(ctx->xml, mo, use_path, urn, NULL);
1959 if (node) {
1960 node_to_file(ctx->xml, out_fname, node);
1961 xml_node_free(ctx->xml, node);
1962 }
1963
1964 xml_node_free(ctx->xml, mo);
1965 }
1966
1967
cmd_from_tnds(struct hs20_osu_client * ctx,const char * in_fname,const char * out_fname)1968 static void cmd_from_tnds(struct hs20_osu_client *ctx, const char *in_fname,
1969 const char *out_fname)
1970 {
1971 xml_node_t *tnds, *mo;
1972
1973 tnds = node_from_file(ctx->xml, in_fname);
1974 if (tnds == NULL) {
1975 wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
1976 return;
1977 }
1978
1979 mo = tnds_to_mo(ctx->xml, tnds);
1980 if (mo) {
1981 node_to_file(ctx->xml, out_fname, mo);
1982 xml_node_free(ctx->xml, mo);
1983 }
1984
1985 xml_node_free(ctx->xml, tnds);
1986 }
1987
1988
1989 struct osu_icon {
1990 int id;
1991 char lang[4];
1992 char mime_type[256];
1993 char filename[256];
1994 };
1995
1996 struct osu_data {
1997 char bssid[20];
1998 char url[256];
1999 unsigned int methods;
2000 char osu_ssid[33];
2001 char osu_ssid2[33];
2002 char osu_nai[256];
2003 char osu_nai2[256];
2004 struct osu_lang_text friendly_name[MAX_OSU_VALS];
2005 size_t friendly_name_count;
2006 struct osu_lang_text serv_desc[MAX_OSU_VALS];
2007 size_t serv_desc_count;
2008 struct osu_icon icon[MAX_OSU_VALS];
2009 size_t icon_count;
2010 };
2011
2012
parse_osu_providers(const char * fname,size_t * count)2013 static struct osu_data * parse_osu_providers(const char *fname, size_t *count)
2014 {
2015 FILE *f;
2016 char buf[1000];
2017 struct osu_data *osu = NULL, *last = NULL;
2018 size_t osu_count = 0;
2019 char *pos, *end;
2020 int res;
2021
2022 f = fopen(fname, "r");
2023 if (f == NULL) {
2024 wpa_printf(MSG_ERROR, "Could not open %s", fname);
2025 return NULL;
2026 }
2027
2028 while (fgets(buf, sizeof(buf), f)) {
2029 pos = strchr(buf, '\n');
2030 if (pos)
2031 *pos = '\0';
2032
2033 if (strncmp(buf, "OSU-PROVIDER ", 13) == 0) {
2034 last = realloc(osu, (osu_count + 1) * sizeof(*osu));
2035 if (last == NULL)
2036 break;
2037 osu = last;
2038 last = &osu[osu_count++];
2039 memset(last, 0, sizeof(*last));
2040 res = os_snprintf(last->bssid, sizeof(last->bssid),
2041 "%s", buf + 13);
2042 if (os_snprintf_error(sizeof(last->bssid), res))
2043 break;
2044 continue;
2045 }
2046 if (!last)
2047 continue;
2048
2049 if (strncmp(buf, "uri=", 4) == 0) {
2050 res = os_snprintf(last->url, sizeof(last->url),
2051 "%s", buf + 4);
2052 if (os_snprintf_error(sizeof(last->url), res))
2053 break;
2054 continue;
2055 }
2056
2057 if (strncmp(buf, "methods=", 8) == 0) {
2058 last->methods = strtol(buf + 8, NULL, 16);
2059 continue;
2060 }
2061
2062 if (strncmp(buf, "osu_ssid=", 9) == 0) {
2063 res = os_snprintf(last->osu_ssid,
2064 sizeof(last->osu_ssid),
2065 "%s", buf + 9);
2066 if (os_snprintf_error(sizeof(last->osu_ssid), res))
2067 break;
2068 continue;
2069 }
2070
2071 if (strncmp(buf, "osu_ssid2=", 10) == 0) {
2072 res = os_snprintf(last->osu_ssid2,
2073 sizeof(last->osu_ssid2),
2074 "%s", buf + 10);
2075 if (os_snprintf_error(sizeof(last->osu_ssid2), res))
2076 break;
2077 continue;
2078 }
2079
2080 if (os_strncmp(buf, "osu_nai=", 8) == 0) {
2081 res = os_snprintf(last->osu_nai, sizeof(last->osu_nai),
2082 "%s", buf + 8);
2083 if (os_snprintf_error(sizeof(last->osu_nai), res))
2084 break;
2085 continue;
2086 }
2087
2088 if (os_strncmp(buf, "osu_nai2=", 9) == 0) {
2089 res = os_snprintf(last->osu_nai2,
2090 sizeof(last->osu_nai2),
2091 "%s", buf + 9);
2092 if (os_snprintf_error(sizeof(last->osu_nai2), res))
2093 break;
2094 continue;
2095 }
2096
2097 if (strncmp(buf, "friendly_name=", 14) == 0) {
2098 struct osu_lang_text *txt;
2099 if (last->friendly_name_count == MAX_OSU_VALS)
2100 continue;
2101 pos = strchr(buf + 14, ':');
2102 if (pos == NULL)
2103 continue;
2104 *pos++ = '\0';
2105 txt = &last->friendly_name[last->friendly_name_count++];
2106 res = os_snprintf(txt->lang, sizeof(txt->lang),
2107 "%s", buf + 14);
2108 if (os_snprintf_error(sizeof(txt->lang), res))
2109 break;
2110 res = os_snprintf(txt->text, sizeof(txt->text),
2111 "%s", pos);
2112 if (os_snprintf_error(sizeof(txt->text), res))
2113 break;
2114 }
2115
2116 if (strncmp(buf, "desc=", 5) == 0) {
2117 struct osu_lang_text *txt;
2118 if (last->serv_desc_count == MAX_OSU_VALS)
2119 continue;
2120 pos = strchr(buf + 5, ':');
2121 if (pos == NULL)
2122 continue;
2123 *pos++ = '\0';
2124 txt = &last->serv_desc[last->serv_desc_count++];
2125 res = os_snprintf(txt->lang, sizeof(txt->lang),
2126 "%s", buf + 5);
2127 if (os_snprintf_error(sizeof(txt->lang), res))
2128 break;
2129 res = os_snprintf(txt->text, sizeof(txt->text),
2130 "%s", pos);
2131 if (os_snprintf_error(sizeof(txt->text), res))
2132 break;
2133 }
2134
2135 if (strncmp(buf, "icon=", 5) == 0) {
2136 struct osu_icon *icon;
2137 if (last->icon_count == MAX_OSU_VALS)
2138 continue;
2139 icon = &last->icon[last->icon_count++];
2140 icon->id = atoi(buf + 5);
2141 pos = strchr(buf, ':');
2142 if (pos == NULL)
2143 continue;
2144 pos = strchr(pos + 1, ':');
2145 if (pos == NULL)
2146 continue;
2147 pos = strchr(pos + 1, ':');
2148 if (pos == NULL)
2149 continue;
2150 pos++;
2151 end = strchr(pos, ':');
2152 if (!end)
2153 continue;
2154 *end = '\0';
2155 res = os_snprintf(icon->lang, sizeof(icon->lang),
2156 "%s", pos);
2157 if (os_snprintf_error(sizeof(icon->lang), res))
2158 break;
2159 pos = end + 1;
2160
2161 end = strchr(pos, ':');
2162 if (end)
2163 *end = '\0';
2164 res = os_snprintf(icon->mime_type,
2165 sizeof(icon->mime_type), "%s", pos);
2166 if (os_snprintf_error(sizeof(icon->mime_type), res))
2167 break;
2168 if (!end)
2169 continue;
2170 pos = end + 1;
2171
2172 end = strchr(pos, ':');
2173 if (end)
2174 *end = '\0';
2175 res = os_snprintf(icon->filename,
2176 sizeof(icon->filename), "%s", pos);
2177 if (os_snprintf_error(sizeof(icon->filename), res))
2178 break;
2179 continue;
2180 }
2181 }
2182
2183 fclose(f);
2184
2185 *count = osu_count;
2186 return osu;
2187 }
2188
2189
osu_connect(struct hs20_osu_client * ctx,const char * bssid,const char * ssid,const char * ssid2,const char * url,unsigned int methods,int no_prod_assoc,const char * osu_nai,const char * osu_nai2)2190 static int osu_connect(struct hs20_osu_client *ctx, const char *bssid,
2191 const char *ssid, const char *ssid2, const char *url,
2192 unsigned int methods, int no_prod_assoc,
2193 const char *osu_nai, const char *osu_nai2)
2194 {
2195 int id;
2196 const char *ifname = ctx->ifname;
2197 char buf[200];
2198 struct wpa_ctrl *mon;
2199 int res;
2200
2201 if (ssid2 && ssid2[0] == '\0')
2202 ssid2 = NULL;
2203
2204 if (ctx->osu_ssid) {
2205 if (os_strcmp(ssid, ctx->osu_ssid) == 0) {
2206 wpa_printf(MSG_DEBUG,
2207 "Enforced OSU SSID matches ANQP info");
2208 ssid2 = NULL;
2209 } else if (ssid2 && os_strcmp(ssid2, ctx->osu_ssid) == 0) {
2210 wpa_printf(MSG_DEBUG,
2211 "Enforced OSU SSID matches RSN[OSEN] info");
2212 ssid = ssid2;
2213 } else {
2214 wpa_printf(MSG_INFO, "Enforced OSU SSID did not match");
2215 write_summary(ctx, "Enforced OSU SSID did not match");
2216 return -1;
2217 }
2218 }
2219
2220 id = add_network(ifname);
2221 if (id < 0)
2222 return -1;
2223 if (set_network_quoted(ifname, id, "ssid", ssid) < 0)
2224 return -1;
2225 if (ssid2)
2226 osu_nai = osu_nai2;
2227 if (osu_nai && os_strlen(osu_nai) > 0) {
2228 char dir[255], fname[300];
2229 if (getcwd(dir, sizeof(dir)) == NULL)
2230 return -1;
2231 os_snprintf(fname, sizeof(fname), "%s/osu-ca.pem", dir);
2232
2233 if (ssid2 && set_network_quoted(ifname, id, "ssid", ssid2) < 0)
2234 return -1;
2235
2236 if (set_network(ifname, id, "proto", "OSEN") < 0 ||
2237 set_network(ifname, id, "key_mgmt", "OSEN") < 0 ||
2238 set_network(ifname, id, "pairwise", "CCMP") < 0 ||
2239 set_network(ifname, id, "group", "GTK_NOT_USED CCMP") < 0 ||
2240 set_network(ifname, id, "eap", "WFA-UNAUTH-TLS") < 0 ||
2241 set_network(ifname, id, "ocsp", "2") < 0 ||
2242 set_network_quoted(ifname, id, "identity", osu_nai) < 0 ||
2243 set_network_quoted(ifname, id, "ca_cert", fname) < 0)
2244 return -1;
2245 } else if (ssid2) {
2246 wpa_printf(MSG_INFO, "No OSU_NAI set for RSN[OSEN]");
2247 write_summary(ctx, "No OSU_NAI set for RSN[OSEN]");
2248 return -1;
2249 } else {
2250 if (set_network(ifname, id, "key_mgmt", "NONE") < 0)
2251 return -1;
2252 }
2253
2254 mon = open_wpa_mon(ifname);
2255 if (mon == NULL)
2256 return -1;
2257
2258 wpa_printf(MSG_INFO, "Associate with OSU SSID");
2259 write_summary(ctx, "Associate with OSU SSID");
2260 snprintf(buf, sizeof(buf), "SELECT_NETWORK %d", id);
2261 if (wpa_command(ifname, buf) < 0)
2262 return -1;
2263
2264 res = get_wpa_cli_event(mon, "CTRL-EVENT-CONNECTED",
2265 buf, sizeof(buf));
2266
2267 wpa_ctrl_detach(mon);
2268 wpa_ctrl_close(mon);
2269
2270 if (res < 0) {
2271 wpa_printf(MSG_INFO, "Could not connect to OSU network");
2272 write_summary(ctx, "Could not connect to OSU network");
2273 wpa_printf(MSG_INFO, "Remove OSU network connection");
2274 snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
2275 wpa_command(ifname, buf);
2276 return -1;
2277 }
2278
2279 write_summary(ctx, "Waiting for IP address for subscription registration");
2280 if (wait_ip_addr(ifname, 15) < 0) {
2281 wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
2282 }
2283
2284 if (no_prod_assoc) {
2285 if (res < 0)
2286 return -1;
2287 wpa_printf(MSG_INFO, "No production connection used for testing purposes");
2288 write_summary(ctx, "No production connection used for testing purposes");
2289 return 0;
2290 }
2291
2292 ctx->no_reconnect = 1;
2293 if (methods & 0x02) {
2294 wpa_printf(MSG_DEBUG, "Calling cmd_prov from osu_connect");
2295 res = cmd_prov(ctx, url);
2296 } else if (methods & 0x01) {
2297 wpa_printf(MSG_DEBUG,
2298 "Calling cmd_oma_dm_prov from osu_connect");
2299 res = cmd_oma_dm_prov(ctx, url);
2300 }
2301
2302 wpa_printf(MSG_INFO, "Remove OSU network connection");
2303 write_summary(ctx, "Remove OSU network connection");
2304 snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
2305 wpa_command(ifname, buf);
2306
2307 if (res < 0)
2308 return -1;
2309
2310 wpa_printf(MSG_INFO, "Requesting reconnection with updated configuration");
2311 write_summary(ctx, "Requesting reconnection with updated configuration");
2312 if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0) {
2313 wpa_printf(MSG_INFO, "Failed to request wpa_supplicant to reconnect");
2314 write_summary(ctx, "Failed to request wpa_supplicant to reconnect");
2315 return -1;
2316 }
2317
2318 return 0;
2319 }
2320
2321
cmd_osu_select(struct hs20_osu_client * ctx,const char * dir,int connect,int no_prod_assoc,const char * friendly_name)2322 static int cmd_osu_select(struct hs20_osu_client *ctx, const char *dir,
2323 int connect, int no_prod_assoc,
2324 const char *friendly_name)
2325 {
2326 char fname[255];
2327 FILE *f;
2328 struct osu_data *osu = NULL, *last = NULL;
2329 size_t osu_count = 0, i, j;
2330 int ret;
2331
2332 write_summary(ctx, "OSU provider selection");
2333
2334 if (dir == NULL) {
2335 wpa_printf(MSG_INFO, "Missing dir parameter to osu_select");
2336 return -1;
2337 }
2338
2339 snprintf(fname, sizeof(fname), "%s/osu-providers.txt", dir);
2340 osu = parse_osu_providers(fname, &osu_count);
2341 if (osu == NULL) {
2342 wpa_printf(MSG_INFO, "Could not find any OSU providers from %s",
2343 fname);
2344 write_result(ctx, "No OSU providers available");
2345 return -1;
2346 }
2347
2348 if (friendly_name) {
2349 for (i = 0; i < osu_count; i++) {
2350 last = &osu[i];
2351 for (j = 0; j < last->friendly_name_count; j++) {
2352 if (os_strcmp(last->friendly_name[j].text,
2353 friendly_name) == 0)
2354 break;
2355 }
2356 if (j < last->friendly_name_count)
2357 break;
2358 }
2359 if (i == osu_count) {
2360 wpa_printf(MSG_INFO, "Requested operator friendly name '%s' not found in the list of available providers",
2361 friendly_name);
2362 write_summary(ctx, "Requested operator friendly name '%s' not found in the list of available providers",
2363 friendly_name);
2364 free(osu);
2365 return -1;
2366 }
2367
2368 wpa_printf(MSG_INFO, "OSU Provider selected based on requested operator friendly name '%s'",
2369 friendly_name);
2370 write_summary(ctx, "OSU Provider selected based on requested operator friendly name '%s'",
2371 friendly_name);
2372 ret = i + 1;
2373 goto selected;
2374 }
2375
2376 snprintf(fname, sizeof(fname), "%s/osu-providers.html", dir);
2377 f = fopen(fname, "w");
2378 if (f == NULL) {
2379 wpa_printf(MSG_INFO, "Could not open %s", fname);
2380 free(osu);
2381 return -1;
2382 }
2383
2384 fprintf(f, "<html><head>"
2385 "<meta http-equiv=\"Content-type\" content=\"text/html; "
2386 "charset=utf-8\"<title>Select service operator</title>"
2387 "</head><body><h1>Select service operator</h1>\n");
2388
2389 if (osu_count == 0)
2390 fprintf(f, "No online signup available\n");
2391
2392 for (i = 0; i < osu_count; i++) {
2393 last = &osu[i];
2394 #ifdef ANDROID
2395 fprintf(f, "<p>\n"
2396 "<a href=\"http://localhost:12345/osu/%d\">"
2397 "<table><tr><td>", (int) i + 1);
2398 #else /* ANDROID */
2399 fprintf(f, "<p>\n"
2400 "<a href=\"osu://%d\">"
2401 "<table><tr><td>", (int) i + 1);
2402 #endif /* ANDROID */
2403 for (j = 0; j < last->icon_count; j++) {
2404 fprintf(f, "<img src=\"osu-icon-%d.%s\">\n",
2405 last->icon[j].id,
2406 strcasecmp(last->icon[j].mime_type,
2407 "image/png") == 0 ? "png" : "icon");
2408 }
2409 fprintf(f, "<td>");
2410 for (j = 0; j < last->friendly_name_count; j++) {
2411 fprintf(f, "<small>[%s]</small> %s<br>\n",
2412 last->friendly_name[j].lang,
2413 last->friendly_name[j].text);
2414 }
2415 fprintf(f, "<tr><td colspan=2>");
2416 for (j = 0; j < last->serv_desc_count; j++) {
2417 fprintf(f, "<small>[%s]</small> %s<br>\n",
2418 last->serv_desc[j].lang,
2419 last->serv_desc[j].text);
2420 }
2421 fprintf(f, "</table></a><br><small>BSSID: %s<br>\n"
2422 "SSID: %s<br>\n",
2423 last->bssid, last->osu_ssid);
2424 if (last->osu_ssid2[0])
2425 fprintf(f, "SSID2: %s<br>\n", last->osu_ssid2);
2426 if (last->osu_nai[0])
2427 fprintf(f, "NAI: %s<br>\n", last->osu_nai);
2428 if (last->osu_nai2[0])
2429 fprintf(f, "NAI2: %s<br>\n", last->osu_nai2);
2430 fprintf(f, "URL: %s<br>\n"
2431 "methods:%s%s<br>\n"
2432 "</small></p>\n",
2433 last->url,
2434 last->methods & 0x01 ? " OMA-DM" : "",
2435 last->methods & 0x02 ? " SOAP-XML-SPP" : "");
2436 }
2437
2438 fprintf(f, "</body></html>\n");
2439
2440 fclose(f);
2441
2442 snprintf(fname, sizeof(fname), "file://%s/osu-providers.html", dir);
2443 write_summary(ctx, "Start web browser with OSU provider selection page");
2444 ret = hs20_web_browser(fname, 0);
2445
2446 selected:
2447 if (ret > 0 && (size_t) ret <= osu_count) {
2448 char *data;
2449 size_t data_len;
2450
2451 wpa_printf(MSG_INFO, "Selected OSU id=%d", ret);
2452 last = &osu[ret - 1];
2453 ret = 0;
2454 wpa_printf(MSG_INFO, "BSSID: %s", anonymize_common(last->bssid));
2455 wpa_printf(MSG_INFO, "SSID: %s", anonymize_ssid(last->osu_ssid));
2456 if (last->osu_ssid2[0])
2457 wpa_printf(MSG_INFO, "SSID2: %s", anonymize_ssid(last->osu_ssid2));
2458 wpa_printf(MSG_INFO, "URL: %s", last->url);
2459 write_summary(ctx, "Selected OSU provider id=%d BSSID=%s SSID=%s URL=%s",
2460 ret, last->bssid, last->osu_ssid, last->url);
2461
2462 ctx->friendly_name_count = last->friendly_name_count;
2463 for (j = 0; j < last->friendly_name_count; j++) {
2464 wpa_printf(MSG_INFO, "FRIENDLY_NAME: [%s]%s",
2465 last->friendly_name[j].lang,
2466 last->friendly_name[j].text);
2467 os_strlcpy(ctx->friendly_name[j].lang,
2468 last->friendly_name[j].lang,
2469 sizeof(ctx->friendly_name[j].lang));
2470 os_strlcpy(ctx->friendly_name[j].text,
2471 last->friendly_name[j].text,
2472 sizeof(ctx->friendly_name[j].text));
2473 }
2474
2475 ctx->icon_count = last->icon_count;
2476 for (j = 0; j < last->icon_count; j++) {
2477 char fname[256];
2478
2479 os_snprintf(fname, sizeof(fname), "%s/osu-icon-%d.%s",
2480 dir, last->icon[j].id,
2481 strcasecmp(last->icon[j].mime_type,
2482 "image/png") == 0 ?
2483 "png" : "icon");
2484 wpa_printf(MSG_INFO, "ICON: %s (%s)",
2485 fname, last->icon[j].filename);
2486 os_strlcpy(ctx->icon_filename[j],
2487 last->icon[j].filename,
2488 sizeof(ctx->icon_filename[j]));
2489
2490 data = os_readfile(fname, &data_len);
2491 if (data) {
2492 sha256_vector(1, (const u8 **) &data, &data_len,
2493 ctx->icon_hash[j]);
2494 os_free(data);
2495 }
2496 }
2497
2498 if (connect == 2) {
2499 if (last->methods & 0x02) {
2500 wpa_printf(MSG_DEBUG,
2501 "Calling cmd_prov from cmd_osu_select");
2502 ret = cmd_prov(ctx, last->url);
2503 } else if (last->methods & 0x01) {
2504 wpa_printf(MSG_DEBUG,
2505 "Calling cmd_oma_dm_prov from cmd_osu_select");
2506 ret = cmd_oma_dm_prov(ctx, last->url);
2507 } else {
2508 wpa_printf(MSG_DEBUG,
2509 "No supported OSU provisioning method");
2510 ret = -1;
2511 }
2512 } else if (connect) {
2513 ret = osu_connect(ctx, last->bssid, last->osu_ssid,
2514 last->osu_ssid2,
2515 last->url, last->methods,
2516 no_prod_assoc, last->osu_nai,
2517 last->osu_nai2);
2518 }
2519 } else
2520 ret = -1;
2521
2522 free(osu);
2523
2524 return ret;
2525 }
2526
2527
cmd_signup(struct hs20_osu_client * ctx,int no_prod_assoc,const char * friendly_name)2528 static int cmd_signup(struct hs20_osu_client *ctx, int no_prod_assoc,
2529 const char *friendly_name)
2530 {
2531 char dir[255];
2532 char fname[300], buf[400];
2533 struct wpa_ctrl *mon;
2534 const char *ifname;
2535 int res;
2536
2537 ifname = ctx->ifname;
2538
2539 if (getcwd(dir, sizeof(dir)) == NULL)
2540 return -1;
2541
2542 snprintf(fname, sizeof(fname), "%s/osu-info", dir);
2543 if (mkdir(fname, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH) < 0 &&
2544 errno != EEXIST) {
2545 wpa_printf(MSG_INFO, "mkdir(%s) failed: %s",
2546 fname, strerror(errno));
2547 return -1;
2548 }
2549
2550 android_update_permission(fname, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
2551
2552 snprintf(buf, sizeof(buf), "SET osu_dir %s", fname);
2553 if (wpa_command(ifname, buf) < 0) {
2554 wpa_printf(MSG_INFO, "Failed to configure osu_dir to wpa_supplicant");
2555 return -1;
2556 }
2557
2558 mon = open_wpa_mon(ifname);
2559 if (mon == NULL)
2560 return -1;
2561
2562 wpa_printf(MSG_INFO, "Starting OSU fetch");
2563 write_summary(ctx, "Starting OSU provider information fetch");
2564 if (wpa_command(ifname, "FETCH_OSU") < 0) {
2565 wpa_printf(MSG_INFO, "Could not start OSU fetch");
2566 wpa_ctrl_detach(mon);
2567 wpa_ctrl_close(mon);
2568 return -1;
2569 }
2570 res = get_wpa_cli_event(mon, "OSU provider fetch completed",
2571 buf, sizeof(buf));
2572
2573 wpa_ctrl_detach(mon);
2574 wpa_ctrl_close(mon);
2575
2576 if (res < 0) {
2577 wpa_printf(MSG_INFO, "OSU fetch did not complete");
2578 write_summary(ctx, "OSU fetch did not complete");
2579 return -1;
2580 }
2581 wpa_printf(MSG_INFO, "OSU provider fetch completed");
2582
2583 return cmd_osu_select(ctx, fname, 1, no_prod_assoc, friendly_name);
2584 }
2585
2586
cmd_sub_rem(struct hs20_osu_client * ctx,const char * address,const char * pps_fname,const char * ca_fname)2587 static int cmd_sub_rem(struct hs20_osu_client *ctx, const char *address,
2588 const char *pps_fname, const char *ca_fname)
2589 {
2590 xml_node_t *pps, *node;
2591 char pps_fname_buf[300];
2592 char ca_fname_buf[200];
2593 char *cred_username = NULL;
2594 char *cred_password = NULL;
2595 char *sub_rem_uri = NULL;
2596 char client_cert_buf[200];
2597 char *client_cert = NULL;
2598 char client_key_buf[200];
2599 char *client_key = NULL;
2600 int spp;
2601
2602 wpa_printf(MSG_INFO, "Subscription remediation requested with Server URL: %s",
2603 address);
2604
2605 if (!pps_fname) {
2606 char buf[256];
2607 wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information");
2608 if (os_strncmp(address, "fqdn=", 5) == 0) {
2609 wpa_printf(MSG_INFO, "Use requested FQDN from command line");
2610 os_snprintf(buf, sizeof(buf), "%s", address + 5);
2611 address = NULL;
2612 } else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf,
2613 sizeof(buf)) < 0) {
2614 wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant");
2615 return -1;
2616 }
2617 os_free(ctx->fqdn);
2618 ctx->fqdn = os_strdup(buf);
2619 if (ctx->fqdn == NULL)
2620 return -1;
2621 wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s",
2622 buf);
2623 os_snprintf(pps_fname_buf, sizeof(pps_fname_buf),
2624 "SP/%s/pps.xml", ctx->fqdn);
2625 pps_fname = pps_fname_buf;
2626
2627 os_snprintf(ca_fname_buf, sizeof(ca_fname_buf), "SP/%s/ca.pem",
2628 ctx->fqdn);
2629 ca_fname = ca_fname_buf;
2630 }
2631
2632 if (!os_file_exists(pps_fname)) {
2633 wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible",
2634 pps_fname);
2635 return -1;
2636 }
2637 wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname);
2638
2639 if (ca_fname && !os_file_exists(ca_fname)) {
2640 wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible",
2641 ca_fname);
2642 return -1;
2643 }
2644 wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
2645 ctx->ca_fname = ca_fname;
2646
2647 pps = node_from_file(ctx->xml, pps_fname);
2648 if (pps == NULL) {
2649 wpa_printf(MSG_INFO, "Could not read PPS MO");
2650 return -1;
2651 }
2652
2653 if (!ctx->fqdn) {
2654 char *tmp;
2655 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
2656 if (node == NULL) {
2657 wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS");
2658 return -1;
2659 }
2660 tmp = xml_node_get_text(ctx->xml, node);
2661 if (tmp == NULL) {
2662 wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS");
2663 return -1;
2664 }
2665 ctx->fqdn = os_strdup(tmp);
2666 xml_node_get_text_free(ctx->xml, tmp);
2667 if (!ctx->fqdn) {
2668 wpa_printf(MSG_INFO, "No FQDN known");
2669 return -1;
2670 }
2671 }
2672
2673 node = get_child_node(ctx->xml, pps,
2674 "SubscriptionUpdate/UpdateMethod");
2675 if (node) {
2676 char *tmp;
2677 tmp = xml_node_get_text(ctx->xml, node);
2678 if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0)
2679 spp = 0;
2680 else
2681 spp = 1;
2682 } else {
2683 wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP");
2684 spp = 1;
2685 }
2686
2687 get_user_pw(ctx, pps, "SubscriptionUpdate/UsernamePassword",
2688 &cred_username, &cred_password);
2689 if (cred_username)
2690 wpa_printf(MSG_INFO, "Using username: %s", anonymize_common(cred_username));
2691 if (cred_password)
2692 wpa_printf(MSG_DEBUG, "Using password: %s", anonymize_common(cred_password));
2693
2694 if (cred_username == NULL && cred_password == NULL &&
2695 get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) {
2696 wpa_printf(MSG_INFO, "Using client certificate");
2697 os_snprintf(client_cert_buf, sizeof(client_cert_buf),
2698 "SP/%s/client-cert.pem", ctx->fqdn);
2699 client_cert = client_cert_buf;
2700 os_snprintf(client_key_buf, sizeof(client_key_buf),
2701 "SP/%s/client-key.pem", ctx->fqdn);
2702 client_key = client_key_buf;
2703 ctx->client_cert_present = 1;
2704 }
2705
2706 node = get_child_node(ctx->xml, pps, "SubscriptionUpdate/URI");
2707 if (node) {
2708 sub_rem_uri = xml_node_get_text(ctx->xml, node);
2709 if (sub_rem_uri &&
2710 (!address || os_strcmp(address, sub_rem_uri) != 0)) {
2711 wpa_printf(MSG_INFO, "Override sub rem URI based on PPS: %s",
2712 sub_rem_uri);
2713 address = sub_rem_uri;
2714 }
2715 }
2716 if (!address) {
2717 wpa_printf(MSG_INFO, "Server URL not known");
2718 return -1;
2719 }
2720
2721 write_summary(ctx, "Wait for IP address for subscriptiom remediation");
2722 wpa_printf(MSG_INFO, "Wait for IP address before starting subscription remediation");
2723
2724 if (wait_ip_addr(ctx->ifname, 15) < 0) {
2725 wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
2726 }
2727
2728 if (spp)
2729 spp_sub_rem(ctx, address, pps_fname,
2730 client_cert, client_key,
2731 cred_username, cred_password, pps);
2732 else
2733 oma_dm_sub_rem(ctx, address, pps_fname,
2734 client_cert, client_key,
2735 cred_username, cred_password, pps);
2736
2737 xml_node_get_text_free(ctx->xml, sub_rem_uri);
2738 xml_node_get_text_free(ctx->xml, cred_username);
2739 str_clear_free(cred_password);
2740 xml_node_free(ctx->xml, pps);
2741 return 0;
2742 }
2743
2744
cmd_pol_upd(struct hs20_osu_client * ctx,const char * address,const char * pps_fname,const char * ca_fname)2745 static int cmd_pol_upd(struct hs20_osu_client *ctx, const char *address,
2746 const char *pps_fname, const char *ca_fname)
2747 {
2748 xml_node_t *pps;
2749 xml_node_t *node;
2750 char pps_fname_buf[300];
2751 char ca_fname_buf[200];
2752 char *uri = NULL;
2753 char *cred_username = NULL;
2754 char *cred_password = NULL;
2755 char client_cert_buf[200];
2756 char *client_cert = NULL;
2757 char client_key_buf[200];
2758 char *client_key = NULL;
2759 int spp;
2760
2761 wpa_printf(MSG_INFO, "Policy update requested");
2762
2763 if (!pps_fname) {
2764 char buf[256];
2765 int res;
2766
2767 wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information");
2768 if (address && os_strncmp(address, "fqdn=", 5) == 0) {
2769 wpa_printf(MSG_INFO, "Use requested FQDN from command line");
2770 os_snprintf(buf, sizeof(buf), "%s", address + 5);
2771 address = NULL;
2772 } else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf,
2773 sizeof(buf)) < 0) {
2774 wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant");
2775 return -1;
2776 }
2777 os_free(ctx->fqdn);
2778 ctx->fqdn = os_strdup(buf);
2779 if (ctx->fqdn == NULL)
2780 return -1;
2781 wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s",
2782 buf);
2783 os_snprintf(pps_fname_buf, sizeof(pps_fname_buf),
2784 "SP/%s/pps.xml", ctx->fqdn);
2785 pps_fname = pps_fname_buf;
2786
2787 res = os_snprintf(ca_fname_buf, sizeof(ca_fname_buf),
2788 "SP/%s/ca.pem", buf);
2789 if (os_snprintf_error(sizeof(ca_fname_buf), res)) {
2790 os_free(ctx->fqdn);
2791 ctx->fqdn = NULL;
2792 return -1;
2793 }
2794 ca_fname = ca_fname_buf;
2795 }
2796
2797 if (!os_file_exists(pps_fname)) {
2798 wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible",
2799 pps_fname);
2800 return -1;
2801 }
2802 wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname);
2803
2804 if (ca_fname && !os_file_exists(ca_fname)) {
2805 wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible",
2806 ca_fname);
2807 return -1;
2808 }
2809 wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
2810 ctx->ca_fname = ca_fname;
2811
2812 pps = node_from_file(ctx->xml, pps_fname);
2813 if (pps == NULL) {
2814 wpa_printf(MSG_INFO, "Could not read PPS MO");
2815 return -1;
2816 }
2817
2818 if (!ctx->fqdn) {
2819 char *tmp;
2820 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
2821 if (node == NULL) {
2822 wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS");
2823 return -1;
2824 }
2825 tmp = xml_node_get_text(ctx->xml, node);
2826 if (tmp == NULL) {
2827 wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS");
2828 return -1;
2829 }
2830 ctx->fqdn = os_strdup(tmp);
2831 xml_node_get_text_free(ctx->xml, tmp);
2832 if (!ctx->fqdn) {
2833 wpa_printf(MSG_INFO, "No FQDN known");
2834 return -1;
2835 }
2836 }
2837
2838 node = get_child_node(ctx->xml, pps,
2839 "Policy/PolicyUpdate/UpdateMethod");
2840 if (node) {
2841 char *tmp;
2842 tmp = xml_node_get_text(ctx->xml, node);
2843 if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0)
2844 spp = 0;
2845 else
2846 spp = 1;
2847 } else {
2848 wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP");
2849 spp = 1;
2850 }
2851
2852 get_user_pw(ctx, pps, "Policy/PolicyUpdate/UsernamePassword",
2853 &cred_username, &cred_password);
2854 if (cred_username)
2855 wpa_printf(MSG_INFO, "Using username: %s", anonymize_common(cred_username));
2856 if (cred_password)
2857 wpa_printf(MSG_DEBUG, "Using password: %s", anonymize_common(cred_password));
2858
2859 if (cred_username == NULL && cred_password == NULL &&
2860 get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) {
2861 wpa_printf(MSG_INFO, "Using client certificate");
2862 os_snprintf(client_cert_buf, sizeof(client_cert_buf),
2863 "SP/%s/client-cert.pem", ctx->fqdn);
2864 client_cert = client_cert_buf;
2865 os_snprintf(client_key_buf, sizeof(client_key_buf),
2866 "SP/%s/client-key.pem", ctx->fqdn);
2867 client_key = client_key_buf;
2868 }
2869
2870 if (!address) {
2871 node = get_child_node(ctx->xml, pps, "Policy/PolicyUpdate/URI");
2872 if (node) {
2873 uri = xml_node_get_text(ctx->xml, node);
2874 wpa_printf(MSG_INFO, "URI based on PPS: %s", uri);
2875 address = uri;
2876 }
2877 }
2878 if (!address) {
2879 wpa_printf(MSG_INFO, "Server URL not known");
2880 return -1;
2881 }
2882
2883 if (spp)
2884 spp_pol_upd(ctx, address, pps_fname,
2885 client_cert, client_key,
2886 cred_username, cred_password, pps);
2887 else
2888 oma_dm_pol_upd(ctx, address, pps_fname,
2889 client_cert, client_key,
2890 cred_username, cred_password, pps);
2891
2892 xml_node_get_text_free(ctx->xml, uri);
2893 xml_node_get_text_free(ctx->xml, cred_username);
2894 str_clear_free(cred_password);
2895 xml_node_free(ctx->xml, pps);
2896
2897 return 0;
2898 }
2899
2900
get_hostname(const char * url)2901 static char * get_hostname(const char *url)
2902 {
2903 const char *pos, *end, *end2;
2904 char *ret;
2905
2906 if (url == NULL)
2907 return NULL;
2908
2909 pos = os_strchr(url, '/');
2910 if (pos == NULL)
2911 return NULL;
2912 pos++;
2913 if (*pos != '/')
2914 return NULL;
2915 pos++;
2916
2917 end = os_strchr(pos, '/');
2918 end2 = os_strchr(pos, ':');
2919 if ((end && end2 && end2 < end) || (!end && end2))
2920 end = end2;
2921 if (end)
2922 end--;
2923 else {
2924 end = pos;
2925 while (*end)
2926 end++;
2927 if (end > pos)
2928 end--;
2929 }
2930
2931 ret = os_malloc(end - pos + 2);
2932 if (ret == NULL)
2933 return NULL;
2934
2935 os_memcpy(ret, pos, end - pos + 1);
2936 ret[end - pos + 1] = '\0';
2937
2938 return ret;
2939 }
2940
2941
osu_cert_cb(void * _ctx,struct http_cert * cert)2942 static int osu_cert_cb(void *_ctx, struct http_cert *cert)
2943 {
2944 struct hs20_osu_client *ctx = _ctx;
2945 size_t i, j;
2946 int found;
2947 char *host = NULL;
2948
2949 wpa_printf(MSG_INFO, "osu_cert_cb(osu_cert_validation=%d, url=%s server_url=%s)",
2950 !ctx->no_osu_cert_validation, cert->url ? cert->url : "N/A",
2951 ctx->server_url);
2952
2953 if (ctx->no_osu_cert_validation && cert->url)
2954 host = get_hostname(cert->url);
2955 else
2956 host = get_hostname(ctx->server_url);
2957
2958 if (!ctx->no_osu_cert_validation) {
2959 for (i = 0; i < ctx->server_dnsname_count; i++)
2960 os_free(ctx->server_dnsname[i]);
2961 os_free(ctx->server_dnsname);
2962 ctx->server_dnsname = os_calloc(cert->num_dnsname,
2963 sizeof(char *));
2964 ctx->server_dnsname_count = 0;
2965 }
2966
2967 found = 0;
2968 for (i = 0; i < cert->num_dnsname; i++) {
2969 if (!ctx->no_osu_cert_validation && ctx->server_dnsname) {
2970 ctx->server_dnsname[ctx->server_dnsname_count] =
2971 os_strdup(cert->dnsname[i]);
2972 if (ctx->server_dnsname[ctx->server_dnsname_count])
2973 ctx->server_dnsname_count++;
2974 }
2975 if (host && os_strcasecmp(host, cert->dnsname[i]) == 0)
2976 found = 1;
2977 wpa_printf(MSG_INFO, "dNSName '%s'", cert->dnsname[i]);
2978 }
2979
2980 if (host && !found) {
2981 wpa_printf(MSG_INFO, "Server name from URL (%s) did not match any dNSName - abort connection",
2982 host);
2983 write_result(ctx, "Server name from URL (%s) did not match any dNSName - abort connection",
2984 host);
2985 os_free(host);
2986 return -1;
2987 }
2988
2989 os_free(host);
2990
2991 for (i = 0; i < cert->num_othername; i++) {
2992 if (os_strcmp(cert->othername[i].oid,
2993 "1.3.6.1.4.1.40808.1.1.1") == 0) {
2994 wpa_hexdump_ascii(MSG_INFO,
2995 "id-wfa-hotspot-friendlyName",
2996 cert->othername[i].data,
2997 cert->othername[i].len);
2998 }
2999 }
3000
3001 for (j = 0; !ctx->no_osu_cert_validation &&
3002 j < ctx->friendly_name_count; j++) {
3003 int found = 0;
3004 for (i = 0; i < cert->num_othername; i++) {
3005 if (os_strcmp(cert->othername[i].oid,
3006 "1.3.6.1.4.1.40808.1.1.1") != 0)
3007 continue;
3008 if (cert->othername[i].len < 3)
3009 continue;
3010 if (os_strncasecmp((char *) cert->othername[i].data,
3011 ctx->friendly_name[j].lang, 3) != 0)
3012 continue;
3013 if (os_strncmp((char *) cert->othername[i].data + 3,
3014 ctx->friendly_name[j].text,
3015 cert->othername[i].len - 3) == 0) {
3016 found = 1;
3017 break;
3018 }
3019 }
3020
3021 if (!found) {
3022 wpa_printf(MSG_INFO, "No friendly name match found for '[%s]%s'",
3023 ctx->friendly_name[j].lang,
3024 ctx->friendly_name[j].text);
3025 write_result(ctx, "No friendly name match found for '[%s]%s'",
3026 ctx->friendly_name[j].lang,
3027 ctx->friendly_name[j].text);
3028 return -1;
3029 }
3030 }
3031
3032 for (i = 0; i < cert->num_logo; i++) {
3033 struct http_logo *logo = &cert->logo[i];
3034
3035 wpa_printf(MSG_INFO, "logo hash alg %s uri '%s'",
3036 logo->alg_oid, logo->uri);
3037 wpa_hexdump_ascii(MSG_INFO, "hashValue",
3038 logo->hash, logo->hash_len);
3039 }
3040
3041 for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) {
3042 int found = 0;
3043 char *name = ctx->icon_filename[j];
3044 size_t name_len = os_strlen(name);
3045
3046 wpa_printf(MSG_INFO,
3047 "[%zu] Looking for icon file name '%s' match",
3048 j, name);
3049 for (i = 0; i < cert->num_logo; i++) {
3050 struct http_logo *logo = &cert->logo[i];
3051 size_t uri_len = os_strlen(logo->uri);
3052 char *pos;
3053
3054 wpa_printf(MSG_INFO,
3055 "[%zu] Comparing to '%s' uri_len=%d name_len=%d",
3056 i, logo->uri, (int) uri_len, (int) name_len);
3057 if (uri_len < 1 + name_len) {
3058 wpa_printf(MSG_INFO, "URI Length is too short");
3059 continue;
3060 }
3061 pos = &logo->uri[uri_len - name_len - 1];
3062 if (*pos != '/')
3063 continue;
3064 pos++;
3065 if (os_strcmp(pos, name) == 0) {
3066 found = 1;
3067 break;
3068 }
3069 }
3070
3071 if (!found) {
3072 wpa_printf(MSG_INFO, "No icon filename match found for '%s'",
3073 name);
3074 write_result(ctx,
3075 "No icon filename match found for '%s'",
3076 name);
3077 return -1;
3078 }
3079 }
3080
3081 for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) {
3082 int found = 0;
3083
3084 for (i = 0; i < cert->num_logo; i++) {
3085 struct http_logo *logo = &cert->logo[i];
3086
3087 if (logo->hash_len != 32) {
3088 wpa_printf(MSG_INFO,
3089 "[%zu][%zu] Icon hash length invalid (should be 32): %d",
3090 j, i, (int) logo->hash_len);
3091 continue;
3092 }
3093 if (os_memcmp(logo->hash, ctx->icon_hash[j], 32) == 0) {
3094 found = 1;
3095 break;
3096 }
3097
3098 wpa_printf(MSG_DEBUG,
3099 "[%zu][%zu] Icon hash did not match", j, i);
3100 wpa_hexdump_ascii(MSG_DEBUG, "logo->hash",
3101 logo->hash, 32);
3102 wpa_hexdump_ascii(MSG_DEBUG, "ctx->icon_hash[j]",
3103 ctx->icon_hash[j], 32);
3104 }
3105
3106 if (!found) {
3107 wpa_printf(MSG_INFO,
3108 "No icon hash match (by hash) found");
3109 write_result(ctx,
3110 "No icon hash match (by hash) found");
3111 return -1;
3112 }
3113 }
3114
3115 return 0;
3116 }
3117
3118
init_ctx(struct hs20_osu_client * ctx)3119 static int init_ctx(struct hs20_osu_client *ctx)
3120 {
3121 xml_node_t *devinfo, *devid;
3122
3123 os_memset(ctx, 0, sizeof(*ctx));
3124 ctx->ifname = "wlan0";
3125 ctx->xml = xml_node_init_ctx(ctx, NULL);
3126 if (ctx->xml == NULL)
3127 return -1;
3128
3129 devinfo = node_from_file(ctx->xml, "devinfo.xml");
3130 if (devinfo) {
3131 devid = get_node(ctx->xml, devinfo, "DevId");
3132 if (devid) {
3133 char *tmp = xml_node_get_text(ctx->xml, devid);
3134
3135 if (tmp) {
3136 ctx->devid = os_strdup(tmp);
3137 xml_node_get_text_free(ctx->xml, tmp);
3138 }
3139 }
3140 xml_node_free(ctx->xml, devinfo);
3141 }
3142
3143 ctx->http = http_init_ctx(ctx, ctx->xml);
3144 if (ctx->http == NULL) {
3145 xml_node_deinit_ctx(ctx->xml);
3146 return -1;
3147 }
3148 http_ocsp_set(ctx->http, 2);
3149 http_set_cert_cb(ctx->http, osu_cert_cb, ctx);
3150
3151 return 0;
3152 }
3153
3154
deinit_ctx(struct hs20_osu_client * ctx)3155 static void deinit_ctx(struct hs20_osu_client *ctx)
3156 {
3157 size_t i;
3158
3159 http_deinit_ctx(ctx->http);
3160 xml_node_deinit_ctx(ctx->xml);
3161 os_free(ctx->fqdn);
3162 os_free(ctx->server_url);
3163 os_free(ctx->devid);
3164
3165 for (i = 0; i < ctx->server_dnsname_count; i++)
3166 os_free(ctx->server_dnsname[i]);
3167 os_free(ctx->server_dnsname);
3168 }
3169
3170
check_workarounds(struct hs20_osu_client * ctx)3171 static void check_workarounds(struct hs20_osu_client *ctx)
3172 {
3173 FILE *f;
3174 char buf[100];
3175 unsigned long int val = 0;
3176
3177 f = fopen("hs20-osu-client.workarounds", "r");
3178 if (f == NULL)
3179 return;
3180
3181 if (fgets(buf, sizeof(buf), f))
3182 val = strtoul(buf, NULL, 16);
3183
3184 fclose(f);
3185
3186 if (val) {
3187 wpa_printf(MSG_INFO, "Workarounds enabled: 0x%lx", val);
3188 ctx->workarounds = val;
3189 if (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL)
3190 http_ocsp_set(ctx->http, 1);
3191 }
3192 }
3193
3194
usage(void)3195 static void usage(void)
3196 {
3197 printf("usage: hs20-osu-client [-dddqqKtT] [-S<station ifname>] \\\n"
3198 " [-w<wpa_supplicant ctrl_iface dir>] "
3199 "[-r<result file>] [-f<debug file>] \\\n"
3200 " [-s<summary file>] \\\n"
3201 " [-x<spp.xsd file name>] \\\n"
3202 " <command> [arguments..]\n"
3203 "commands:\n"
3204 "- to_tnds <XML MO> <XML MO in TNDS format> [URN]\n"
3205 "- to_tnds2 <XML MO> <XML MO in TNDS format (Path) "
3206 "[URN]>\n"
3207 "- from_tnds <XML MO in TNDS format> <XML MO>\n"
3208 "- set_pps <PerProviderSubscription XML file name>\n"
3209 "- get_fqdn <PerProviderSubscription XML file name>\n"
3210 "- pol_upd [Server URL] [PPS] [CA cert]\n"
3211 "- sub_rem <Server URL> [PPS] [CA cert]\n"
3212 "- prov <Server URL> [CA cert]\n"
3213 "- oma_dm_prov <Server URL> [CA cert]\n"
3214 "- sim_prov <Server URL> [CA cert]\n"
3215 "- oma_dm_sim_prov <Server URL> [CA cert]\n"
3216 "- signup [CA cert]\n"
3217 "- dl_osu_ca <PPS> <CA file>\n"
3218 "- dl_polupd_ca <PPS> <CA file>\n"
3219 "- dl_aaa_ca <PPS> <CA file>\n"
3220 "- browser <URL>\n"
3221 "- parse_cert <X.509 certificate (DER)>\n"
3222 "- osu_select <OSU info directory> [CA cert]\n");
3223 }
3224
3225
main(int argc,char * argv[])3226 int main(int argc, char *argv[])
3227 {
3228 struct hs20_osu_client ctx;
3229 int c;
3230 int ret = 0;
3231 int no_prod_assoc = 0;
3232 const char *friendly_name = NULL;
3233 const char *wpa_debug_file_path = NULL;
3234 extern char *wpas_ctrl_path;
3235 extern int wpa_debug_level;
3236 extern int wpa_debug_show_keys;
3237 extern int wpa_debug_timestamp;
3238
3239 if (init_ctx(&ctx) < 0)
3240 return -1;
3241
3242 for (;;) {
3243 c = getopt(argc, argv, "df:hKNo:O:qr:s:S:tTw:x:");
3244 if (c < 0)
3245 break;
3246 switch (c) {
3247 case 'd':
3248 if (wpa_debug_level > 0)
3249 wpa_debug_level--;
3250 break;
3251 case 'f':
3252 wpa_debug_file_path = optarg;
3253 break;
3254 case 'K':
3255 wpa_debug_show_keys++;
3256 break;
3257 case 'N':
3258 no_prod_assoc = 1;
3259 break;
3260 case 'o':
3261 ctx.osu_ssid = optarg;
3262 break;
3263 case 'O':
3264 friendly_name = optarg;
3265 break;
3266 case 'q':
3267 wpa_debug_level++;
3268 break;
3269 case 'r':
3270 ctx.result_file = optarg;
3271 break;
3272 case 's':
3273 ctx.summary_file = optarg;
3274 break;
3275 case 'S':
3276 ctx.ifname = optarg;
3277 break;
3278 case 't':
3279 wpa_debug_timestamp++;
3280 break;
3281 case 'T':
3282 ctx.ignore_tls = 1;
3283 break;
3284 case 'w':
3285 wpas_ctrl_path = optarg;
3286 break;
3287 case 'x':
3288 spp_xsd_fname = optarg;
3289 break;
3290 case 'h':
3291 default:
3292 usage();
3293 exit(0);
3294 }
3295 }
3296
3297 if (argc - optind < 1) {
3298 usage();
3299 exit(0);
3300 }
3301
3302 wpa_debug_open_file(wpa_debug_file_path);
3303
3304 #ifdef __linux__
3305 setlinebuf(stdout);
3306 #endif /* __linux__ */
3307
3308 if (ctx.result_file)
3309 unlink(ctx.result_file);
3310 wpa_printf(MSG_DEBUG, "===[hs20-osu-client START - command: %s ]======"
3311 "================", argv[optind]);
3312 check_workarounds(&ctx);
3313
3314 if (strcmp(argv[optind], "to_tnds") == 0) {
3315 if (argc - optind < 2) {
3316 usage();
3317 exit(0);
3318 }
3319 cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
3320 argc > optind + 3 ? argv[optind + 3] : NULL,
3321 0);
3322 } else if (strcmp(argv[optind], "to_tnds2") == 0) {
3323 if (argc - optind < 2) {
3324 usage();
3325 exit(0);
3326 }
3327 cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
3328 argc > optind + 3 ? argv[optind + 3] : NULL,
3329 1);
3330 } else if (strcmp(argv[optind], "from_tnds") == 0) {
3331 if (argc - optind < 2) {
3332 usage();
3333 exit(0);
3334 }
3335 cmd_from_tnds(&ctx, argv[optind + 1], argv[optind + 2]);
3336 } else if (strcmp(argv[optind], "sub_rem") == 0) {
3337 if (argc - optind < 2) {
3338 usage();
3339 exit(0);
3340 }
3341 ret = cmd_sub_rem(&ctx, argv[optind + 1],
3342 argc > optind + 2 ? argv[optind + 2] : NULL,
3343 argc > optind + 3 ? argv[optind + 3] : NULL);
3344 } else if (strcmp(argv[optind], "pol_upd") == 0) {
3345 ret = cmd_pol_upd(&ctx,
3346 argc > optind + 1 ? argv[optind + 1] : NULL,
3347 argc > optind + 2 ? argv[optind + 2] : NULL,
3348 argc > optind + 3 ? argv[optind + 3] : NULL);
3349 } else if (strcmp(argv[optind], "prov") == 0) {
3350 if (argc - optind < 2) {
3351 usage();
3352 exit(0);
3353 }
3354 ctx.ca_fname = argv[optind + 2];
3355 wpa_printf(MSG_DEBUG, "Calling cmd_prov from main");
3356 cmd_prov(&ctx, argv[optind + 1]);
3357 } else if (strcmp(argv[optind], "sim_prov") == 0) {
3358 if (argc - optind < 2) {
3359 usage();
3360 exit(0);
3361 }
3362 ctx.ca_fname = argv[optind + 2];
3363 cmd_sim_prov(&ctx, argv[optind + 1]);
3364 } else if (strcmp(argv[optind], "dl_osu_ca") == 0) {
3365 if (argc - optind < 2) {
3366 usage();
3367 exit(0);
3368 }
3369 cmd_dl_osu_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3370 } else if (strcmp(argv[optind], "dl_polupd_ca") == 0) {
3371 if (argc - optind < 2) {
3372 usage();
3373 exit(0);
3374 }
3375 cmd_dl_polupd_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3376 } else if (strcmp(argv[optind], "dl_aaa_ca") == 0) {
3377 if (argc - optind < 2) {
3378 usage();
3379 exit(0);
3380 }
3381 cmd_dl_aaa_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3382 } else if (strcmp(argv[optind], "osu_select") == 0) {
3383 if (argc - optind < 2) {
3384 usage();
3385 exit(0);
3386 }
3387 ctx.ca_fname = argc > optind + 2 ? argv[optind + 2] : NULL;
3388 cmd_osu_select(&ctx, argv[optind + 1], 2, 1, NULL);
3389 } else if (strcmp(argv[optind], "signup") == 0) {
3390 ctx.ca_fname = argc > optind + 1 ? argv[optind + 1] : NULL;
3391 ret = cmd_signup(&ctx, no_prod_assoc, friendly_name);
3392 } else if (strcmp(argv[optind], "set_pps") == 0) {
3393 if (argc - optind < 2) {
3394 usage();
3395 exit(0);
3396 }
3397 cmd_set_pps(&ctx, argv[optind + 1]);
3398 } else if (strcmp(argv[optind], "get_fqdn") == 0) {
3399 if (argc - optind < 1) {
3400 usage();
3401 exit(0);
3402 }
3403 ret = cmd_get_fqdn(&ctx, argv[optind + 1]);
3404 } else if (strcmp(argv[optind], "oma_dm_prov") == 0) {
3405 if (argc - optind < 2) {
3406 usage();
3407 exit(0);
3408 }
3409 ctx.ca_fname = argv[optind + 2];
3410 cmd_oma_dm_prov(&ctx, argv[optind + 1]);
3411 } else if (strcmp(argv[optind], "oma_dm_sim_prov") == 0) {
3412 if (argc - optind < 2) {
3413 usage();
3414 exit(0);
3415 }
3416 ctx.ca_fname = argv[optind + 2];
3417 if (cmd_oma_dm_sim_prov(&ctx, argv[optind + 1]) < 0) {
3418 write_summary(&ctx, "Failed to complete OMA DM SIM provisioning");
3419 return -1;
3420 }
3421 } else if (strcmp(argv[optind], "oma_dm_add") == 0) {
3422 if (argc - optind < 2) {
3423 usage();
3424 exit(0);
3425 }
3426 cmd_oma_dm_add(&ctx, argv[optind + 1], argv[optind + 2]);
3427 } else if (strcmp(argv[optind], "oma_dm_replace") == 0) {
3428 if (argc - optind < 2) {
3429 usage();
3430 exit(0);
3431 }
3432 cmd_oma_dm_replace(&ctx, argv[optind + 1], argv[optind + 2]);
3433 } else if (strcmp(argv[optind], "est_csr") == 0) {
3434 if (argc - optind < 2) {
3435 usage();
3436 exit(0);
3437 }
3438 mkdir("Cert", S_IRWXU);
3439 est_build_csr(&ctx, argv[optind + 1]);
3440 } else if (strcmp(argv[optind], "browser") == 0) {
3441 int ret;
3442
3443 if (argc - optind < 2) {
3444 usage();
3445 exit(0);
3446 }
3447
3448 wpa_printf(MSG_INFO, "Launch web browser to URL %s",
3449 argv[optind + 1]);
3450 ret = hs20_web_browser(argv[optind + 1], ctx.ignore_tls);
3451 wpa_printf(MSG_INFO, "Web browser result: %d", ret);
3452 } else if (strcmp(argv[optind], "parse_cert") == 0) {
3453 if (argc - optind < 2) {
3454 usage();
3455 exit(0);
3456 }
3457
3458 wpa_debug_level = MSG_MSGDUMP;
3459 http_parse_x509_certificate(ctx.http, argv[optind + 1]);
3460 wpa_debug_level = MSG_INFO;
3461 } else {
3462 wpa_printf(MSG_INFO, "Unknown command '%s'", argv[optind]);
3463 }
3464
3465 deinit_ctx(&ctx);
3466 wpa_printf(MSG_DEBUG,
3467 "===[hs20-osu-client END ]======================");
3468
3469 wpa_debug_close_file();
3470
3471 return ret;
3472 }
3473