Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / e2d2101160479023eb565eee9d126ff4b2b4ebe3 / . / hs20 / client / osu_client.c
blob: b0567039f4998d3684531ccef2cac8f81af1bc7f [file] [log] [blame]
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]1/*
2 * Hotspot 2.0 OSU client
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3 * Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "includes.h"
10#include <time.h>
11#include <sys/stat.h>
Dmitry Shmidt7f656022015-02-25 14:36:37 -0800[diff] [blame]12#ifdef ANDROID
13#include "private/android_filesystem_config.h"
14#endif /* ANDROID */
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]15
16#include "common.h"
17#include "utils/browser.h"
18#include "utils/base64.h"
19#include "utils/xml-utils.h"
20#include "utils/http-utils.h"
21#include "common/wpa_ctrl.h"
22#include "common/wpa_helpers.h"
23#include "eap_common/eap_defs.h"
24#include "crypto/crypto.h"
25#include "crypto/sha256.h"
26#include "osu_client.h"
27
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]28const char *spp_xsd_fname = "spp.xsd";
29
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]30
31void write_result(struct hs20_osu_client *ctx, const char *fmt, ...)
32{
33 va_list ap;
34 FILE *f;
35 char buf[500];
36
37 va_start(ap, fmt);
38 vsnprintf(buf, sizeof(buf), fmt, ap);
39 va_end(ap);
40 write_summary(ctx, "%s", buf);
41
42 if (!ctx->result_file)
43 return;
44
45 f = fopen(ctx->result_file, "w");
46 if (f == NULL)
47 return;
48
49 va_start(ap, fmt);
50 vfprintf(f, fmt, ap);
51 va_end(ap);
52 fprintf(f, "\n");
53 fclose(f);
54}
55
56
57void write_summary(struct hs20_osu_client *ctx, const char *fmt, ...)
58{
59 va_list ap;
60 FILE *f;
61
62 if (!ctx->summary_file)
63 return;
64
65 f = fopen(ctx->summary_file, "a");
66 if (f == NULL)
67 return;
68
69 va_start(ap, fmt);
70 vfprintf(f, fmt, ap);
71 va_end(ap);
72 fprintf(f, "\n");
73 fclose(f);
74}
75
76
77void debug_dump_node(struct hs20_osu_client *ctx, const char *title,
78 xml_node_t *node)
79{
80 char *str = xml_node_to_str(ctx->xml, node);
81 wpa_printf(MSG_DEBUG, "[hs20] %s: '%s'", title, str);
82 free(str);
83}
84
85
86static int valid_fqdn(const char *fqdn)
87{
88 const char *pos;
89
90 /* TODO: could make this more complete.. */
91 if (strchr(fqdn, '.') == 0 || strlen(fqdn) > 255)
92 return 0;
93 for (pos = fqdn; *pos; pos++) {
94 if (*pos >= 'a' && *pos <= 'z')
95 continue;
96 if (*pos >= 'A' && *pos <= 'Z')
97 continue;
98 if (*pos >= '0' && *pos <= '9')
99 continue;
100 if (*pos == '-' || *pos == '.' || *pos == '_')
101 continue;
102 return 0;
103 }
104 return 1;
105}
106
107
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]108static int android_update_permission(const char *path, mode_t mode)
109{
110#ifdef ANDROID
111 /* we need to change file/folder permission for Android */
112
113 if (!path) {
114 wpa_printf(MSG_ERROR, "file path null");
115 return -1;
116 }
117
118 /* Allow processes running with Group ID as AID_WIFI,
119 * to read files from SP, SP/<fqdn>, Cert and osu-info directories */
120 if (chown(path, -1, AID_WIFI)) {
121 wpa_printf(MSG_INFO, "CTRL: Could not chown directory: %s",
122 strerror(errno));
123 return -1;
124 }
125
126 if (chmod(path, mode) < 0) {
127 wpa_printf(MSG_INFO, "CTRL: Could not chmod directory: %s",
128 strerror(errno));
129 return -1;
130 }
131#endif /* ANDROID */
132
133 return 0;
134}
135
136
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]137int osu_get_certificate(struct hs20_osu_client *ctx, xml_node_t *getcert)
138{
139 xml_node_t *node;
140 char *url, *user = NULL, *pw = NULL;
141 char *proto;
142 int ret = -1;
143
144 proto = xml_node_get_attr_value(ctx->xml, getcert,
145 "enrollmentProtocol");
146 if (!proto)
147 return -1;
148 wpa_printf(MSG_INFO, "getCertificate - enrollmentProtocol=%s", proto);
149 write_summary(ctx, "getCertificate - enrollmentProtocol=%s", proto);
150 if (os_strcasecmp(proto, "EST") != 0) {
151 wpa_printf(MSG_INFO, "Unsupported enrollmentProtocol");
152 xml_node_get_attr_value_free(ctx->xml, proto);
153 return -1;
154 }
155 xml_node_get_attr_value_free(ctx->xml, proto);
156
157 node = get_node(ctx->xml, getcert, "enrollmentServerURI");
158 if (node == NULL) {
159 wpa_printf(MSG_INFO, "Could not find enrollmentServerURI node");
160 xml_node_get_attr_value_free(ctx->xml, proto);
161 return -1;
162 }
163 url = xml_node_get_text(ctx->xml, node);
164 if (url == NULL) {
165 wpa_printf(MSG_INFO, "Could not get URL text");
166 return -1;
167 }
168 wpa_printf(MSG_INFO, "enrollmentServerURI: %s", url);
169 write_summary(ctx, "enrollmentServerURI: %s", url);
170
171 node = get_node(ctx->xml, getcert, "estUserID");
172 if (node == NULL && !ctx->client_cert_present) {
173 wpa_printf(MSG_INFO, "Could not find estUserID node");
174 goto fail;
175 }
176 if (node) {
177 user = xml_node_get_text(ctx->xml, node);
178 if (user == NULL) {
179 wpa_printf(MSG_INFO, "Could not get estUserID text");
180 goto fail;
181 }
182 wpa_printf(MSG_INFO, "estUserID: %s", user);
183 write_summary(ctx, "estUserID: %s", user);
184 }
185
186 node = get_node(ctx->xml, getcert, "estPassword");
187 if (node == NULL && !ctx->client_cert_present) {
188 wpa_printf(MSG_INFO, "Could not find estPassword node");
189 goto fail;
190 }
191 if (node) {
192 pw = xml_node_get_base64_text(ctx->xml, node, NULL);
193 if (pw == NULL) {
194 wpa_printf(MSG_INFO, "Could not get estPassword text");
195 goto fail;
196 }
197 wpa_printf(MSG_INFO, "estPassword: %s", pw);
198 }
199
200 mkdir("Cert", S_IRWXU);
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]201 android_update_permission("Cert", S_IRWXU | S_IRWXG);
202
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]203 if (est_load_cacerts(ctx, url) < 0 ||
204 est_build_csr(ctx, url) < 0 ||
205 est_simple_enroll(ctx, url, user, pw) < 0)
206 goto fail;
207
208 ret = 0;
209fail:
210 xml_node_get_text_free(ctx->xml, url);
211 xml_node_get_text_free(ctx->xml, user);
212 xml_node_get_text_free(ctx->xml, pw);
213
214 return ret;
215}
216
217
218static int process_est_cert(struct hs20_osu_client *ctx, xml_node_t *cert,
219 const char *fqdn)
220{
221 u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
222 char *der, *pem;
223 size_t der_len, pem_len;
224 char *fingerprint;
225 char buf[200];
226
227 wpa_printf(MSG_INFO, "PPS for certificate credential - fqdn=%s", fqdn);
228
229 fingerprint = xml_node_get_text(ctx->xml, cert);
230 if (fingerprint == NULL)
231 return -1;
232 if (hexstr2bin(fingerprint, digest1, SHA256_MAC_LEN) < 0) {
233 wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
234 write_result(ctx, "Invalid client certificate SHA256 hash value in PPS");
235 xml_node_get_text_free(ctx->xml, fingerprint);
236 return -1;
237 }
238 xml_node_get_text_free(ctx->xml, fingerprint);
239
240 der = os_readfile("Cert/est_cert.der", &der_len);
241 if (der == NULL) {
242 wpa_printf(MSG_INFO, "Could not find client certificate from EST");
243 write_result(ctx, "Could not find client certificate from EST");
244 return -1;
245 }
246
247 if (sha256_vector(1, (const u8 **) &der, &der_len, digest2) < 0) {
248 os_free(der);
249 return -1;
250 }
251 os_free(der);
252
253 if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
254 wpa_printf(MSG_INFO, "Client certificate from EST does not match fingerprint from PPS MO");
255 write_result(ctx, "Client certificate from EST does not match fingerprint from PPS MO");
256 return -1;
257 }
258
259 wpa_printf(MSG_INFO, "Client certificate from EST matches PPS MO");
260 unlink("Cert/est_cert.der");
261
262 os_snprintf(buf, sizeof(buf), "SP/%s/client-ca.pem", fqdn);
263 if (rename("Cert/est-cacerts.pem", buf) < 0) {
264 wpa_printf(MSG_INFO, "Could not move est-cacerts.pem to client-ca.pem: %s",
265 strerror(errno));
266 return -1;
267 }
268 pem = os_readfile(buf, &pem_len);
269
270 os_snprintf(buf, sizeof(buf), "SP/%s/client-cert.pem", fqdn);
271 if (rename("Cert/est_cert.pem", buf) < 0) {
272 wpa_printf(MSG_INFO, "Could not move est_cert.pem to client-cert.pem: %s",
273 strerror(errno));
274 os_free(pem);
275 return -1;
276 }
277
278 if (pem) {
279 FILE *f = fopen(buf, "a");
280 if (f) {
281 fwrite(pem, pem_len, 1, f);
282 fclose(f);
283 }
284 os_free(pem);
285 }
286
287 os_snprintf(buf, sizeof(buf), "SP/%s/client-key.pem", fqdn);
288 if (rename("Cert/privkey-plain.pem", buf) < 0) {
289 wpa_printf(MSG_INFO, "Could not move privkey-plain.pem to client-key.pem: %s",
290 strerror(errno));
291 return -1;
292 }
293
294 unlink("Cert/est-req.b64");
295 unlink("Cert/est-req.pem");
296 unlink("Cert/est-resp.raw");
297 rmdir("Cert");
298
299 return 0;
300}
301
302
303#define TMP_CERT_DL_FILE "tmp-cert-download"
304
305static int download_cert(struct hs20_osu_client *ctx, xml_node_t *params,
306 const char *fname)
307{
308 xml_node_t *url_node, *hash_node;
309 char *url, *hash;
310 char *cert;
311 size_t len;
312 u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
313 int res;
314 unsigned char *b64;
315 FILE *f;
316
317 url_node = get_node(ctx->xml, params, "CertURL");
318 hash_node = get_node(ctx->xml, params, "CertSHA256Fingerprint");
319 if (url_node == NULL || hash_node == NULL)
320 return -1;
321 url = xml_node_get_text(ctx->xml, url_node);
322 hash = xml_node_get_text(ctx->xml, hash_node);
323 if (url == NULL || hash == NULL) {
324 xml_node_get_text_free(ctx->xml, url);
325 xml_node_get_text_free(ctx->xml, hash);
326 return -1;
327 }
328
329 wpa_printf(MSG_INFO, "CertURL: %s", url);
330 wpa_printf(MSG_INFO, "SHA256 hash: %s", hash);
331
332 if (hexstr2bin(hash, digest1, SHA256_MAC_LEN) < 0) {
333 wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
334 write_result(ctx, "Invalid SHA256 hash value for downloaded certificate");
335 xml_node_get_text_free(ctx->xml, hash);
336 return -1;
337 }
338 xml_node_get_text_free(ctx->xml, hash);
339
340 write_summary(ctx, "Download certificate from %s", url);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]341 ctx->no_osu_cert_validation = 1;
342 http_ocsp_set(ctx->http, 1);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]343 res = http_download_file(ctx->http, url, TMP_CERT_DL_FILE, NULL);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]344 http_ocsp_set(ctx->http,
345 (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
346 ctx->no_osu_cert_validation = 0;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]347 xml_node_get_text_free(ctx->xml, url);
348 if (res < 0)
349 return -1;
350
351 cert = os_readfile(TMP_CERT_DL_FILE, &len);
352 remove(TMP_CERT_DL_FILE);
353 if (cert == NULL)
354 return -1;
355
356 if (sha256_vector(1, (const u8 **) &cert, &len, digest2) < 0) {
357 os_free(cert);
358 return -1;
359 }
360
361 if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
362 wpa_printf(MSG_INFO, "Downloaded certificate fingerprint did not match");
363 write_result(ctx, "Downloaded certificate fingerprint did not match");
364 os_free(cert);
365 return -1;
366 }
367
368 b64 = base64_encode((unsigned char *) cert, len, NULL);
369 os_free(cert);
370 if (b64 == NULL)
371 return -1;
372
373 f = fopen(fname, "wb");
374 if (f == NULL) {
375 os_free(b64);
376 return -1;
377 }
378
379 fprintf(f, "-----BEGIN CERTIFICATE-----\n"
380 "%s"
381 "-----END CERTIFICATE-----\n",
382 b64);
383
384 os_free(b64);
385 fclose(f);
386
387 wpa_printf(MSG_INFO, "Downloaded certificate into %s and validated fingerprint",
388 fname);
389 write_summary(ctx, "Downloaded certificate into %s and validated fingerprint",
390 fname);
391
392 return 0;
393}
394
395
396static int cmd_dl_osu_ca(struct hs20_osu_client *ctx, const char *pps_fname,
397 const char *ca_fname)
398{
399 xml_node_t *pps, *node;
400 int ret;
401
402 pps = node_from_file(ctx->xml, pps_fname);
403 if (pps == NULL) {
404 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
405 return -1;
406 }
407
408 node = get_child_node(ctx->xml, pps,
409 "SubscriptionUpdate/TrustRoot");
410 if (node == NULL) {
411 wpa_printf(MSG_INFO, "No SubscriptionUpdate/TrustRoot/CertURL found from PPS");
412 xml_node_free(ctx->xml, pps);
413 return -1;
414 }
415
416 ret = download_cert(ctx, node, ca_fname);
417 xml_node_free(ctx->xml, pps);
418
419 return ret;
420}
421
422
423static int cmd_dl_polupd_ca(struct hs20_osu_client *ctx, const char *pps_fname,
424 const char *ca_fname)
425{
426 xml_node_t *pps, *node;
427 int ret;
428
429 pps = node_from_file(ctx->xml, pps_fname);
430 if (pps == NULL) {
431 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
432 return -1;
433 }
434
435 node = get_child_node(ctx->xml, pps,
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]436 "Policy/PolicyUpdate/TrustRoot");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]437 if (node == NULL) {
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]438 wpa_printf(MSG_INFO, "No Policy/PolicyUpdate/TrustRoot/CertURL found from PPS");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]439 xml_node_free(ctx->xml, pps);
440 return -1;
441 }
442
443 ret = download_cert(ctx, node, ca_fname);
444 xml_node_free(ctx->xml, pps);
445
446 return ret;
447}
448
449
450static int cmd_dl_aaa_ca(struct hs20_osu_client *ctx, const char *pps_fname,
451 const char *ca_fname)
452{
453 xml_node_t *pps, *node, *aaa;
454 int ret;
455
456 pps = node_from_file(ctx->xml, pps_fname);
457 if (pps == NULL) {
458 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
459 return -1;
460 }
461
462 node = get_child_node(ctx->xml, pps,
463 "AAAServerTrustRoot");
464 if (node == NULL) {
465 wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
466 xml_node_free(ctx->xml, pps);
467 return -1;
468 }
469
470 aaa = xml_node_first_child(ctx->xml, node);
471 if (aaa == NULL) {
472 wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
473 xml_node_free(ctx->xml, pps);
474 return -1;
475 }
476
477 ret = download_cert(ctx, aaa, ca_fname);
478 xml_node_free(ctx->xml, pps);
479
480 return ret;
481}
482
483
484static int download_trust_roots(struct hs20_osu_client *ctx,
485 const char *pps_fname)
486{
487 char *dir, *pos;
488 char fname[300];
489 int ret;
490
491 dir = os_strdup(pps_fname);
492 if (dir == NULL)
493 return -1;
494 pos = os_strrchr(dir, '/');
495 if (pos == NULL) {
496 os_free(dir);
497 return -1;
498 }
499 *pos = '\0';
500
501 snprintf(fname, sizeof(fname), "%s/ca.pem", dir);
502 ret = cmd_dl_osu_ca(ctx, pps_fname, fname);
503 snprintf(fname, sizeof(fname), "%s/polupd-ca.pem", dir);
504 cmd_dl_polupd_ca(ctx, pps_fname, fname);
505 snprintf(fname, sizeof(fname), "%s/aaa-ca.pem", dir);
506 cmd_dl_aaa_ca(ctx, pps_fname, fname);
507
508 os_free(dir);
509
510 return ret;
511}
512
513
514static int server_dnsname_suffix_match(struct hs20_osu_client *ctx,
515 const char *fqdn)
516{
517 size_t match_len, len, i;
518 const char *val;
519
520 match_len = os_strlen(fqdn);
521
522 for (i = 0; i < ctx->server_dnsname_count; i++) {
523 wpa_printf(MSG_INFO,
524 "Checking suffix match against server dNSName %s",
525 ctx->server_dnsname[i]);
526 val = ctx->server_dnsname[i];
527 len = os_strlen(val);
528
529 if (match_len > len)
530 continue;
531
532 if (os_strncasecmp(val + len - match_len, fqdn, match_len) != 0)
533 continue; /* no match */
534
535 if (match_len == len)
536 return 1; /* exact match */
537
538 if (val[len - match_len - 1] == '.')
539 return 1; /* full label match completes suffix match */
540
541 /* Reject due to incomplete label match */
542 }
543
544 /* None of the dNSName(s) matched */
545 return 0;
546}
547
548
549int hs20_add_pps_mo(struct hs20_osu_client *ctx, const char *uri,
550 xml_node_t *add_mo, char *fname, size_t fname_len)
551{
552 char *str;
553 char *fqdn, *pos;
554 xml_node_t *tnds, *mo, *cert;
555 const char *name;
556 int ret;
557
558 if (strncmp(uri, "./Wi-Fi/", 8) != 0) {
559 wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO: '%s'",
560 uri);
561 write_result(ctx, "Unsupported location for addMO to add PPS MO: '%s'",
562 uri);
563 return -1;
564 }
565
566 fqdn = strdup(uri + 8);
567 if (fqdn == NULL)
568 return -1;
569 pos = strchr(fqdn, '/');
570 if (pos) {
571 if (os_strcasecmp(pos, "/PerProviderSubscription") != 0) {
572 wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO (extra directory): '%s'",
573 uri);
574 write_result(ctx, "Unsupported location for addMO to "
575 "add PPS MO (extra directory): '%s'", uri);
Dmitry Shmidt41712582015-06-29 11:02:15 -0700[diff] [blame]576 free(fqdn);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]577 return -1;
578 }
579 *pos = '\0'; /* remove trailing slash and PPS node name */
580 }
581 wpa_printf(MSG_INFO, "SP FQDN: %s", fqdn);
582
583 if (!server_dnsname_suffix_match(ctx, fqdn)) {
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]584 wpa_printf(MSG_INFO,
585 "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values, count: %d",
586 fqdn, (int) ctx->server_dnsname_count);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]587 write_result(ctx, "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values",
588 fqdn);
589 free(fqdn);
590 return -1;
591 }
592
593 if (!valid_fqdn(fqdn)) {
594 wpa_printf(MSG_INFO, "Invalid FQDN '%s'", fqdn);
595 write_result(ctx, "Invalid FQDN '%s'", fqdn);
596 free(fqdn);
597 return -1;
598 }
599
600 mkdir("SP", S_IRWXU);
601 snprintf(fname, fname_len, "SP/%s", fqdn);
602 if (mkdir(fname, S_IRWXU) < 0) {
603 if (errno != EEXIST) {
604 int err = errno;
605 wpa_printf(MSG_INFO, "mkdir(%s) failed: %s",
606 fname, strerror(err));
607 free(fqdn);
608 return -1;
609 }
610 }
611
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]612 android_update_permission("SP", S_IRWXU | S_IRGRP | S_IXGRP);
613 android_update_permission(fname, S_IRWXU | S_IRGRP | S_IXGRP);
Dmitry Shmidt7f656022015-02-25 14:36:37 -0800[diff] [blame]614
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]615 snprintf(fname, fname_len, "SP/%s/pps.xml", fqdn);
616
617 if (os_file_exists(fname)) {
618 wpa_printf(MSG_INFO, "PPS file '%s' exists - reject addMO",
619 fname);
620 write_result(ctx, "PPS file '%s' exists - reject addMO",
621 fname);
622 free(fqdn);
623 return -2;
624 }
625 wpa_printf(MSG_INFO, "Using PPS file: %s", fname);
626
627 str = xml_node_get_text(ctx->xml, add_mo);
628 if (str == NULL) {
629 wpa_printf(MSG_INFO, "Could not extract MO text");
630 free(fqdn);
631 return -1;
632 }
633 wpa_printf(MSG_DEBUG, "[hs20] addMO text: '%s'", str);
634
635 tnds = xml_node_from_buf(ctx->xml, str);
636 xml_node_get_text_free(ctx->xml, str);
637 if (tnds == NULL) {
638 wpa_printf(MSG_INFO, "[hs20] Could not parse addMO text");
639 free(fqdn);
640 return -1;
641 }
642
643 mo = tnds_to_mo(ctx->xml, tnds);
644 if (mo == NULL) {
645 wpa_printf(MSG_INFO, "[hs20] Could not parse addMO TNDS text");
646 free(fqdn);
647 return -1;
648 }
649
650 debug_dump_node(ctx, "Parsed TNDS", mo);
651
652 name = xml_node_get_localname(ctx->xml, mo);
653 if (os_strcasecmp(name, "PerProviderSubscription") != 0) {
654 wpa_printf(MSG_INFO, "[hs20] Unexpected PPS MO root node name '%s'",
655 name);
656 free(fqdn);
657 return -1;
658 }
659
660 cert = get_child_node(ctx->xml, mo,
661 "Credential/DigitalCertificate/"
662 "CertSHA256Fingerprint");
663 if (cert && process_est_cert(ctx, cert, fqdn) < 0) {
664 xml_node_free(ctx->xml, mo);
665 free(fqdn);
666 return -1;
667 }
668 free(fqdn);
669
670 if (node_to_file(ctx->xml, fname, mo) < 0) {
671 wpa_printf(MSG_INFO, "Could not write MO to file");
672 xml_node_free(ctx->xml, mo);
673 return -1;
674 }
675 xml_node_free(ctx->xml, mo);
676
677 wpa_printf(MSG_INFO, "A new PPS MO added as '%s'", fname);
678 write_summary(ctx, "A new PPS MO added as '%s'", fname);
679
680 ret = download_trust_roots(ctx, fname);
681 if (ret < 0) {
682 wpa_printf(MSG_INFO, "Remove invalid PPS MO file");
683 write_summary(ctx, "Remove invalid PPS MO file");
684 unlink(fname);
685 }
686
687 return ret;
688}
689
690
691int update_pps_file(struct hs20_osu_client *ctx, const char *pps_fname,
692 xml_node_t *pps)
693{
694 char *str;
695 FILE *f;
696 char backup[300];
697
698 if (ctx->client_cert_present) {
699 xml_node_t *cert;
700 cert = get_child_node(ctx->xml, pps,
701 "Credential/DigitalCertificate/"
702 "CertSHA256Fingerprint");
703 if (cert && os_file_exists("Cert/est_cert.der") &&
704 process_est_cert(ctx, cert, ctx->fqdn) < 0) {
705 wpa_printf(MSG_INFO, "EST certificate update processing failed on PPS MO update");
706 return -1;
707 }
708 }
709
710 wpa_printf(MSG_INFO, "Updating PPS MO %s", pps_fname);
711
712 str = xml_node_to_str(ctx->xml, pps);
Dmitry Shmidt7f656022015-02-25 14:36:37 -0800[diff] [blame]713 if (str == NULL) {
714 wpa_printf(MSG_ERROR, "No node found");
715 return -1;
716 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]717 wpa_printf(MSG_MSGDUMP, "[hs20] Updated PPS: '%s'", str);
718
719 snprintf(backup, sizeof(backup), "%s.bak", pps_fname);
720 rename(pps_fname, backup);
721 f = fopen(pps_fname, "w");
722 if (f == NULL) {
723 wpa_printf(MSG_INFO, "Could not write PPS");
724 rename(backup, pps_fname);
725 free(str);
726 return -1;
727 }
728 fprintf(f, "%s\n", str);
729 fclose(f);
730
731 free(str);
732
733 return 0;
734}
735
736
737void get_user_pw(struct hs20_osu_client *ctx, xml_node_t *pps,
738 const char *alt_loc, char **user, char **pw)
739{
740 xml_node_t *node;
741
742 node = get_child_node(ctx->xml, pps,
743 "Credential/UsernamePassword/Username");
744 if (node)
745 *user = xml_node_get_text(ctx->xml, node);
746
747 node = get_child_node(ctx->xml, pps,
748 "Credential/UsernamePassword/Password");
749 if (node)
750 *pw = xml_node_get_base64_text(ctx->xml, node, NULL);
751
752 node = get_child_node(ctx->xml, pps, alt_loc);
753 if (node) {
754 xml_node_t *a;
755 a = get_node(ctx->xml, node, "Username");
756 if (a) {
757 xml_node_get_text_free(ctx->xml, *user);
758 *user = xml_node_get_text(ctx->xml, a);
759 wpa_printf(MSG_INFO, "Use OSU username '%s'", *user);
760 }
761
762 a = get_node(ctx->xml, node, "Password");
763 if (a) {
764 free(*pw);
765 *pw = xml_node_get_base64_text(ctx->xml, a, NULL);
766 wpa_printf(MSG_INFO, "Use OSU password");
767 }
768 }
769}
770
771
772/* Remove old credentials based on HomeSP/FQDN */
773static void remove_sp_creds(struct hs20_osu_client *ctx, const char *fqdn)
774{
775 char cmd[300];
776 os_snprintf(cmd, sizeof(cmd), "REMOVE_CRED provisioning_sp=%s", fqdn);
777 if (wpa_command(ctx->ifname, cmd) < 0)
778 wpa_printf(MSG_INFO, "Failed to remove old credential(s)");
779}
780
781
782static void set_pps_cred_policy_spe(struct hs20_osu_client *ctx, int id,
783 xml_node_t *spe)
784{
785 xml_node_t *ssid;
786 char *txt;
787
788 ssid = get_node(ctx->xml, spe, "SSID");
789 if (ssid == NULL)
790 return;
791 txt = xml_node_get_text(ctx->xml, ssid);
792 if (txt == NULL)
793 return;
794 wpa_printf(MSG_DEBUG, "- Policy/SPExclusionList/<X+>/SSID = %s", txt);
795 if (set_cred_quoted(ctx->ifname, id, "excluded_ssid", txt) < 0)
796 wpa_printf(MSG_INFO, "Failed to set cred excluded_ssid");
797 xml_node_get_text_free(ctx->xml, txt);
798}
799
800
801static void set_pps_cred_policy_spel(struct hs20_osu_client *ctx, int id,
802 xml_node_t *spel)
803{
804 xml_node_t *child;
805
806 xml_node_for_each_child(ctx->xml, child, spel) {
807 xml_node_for_each_check(ctx->xml, child);
808 set_pps_cred_policy_spe(ctx, id, child);
809 }
810}
811
812
813static void set_pps_cred_policy_prp(struct hs20_osu_client *ctx, int id,
814 xml_node_t *prp)
815{
816 xml_node_t *node;
817 char *txt = NULL, *pos;
818 char *prio, *country_buf = NULL;
819 const char *country;
820 char val[200];
821 int priority;
822
823 node = get_node(ctx->xml, prp, "Priority");
824 if (node == NULL)
825 return;
826 prio = xml_node_get_text(ctx->xml, node);
827 if (prio == NULL)
828 return;
829 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Priority = %s",
830 prio);
831 priority = atoi(prio);
832 xml_node_get_text_free(ctx->xml, prio);
833
834 node = get_node(ctx->xml, prp, "Country");
835 if (node) {
836 country_buf = xml_node_get_text(ctx->xml, node);
837 if (country_buf == NULL)
838 return;
839 country = country_buf;
840 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Country = %s",
841 country);
842 } else {
843 country = "*";
844 }
845
846 node = get_node(ctx->xml, prp, "FQDN_Match");
847 if (node == NULL)
848 goto out;
849 txt = xml_node_get_text(ctx->xml, node);
850 if (txt == NULL)
851 goto out;
852 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/FQDN_Match = %s",
853 txt);
854 pos = strrchr(txt, ',');
855 if (pos == NULL)
856 goto out;
857 *pos++ = '\0';
858
859 snprintf(val, sizeof(val), "%s,%d,%d,%s", txt,
860 strcmp(pos, "includeSubdomains") != 0, priority, country);
861 if (set_cred_quoted(ctx->ifname, id, "roaming_partner", val) < 0)
862 wpa_printf(MSG_INFO, "Failed to set cred roaming_partner");
863out:
864 xml_node_get_text_free(ctx->xml, country_buf);
865 xml_node_get_text_free(ctx->xml, txt);
866}
867
868
869static void set_pps_cred_policy_prpl(struct hs20_osu_client *ctx, int id,
870 xml_node_t *prpl)
871{
872 xml_node_t *child;
873
874 xml_node_for_each_child(ctx->xml, child, prpl) {
875 xml_node_for_each_check(ctx->xml, child);
876 set_pps_cred_policy_prp(ctx, id, child);
877 }
878}
879
880
881static void set_pps_cred_policy_min_backhaul(struct hs20_osu_client *ctx, int id,
882 xml_node_t *min_backhaul)
883{
884 xml_node_t *node;
885 char *type, *dl = NULL, *ul = NULL;
886 int home;
887
888 node = get_node(ctx->xml, min_backhaul, "NetworkType");
889 if (node == NULL) {
890 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without mandatory NetworkType node");
891 return;
892 }
893
894 type = xml_node_get_text(ctx->xml, node);
895 if (type == NULL)
896 return;
897 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/NetworkType = %s",
898 type);
899 if (os_strcasecmp(type, "home") == 0)
900 home = 1;
901 else if (os_strcasecmp(type, "roaming") == 0)
902 home = 0;
903 else {
904 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold with invalid NetworkType");
905 xml_node_get_text_free(ctx->xml, type);
906 return;
907 }
908 xml_node_get_text_free(ctx->xml, type);
909
910 node = get_node(ctx->xml, min_backhaul, "DLBandwidth");
911 if (node)
912 dl = xml_node_get_text(ctx->xml, node);
913
914 node = get_node(ctx->xml, min_backhaul, "ULBandwidth");
915 if (node)
916 ul = xml_node_get_text(ctx->xml, node);
917
918 if (dl == NULL && ul == NULL) {
919 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without either DLBandwidth or ULBandwidth nodes");
920 return;
921 }
922
923 if (dl)
924 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/DLBandwidth = %s",
925 dl);
926 if (ul)
927 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/ULBandwidth = %s",
928 ul);
929
930 if (home) {
931 if (dl &&
932 set_cred(ctx->ifname, id, "min_dl_bandwidth_home", dl) < 0)
933 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
934 if (ul &&
935 set_cred(ctx->ifname, id, "min_ul_bandwidth_home", ul) < 0)
936 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
937 } else {
938 if (dl &&
939 set_cred(ctx->ifname, id, "min_dl_bandwidth_roaming", dl) <
940 0)
941 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
942 if (ul &&
943 set_cred(ctx->ifname, id, "min_ul_bandwidth_roaming", ul) <
944 0)
945 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
946 }
947
948 xml_node_get_text_free(ctx->xml, dl);
949 xml_node_get_text_free(ctx->xml, ul);
950}
951
952
953static void set_pps_cred_policy_min_backhaul_list(struct hs20_osu_client *ctx,
954 int id, xml_node_t *node)
955{
956 xml_node_t *child;
957
958 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold");
959
960 xml_node_for_each_child(ctx->xml, child, node) {
961 xml_node_for_each_check(ctx->xml, child);
962 set_pps_cred_policy_min_backhaul(ctx, id, child);
963 }
964}
965
966
967static void set_pps_cred_policy_update(struct hs20_osu_client *ctx, int id,
968 xml_node_t *node)
969{
970 wpa_printf(MSG_INFO, "- Policy/PolicyUpdate");
971 /* Not used in wpa_supplicant */
972}
973
974
975static void set_pps_cred_policy_required_proto_port(struct hs20_osu_client *ctx,
976 int id, xml_node_t *tuple)
977{
978 xml_node_t *node;
979 char *proto, *port;
980 char *buf;
981 size_t buflen;
982
983 node = get_node(ctx->xml, tuple, "IPProtocol");
984 if (node == NULL) {
985 wpa_printf(MSG_INFO, "Ignore RequiredProtoPortTuple without mandatory IPProtocol node");
986 return;
987 }
988
989 proto = xml_node_get_text(ctx->xml, node);
990 if (proto == NULL)
991 return;
992
993 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/IPProtocol = %s",
994 proto);
995
996 node = get_node(ctx->xml, tuple, "PortNumber");
997 port = node ? xml_node_get_text(ctx->xml, node) : NULL;
998 if (port) {
999 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/PortNumber = %s",
1000 port);
1001 buflen = os_strlen(proto) + os_strlen(port) + 10;
1002 buf = os_malloc(buflen);
1003 if (buf)
1004 os_snprintf(buf, buflen, "%s:%s", proto, port);
1005 xml_node_get_text_free(ctx->xml, port);
1006 } else {
1007 buflen = os_strlen(proto) + 10;
1008 buf = os_malloc(buflen);
1009 if (buf)
1010 os_snprintf(buf, buflen, "%s", proto);
1011 }
1012
1013 xml_node_get_text_free(ctx->xml, proto);
1014
1015 if (buf == NULL)
1016 return;
1017
1018 if (set_cred(ctx->ifname, id, "req_conn_capab", buf) < 0)
1019 wpa_printf(MSG_INFO, "Could not set req_conn_capab");
1020
1021 os_free(buf);
1022}
1023
1024
1025static void set_pps_cred_policy_required_proto_ports(struct hs20_osu_client *ctx,
1026 int id, xml_node_t *node)
1027{
1028 xml_node_t *child;
1029
1030 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple");
1031
1032 xml_node_for_each_child(ctx->xml, child, node) {
1033 xml_node_for_each_check(ctx->xml, child);
1034 set_pps_cred_policy_required_proto_port(ctx, id, child);
1035 }
1036}
1037
1038
1039static void set_pps_cred_policy_max_bss_load(struct hs20_osu_client *ctx, int id,
1040 xml_node_t *node)
1041{
1042 char *str = xml_node_get_text(ctx->xml, node);
1043 if (str == NULL)
1044 return;
1045 wpa_printf(MSG_INFO, "- Policy/MaximumBSSLoadValue - %s", str);
1046 if (set_cred(ctx->ifname, id, "max_bss_load", str) < 0)
1047 wpa_printf(MSG_INFO, "Failed to set cred max_bss_load limit");
1048 xml_node_get_text_free(ctx->xml, str);
1049}
1050
1051
1052static void set_pps_cred_policy(struct hs20_osu_client *ctx, int id,
1053 xml_node_t *node)
1054{
1055 xml_node_t *child;
1056 const char *name;
1057
1058 wpa_printf(MSG_INFO, "- Policy");
1059
1060 xml_node_for_each_child(ctx->xml, child, node) {
1061 xml_node_for_each_check(ctx->xml, child);
1062 name = xml_node_get_localname(ctx->xml, child);
1063 if (os_strcasecmp(name, "PreferredRoamingPartnerList") == 0)
1064 set_pps_cred_policy_prpl(ctx, id, child);
1065 else if (os_strcasecmp(name, "MinBackhaulThreshold") == 0)
1066 set_pps_cred_policy_min_backhaul_list(ctx, id, child);
1067 else if (os_strcasecmp(name, "PolicyUpdate") == 0)
1068 set_pps_cred_policy_update(ctx, id, child);
1069 else if (os_strcasecmp(name, "SPExclusionList") == 0)
1070 set_pps_cred_policy_spel(ctx, id, child);
1071 else if (os_strcasecmp(name, "RequiredProtoPortTuple") == 0)
1072 set_pps_cred_policy_required_proto_ports(ctx, id, child);
1073 else if (os_strcasecmp(name, "MaximumBSSLoadValue") == 0)
1074 set_pps_cred_policy_max_bss_load(ctx, id, child);
1075 else
1076 wpa_printf(MSG_INFO, "Unknown Policy node '%s'", name);
1077 }
1078}
1079
1080
1081static void set_pps_cred_priority(struct hs20_osu_client *ctx, int id,
1082 xml_node_t *node)
1083{
1084 char *str = xml_node_get_text(ctx->xml, node);
1085 if (str == NULL)
1086 return;
1087 wpa_printf(MSG_INFO, "- CredentialPriority = %s", str);
1088 if (set_cred(ctx->ifname, id, "sp_priority", str) < 0)
1089 wpa_printf(MSG_INFO, "Failed to set cred sp_priority");
1090 xml_node_get_text_free(ctx->xml, str);
1091}
1092
1093
1094static void set_pps_cred_aaa_server_trust_root(struct hs20_osu_client *ctx,
1095 int id, xml_node_t *node)
1096{
1097 wpa_printf(MSG_INFO, "- AAAServerTrustRoot - TODO");
1098}
1099
1100
1101static void set_pps_cred_sub_update(struct hs20_osu_client *ctx, int id,
1102 xml_node_t *node)
1103{
1104 wpa_printf(MSG_INFO, "- SubscriptionUpdate");
1105 /* not used within wpa_supplicant */
1106}
1107
1108
1109static void set_pps_cred_home_sp_network_id(struct hs20_osu_client *ctx,
1110 int id, xml_node_t *node)
1111{
1112 xml_node_t *ssid_node, *hessid_node;
1113 char *ssid, *hessid;
1114
1115 ssid_node = get_node(ctx->xml, node, "SSID");
1116 if (ssid_node == NULL) {
1117 wpa_printf(MSG_INFO, "Ignore HomeSP/NetworkID without mandatory SSID node");
1118 return;
1119 }
1120
1121 hessid_node = get_node(ctx->xml, node, "HESSID");
1122
1123 ssid = xml_node_get_text(ctx->xml, ssid_node);
1124 if (ssid == NULL)
1125 return;
1126 hessid = hessid_node ? xml_node_get_text(ctx->xml, hessid_node) : NULL;
1127
1128 wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/SSID = %s", ssid);
1129 if (hessid)
1130 wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/HESSID = %s",
1131 hessid);
1132
1133 /* TODO: Configure to wpa_supplicant */
1134
1135 xml_node_get_text_free(ctx->xml, ssid);
1136 xml_node_get_text_free(ctx->xml, hessid);
1137}
1138
1139
1140static void set_pps_cred_home_sp_network_ids(struct hs20_osu_client *ctx,
1141 int id, xml_node_t *node)
1142{
1143 xml_node_t *child;
1144
1145 wpa_printf(MSG_INFO, "- HomeSP/NetworkID");
1146
1147 xml_node_for_each_child(ctx->xml, child, node) {
1148 xml_node_for_each_check(ctx->xml, child);
1149 set_pps_cred_home_sp_network_id(ctx, id, child);
1150 }
1151}
1152
1153
1154static void set_pps_cred_home_sp_friendly_name(struct hs20_osu_client *ctx,
1155 int id, xml_node_t *node)
1156{
1157 char *str = xml_node_get_text(ctx->xml, node);
1158 if (str == NULL)
1159 return;
1160 wpa_printf(MSG_INFO, "- HomeSP/FriendlyName = %s", str);
1161 /* not used within wpa_supplicant(?) */
1162 xml_node_get_text_free(ctx->xml, str);
1163}
1164
1165
1166static void set_pps_cred_home_sp_icon_url(struct hs20_osu_client *ctx,
1167 int id, xml_node_t *node)
1168{
1169 char *str = xml_node_get_text(ctx->xml, node);
1170 if (str == NULL)
1171 return;
1172 wpa_printf(MSG_INFO, "- HomeSP/IconURL = %s", str);
1173 /* not used within wpa_supplicant */
1174 xml_node_get_text_free(ctx->xml, str);
1175}
1176
1177
1178static void set_pps_cred_home_sp_fqdn(struct hs20_osu_client *ctx, int id,
1179 xml_node_t *node)
1180{
1181 char *str = xml_node_get_text(ctx->xml, node);
1182 if (str == NULL)
1183 return;
1184 wpa_printf(MSG_INFO, "- HomeSP/FQDN = %s", str);
1185 if (set_cred_quoted(ctx->ifname, id, "domain", str) < 0)
1186 wpa_printf(MSG_INFO, "Failed to set cred domain");
1187 if (set_cred_quoted(ctx->ifname, id, "domain_suffix_match", str) < 0)
1188 wpa_printf(MSG_INFO, "Failed to set cred domain_suffix_match");
1189 xml_node_get_text_free(ctx->xml, str);
1190}
1191
1192
1193static void set_pps_cred_home_sp_oi(struct hs20_osu_client *ctx, int id,
1194 xml_node_t *node)
1195{
1196 xml_node_t *child;
1197 const char *name;
1198 char *homeoi = NULL;
1199 int required = 0;
1200 char *str;
1201
1202 xml_node_for_each_child(ctx->xml, child, node) {
1203 xml_node_for_each_check(ctx->xml, child);
1204 name = xml_node_get_localname(ctx->xml, child);
1205 if (strcasecmp(name, "HomeOI") == 0 && !homeoi) {
1206 homeoi = xml_node_get_text(ctx->xml, child);
1207 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOI = %s",
1208 homeoi);
1209 } else if (strcasecmp(name, "HomeOIRequired") == 0) {
1210 str = xml_node_get_text(ctx->xml, child);
1211 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOIRequired = '%s'",
1212 str);
1213 if (str == NULL)
1214 continue;
1215 required = strcasecmp(str, "true") == 0;
1216 xml_node_get_text_free(ctx->xml, str);
1217 } else
1218 wpa_printf(MSG_INFO, "Unknown HomeOIList node '%s'",
1219 name);
1220 }
1221
1222 if (homeoi == NULL) {
1223 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> without HomeOI ignored");
1224 return;
1225 }
1226
1227 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> '%s' required=%d",
1228 homeoi, required);
1229
1230 if (required) {
1231 if (set_cred(ctx->ifname, id, "required_roaming_consortium",
1232 homeoi) < 0)
1233 wpa_printf(MSG_INFO, "Failed to set cred required_roaming_consortium");
1234 } else {
1235 if (set_cred_quoted(ctx->ifname, id, "roaming_consortium",
1236 homeoi) < 0)
1237 wpa_printf(MSG_INFO, "Failed to set cred roaming_consortium");
1238 }
1239
1240 xml_node_get_text_free(ctx->xml, homeoi);
1241}
1242
1243
1244static void set_pps_cred_home_sp_oi_list(struct hs20_osu_client *ctx, int id,
1245 xml_node_t *node)
1246{
1247 xml_node_t *child;
1248
1249 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList");
1250
1251 xml_node_for_each_child(ctx->xml, child, node) {
1252 xml_node_for_each_check(ctx->xml, child);
1253 set_pps_cred_home_sp_oi(ctx, id, child);
1254 }
1255}
1256
1257
1258static void set_pps_cred_home_sp_other_partner(struct hs20_osu_client *ctx,
1259 int id, xml_node_t *node)
1260{
1261 xml_node_t *child;
1262 const char *name;
1263 char *fqdn = NULL;
1264
1265 xml_node_for_each_child(ctx->xml, child, node) {
1266 xml_node_for_each_check(ctx->xml, child);
1267 name = xml_node_get_localname(ctx->xml, child);
1268 if (os_strcasecmp(name, "FQDN") == 0 && !fqdn) {
1269 fqdn = xml_node_get_text(ctx->xml, child);
1270 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+>/FQDN = %s",
1271 fqdn);
1272 } else
1273 wpa_printf(MSG_INFO, "Unknown OtherHomePartners node '%s'",
1274 name);
1275 }
1276
1277 if (fqdn == NULL) {
1278 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+> without FQDN ignored");
1279 return;
1280 }
1281
1282 if (set_cred_quoted(ctx->ifname, id, "domain", fqdn) < 0)
1283 wpa_printf(MSG_INFO, "Failed to set cred domain for OtherHomePartners node");
1284
1285 xml_node_get_text_free(ctx->xml, fqdn);
1286}
1287
1288
1289static void set_pps_cred_home_sp_other_partners(struct hs20_osu_client *ctx,
1290 int id,
1291 xml_node_t *node)
1292{
1293 xml_node_t *child;
1294
1295 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners");
1296
1297 xml_node_for_each_child(ctx->xml, child, node) {
1298 xml_node_for_each_check(ctx->xml, child);
1299 set_pps_cred_home_sp_other_partner(ctx, id, child);
1300 }
1301}
1302
1303
1304static void set_pps_cred_home_sp_roaming_consortium_oi(
1305 struct hs20_osu_client *ctx, int id, xml_node_t *node)
1306{
1307 char *str = xml_node_get_text(ctx->xml, node);
1308 if (str == NULL)
1309 return;
1310 wpa_printf(MSG_INFO, "- HomeSP/RoamingConsortiumOI = %s", str);
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]1311 if (set_cred_quoted(ctx->ifname, id, "roaming_consortiums",
1312 str) < 0)
1313 wpa_printf(MSG_INFO, "Failed to set cred roaming_consortiums");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]1314 xml_node_get_text_free(ctx->xml, str);
1315}
1316
1317
1318static void set_pps_cred_home_sp(struct hs20_osu_client *ctx, int id,
1319 xml_node_t *node)
1320{
1321 xml_node_t *child;
1322 const char *name;
1323
1324 wpa_printf(MSG_INFO, "- HomeSP");
1325
1326 xml_node_for_each_child(ctx->xml, child, node) {
1327 xml_node_for_each_check(ctx->xml, child);
1328 name = xml_node_get_localname(ctx->xml, child);
1329 if (os_strcasecmp(name, "NetworkID") == 0)
1330 set_pps_cred_home_sp_network_ids(ctx, id, child);
1331 else if (os_strcasecmp(name, "FriendlyName") == 0)
1332 set_pps_cred_home_sp_friendly_name(ctx, id, child);
1333 else if (os_strcasecmp(name, "IconURL") == 0)
1334 set_pps_cred_home_sp_icon_url(ctx, id, child);
1335 else if (os_strcasecmp(name, "FQDN") == 0)
1336 set_pps_cred_home_sp_fqdn(ctx, id, child);
1337 else if (os_strcasecmp(name, "HomeOIList") == 0)
1338 set_pps_cred_home_sp_oi_list(ctx, id, child);
1339 else if (os_strcasecmp(name, "OtherHomePartners") == 0)
1340 set_pps_cred_home_sp_other_partners(ctx, id, child);
1341 else if (os_strcasecmp(name, "RoamingConsortiumOI") == 0)
1342 set_pps_cred_home_sp_roaming_consortium_oi(ctx, id,
1343 child);
1344 else
1345 wpa_printf(MSG_INFO, "Unknown HomeSP node '%s'", name);
1346 }
1347}
1348
1349
1350static void set_pps_cred_sub_params(struct hs20_osu_client *ctx, int id,
1351 xml_node_t *node)
1352{
1353 wpa_printf(MSG_INFO, "- SubscriptionParameters");
1354 /* not used within wpa_supplicant */
1355}
1356
1357
1358static void set_pps_cred_creation_date(struct hs20_osu_client *ctx, int id,
1359 xml_node_t *node)
1360{
1361 char *str = xml_node_get_text(ctx->xml, node);
1362 if (str == NULL)
1363 return;
1364 wpa_printf(MSG_INFO, "- Credential/CreationDate = %s", str);
1365 /* not used within wpa_supplicant */
1366 xml_node_get_text_free(ctx->xml, str);
1367}
1368
1369
1370static void set_pps_cred_expiration_date(struct hs20_osu_client *ctx, int id,
1371 xml_node_t *node)
1372{
1373 char *str = xml_node_get_text(ctx->xml, node);
1374 if (str == NULL)
1375 return;
1376 wpa_printf(MSG_INFO, "- Credential/ExpirationDate = %s", str);
1377 /* not used within wpa_supplicant */
1378 xml_node_get_text_free(ctx->xml, str);
1379}
1380
1381
1382static void set_pps_cred_username(struct hs20_osu_client *ctx, int id,
1383 xml_node_t *node)
1384{
1385 char *str = xml_node_get_text(ctx->xml, node);
1386 if (str == NULL)
1387 return;
1388 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Username = %s",
1389 str);
1390 if (set_cred_quoted(ctx->ifname, id, "username", str) < 0)
1391 wpa_printf(MSG_INFO, "Failed to set cred username");
1392 xml_node_get_text_free(ctx->xml, str);
1393}
1394
1395
1396static void set_pps_cred_password(struct hs20_osu_client *ctx, int id,
1397 xml_node_t *node)
1398{
1399 int len, i;
1400 char *pw, *hex, *pos, *end;
1401
1402 pw = xml_node_get_base64_text(ctx->xml, node, &len);
1403 if (pw == NULL)
1404 return;
1405
1406 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Password = %s", pw);
1407
1408 hex = malloc(len * 2 + 1);
1409 if (hex == NULL) {
1410 free(pw);
1411 return;
1412 }
1413 end = hex + len * 2 + 1;
1414 pos = hex;
1415 for (i = 0; i < len; i++) {
1416 snprintf(pos, end - pos, "%02x", pw[i]);
1417 pos += 2;
1418 }
1419 free(pw);
1420
1421 if (set_cred(ctx->ifname, id, "password", hex) < 0)
1422 wpa_printf(MSG_INFO, "Failed to set cred password");
1423 free(hex);
1424}
1425
1426
1427static void set_pps_cred_machine_managed(struct hs20_osu_client *ctx, int id,
1428 xml_node_t *node)
1429{
1430 char *str = xml_node_get_text(ctx->xml, node);
1431 if (str == NULL)
1432 return;
1433 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/MachineManaged = %s",
1434 str);
1435 /* not used within wpa_supplicant */
1436 xml_node_get_text_free(ctx->xml, str);
1437}
1438
1439
1440static void set_pps_cred_soft_token_app(struct hs20_osu_client *ctx, int id,
1441 xml_node_t *node)
1442{
1443 char *str = xml_node_get_text(ctx->xml, node);
1444 if (str == NULL)
1445 return;
1446 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/SoftTokenApp = %s",
1447 str);
1448 /* not used within wpa_supplicant */
1449 xml_node_get_text_free(ctx->xml, str);
1450}
1451
1452
1453static void set_pps_cred_able_to_share(struct hs20_osu_client *ctx, int id,
1454 xml_node_t *node)
1455{
1456 char *str = xml_node_get_text(ctx->xml, node);
1457 if (str == NULL)
1458 return;
1459 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/AbleToShare = %s",
1460 str);
1461 /* not used within wpa_supplicant */
1462 xml_node_get_text_free(ctx->xml, str);
1463}
1464
1465
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]1466static void set_pps_cred_eap_method_eap_type(struct hs20_osu_client *ctx,
1467 int id, xml_node_t *node)
1468{
1469 char *str = xml_node_get_text(ctx->xml, node);
1470 int type;
1471 const char *eap_method = NULL;
1472
1473 if (!str)
1474 return;
1475 wpa_printf(MSG_INFO,
1476 "- Credential/UsernamePassword/EAPMethod/EAPType = %s", str);
1477 type = atoi(str);
1478 switch (type) {
1479 case EAP_TYPE_TLS:
1480 eap_method = "TLS";
1481 break;
1482 case EAP_TYPE_TTLS:
1483 eap_method = "TTLS";
1484 break;
1485 case EAP_TYPE_PEAP:
1486 eap_method = "PEAP";
1487 break;
1488 case EAP_TYPE_PWD:
1489 eap_method = "PWD";
1490 break;
1491 }
1492 xml_node_get_text_free(ctx->xml, str);
1493 if (!eap_method) {
1494 wpa_printf(MSG_INFO, "Unknown EAPType value");
1495 return;
1496 }
1497
1498 if (set_cred(ctx->ifname, id, "eap", eap_method) < 0)
1499 wpa_printf(MSG_INFO, "Failed to set cred eap");
1500}
1501
1502
1503static void set_pps_cred_eap_method_inner_method(struct hs20_osu_client *ctx,
1504 int id, xml_node_t *node)
1505{
1506 char *str = xml_node_get_text(ctx->xml, node);
1507 const char *phase2 = NULL;
1508
1509 if (!str)
1510 return;
1511 wpa_printf(MSG_INFO,
1512 "- Credential/UsernamePassword/EAPMethod/InnerMethod = %s",
1513 str);
1514 if (os_strcmp(str, "PAP") == 0)
1515 phase2 = "auth=PAP";
1516 else if (os_strcmp(str, "CHAP") == 0)
1517 phase2 = "auth=CHAP";
1518 else if (os_strcmp(str, "MS-CHAP") == 0)
1519 phase2 = "auth=MSCHAP";
1520 else if (os_strcmp(str, "MS-CHAP-V2") == 0)
1521 phase2 = "auth=MSCHAPV2";
1522 xml_node_get_text_free(ctx->xml, str);
1523 if (!phase2) {
1524 wpa_printf(MSG_INFO, "Unknown InnerMethod value");
1525 return;
1526 }
1527
1528 if (set_cred_quoted(ctx->ifname, id, "phase2", phase2) < 0)
1529 wpa_printf(MSG_INFO, "Failed to set cred phase2");
1530}
1531
1532
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]1533static void set_pps_cred_eap_method(struct hs20_osu_client *ctx, int id,
1534 xml_node_t *node)
1535{
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]1536 xml_node_t *child;
1537 const char *name;
1538
1539 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/EAPMethod");
1540
1541 xml_node_for_each_child(ctx->xml, child, node) {
1542 xml_node_for_each_check(ctx->xml, child);
1543 name = xml_node_get_localname(ctx->xml, child);
1544 if (os_strcasecmp(name, "EAPType") == 0)
1545 set_pps_cred_eap_method_eap_type(ctx, id, child);
1546 else if (os_strcasecmp(name, "InnerMethod") == 0)
1547 set_pps_cred_eap_method_inner_method(ctx, id, child);
1548 else
1549 wpa_printf(MSG_INFO, "Unknown Credential/UsernamePassword/EAPMethod node '%s'",
1550 name);
1551 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]1552}
1553
1554
1555static void set_pps_cred_username_password(struct hs20_osu_client *ctx, int id,
1556 xml_node_t *node)
1557{
1558 xml_node_t *child;
1559 const char *name;
1560
1561 wpa_printf(MSG_INFO, "- Credential/UsernamePassword");
1562
1563 xml_node_for_each_child(ctx->xml, child, node) {
1564 xml_node_for_each_check(ctx->xml, child);
1565 name = xml_node_get_localname(ctx->xml, child);
1566 if (os_strcasecmp(name, "Username") == 0)
1567 set_pps_cred_username(ctx, id, child);
1568 else if (os_strcasecmp(name, "Password") == 0)
1569 set_pps_cred_password(ctx, id, child);
1570 else if (os_strcasecmp(name, "MachineManaged") == 0)
1571 set_pps_cred_machine_managed(ctx, id, child);
1572 else if (os_strcasecmp(name, "SoftTokenApp") == 0)
1573 set_pps_cred_soft_token_app(ctx, id, child);
1574 else if (os_strcasecmp(name, "AbleToShare") == 0)
1575 set_pps_cred_able_to_share(ctx, id, child);
1576 else if (os_strcasecmp(name, "EAPMethod") == 0)
1577 set_pps_cred_eap_method(ctx, id, child);
1578 else
1579 wpa_printf(MSG_INFO, "Unknown Credential/UsernamePassword node '%s'",
1580 name);
1581 }
1582}
1583
1584
1585static void set_pps_cred_digital_cert(struct hs20_osu_client *ctx, int id,
1586 xml_node_t *node, const char *fqdn)
1587{
1588 char buf[200], dir[200];
1589
1590 wpa_printf(MSG_INFO, "- Credential/DigitalCertificate");
1591
1592 if (getcwd(dir, sizeof(dir)) == NULL)
1593 return;
1594
1595 /* TODO: could build username from Subject of Subject AltName */
1596 if (set_cred_quoted(ctx->ifname, id, "username", "cert") < 0) {
1597 wpa_printf(MSG_INFO, "Failed to set username");
1598 }
1599
1600 snprintf(buf, sizeof(buf), "%s/SP/%s/client-cert.pem", dir, fqdn);
1601 if (os_file_exists(buf)) {
1602 if (set_cred_quoted(ctx->ifname, id, "client_cert", buf) < 0) {
1603 wpa_printf(MSG_INFO, "Failed to set client_cert");
1604 }
1605 }
1606
1607 snprintf(buf, sizeof(buf), "%s/SP/%s/client-key.pem", dir, fqdn);
1608 if (os_file_exists(buf)) {
1609 if (set_cred_quoted(ctx->ifname, id, "private_key", buf) < 0) {
1610 wpa_printf(MSG_INFO, "Failed to set private_key");
1611 }
1612 }
1613}
1614
1615
1616static void set_pps_cred_realm(struct hs20_osu_client *ctx, int id,
1617 xml_node_t *node, const char *fqdn, int sim)
1618{
1619 char *str = xml_node_get_text(ctx->xml, node);
1620 char buf[200], dir[200];
1621
1622 if (str == NULL)
1623 return;
1624
1625 wpa_printf(MSG_INFO, "- Credential/Realm = %s", str);
1626 if (set_cred_quoted(ctx->ifname, id, "realm", str) < 0)
1627 wpa_printf(MSG_INFO, "Failed to set cred realm");
1628 xml_node_get_text_free(ctx->xml, str);
1629
1630 if (sim)
1631 return;
1632
1633 if (getcwd(dir, sizeof(dir)) == NULL)
1634 return;
1635 snprintf(buf, sizeof(buf), "%s/SP/%s/aaa-ca.pem", dir, fqdn);
1636 if (os_file_exists(buf)) {
1637 if (set_cred_quoted(ctx->ifname, id, "ca_cert", buf) < 0) {
1638 wpa_printf(MSG_INFO, "Failed to set CA cert");
1639 }
1640 }
1641}
1642
1643
1644static void set_pps_cred_check_aaa_cert_status(struct hs20_osu_client *ctx,
1645 int id, xml_node_t *node)
1646{
1647 char *str = xml_node_get_text(ctx->xml, node);
1648
1649 if (str == NULL)
1650 return;
1651
1652 wpa_printf(MSG_INFO, "- Credential/CheckAAAServerCertStatus = %s", str);
1653 if (os_strcasecmp(str, "true") == 0 &&
1654 set_cred(ctx->ifname, id, "ocsp", "2") < 0)
1655 wpa_printf(MSG_INFO, "Failed to set cred ocsp");
1656 xml_node_get_text_free(ctx->xml, str);
1657}
1658
1659
1660static void set_pps_cred_sim(struct hs20_osu_client *ctx, int id,
1661 xml_node_t *sim, xml_node_t *realm)
1662{
1663 xml_node_t *node;
1664 char *imsi, *eaptype, *str, buf[20];
1665 int type;
1666 int mnc_len = 3;
1667 size_t imsi_len;
1668
1669 node = get_node(ctx->xml, sim, "EAPType");
1670 if (node == NULL) {
1671 wpa_printf(MSG_INFO, "No SIM/EAPType node in credential");
1672 return;
1673 }
1674 eaptype = xml_node_get_text(ctx->xml, node);
1675 if (eaptype == NULL) {
1676 wpa_printf(MSG_INFO, "Could not extract SIM/EAPType");
1677 return;
1678 }
1679 wpa_printf(MSG_INFO, " - Credential/SIM/EAPType = %s", eaptype);
1680 type = atoi(eaptype);
1681 xml_node_get_text_free(ctx->xml, eaptype);
1682
1683 switch (type) {
1684 case EAP_TYPE_SIM:
1685 if (set_cred(ctx->ifname, id, "eap", "SIM") < 0)
1686 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1687 break;
1688 case EAP_TYPE_AKA:
1689 if (set_cred(ctx->ifname, id, "eap", "AKA") < 0)
1690 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1691 break;
1692 case EAP_TYPE_AKA_PRIME:
1693 if (set_cred(ctx->ifname, id, "eap", "AKA'") < 0)
1694 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1695 break;
1696 default:
1697 wpa_printf(MSG_INFO, "Unsupported SIM/EAPType %d", type);
1698 return;
1699 }
1700
1701 node = get_node(ctx->xml, sim, "IMSI");
1702 if (node == NULL) {
1703 wpa_printf(MSG_INFO, "No SIM/IMSI node in credential");
1704 return;
1705 }
1706 imsi = xml_node_get_text(ctx->xml, node);
1707 if (imsi == NULL) {
1708 wpa_printf(MSG_INFO, "Could not extract SIM/IMSI");
1709 return;
1710 }
1711 wpa_printf(MSG_INFO, " - Credential/SIM/IMSI = %s", imsi);
1712 imsi_len = os_strlen(imsi);
1713 if (imsi_len < 7 || imsi_len + 2 > sizeof(buf)) {
1714 wpa_printf(MSG_INFO, "Invalid IMSI length");
1715 xml_node_get_text_free(ctx->xml, imsi);
1716 return;
1717 }
1718
1719 str = xml_node_get_text(ctx->xml, node);
1720 if (str) {
1721 char *pos;
1722 pos = os_strstr(str, "mnc");
1723 if (pos && os_strlen(pos) >= 6) {
1724 if (os_strncmp(imsi + 3, pos + 3, 3) == 0)
1725 mnc_len = 3;
1726 else if (os_strncmp(imsi + 3, pos + 4, 2) == 0)
1727 mnc_len = 2;
1728 }
1729 xml_node_get_text_free(ctx->xml, str);
1730 }
1731
1732 os_memcpy(buf, imsi, 3 + mnc_len);
1733 buf[3 + mnc_len] = '-';
1734 os_strlcpy(buf + 3 + mnc_len + 1, imsi + 3 + mnc_len,
1735 sizeof(buf) - 3 - mnc_len - 1);
1736
1737 xml_node_get_text_free(ctx->xml, imsi);
1738
1739 if (set_cred_quoted(ctx->ifname, id, "imsi", buf) < 0)
1740 wpa_printf(MSG_INFO, "Could not set IMSI");
1741
1742 if (set_cred_quoted(ctx->ifname, id, "milenage",
1743 "90dca4eda45b53cf0f12d7c9c3bc6a89:"
1744 "cb9cccc4b9258e6dca4760379fb82581:000000000123") <
1745 0)
1746 wpa_printf(MSG_INFO, "Could not set Milenage parameters");
1747}
1748
1749
1750static void set_pps_cred_credential(struct hs20_osu_client *ctx, int id,
1751 xml_node_t *node, const char *fqdn)
1752{
1753 xml_node_t *child, *sim, *realm;
1754 const char *name;
1755
1756 wpa_printf(MSG_INFO, "- Credential");
1757
1758 sim = get_node(ctx->xml, node, "SIM");
1759 realm = get_node(ctx->xml, node, "Realm");
1760
1761 xml_node_for_each_child(ctx->xml, child, node) {
1762 xml_node_for_each_check(ctx->xml, child);
1763 name = xml_node_get_localname(ctx->xml, child);
1764 if (os_strcasecmp(name, "CreationDate") == 0)
1765 set_pps_cred_creation_date(ctx, id, child);
1766 else if (os_strcasecmp(name, "ExpirationDate") == 0)
1767 set_pps_cred_expiration_date(ctx, id, child);
1768 else if (os_strcasecmp(name, "UsernamePassword") == 0)
1769 set_pps_cred_username_password(ctx, id, child);
1770 else if (os_strcasecmp(name, "DigitalCertificate") == 0)
1771 set_pps_cred_digital_cert(ctx, id, child, fqdn);
1772 else if (os_strcasecmp(name, "Realm") == 0)
1773 set_pps_cred_realm(ctx, id, child, fqdn, sim != NULL);
1774 else if (os_strcasecmp(name, "CheckAAAServerCertStatus") == 0)
1775 set_pps_cred_check_aaa_cert_status(ctx, id, child);
1776 else if (os_strcasecmp(name, "SIM") == 0)
1777 set_pps_cred_sim(ctx, id, child, realm);
1778 else
1779 wpa_printf(MSG_INFO, "Unknown Credential node '%s'",
1780 name);
1781 }
1782}
1783
1784
1785static void set_pps_credential(struct hs20_osu_client *ctx, int id,
1786 xml_node_t *cred, const char *fqdn)
1787{
1788 xml_node_t *child;
1789 const char *name;
1790
1791 xml_node_for_each_child(ctx->xml, child, cred) {
1792 xml_node_for_each_check(ctx->xml, child);
1793 name = xml_node_get_localname(ctx->xml, child);
1794 if (os_strcasecmp(name, "Policy") == 0)
1795 set_pps_cred_policy(ctx, id, child);
1796 else if (os_strcasecmp(name, "CredentialPriority") == 0)
1797 set_pps_cred_priority(ctx, id, child);
1798 else if (os_strcasecmp(name, "AAAServerTrustRoot") == 0)
1799 set_pps_cred_aaa_server_trust_root(ctx, id, child);
1800 else if (os_strcasecmp(name, "SubscriptionUpdate") == 0)
1801 set_pps_cred_sub_update(ctx, id, child);
1802 else if (os_strcasecmp(name, "HomeSP") == 0)
1803 set_pps_cred_home_sp(ctx, id, child);
1804 else if (os_strcasecmp(name, "SubscriptionParameters") == 0)
1805 set_pps_cred_sub_params(ctx, id, child);
1806 else if (os_strcasecmp(name, "Credential") == 0)
1807 set_pps_cred_credential(ctx, id, child, fqdn);
1808 else
1809 wpa_printf(MSG_INFO, "Unknown credential node '%s'",
1810 name);
1811 }
1812}
1813
1814
1815static void set_pps(struct hs20_osu_client *ctx, xml_node_t *pps,
1816 const char *fqdn)
1817{
1818 xml_node_t *child;
1819 const char *name;
1820 int id;
1821 char *update_identifier = NULL;
1822
1823 /*
1824 * TODO: Could consider more complex mechanism that would remove
1825 * credentials only if there are changes in the information sent to
1826 * wpa_supplicant.
1827 */
1828 remove_sp_creds(ctx, fqdn);
1829
1830 xml_node_for_each_child(ctx->xml, child, pps) {
1831 xml_node_for_each_check(ctx->xml, child);
1832 name = xml_node_get_localname(ctx->xml, child);
1833 if (os_strcasecmp(name, "UpdateIdentifier") == 0) {
1834 update_identifier = xml_node_get_text(ctx->xml, child);
1835 if (update_identifier) {
1836 wpa_printf(MSG_INFO, "- UpdateIdentifier = %s",
1837 update_identifier);
1838 break;
1839 }
1840 }
1841 }
1842
1843 xml_node_for_each_child(ctx->xml, child, pps) {
1844 xml_node_for_each_check(ctx->xml, child);
1845 name = xml_node_get_localname(ctx->xml, child);
1846 if (os_strcasecmp(name, "UpdateIdentifier") == 0)
1847 continue;
1848 id = add_cred(ctx->ifname);
1849 if (id < 0) {
1850 wpa_printf(MSG_INFO, "Failed to add credential to wpa_supplicant");
1851 write_summary(ctx, "Failed to add credential to wpa_supplicant");
1852 break;
1853 }
1854 write_summary(ctx, "Add a credential to wpa_supplicant");
1855 if (update_identifier &&
1856 set_cred(ctx->ifname, id, "update_identifier",
1857 update_identifier) < 0)
1858 wpa_printf(MSG_INFO, "Failed to set update_identifier");
1859 if (set_cred_quoted(ctx->ifname, id, "provisioning_sp", fqdn) <
1860 0)
1861 wpa_printf(MSG_INFO, "Failed to set provisioning_sp");
1862 wpa_printf(MSG_INFO, "credential localname: '%s'", name);
1863 set_pps_credential(ctx, id, child, fqdn);
1864 ctx->pps_cred_set = 1;
1865 }
1866
1867 xml_node_get_text_free(ctx->xml, update_identifier);
1868}
1869
1870
1871void cmd_set_pps(struct hs20_osu_client *ctx, const char *pps_fname)
1872{
1873 xml_node_t *pps;
1874 const char *fqdn;
1875 char *fqdn_buf = NULL, *pos;
1876
1877 pps = node_from_file(ctx->xml, pps_fname);
1878 if (pps == NULL) {
1879 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
1880 return;
1881 }
1882
1883 fqdn = os_strstr(pps_fname, "SP/");
1884 if (fqdn) {
1885 fqdn_buf = os_strdup(fqdn + 3);
1886 if (fqdn_buf == NULL)
1887 return;
1888 pos = os_strchr(fqdn_buf, '/');
1889 if (pos)
1890 *pos = '\0';
1891 fqdn = fqdn_buf;
1892 } else
1893 fqdn = "wi-fi.org";
1894
1895 wpa_printf(MSG_INFO, "Set PPS MO info to wpa_supplicant - SP FQDN %s",
1896 fqdn);
1897 set_pps(ctx, pps, fqdn);
1898
1899 os_free(fqdn_buf);
1900 xml_node_free(ctx->xml, pps);
1901}
1902
1903
1904static int cmd_get_fqdn(struct hs20_osu_client *ctx, const char *pps_fname)
1905{
1906 xml_node_t *pps, *node;
1907 char *fqdn = NULL;
1908
1909 pps = node_from_file(ctx->xml, pps_fname);
1910 if (pps == NULL) {
1911 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
1912 return -1;
1913 }
1914
1915 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
1916 if (node)
1917 fqdn = xml_node_get_text(ctx->xml, node);
1918
1919 xml_node_free(ctx->xml, pps);
1920
1921 if (fqdn) {
1922 FILE *f = fopen("pps-fqdn", "w");
1923 if (f) {
1924 fprintf(f, "%s", fqdn);
1925 fclose(f);
1926 }
1927 xml_node_get_text_free(ctx->xml, fqdn);
1928 return 0;
1929 }
1930
1931 xml_node_get_text_free(ctx->xml, fqdn);
1932 return -1;
1933}
1934
1935
1936static void cmd_to_tnds(struct hs20_osu_client *ctx, const char *in_fname,
1937 const char *out_fname, const char *urn, int use_path)
1938{
1939 xml_node_t *mo, *node;
1940
1941 mo = node_from_file(ctx->xml, in_fname);
1942 if (mo == NULL) {
1943 wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
1944 return;
1945 }
1946
1947 node = mo_to_tnds(ctx->xml, mo, use_path, urn, NULL);
1948 if (node) {
1949 node_to_file(ctx->xml, out_fname, node);
1950 xml_node_free(ctx->xml, node);
1951 }
1952
1953 xml_node_free(ctx->xml, mo);
1954}
1955
1956
1957static void cmd_from_tnds(struct hs20_osu_client *ctx, const char *in_fname,
1958 const char *out_fname)
1959{
1960 xml_node_t *tnds, *mo;
1961
1962 tnds = node_from_file(ctx->xml, in_fname);
1963 if (tnds == NULL) {
1964 wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
1965 return;
1966 }
1967
1968 mo = tnds_to_mo(ctx->xml, tnds);
1969 if (mo) {
1970 node_to_file(ctx->xml, out_fname, mo);
1971 xml_node_free(ctx->xml, mo);
1972 }
1973
1974 xml_node_free(ctx->xml, tnds);
1975}
1976
1977
1978struct osu_icon {
1979 int id;
1980 char lang[4];
1981 char mime_type[256];
1982 char filename[256];
1983};
1984
1985struct osu_data {
1986 char bssid[20];
1987 char url[256];
1988 unsigned int methods;
1989 char osu_ssid[33];
1990 char osu_nai[256];
1991 struct osu_lang_text friendly_name[MAX_OSU_VALS];
1992 size_t friendly_name_count;
1993 struct osu_lang_text serv_desc[MAX_OSU_VALS];
1994 size_t serv_desc_count;
1995 struct osu_icon icon[MAX_OSU_VALS];
1996 size_t icon_count;
1997};
1998
1999
2000static struct osu_data * parse_osu_providers(const char *fname, size_t *count)
2001{
2002 FILE *f;
2003 char buf[1000];
2004 struct osu_data *osu = NULL, *last = NULL;
2005 size_t osu_count = 0;
2006 char *pos, *end;
2007
2008 f = fopen(fname, "r");
2009 if (f == NULL) {
2010 wpa_printf(MSG_ERROR, "Could not open %s", fname);
2011 return NULL;
2012 }
2013
2014 while (fgets(buf, sizeof(buf), f)) {
2015 pos = strchr(buf, '\n');
2016 if (pos)
2017 *pos = '\0';
2018
2019 if (strncmp(buf, "OSU-PROVIDER ", 13) == 0) {
2020 last = realloc(osu, (osu_count + 1) * sizeof(*osu));
2021 if (last == NULL)
2022 break;
2023 osu = last;
2024 last = &osu[osu_count++];
2025 memset(last, 0, sizeof(*last));
2026 snprintf(last->bssid, sizeof(last->bssid), "%s",
2027 buf + 13);
2028 continue;
2029 }
2030 if (!last)
2031 continue;
2032
2033 if (strncmp(buf, "uri=", 4) == 0) {
2034 snprintf(last->url, sizeof(last->url), "%s", buf + 4);
2035 continue;
2036 }
2037
2038 if (strncmp(buf, "methods=", 8) == 0) {
2039 last->methods = strtol(buf + 8, NULL, 16);
2040 continue;
2041 }
2042
2043 if (strncmp(buf, "osu_ssid=", 9) == 0) {
2044 snprintf(last->osu_ssid, sizeof(last->osu_ssid),
2045 "%s", buf + 9);
2046 continue;
2047 }
2048
2049 if (os_strncmp(buf, "osu_nai=", 8) == 0) {
2050 os_snprintf(last->osu_nai, sizeof(last->osu_nai),
2051 "%s", buf + 8);
2052 continue;
2053 }
2054
2055 if (strncmp(buf, "friendly_name=", 14) == 0) {
2056 struct osu_lang_text *txt;
2057 if (last->friendly_name_count == MAX_OSU_VALS)
2058 continue;
2059 pos = strchr(buf + 14, ':');
2060 if (pos == NULL)
2061 continue;
2062 *pos++ = '\0';
2063 txt = &last->friendly_name[last->friendly_name_count++];
2064 snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 14);
2065 snprintf(txt->text, sizeof(txt->text), "%s", pos);
2066 }
2067
2068 if (strncmp(buf, "desc=", 5) == 0) {
2069 struct osu_lang_text *txt;
2070 if (last->serv_desc_count == MAX_OSU_VALS)
2071 continue;
2072 pos = strchr(buf + 5, ':');
2073 if (pos == NULL)
2074 continue;
2075 *pos++ = '\0';
2076 txt = &last->serv_desc[last->serv_desc_count++];
2077 snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 5);
2078 snprintf(txt->text, sizeof(txt->text), "%s", pos);
2079 }
2080
2081 if (strncmp(buf, "icon=", 5) == 0) {
2082 struct osu_icon *icon;
2083 if (last->icon_count == MAX_OSU_VALS)
2084 continue;
2085 icon = &last->icon[last->icon_count++];
2086 icon->id = atoi(buf + 5);
2087 pos = strchr(buf, ':');
2088 if (pos == NULL)
2089 continue;
2090 pos = strchr(pos + 1, ':');
2091 if (pos == NULL)
2092 continue;
2093 pos = strchr(pos + 1, ':');
2094 if (pos == NULL)
2095 continue;
2096 pos++;
2097 end = strchr(pos, ':');
2098 if (!end)
2099 continue;
2100 *end = '\0';
2101 snprintf(icon->lang, sizeof(icon->lang), "%s", pos);
2102 pos = end + 1;
2103
2104 end = strchr(pos, ':');
2105 if (end)
2106 *end = '\0';
2107 snprintf(icon->mime_type, sizeof(icon->mime_type),
2108 "%s", pos);
2109 if (!pos)
2110 continue;
2111 pos = end + 1;
2112
2113 end = strchr(pos, ':');
2114 if (end)
2115 *end = '\0';
2116 snprintf(icon->filename, sizeof(icon->filename),
2117 "%s", pos);
2118 continue;
2119 }
2120 }
2121
2122 fclose(f);
2123
2124 *count = osu_count;
2125 return osu;
2126}
2127
2128
2129static int osu_connect(struct hs20_osu_client *ctx, const char *bssid,
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2130 const char *ssid, const char *url,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2131 unsigned int methods, int no_prod_assoc,
2132 const char *osu_nai)
2133{
2134 int id;
2135 const char *ifname = ctx->ifname;
2136 char buf[200];
2137 struct wpa_ctrl *mon;
2138 int res;
2139
2140 id = add_network(ifname);
2141 if (id < 0)
2142 return -1;
2143 if (set_network_quoted(ifname, id, "ssid", ssid) < 0)
2144 return -1;
2145 if (osu_nai && os_strlen(osu_nai) > 0) {
2146 char dir[255], fname[300];
2147 if (getcwd(dir, sizeof(dir)) == NULL)
2148 return -1;
2149 os_snprintf(fname, sizeof(fname), "%s/osu-ca.pem", dir);
2150
2151 if (set_network(ifname, id, "proto", "OSEN") < 0 ||
2152 set_network(ifname, id, "key_mgmt", "OSEN") < 0 ||
2153 set_network(ifname, id, "pairwise", "CCMP") < 0 ||
Hai Shalomc9e41a12018-07-31 14:41:42 -0700[diff] [blame]2154 set_network(ifname, id, "group", "GTK_NOT_USED CCMP") < 0 ||
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2155 set_network(ifname, id, "eap", "WFA-UNAUTH-TLS") < 0 ||
2156 set_network(ifname, id, "ocsp", "2") < 0 ||
2157 set_network_quoted(ifname, id, "identity", osu_nai) < 0 ||
2158 set_network_quoted(ifname, id, "ca_cert", fname) < 0)
2159 return -1;
2160 } else {
2161 if (set_network(ifname, id, "key_mgmt", "NONE") < 0)
2162 return -1;
2163 }
2164
2165 mon = open_wpa_mon(ifname);
2166 if (mon == NULL)
2167 return -1;
2168
2169 wpa_printf(MSG_INFO, "Associate with OSU SSID");
2170 write_summary(ctx, "Associate with OSU SSID");
2171 snprintf(buf, sizeof(buf), "SELECT_NETWORK %d", id);
2172 if (wpa_command(ifname, buf) < 0)
2173 return -1;
2174
2175 res = get_wpa_cli_event(mon, "CTRL-EVENT-CONNECTED",
2176 buf, sizeof(buf));
2177
2178 wpa_ctrl_detach(mon);
2179 wpa_ctrl_close(mon);
2180
2181 if (res < 0) {
2182 wpa_printf(MSG_INFO, "Could not connect");
2183 write_summary(ctx, "Could not connect to OSU network");
2184 wpa_printf(MSG_INFO, "Remove OSU network connection");
2185 snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
2186 wpa_command(ifname, buf);
2187 return -1;
2188 }
2189
2190 write_summary(ctx, "Waiting for IP address for subscription registration");
2191 if (wait_ip_addr(ifname, 15) < 0) {
2192 wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
2193 }
2194
2195 if (no_prod_assoc) {
2196 if (res < 0)
2197 return -1;
2198 wpa_printf(MSG_INFO, "No production connection used for testing purposes");
2199 write_summary(ctx, "No production connection used for testing purposes");
2200 return 0;
2201 }
2202
2203 ctx->no_reconnect = 1;
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]2204 if (methods & 0x02) {
2205 wpa_printf(MSG_DEBUG, "Calling cmd_prov from osu_connect");
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2206 res = cmd_prov(ctx, url);
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]2207 } else if (methods & 0x01) {
2208 wpa_printf(MSG_DEBUG,
2209 "Calling cmd_oma_dm_prov from osu_connect");
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2210 res = cmd_oma_dm_prov(ctx, url);
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]2211 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2212
2213 wpa_printf(MSG_INFO, "Remove OSU network connection");
2214 write_summary(ctx, "Remove OSU network connection");
2215 snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
2216 wpa_command(ifname, buf);
2217
2218 if (res < 0)
2219 return -1;
2220
2221 wpa_printf(MSG_INFO, "Requesting reconnection with updated configuration");
2222 write_summary(ctx, "Requesting reconnection with updated configuration");
2223 if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0) {
2224 wpa_printf(MSG_INFO, "Failed to request wpa_supplicant to reconnect");
2225 write_summary(ctx, "Failed to request wpa_supplicant to reconnect");
2226 return -1;
2227 }
2228
2229 return 0;
2230}
2231
2232
2233static int cmd_osu_select(struct hs20_osu_client *ctx, const char *dir,
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2234 int connect, int no_prod_assoc,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2235 const char *friendly_name)
2236{
2237 char fname[255];
2238 FILE *f;
2239 struct osu_data *osu = NULL, *last = NULL;
Dmitry Shmidtebd93af2017-02-21 13:40:44 -0800[diff] [blame]2240 size_t osu_count = 0, i, j;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2241 int ret;
2242
2243 write_summary(ctx, "OSU provider selection");
2244
2245 if (dir == NULL) {
2246 wpa_printf(MSG_INFO, "Missing dir parameter to osu_select");
2247 return -1;
2248 }
2249
2250 snprintf(fname, sizeof(fname), "%s/osu-providers.txt", dir);
2251 osu = parse_osu_providers(fname, &osu_count);
2252 if (osu == NULL) {
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2253 wpa_printf(MSG_INFO, "Could not find any OSU providers from %s",
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2254 fname);
2255 write_result(ctx, "No OSU providers available");
2256 return -1;
2257 }
2258
2259 if (friendly_name) {
2260 for (i = 0; i < osu_count; i++) {
2261 last = &osu[i];
2262 for (j = 0; j < last->friendly_name_count; j++) {
2263 if (os_strcmp(last->friendly_name[j].text,
2264 friendly_name) == 0)
2265 break;
2266 }
2267 if (j < last->friendly_name_count)
2268 break;
2269 }
2270 if (i == osu_count) {
2271 wpa_printf(MSG_INFO, "Requested operator friendly name '%s' not found in the list of available providers",
2272 friendly_name);
2273 write_summary(ctx, "Requested operator friendly name '%s' not found in the list of available providers",
2274 friendly_name);
2275 free(osu);
2276 return -1;
2277 }
2278
2279 wpa_printf(MSG_INFO, "OSU Provider selected based on requested operator friendly name '%s'",
2280 friendly_name);
2281 write_summary(ctx, "OSU Provider selected based on requested operator friendly name '%s'",
2282 friendly_name);
2283 ret = i + 1;
2284 goto selected;
2285 }
2286
2287 snprintf(fname, sizeof(fname), "%s/osu-providers.html", dir);
2288 f = fopen(fname, "w");
2289 if (f == NULL) {
2290 wpa_printf(MSG_INFO, "Could not open %s", fname);
2291 free(osu);
2292 return -1;
2293 }
2294
2295 fprintf(f, "<html><head>"
2296 "<meta http-equiv=\"Content-type\" content=\"text/html; "
2297 "charset=utf-8\"<title>Select service operator</title>"
2298 "</head><body><h1>Select service operator</h1>\n");
2299
2300 if (osu_count == 0)
2301 fprintf(f, "No online signup available\n");
2302
2303 for (i = 0; i < osu_count; i++) {
2304 last = &osu[i];
2305#ifdef ANDROID
2306 fprintf(f, "<p>\n"
2307 "<a href=\"http://localhost:12345/osu/%d\">"
2308 "<table><tr><td>", (int) i + 1);
2309#else /* ANDROID */
2310 fprintf(f, "<p>\n"
2311 "<a href=\"osu://%d\">"
2312 "<table><tr><td>", (int) i + 1);
2313#endif /* ANDROID */
2314 for (j = 0; j < last->icon_count; j++) {
2315 fprintf(f, "<img src=\"osu-icon-%d.%s\">\n",
2316 last->icon[j].id,
2317 strcasecmp(last->icon[j].mime_type,
2318 "image/png") == 0 ? "png" : "icon");
2319 }
2320 fprintf(f, "<td>");
2321 for (j = 0; j < last->friendly_name_count; j++) {
2322 fprintf(f, "<small>[%s]</small> %s<br>\n",
2323 last->friendly_name[j].lang,
2324 last->friendly_name[j].text);
2325 }
2326 fprintf(f, "<tr><td colspan=2>");
2327 for (j = 0; j < last->serv_desc_count; j++) {
2328 fprintf(f, "<small>[%s]</small> %s<br>\n",
2329 last->serv_desc[j].lang,
2330 last->serv_desc[j].text);
2331 }
2332 fprintf(f, "</table></a><br><small>BSSID: %s<br>\n"
2333 "SSID: %s<br>\n",
2334 last->bssid, last->osu_ssid);
Dmitry Shmidt1d6bf422016-01-19 15:51:35 -0800[diff] [blame]2335 if (last->osu_nai[0])
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2336 fprintf(f, "NAI: %s<br>\n", last->osu_nai);
2337 fprintf(f, "URL: %s<br>\n"
2338 "methods:%s%s<br>\n"
2339 "</small></p>\n",
2340 last->url,
2341 last->methods & 0x01 ? " OMA-DM" : "",
2342 last->methods & 0x02 ? " SOAP-XML-SPP" : "");
2343 }
2344
2345 fprintf(f, "</body></html>\n");
2346
2347 fclose(f);
2348
2349 snprintf(fname, sizeof(fname), "file://%s/osu-providers.html", dir);
2350 write_summary(ctx, "Start web browser with OSU provider selection page");
2351 ret = hs20_web_browser(fname);
2352
2353selected:
2354 if (ret > 0 && (size_t) ret <= osu_count) {
2355 char *data;
2356 size_t data_len;
2357
2358 wpa_printf(MSG_INFO, "Selected OSU id=%d", ret);
2359 last = &osu[ret - 1];
2360 ret = 0;
2361 wpa_printf(MSG_INFO, "BSSID: %s", last->bssid);
2362 wpa_printf(MSG_INFO, "SSID: %s", last->osu_ssid);
2363 wpa_printf(MSG_INFO, "URL: %s", last->url);
2364 write_summary(ctx, "Selected OSU provider id=%d BSSID=%s SSID=%s URL=%s",
2365 ret, last->bssid, last->osu_ssid, last->url);
2366
2367 ctx->friendly_name_count = last->friendly_name_count;
2368 for (j = 0; j < last->friendly_name_count; j++) {
2369 wpa_printf(MSG_INFO, "FRIENDLY_NAME: [%s]%s",
2370 last->friendly_name[j].lang,
2371 last->friendly_name[j].text);
2372 os_strlcpy(ctx->friendly_name[j].lang,
2373 last->friendly_name[j].lang,
2374 sizeof(ctx->friendly_name[j].lang));
2375 os_strlcpy(ctx->friendly_name[j].text,
2376 last->friendly_name[j].text,
2377 sizeof(ctx->friendly_name[j].text));
2378 }
2379
2380 ctx->icon_count = last->icon_count;
2381 for (j = 0; j < last->icon_count; j++) {
2382 char fname[256];
2383
2384 os_snprintf(fname, sizeof(fname), "%s/osu-icon-%d.%s",
2385 dir, last->icon[j].id,
2386 strcasecmp(last->icon[j].mime_type,
2387 "image/png") == 0 ?
2388 "png" : "icon");
2389 wpa_printf(MSG_INFO, "ICON: %s (%s)",
2390 fname, last->icon[j].filename);
2391 os_strlcpy(ctx->icon_filename[j],
2392 last->icon[j].filename,
2393 sizeof(ctx->icon_filename[j]));
2394
2395 data = os_readfile(fname, &data_len);
2396 if (data) {
2397 sha256_vector(1, (const u8 **) &data, &data_len,
2398 ctx->icon_hash[j]);
2399 os_free(data);
2400 }
2401 }
2402
2403 if (connect == 2) {
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]2404 if (last->methods & 0x02) {
2405 wpa_printf(MSG_DEBUG,
2406 "Calling cmd_prov from cmd_osu_select");
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2407 ret = cmd_prov(ctx, last->url);
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]2408 } else if (last->methods & 0x01) {
2409 wpa_printf(MSG_DEBUG,
2410 "Calling cmd_oma_dm_prov from cmd_osu_select");
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2411 ret = cmd_oma_dm_prov(ctx, last->url);
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]2412 } else {
2413 wpa_printf(MSG_DEBUG,
2414 "No supported OSU provisioning method");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2415 ret = -1;
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]2416 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2417 } else if (connect)
2418 ret = osu_connect(ctx, last->bssid, last->osu_ssid,
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2419 last->url, last->methods,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2420 no_prod_assoc, last->osu_nai);
2421 } else
2422 ret = -1;
2423
2424 free(osu);
2425
2426 return ret;
2427}
2428
2429
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2430static int cmd_signup(struct hs20_osu_client *ctx, int no_prod_assoc,
2431 const char *friendly_name)
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2432{
2433 char dir[255];
2434 char fname[300], buf[400];
2435 struct wpa_ctrl *mon;
2436 const char *ifname;
2437 int res;
2438
2439 ifname = ctx->ifname;
2440
2441 if (getcwd(dir, sizeof(dir)) == NULL)
2442 return -1;
2443
2444 snprintf(fname, sizeof(fname), "%s/osu-info", dir);
Dmitry Shmidt9c175262016-03-03 10:20:07 -0800[diff] [blame]2445 if (mkdir(fname, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH) < 0 &&
2446 errno != EEXIST) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2447 wpa_printf(MSG_INFO, "mkdir(%s) failed: %s",
2448 fname, strerror(errno));
2449 return -1;
2450 }
2451
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]2452 android_update_permission(fname, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
Dmitry Shmidt9c175262016-03-03 10:20:07 -0800[diff] [blame]2453
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2454 snprintf(buf, sizeof(buf), "SET osu_dir %s", fname);
2455 if (wpa_command(ifname, buf) < 0) {
2456 wpa_printf(MSG_INFO, "Failed to configure osu_dir to wpa_supplicant");
2457 return -1;
2458 }
2459
2460 mon = open_wpa_mon(ifname);
2461 if (mon == NULL)
2462 return -1;
2463
2464 wpa_printf(MSG_INFO, "Starting OSU fetch");
2465 write_summary(ctx, "Starting OSU provider information fetch");
2466 if (wpa_command(ifname, "FETCH_OSU") < 0) {
2467 wpa_printf(MSG_INFO, "Could not start OSU fetch");
2468 wpa_ctrl_detach(mon);
2469 wpa_ctrl_close(mon);
2470 return -1;
2471 }
2472 res = get_wpa_cli_event(mon, "OSU provider fetch completed",
2473 buf, sizeof(buf));
2474
2475 wpa_ctrl_detach(mon);
2476 wpa_ctrl_close(mon);
2477
2478 if (res < 0) {
2479 wpa_printf(MSG_INFO, "OSU fetch did not complete");
2480 write_summary(ctx, "OSU fetch did not complete");
2481 return -1;
2482 }
2483 wpa_printf(MSG_INFO, "OSU provider fetch completed");
2484
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2485 return cmd_osu_select(ctx, fname, 1, no_prod_assoc, friendly_name);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2486}
2487
2488
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2489static int cmd_sub_rem(struct hs20_osu_client *ctx, const char *address,
2490 const char *pps_fname, const char *ca_fname)
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2491{
2492 xml_node_t *pps, *node;
2493 char pps_fname_buf[300];
2494 char ca_fname_buf[200];
2495 char *cred_username = NULL;
2496 char *cred_password = NULL;
2497 char *sub_rem_uri = NULL;
2498 char client_cert_buf[200];
2499 char *client_cert = NULL;
2500 char client_key_buf[200];
2501 char *client_key = NULL;
2502 int spp;
2503
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2504 wpa_printf(MSG_INFO, "Subscription remediation requested with Server URL: %s",
2505 address);
2506
2507 if (!pps_fname) {
2508 char buf[256];
2509 wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information");
2510 if (os_strncmp(address, "fqdn=", 5) == 0) {
2511 wpa_printf(MSG_INFO, "Use requested FQDN from command line");
2512 os_snprintf(buf, sizeof(buf), "%s", address + 5);
2513 address = NULL;
2514 } else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf,
2515 sizeof(buf)) < 0) {
2516 wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2517 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2518 }
2519 os_free(ctx->fqdn);
2520 ctx->fqdn = os_strdup(buf);
2521 if (ctx->fqdn == NULL)
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2522 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2523 wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s",
2524 buf);
2525 os_snprintf(pps_fname_buf, sizeof(pps_fname_buf),
2526 "SP/%s/pps.xml", ctx->fqdn);
2527 pps_fname = pps_fname_buf;
2528
2529 os_snprintf(ca_fname_buf, sizeof(ca_fname_buf), "SP/%s/ca.pem",
2530 ctx->fqdn);
2531 ca_fname = ca_fname_buf;
2532 }
2533
2534 if (!os_file_exists(pps_fname)) {
2535 wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible",
2536 pps_fname);
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2537 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2538 }
2539 wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname);
2540
2541 if (ca_fname && !os_file_exists(ca_fname)) {
2542 wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible",
2543 ca_fname);
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2544 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2545 }
2546 wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2547 ctx->ca_fname = ca_fname;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2548
2549 pps = node_from_file(ctx->xml, pps_fname);
2550 if (pps == NULL) {
2551 wpa_printf(MSG_INFO, "Could not read PPS MO");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2552 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2553 }
2554
2555 if (!ctx->fqdn) {
2556 char *tmp;
2557 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
2558 if (node == NULL) {
2559 wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2560 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2561 }
2562 tmp = xml_node_get_text(ctx->xml, node);
2563 if (tmp == NULL) {
2564 wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2565 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2566 }
2567 ctx->fqdn = os_strdup(tmp);
2568 xml_node_get_text_free(ctx->xml, tmp);
2569 if (!ctx->fqdn) {
2570 wpa_printf(MSG_INFO, "No FQDN known");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2571 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2572 }
2573 }
2574
2575 node = get_child_node(ctx->xml, pps,
2576 "SubscriptionUpdate/UpdateMethod");
2577 if (node) {
2578 char *tmp;
2579 tmp = xml_node_get_text(ctx->xml, node);
2580 if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0)
2581 spp = 0;
2582 else
2583 spp = 1;
2584 } else {
2585 wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP");
2586 spp = 1;
2587 }
2588
2589 get_user_pw(ctx, pps, "SubscriptionUpdate/UsernamePassword",
2590 &cred_username, &cred_password);
2591 if (cred_username)
2592 wpa_printf(MSG_INFO, "Using username: %s", cred_username);
2593 if (cred_password)
2594 wpa_printf(MSG_DEBUG, "Using password: %s", cred_password);
2595
2596 if (cred_username == NULL && cred_password == NULL &&
2597 get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) {
2598 wpa_printf(MSG_INFO, "Using client certificate");
2599 os_snprintf(client_cert_buf, sizeof(client_cert_buf),
2600 "SP/%s/client-cert.pem", ctx->fqdn);
2601 client_cert = client_cert_buf;
2602 os_snprintf(client_key_buf, sizeof(client_key_buf),
2603 "SP/%s/client-key.pem", ctx->fqdn);
2604 client_key = client_key_buf;
2605 ctx->client_cert_present = 1;
2606 }
2607
2608 node = get_child_node(ctx->xml, pps, "SubscriptionUpdate/URI");
2609 if (node) {
2610 sub_rem_uri = xml_node_get_text(ctx->xml, node);
2611 if (sub_rem_uri &&
2612 (!address || os_strcmp(address, sub_rem_uri) != 0)) {
2613 wpa_printf(MSG_INFO, "Override sub rem URI based on PPS: %s",
2614 sub_rem_uri);
2615 address = sub_rem_uri;
2616 }
2617 }
2618 if (!address) {
2619 wpa_printf(MSG_INFO, "Server URL not known");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2620 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2621 }
2622
2623 write_summary(ctx, "Wait for IP address for subscriptiom remediation");
2624 wpa_printf(MSG_INFO, "Wait for IP address before starting subscription remediation");
2625
2626 if (wait_ip_addr(ctx->ifname, 15) < 0) {
2627 wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
2628 }
2629
2630 if (spp)
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2631 spp_sub_rem(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2632 client_cert, client_key,
2633 cred_username, cred_password, pps);
2634 else
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2635 oma_dm_sub_rem(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2636 client_cert, client_key,
2637 cred_username, cred_password, pps);
2638
2639 xml_node_get_text_free(ctx->xml, sub_rem_uri);
2640 xml_node_get_text_free(ctx->xml, cred_username);
Dmitry Shmidtc2817022014-07-02 10:32:10 -0700[diff] [blame]2641 str_clear_free(cred_password);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2642 xml_node_free(ctx->xml, pps);
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2643 return 0;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2644}
2645
2646
2647static int cmd_pol_upd(struct hs20_osu_client *ctx, const char *address,
2648 const char *pps_fname, const char *ca_fname)
2649{
2650 xml_node_t *pps;
2651 xml_node_t *node;
2652 char pps_fname_buf[300];
2653 char ca_fname_buf[200];
2654 char *uri = NULL;
2655 char *cred_username = NULL;
2656 char *cred_password = NULL;
2657 char client_cert_buf[200];
2658 char *client_cert = NULL;
2659 char client_key_buf[200];
2660 char *client_key = NULL;
2661 int spp;
2662
2663 wpa_printf(MSG_INFO, "Policy update requested");
2664
2665 if (!pps_fname) {
2666 char buf[256];
2667 wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information");
Dmitry Shmidte4663042016-04-04 10:07:49 -0700[diff] [blame]2668 if (address && os_strncmp(address, "fqdn=", 5) == 0) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2669 wpa_printf(MSG_INFO, "Use requested FQDN from command line");
2670 os_snprintf(buf, sizeof(buf), "%s", address + 5);
2671 address = NULL;
2672 } else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf,
2673 sizeof(buf)) < 0) {
2674 wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant");
2675 return -1;
2676 }
2677 os_free(ctx->fqdn);
2678 ctx->fqdn = os_strdup(buf);
2679 if (ctx->fqdn == NULL)
2680 return -1;
2681 wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s",
2682 buf);
2683 os_snprintf(pps_fname_buf, sizeof(pps_fname_buf),
2684 "SP/%s/pps.xml", ctx->fqdn);
2685 pps_fname = pps_fname_buf;
2686
2687 os_snprintf(ca_fname_buf, sizeof(ca_fname_buf), "SP/%s/ca.pem",
2688 buf);
2689 ca_fname = ca_fname_buf;
2690 }
2691
2692 if (!os_file_exists(pps_fname)) {
2693 wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible",
2694 pps_fname);
2695 return -1;
2696 }
2697 wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname);
2698
2699 if (ca_fname && !os_file_exists(ca_fname)) {
2700 wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible",
2701 ca_fname);
2702 return -1;
2703 }
2704 wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2705 ctx->ca_fname = ca_fname;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2706
2707 pps = node_from_file(ctx->xml, pps_fname);
2708 if (pps == NULL) {
2709 wpa_printf(MSG_INFO, "Could not read PPS MO");
2710 return -1;
2711 }
2712
2713 if (!ctx->fqdn) {
2714 char *tmp;
2715 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
2716 if (node == NULL) {
2717 wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS");
2718 return -1;
2719 }
2720 tmp = xml_node_get_text(ctx->xml, node);
2721 if (tmp == NULL) {
2722 wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS");
2723 return -1;
2724 }
2725 ctx->fqdn = os_strdup(tmp);
2726 xml_node_get_text_free(ctx->xml, tmp);
2727 if (!ctx->fqdn) {
2728 wpa_printf(MSG_INFO, "No FQDN known");
2729 return -1;
2730 }
2731 }
2732
2733 node = get_child_node(ctx->xml, pps,
2734 "Policy/PolicyUpdate/UpdateMethod");
2735 if (node) {
2736 char *tmp;
2737 tmp = xml_node_get_text(ctx->xml, node);
2738 if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0)
2739 spp = 0;
2740 else
2741 spp = 1;
2742 } else {
2743 wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP");
2744 spp = 1;
2745 }
2746
2747 get_user_pw(ctx, pps, "Policy/PolicyUpdate/UsernamePassword",
2748 &cred_username, &cred_password);
2749 if (cred_username)
2750 wpa_printf(MSG_INFO, "Using username: %s", cred_username);
2751 if (cred_password)
2752 wpa_printf(MSG_DEBUG, "Using password: %s", cred_password);
2753
2754 if (cred_username == NULL && cred_password == NULL &&
2755 get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) {
2756 wpa_printf(MSG_INFO, "Using client certificate");
2757 os_snprintf(client_cert_buf, sizeof(client_cert_buf),
2758 "SP/%s/client-cert.pem", ctx->fqdn);
2759 client_cert = client_cert_buf;
2760 os_snprintf(client_key_buf, sizeof(client_key_buf),
2761 "SP/%s/client-key.pem", ctx->fqdn);
2762 client_key = client_key_buf;
2763 }
2764
2765 if (!address) {
2766 node = get_child_node(ctx->xml, pps, "Policy/PolicyUpdate/URI");
2767 if (node) {
2768 uri = xml_node_get_text(ctx->xml, node);
2769 wpa_printf(MSG_INFO, "URI based on PPS: %s", uri);
2770 address = uri;
2771 }
2772 }
2773 if (!address) {
2774 wpa_printf(MSG_INFO, "Server URL not known");
2775 return -1;
2776 }
2777
2778 if (spp)
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2779 spp_pol_upd(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2780 client_cert, client_key,
2781 cred_username, cred_password, pps);
2782 else
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2783 oma_dm_pol_upd(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2784 client_cert, client_key,
2785 cred_username, cred_password, pps);
2786
2787 xml_node_get_text_free(ctx->xml, uri);
2788 xml_node_get_text_free(ctx->xml, cred_username);
Dmitry Shmidtc2817022014-07-02 10:32:10 -0700[diff] [blame]2789 str_clear_free(cred_password);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2790 xml_node_free(ctx->xml, pps);
2791
2792 return 0;
2793}
2794
2795
2796static char * get_hostname(const char *url)
2797{
2798 const char *pos, *end, *end2;
2799 char *ret;
2800
2801 if (url == NULL)
2802 return NULL;
2803
2804 pos = os_strchr(url, '/');
2805 if (pos == NULL)
2806 return NULL;
2807 pos++;
2808 if (*pos != '/')
2809 return NULL;
2810 pos++;
2811
2812 end = os_strchr(pos, '/');
2813 end2 = os_strchr(pos, ':');
Dmitry Shmidtb1e52102015-05-29 12:36:29 -0700[diff] [blame]2814 if ((end && end2 && end2 < end) || (!end && end2))
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2815 end = end2;
2816 if (end)
2817 end--;
2818 else {
2819 end = pos;
2820 while (*end)
2821 end++;
2822 if (end > pos)
2823 end--;
2824 }
2825
2826 ret = os_malloc(end - pos + 2);
2827 if (ret == NULL)
2828 return NULL;
2829
2830 os_memcpy(ret, pos, end - pos + 1);
2831 ret[end - pos + 1] = '\0';
2832
2833 return ret;
2834}
2835
2836
2837static int osu_cert_cb(void *_ctx, struct http_cert *cert)
2838{
2839 struct hs20_osu_client *ctx = _ctx;
2840 unsigned int i, j;
2841 int found;
2842 char *host = NULL;
2843
Dmitry Shmidtb1e52102015-05-29 12:36:29 -0700[diff] [blame]2844 wpa_printf(MSG_INFO, "osu_cert_cb(osu_cert_validation=%d, url=%s)",
2845 !ctx->no_osu_cert_validation, ctx->server_url);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2846
2847 host = get_hostname(ctx->server_url);
2848
2849 for (i = 0; i < ctx->server_dnsname_count; i++)
2850 os_free(ctx->server_dnsname[i]);
2851 os_free(ctx->server_dnsname);
2852 ctx->server_dnsname = os_calloc(cert->num_dnsname, sizeof(char *));
2853 ctx->server_dnsname_count = 0;
2854
2855 found = 0;
2856 for (i = 0; i < cert->num_dnsname; i++) {
2857 if (ctx->server_dnsname) {
2858 ctx->server_dnsname[ctx->server_dnsname_count] =
2859 os_strdup(cert->dnsname[i]);
2860 if (ctx->server_dnsname[ctx->server_dnsname_count])
2861 ctx->server_dnsname_count++;
2862 }
2863 if (host && os_strcasecmp(host, cert->dnsname[i]) == 0)
2864 found = 1;
2865 wpa_printf(MSG_INFO, "dNSName '%s'", cert->dnsname[i]);
2866 }
2867
2868 if (host && !found) {
2869 wpa_printf(MSG_INFO, "Server name from URL (%s) did not match any dNSName - abort connection",
2870 host);
2871 write_result(ctx, "Server name from URL (%s) did not match any dNSName - abort connection",
2872 host);
2873 os_free(host);
2874 return -1;
2875 }
2876
2877 os_free(host);
2878
2879 for (i = 0; i < cert->num_othername; i++) {
2880 if (os_strcmp(cert->othername[i].oid,
2881 "1.3.6.1.4.1.40808.1.1.1") == 0) {
2882 wpa_hexdump_ascii(MSG_INFO,
2883 "id-wfa-hotspot-friendlyName",
2884 cert->othername[i].data,
2885 cert->othername[i].len);
2886 }
2887 }
2888
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2889 for (j = 0; !ctx->no_osu_cert_validation &&
2890 j < ctx->friendly_name_count; j++) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2891 int found = 0;
2892 for (i = 0; i < cert->num_othername; i++) {
2893 if (os_strcmp(cert->othername[i].oid,
2894 "1.3.6.1.4.1.40808.1.1.1") != 0)
2895 continue;
2896 if (cert->othername[i].len < 3)
2897 continue;
2898 if (os_strncasecmp((char *) cert->othername[i].data,
2899 ctx->friendly_name[j].lang, 3) != 0)
2900 continue;
2901 if (os_strncmp((char *) cert->othername[i].data + 3,
2902 ctx->friendly_name[j].text,
2903 cert->othername[i].len - 3) == 0) {
2904 found = 1;
2905 break;
2906 }
2907 }
2908
2909 if (!found) {
2910 wpa_printf(MSG_INFO, "No friendly name match found for '[%s]%s'",
2911 ctx->friendly_name[j].lang,
2912 ctx->friendly_name[j].text);
2913 write_result(ctx, "No friendly name match found for '[%s]%s'",
2914 ctx->friendly_name[j].lang,
2915 ctx->friendly_name[j].text);
2916 return -1;
2917 }
2918 }
2919
2920 for (i = 0; i < cert->num_logo; i++) {
2921 struct http_logo *logo = &cert->logo[i];
2922
2923 wpa_printf(MSG_INFO, "logo hash alg %s uri '%s'",
2924 logo->alg_oid, logo->uri);
2925 wpa_hexdump_ascii(MSG_INFO, "hashValue",
2926 logo->hash, logo->hash_len);
2927 }
2928
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2929 for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2930 int found = 0;
2931 char *name = ctx->icon_filename[j];
2932 size_t name_len = os_strlen(name);
2933
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2934 wpa_printf(MSG_INFO,
2935 "[%i] Looking for icon file name '%s' match",
2936 j, name);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2937 for (i = 0; i < cert->num_logo; i++) {
2938 struct http_logo *logo = &cert->logo[i];
2939 size_t uri_len = os_strlen(logo->uri);
2940 char *pos;
2941
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2942 wpa_printf(MSG_INFO,
2943 "[%i] Comparing to '%s' uri_len=%d name_len=%d",
2944 i, logo->uri, (int) uri_len, (int) name_len);
2945 if (uri_len < 1 + name_len) {
2946 wpa_printf(MSG_INFO, "URI Length is too short");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2947 continue;
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2948 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2949 pos = &logo->uri[uri_len - name_len - 1];
2950 if (*pos != '/')
2951 continue;
2952 pos++;
2953 if (os_strcmp(pos, name) == 0) {
2954 found = 1;
2955 break;
2956 }
2957 }
2958
2959 if (!found) {
2960 wpa_printf(MSG_INFO, "No icon filename match found for '%s'",
2961 name);
2962 write_result(ctx,
2963 "No icon filename match found for '%s'",
2964 name);
2965 return -1;
2966 }
2967 }
2968
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2969 for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2970 int found = 0;
2971
2972 for (i = 0; i < cert->num_logo; i++) {
2973 struct http_logo *logo = &cert->logo[i];
2974
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2975 if (logo->hash_len != 32) {
2976 wpa_printf(MSG_INFO,
2977 "[%i][%i] Icon hash length invalid (should be 32): %d",
2978 j, i, (int) logo->hash_len);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2979 continue;
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2980 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2981 if (os_memcmp(logo->hash, ctx->icon_hash[j], 32) == 0) {
2982 found = 1;
2983 break;
2984 }
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2985
2986 wpa_printf(MSG_DEBUG,
2987 "[%u][%u] Icon hash did not match", j, i);
2988 wpa_hexdump_ascii(MSG_DEBUG, "logo->hash",
2989 logo->hash, 32);
2990 wpa_hexdump_ascii(MSG_DEBUG, "ctx->icon_hash[j]",
2991 ctx->icon_hash[j], 32);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2992 }
2993
2994 if (!found) {
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2995 wpa_printf(MSG_INFO,
2996 "No icon hash match (by hash) found");
2997 write_result(ctx,
2998 "No icon hash match (by hash) found");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2999 return -1;
3000 }
3001 }
3002
3003 return 0;
3004}
3005
3006
3007static int init_ctx(struct hs20_osu_client *ctx)
3008{
3009 xml_node_t *devinfo, *devid;
3010
3011 os_memset(ctx, 0, sizeof(*ctx));
3012 ctx->ifname = "wlan0";
3013 ctx->xml = xml_node_init_ctx(ctx, NULL);
3014 if (ctx->xml == NULL)
3015 return -1;
3016
3017 devinfo = node_from_file(ctx->xml, "devinfo.xml");
3018 if (!devinfo) {
3019 wpa_printf(MSG_ERROR, "devinfo.xml not found");
3020 return -1;
3021 }
3022
3023 devid = get_node(ctx->xml, devinfo, "DevId");
3024 if (devid) {
3025 char *tmp = xml_node_get_text(ctx->xml, devid);
3026 if (tmp) {
3027 ctx->devid = os_strdup(tmp);
3028 xml_node_get_text_free(ctx->xml, tmp);
3029 }
3030 }
3031 xml_node_free(ctx->xml, devinfo);
3032
3033 if (ctx->devid == NULL) {
3034 wpa_printf(MSG_ERROR, "Could not fetch DevId from devinfo.xml");
3035 return -1;
3036 }
3037
3038 ctx->http = http_init_ctx(ctx, ctx->xml);
3039 if (ctx->http == NULL) {
3040 xml_node_deinit_ctx(ctx->xml);
3041 return -1;
3042 }
3043 http_ocsp_set(ctx->http, 2);
3044 http_set_cert_cb(ctx->http, osu_cert_cb, ctx);
3045
3046 return 0;
3047}
3048
3049
3050static void deinit_ctx(struct hs20_osu_client *ctx)
3051{
3052 size_t i;
3053
3054 http_deinit_ctx(ctx->http);
3055 xml_node_deinit_ctx(ctx->xml);
3056 os_free(ctx->fqdn);
3057 os_free(ctx->server_url);
3058 os_free(ctx->devid);
3059
3060 for (i = 0; i < ctx->server_dnsname_count; i++)
3061 os_free(ctx->server_dnsname[i]);
3062 os_free(ctx->server_dnsname);
3063}
3064
3065
3066static void check_workarounds(struct hs20_osu_client *ctx)
3067{
3068 FILE *f;
3069 char buf[100];
3070 unsigned long int val = 0;
3071
3072 f = fopen("hs20-osu-client.workarounds", "r");
3073 if (f == NULL)
3074 return;
3075
3076 if (fgets(buf, sizeof(buf), f))
3077 val = strtoul(buf, NULL, 16);
3078
3079 fclose(f);
3080
3081 if (val) {
3082 wpa_printf(MSG_INFO, "Workarounds enabled: 0x%lx", val);
3083 ctx->workarounds = val;
3084 if (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL)
3085 http_ocsp_set(ctx->http, 1);
3086 }
3087}
3088
3089
3090static void usage(void)
3091{
3092 printf("usage: hs20-osu-client [-dddqqKt] [-S<station ifname>] \\\n"
3093 " [-w<wpa_supplicant ctrl_iface dir>] "
3094 "[-r<result file>] [-f<debug file>] \\\n"
3095 " [-s<summary file>] \\\n"
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]3096 " [-x<spp.xsd file name>] \\\n"
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3097 " <command> [arguments..]\n"
3098 "commands:\n"
3099 "- to_tnds <XML MO> <XML MO in TNDS format> [URN]\n"
3100 "- to_tnds2 <XML MO> <XML MO in TNDS format (Path) "
3101 "[URN]>\n"
3102 "- from_tnds <XML MO in TNDS format> <XML MO>\n"
3103 "- set_pps <PerProviderSubscription XML file name>\n"
3104 "- get_fqdn <PerProviderSubscription XML file name>\n"
3105 "- pol_upd [Server URL] [PPS] [CA cert]\n"
3106 "- sub_rem <Server URL> [PPS] [CA cert]\n"
3107 "- prov <Server URL> [CA cert]\n"
3108 "- oma_dm_prov <Server URL> [CA cert]\n"
3109 "- sim_prov <Server URL> [CA cert]\n"
3110 "- oma_dm_sim_prov <Server URL> [CA cert]\n"
3111 "- signup [CA cert]\n"
3112 "- dl_osu_ca <PPS> <CA file>\n"
3113 "- dl_polupd_ca <PPS> <CA file>\n"
3114 "- dl_aaa_ca <PPS> <CA file>\n"
3115 "- browser <URL>\n"
3116 "- parse_cert <X.509 certificate (DER)>\n"
3117 "- osu_select <OSU info directory> [CA cert]\n");
3118}
3119
3120
3121int main(int argc, char *argv[])
3122{
3123 struct hs20_osu_client ctx;
3124 int c;
3125 int ret = 0;
3126 int no_prod_assoc = 0;
3127 const char *friendly_name = NULL;
3128 const char *wpa_debug_file_path = NULL;
3129 extern char *wpas_ctrl_path;
3130 extern int wpa_debug_level;
3131 extern int wpa_debug_show_keys;
3132 extern int wpa_debug_timestamp;
3133
3134 if (init_ctx(&ctx) < 0)
3135 return -1;
3136
3137 for (;;) {
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]3138 c = getopt(argc, argv, "df:hKNO:qr:s:S:tw:x:");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3139 if (c < 0)
3140 break;
3141 switch (c) {
3142 case 'd':
3143 if (wpa_debug_level > 0)
3144 wpa_debug_level--;
3145 break;
3146 case 'f':
3147 wpa_debug_file_path = optarg;
3148 break;
3149 case 'K':
3150 wpa_debug_show_keys++;
3151 break;
3152 case 'N':
3153 no_prod_assoc = 1;
3154 break;
3155 case 'O':
3156 friendly_name = optarg;
3157 break;
3158 case 'q':
3159 wpa_debug_level++;
3160 break;
3161 case 'r':
3162 ctx.result_file = optarg;
3163 break;
3164 case 's':
3165 ctx.summary_file = optarg;
3166 break;
3167 case 'S':
3168 ctx.ifname = optarg;
3169 break;
3170 case 't':
3171 wpa_debug_timestamp++;
3172 break;
3173 case 'w':
3174 wpas_ctrl_path = optarg;
3175 break;
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]3176 case 'x':
3177 spp_xsd_fname = optarg;
3178 break;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3179 case 'h':
3180 default:
3181 usage();
3182 exit(0);
3183 break;
3184 }
3185 }
3186
3187 if (argc - optind < 1) {
3188 usage();
3189 exit(0);
3190 }
3191
3192 wpa_debug_open_file(wpa_debug_file_path);
3193
3194#ifdef __linux__
3195 setlinebuf(stdout);
3196#endif /* __linux__ */
3197
3198 if (ctx.result_file)
3199 unlink(ctx.result_file);
3200 wpa_printf(MSG_DEBUG, "===[hs20-osu-client START - command: %s ]======"
3201 "================", argv[optind]);
3202 check_workarounds(&ctx);
3203
3204 if (strcmp(argv[optind], "to_tnds") == 0) {
3205 if (argc - optind < 2) {
3206 usage();
3207 exit(0);
3208 }
3209 cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
3210 argc > optind + 3 ? argv[optind + 3] : NULL,
3211 0);
3212 } else if (strcmp(argv[optind], "to_tnds2") == 0) {
3213 if (argc - optind < 2) {
3214 usage();
3215 exit(0);
3216 }
3217 cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
3218 argc > optind + 3 ? argv[optind + 3] : NULL,
3219 1);
3220 } else if (strcmp(argv[optind], "from_tnds") == 0) {
3221 if (argc - optind < 2) {
3222 usage();
3223 exit(0);
3224 }
3225 cmd_from_tnds(&ctx, argv[optind + 1], argv[optind + 2]);
3226 } else if (strcmp(argv[optind], "sub_rem") == 0) {
3227 if (argc - optind < 2) {
3228 usage();
3229 exit(0);
3230 }
Dmitry Shmidte4663042016-04-04 10:07:49 -0700[diff] [blame]3231 ret = cmd_sub_rem(&ctx, argv[optind + 1],
3232 argc > optind + 2 ? argv[optind + 2] : NULL,
3233 argc > optind + 3 ? argv[optind + 3] : NULL);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3234 } else if (strcmp(argv[optind], "pol_upd") == 0) {
Dmitry Shmidte4663042016-04-04 10:07:49 -0700[diff] [blame]3235 ret = cmd_pol_upd(&ctx,
3236 argc > optind + 1 ? argv[optind + 1] : NULL,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3237 argc > optind + 2 ? argv[optind + 2] : NULL,
3238 argc > optind + 3 ? argv[optind + 3] : NULL);
3239 } else if (strcmp(argv[optind], "prov") == 0) {
3240 if (argc - optind < 2) {
3241 usage();
3242 exit(0);
3243 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3244 ctx.ca_fname = argv[optind + 2];
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]3245 wpa_printf(MSG_DEBUG, "Calling cmd_prov from main");
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3246 cmd_prov(&ctx, argv[optind + 1]);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3247 } else if (strcmp(argv[optind], "sim_prov") == 0) {
3248 if (argc - optind < 2) {
3249 usage();
3250 exit(0);
3251 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3252 ctx.ca_fname = argv[optind + 2];
3253 cmd_sim_prov(&ctx, argv[optind + 1]);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3254 } else if (strcmp(argv[optind], "dl_osu_ca") == 0) {
3255 if (argc - optind < 2) {
3256 usage();
3257 exit(0);
3258 }
3259 cmd_dl_osu_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3260 } else if (strcmp(argv[optind], "dl_polupd_ca") == 0) {
3261 if (argc - optind < 2) {
3262 usage();
3263 exit(0);
3264 }
3265 cmd_dl_polupd_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3266 } else if (strcmp(argv[optind], "dl_aaa_ca") == 0) {
3267 if (argc - optind < 2) {
3268 usage();
3269 exit(0);
3270 }
3271 cmd_dl_aaa_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3272 } else if (strcmp(argv[optind], "osu_select") == 0) {
3273 if (argc - optind < 2) {
3274 usage();
3275 exit(0);
3276 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3277 ctx.ca_fname = argc > optind + 2 ? argv[optind + 2] : NULL;
3278 cmd_osu_select(&ctx, argv[optind + 1], 2, 1, NULL);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3279 } else if (strcmp(argv[optind], "signup") == 0) {
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3280 ctx.ca_fname = argc > optind + 1 ? argv[optind + 1] : NULL;
3281 ret = cmd_signup(&ctx, no_prod_assoc, friendly_name);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3282 } else if (strcmp(argv[optind], "set_pps") == 0) {
3283 if (argc - optind < 2) {
3284 usage();
3285 exit(0);
3286 }
3287 cmd_set_pps(&ctx, argv[optind + 1]);
3288 } else if (strcmp(argv[optind], "get_fqdn") == 0) {
3289 if (argc - optind < 1) {
3290 usage();
3291 exit(0);
3292 }
3293 ret = cmd_get_fqdn(&ctx, argv[optind + 1]);
3294 } else if (strcmp(argv[optind], "oma_dm_prov") == 0) {
3295 if (argc - optind < 2) {
3296 usage();
3297 exit(0);
3298 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3299 ctx.ca_fname = argv[optind + 2];
3300 cmd_oma_dm_prov(&ctx, argv[optind + 1]);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3301 } else if (strcmp(argv[optind], "oma_dm_sim_prov") == 0) {
3302 if (argc - optind < 2) {
3303 usage();
3304 exit(0);
3305 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3306 ctx.ca_fname = argv[optind + 2];
3307 if (cmd_oma_dm_sim_prov(&ctx, argv[optind + 1]) < 0) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3308 write_summary(&ctx, "Failed to complete OMA DM SIM provisioning");
3309 return -1;
3310 }
3311 } else if (strcmp(argv[optind], "oma_dm_add") == 0) {
3312 if (argc - optind < 2) {
3313 usage();
3314 exit(0);
3315 }
3316 cmd_oma_dm_add(&ctx, argv[optind + 1], argv[optind + 2]);
3317 } else if (strcmp(argv[optind], "oma_dm_replace") == 0) {
3318 if (argc - optind < 2) {
3319 usage();
3320 exit(0);
3321 }
3322 cmd_oma_dm_replace(&ctx, argv[optind + 1], argv[optind + 2]);
3323 } else if (strcmp(argv[optind], "est_csr") == 0) {
3324 if (argc - optind < 2) {
3325 usage();
3326 exit(0);
3327 }
3328 mkdir("Cert", S_IRWXU);
3329 est_build_csr(&ctx, argv[optind + 1]);
3330 } else if (strcmp(argv[optind], "browser") == 0) {
3331 int ret;
3332
3333 if (argc - optind < 2) {
3334 usage();
3335 exit(0);
3336 }
3337
3338 wpa_printf(MSG_INFO, "Launch web browser to URL %s",
3339 argv[optind + 1]);
3340 ret = hs20_web_browser(argv[optind + 1]);
3341 wpa_printf(MSG_INFO, "Web browser result: %d", ret);
3342 } else if (strcmp(argv[optind], "parse_cert") == 0) {
3343 if (argc - optind < 2) {
3344 usage();
3345 exit(0);
3346 }
3347
3348 wpa_debug_level = MSG_MSGDUMP;
3349 http_parse_x509_certificate(ctx.http, argv[optind + 1]);
3350 wpa_debug_level = MSG_INFO;
3351 } else {
3352 wpa_printf(MSG_INFO, "Unknown command '%s'", argv[optind]);
3353 }
3354
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3355 deinit_ctx(&ctx);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3356 wpa_printf(MSG_DEBUG,
3357 "===[hs20-osu-client END ]======================");
3358
3359 wpa_debug_close_file();
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3360
3361 return ret;
3362}