notify the AT_PERMANENT_ID_REQ is denied from peer.
Bug: 239710602
Test: atest VtsHalWifiSupplicantStaNetworkTargetTest
Change-Id: I02703a8df13c9b1a0be0854c4dbef1a13d3d122a
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index d23556d..a7dee37 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -3101,6 +3101,19 @@
return sm ? sm->eapKeyAvailable : 0;
}
+/**
+ * eap_notify_permanent_id_req_denied - Notify that the AT_PERMANENT_ID_REQ
+ * is denied from eap_peer when the strict conservative mode is enabled.
+ * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
+*/
+void eap_notify_permanent_id_req_denied(struct eap_sm *sm)
+{
+ if (!sm || !sm->eapol_cb->notify_permanent_id_req_denied)
+ return;
+
+ sm->eapol_cb->notify_permanent_id_req_denied(sm->eapol_ctx);
+}
+
/**
* eap_notify_success - Notify EAP state machine about external success trigger
diff --git a/src/eap_peer/eap.h b/src/eap_peer/eap.h
index 06654ce..8f83d0b 100644
--- a/src/eap_peer/eap.h
+++ b/src/eap_peer/eap.h
@@ -233,6 +233,15 @@
const char *cert_hash);
/**
+ * notify_permanent_id_req_denied - Notify that the
+ * AT_PERMANENT_ID_REQ from the server was denied. This
+ * notification happens when the peer is in strict
+ * conservative mode.
+ * @ctx: eapol_ctx from eap_peer_sm_init() call
+ */
+ void (*notify_permanent_id_req_denied)(void* ctx);
+
+ /**
* notify_status - Notification of the current EAP state
* @ctx: eapol_ctx from eap_peer_sm_init() call
* @status: Step in the process of EAP authentication
@@ -366,6 +375,7 @@
void eap_set_force_disabled(struct eap_sm *sm, int disabled);
void eap_set_external_sim(struct eap_sm *sm, int external_sim);
int eap_key_available(struct eap_sm *sm);
+void eap_notify_permanent_id_req_denied(struct eap_sm *sm);
void eap_notify_success(struct eap_sm *sm);
void eap_notify_lower_layer_success(struct eap_sm *sm);
const u8 * eap_get_eapSessionId(struct eap_sm *sm, size_t *len);
diff --git a/src/eap_peer/eap_aka.c b/src/eap_peer/eap_aka.c
index fc2b16f..49338cf 100644
--- a/src/eap_peer/eap_aka.c
+++ b/src/eap_peer/eap_aka.c
@@ -709,8 +709,9 @@
eap_aka_clear_identities(sm, data, CLEAR_REAUTH_ID);
} else if (id_req != NO_ID_REQ) {
if (id_req == PERMANENT_ID && eap_get_config_strict_conservative_peer_mode(sm)) {
- wpa_printf(MSG_INFO,
- "EAP-AKA: reject permanent identity in conservative peer mode");
+ wpa_printf(MSG_INFO, "EAP-AKA: permanent_id_req is denied in "
+ "the strict conservative peer mode");
+ eap_notify_permanent_id_req_denied(sm);
return eap_aka_client_error(data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET);
}
identity = eap_get_config_identity(sm, &identity_len);
diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h
index e28ebad..59fac90 100644
--- a/src/eap_peer/eap_config.h
+++ b/src/eap_peer/eap_config.h
@@ -342,10 +342,10 @@
* mode is enabled or not
*
* This field is used to handle the reponse of AT_PERMANENT_ID_REQ
- * for EAP-SIM/AKA/AKA', in convervative peer mode, a client error would
+ * for EAP-SIM/AKA/AKA', in conservative peer mode, a client error would
* be sent to the server, but it allows to send the permanent identity
* in some special cases according to 4.6.2 of RFC 4187; With the strict
- * mode, it never send the permanent identity to server for privacy concern.
+ * mode, it never sends the permanent identity to server for privacy concern.
*/
int strict_conservative_peer_mode;
diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c
index 0ccb9a8..6f18ebf 100644
--- a/src/eap_peer/eap_sim.c
+++ b/src/eap_peer/eap_sim.c
@@ -577,8 +577,9 @@
eap_sim_clear_identities(sm, data, CLEAR_REAUTH_ID);
} else if (id_req != NO_ID_REQ) {
if (id_req == PERMANENT_ID && eap_get_config_strict_conservative_peer_mode(sm)) {
- wpa_printf(MSG_INFO,
- "EAP-SIM: reject permanent identity in conservative peer mode");
+ wpa_printf(MSG_INFO, "EAP-SIM: permanent_id_req is denied in "
+ "the strict conservative peer mode");
+ eap_notify_permanent_id_req_denied(sm);
return eap_sim_client_error(data, id, EAP_SIM_UNABLE_TO_PROCESS_PACKET);
}
identity = eap_get_config_identity(sm, &identity_len);
diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index 6173960..a0bc6ab 100644
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@@ -2031,6 +2031,13 @@
sm->ctx->cert_cb(sm->ctx->ctx, cert, cert_hash);
}
+static void eapol_sm_notify_permanent_id_req_denied(void *ctx)
+{
+ struct eapol_sm *sm = ctx;
+ if (sm->ctx->permanent_id_req_denied_cb)
+ sm->ctx->permanent_id_req_denied_cb(sm->ctx->ctx);
+}
+
static void eapol_sm_notify_status(void *ctx, const char *status,
const char *parameter)
@@ -2118,6 +2125,7 @@
eapol_sm_notify_pending,
eapol_sm_eap_param_needed,
eapol_sm_notify_cert,
+ eapol_sm_notify_permanent_id_req_denied,
eapol_sm_notify_status,
eapol_sm_notify_eap_error,
#ifdef CONFIG_EAP_PROXY
diff --git a/src/eapol_supp/eapol_supp_sm.h b/src/eapol_supp/eapol_supp_sm.h
index bbe2b6f..ad94cf5 100644
--- a/src/eapol_supp/eapol_supp_sm.h
+++ b/src/eapol_supp/eapol_supp_sm.h
@@ -255,6 +255,14 @@
const char *cert_hash);
/**
+ * permanent_id_req_denied_cb - Notify that the AT_PERMANENT_ID_REQ
+ * from the server was denied. This notification happens when the
+ * peer is in the strict conservative mode.
+ * @ctx: Callback context (ctx)
+ */
+ void (*permanent_id_req_denied_cb)(void *ctx);
+
+ /**
* cert_in_cb - Include server certificates in callback
*/
int cert_in_cb;
diff --git a/wpa_supplicant/aidl/aidl.cpp b/wpa_supplicant/aidl/aidl.cpp
index a7945cc..78e3ea3 100644
--- a/wpa_supplicant/aidl/aidl.cpp
+++ b/wpa_supplicant/aidl/aidl.cpp
@@ -186,6 +186,21 @@
wpa_s, ssid, rtype, default_txt);
}
+void wpas_aidl_notify_permanent_id_req_denied(
+ struct wpa_supplicant *wpa_s)
+{
+ if (!wpa_s || !wpa_s->global->aidl)
+ return;
+
+ wpa_printf(MSG_DEBUG, "Notifying permanent_id_req denied to aidl control.");
+
+ AidlManager *aidl_manager = AidlManager::getInstance();
+ if (!aidl_manager)
+ return;
+
+ return aidl_manager->notifyPermanentIdReqDenied(wpa_s);
+}
+
void wpas_aidl_notify_anqp_query_done(
struct wpa_supplicant *wpa_s, const u8 *bssid, const char *result,
const struct wpa_bss_anqp *anqp)
diff --git a/wpa_supplicant/aidl/aidl.h b/wpa_supplicant/aidl/aidl.h
index 2f3c7a0..f646c73 100644
--- a/wpa_supplicant/aidl/aidl.h
+++ b/wpa_supplicant/aidl/aidl.h
@@ -37,6 +37,7 @@
int wpas_aidl_notify_network_request(
struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
enum wpa_ctrl_req_type rtype, const char *default_txt);
+ void wpas_aidl_notify_permanent_id_req_denied(struct wpa_supplicant *wpa_s);
void wpas_aidl_notify_anqp_query_done(
struct wpa_supplicant *wpa_s, const u8 *bssid, const char *result,
const struct wpa_bss_anqp *anqp);
@@ -171,6 +172,8 @@
{
return 0;
}
+static void wpas_aidl_notify_permanent_id_req_denied(struct wpa_supplicant *wpa_s)
+{}
static void wpas_aidl_notify_anqp_query_done(
struct wpa_supplicant *wpa_s, const u8 *bssid, const char *result,
const struct wpa_bss_anqp *anqp)
diff --git a/wpa_supplicant/aidl/aidl_manager.cpp b/wpa_supplicant/aidl/aidl_manager.cpp
index 33ad650..3c753b8 100644
--- a/wpa_supplicant/aidl/aidl_manager.cpp
+++ b/wpa_supplicant/aidl/aidl_manager.cpp
@@ -762,6 +762,30 @@
}
/**
+ * Notify that the AT_PERMANENT_ID_REQ is denied from eap_peer when the strict
+ * conservative peer mode is enabled.
+ *
+ * @param wpa_s |wpa_supplicant| struct corresponding to the interface on which
+ * the network is present.
+*/
+void AidlManager::notifyPermanentIdReqDenied(struct wpa_supplicant *wpa_s)
+{
+ if (!wpa_s->current_ssid) {
+ wpa_printf(MSG_ERROR, "Current network NULL. Drop permanent_id_req_denied event!");
+ return;
+ }
+ struct wpa_ssid *current_ssid = wpa_s->current_ssid;
+
+ callWithEachStaNetworkCallback(
+ misc_utils::charBufToString(wpa_s->ifname),
+ current_ssid->id,
+ std::bind(
+ &ISupplicantStaNetworkCallback::
+ onPermanentIdReqDenied,
+ std::placeholders::_1));
+}
+
+/**
* Notify all listeners about the end of an ANQP query.
*
* @param wpa_s |wpa_supplicant| struct corresponding to the interface.
diff --git a/wpa_supplicant/aidl/aidl_manager.h b/wpa_supplicant/aidl/aidl_manager.h
index 1ed6899..815ef22 100644
--- a/wpa_supplicant/aidl/aidl_manager.h
+++ b/wpa_supplicant/aidl/aidl_manager.h
@@ -61,6 +61,8 @@
int notifyNetworkRequest(
struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, int type,
const char *param);
+ void notifyPermanentIdReqDenied(
+ struct wpa_supplicant *wpa_s);
void notifyAnqpQueryDone(
struct wpa_supplicant *wpa_s, const u8 *bssid, const char *result,
const struct wpa_bss_anqp *anqp);
diff --git a/wpa_supplicant/notify.c b/wpa_supplicant/notify.c
index a544c94..53cd371 100644
--- a/wpa_supplicant/notify.c
+++ b/wpa_supplicant/notify.c
@@ -280,6 +280,12 @@
}
+void wpas_notify_permanent_id_req_denied(struct wpa_supplicant *wpa_s)
+{
+ wpas_aidl_notify_permanent_id_req_denied(wpa_s);
+}
+
+
void wpas_notify_scanning(struct wpa_supplicant *wpa_s)
{
if (wpa_s->p2p_mgmt)
diff --git a/wpa_supplicant/notify.h b/wpa_supplicant/notify.h
index 996be84..5cecf27 100644
--- a/wpa_supplicant/notify.h
+++ b/wpa_supplicant/notify.h
@@ -48,6 +48,7 @@
struct wpa_ssid *ssid,
enum wpa_ctrl_req_type rtype,
const char *default_txt);
+void wpas_notify_permanent_id_req_denied(struct wpa_supplicant *wpa_s);
void wpas_notify_scanning(struct wpa_supplicant *wpa_s);
void wpas_notify_scan_done(struct wpa_supplicant *wpa_s, int success);
void wpas_notify_scan_results(struct wpa_supplicant *wpa_s);
diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index e13ea8f..a733ae3 100644
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -1093,6 +1093,12 @@
wpa_drv_set_supp_port(wpa_s, authorized);
}
+static void wpa_supplicant_permanent_id_req_denied_cb(void *ctx)
+{
+ struct wpas_supplicant *wpa_s = ctx;
+
+ wpas_notify_permanent_id_req_denied(wpa_s);
+}
static void wpa_supplicant_cert_cb(void *ctx, struct tls_cert_data *cert,
const char *cert_hash)
@@ -1238,6 +1244,7 @@
ctx->port_cb = wpa_supplicant_port_cb;
ctx->cb = wpa_supplicant_eapol_cb;
ctx->cert_cb = wpa_supplicant_cert_cb;
+ ctx->permanent_id_req_denied_cb = wpa_supplicant_permanent_id_req_denied_cb;
ctx->cert_in_cb = wpa_s->conf->cert_in_cb;
ctx->status_cb = wpa_supplicant_status_cb;
ctx->eap_error_cb = wpa_supplicant_eap_error_cb;