1 /*
2  * Generic advertisement service (GAS) (IEEE 802.11u)
3  * Copyright (c) 2009, Atheros Communications
4  * Copyright (c) 2011-2012, Qualcomm Atheros
5  *
6  * This software may be distributed under the terms of the BSD license.
7  * See README for more details.
8  */
9 
10 #include "includes.h"
11 
12 #include "common.h"
13 #include "ieee802_11_defs.h"
14 #include "gas.h"
15 
16 
17 static struct wpabuf *
gas_build_req(u8 action,u8 dialog_token,size_t size)18 gas_build_req(u8 action, u8 dialog_token, size_t size)
19 {
20 	struct wpabuf *buf;
21 
22 	buf = wpabuf_alloc(100 + size);
23 	if (buf == NULL)
24 		return NULL;
25 
26 	wpabuf_put_u8(buf, WLAN_ACTION_PUBLIC);
27 	wpabuf_put_u8(buf, action);
28 	wpabuf_put_u8(buf, dialog_token);
29 
30 	return buf;
31 }
32 
33 
gas_build_initial_req(u8 dialog_token,size_t size)34 struct wpabuf * gas_build_initial_req(u8 dialog_token, size_t size)
35 {
36 	return gas_build_req(WLAN_PA_GAS_INITIAL_REQ, dialog_token,
37 			     size);
38 }
39 
40 
gas_build_comeback_req(u8 dialog_token)41 struct wpabuf * gas_build_comeback_req(u8 dialog_token)
42 {
43 	return gas_build_req(WLAN_PA_GAS_COMEBACK_REQ, dialog_token, 0);
44 }
45 
46 
47 static struct wpabuf *
gas_build_resp(u8 action,u8 dialog_token,u16 status_code,u8 frag_id,u8 more,u16 comeback_delay,size_t size)48 gas_build_resp(u8 action, u8 dialog_token, u16 status_code, u8 frag_id,
49 	       u8 more, u16 comeback_delay, size_t size)
50 {
51 	struct wpabuf *buf;
52 
53 	buf = wpabuf_alloc(100 + size);
54 	if (buf == NULL)
55 		return NULL;
56 
57 	wpabuf_put_u8(buf, WLAN_ACTION_PUBLIC);
58 	wpabuf_put_u8(buf, action);
59 	wpabuf_put_u8(buf, dialog_token);
60 	wpabuf_put_le16(buf, status_code);
61 	if (action == WLAN_PA_GAS_COMEBACK_RESP)
62 		wpabuf_put_u8(buf, frag_id | (more ? 0x80 : 0));
63 	wpabuf_put_le16(buf, comeback_delay);
64 
65 	return buf;
66 }
67 
68 
69 struct wpabuf *
gas_build_initial_resp(u8 dialog_token,u16 status_code,u16 comeback_delay,size_t size)70 gas_build_initial_resp(u8 dialog_token, u16 status_code, u16 comeback_delay,
71 		       size_t size)
72 {
73 	return gas_build_resp(WLAN_PA_GAS_INITIAL_RESP, dialog_token,
74 			      status_code, 0, 0, comeback_delay, size);
75 }
76 
77 
78 static struct wpabuf *
gas_build_comeback_resp(u8 dialog_token,u16 status_code,u8 frag_id,u8 more,u16 comeback_delay,size_t size)79 gas_build_comeback_resp(u8 dialog_token, u16 status_code, u8 frag_id, u8 more,
80 			u16 comeback_delay, size_t size)
81 {
82 	return gas_build_resp(WLAN_PA_GAS_COMEBACK_RESP, dialog_token,
83 			      status_code, frag_id, more, comeback_delay,
84 			      size);
85 }
86 
87 
88 /**
89  * gas_add_adv_proto_anqp - Add an Advertisement Protocol element
90  * @buf: Buffer to which the element is added
91  * @query_resp_len_limit: Query Response Length Limit in units of 256 octets
92  * @pame_bi: Pre-Association Message Exchange BSSID Independent (0/1)
93  *
94  *
95  * @query_resp_len_limit is 0 for request and 1-0x7f for response. 0x7f means
96  * that the maximum limit is determined by the maximum allowable number of
97  * fragments in the GAS Query Response Fragment ID.
98  */
gas_add_adv_proto_anqp(struct wpabuf * buf,u8 query_resp_len_limit,u8 pame_bi)99 static void gas_add_adv_proto_anqp(struct wpabuf *buf, u8 query_resp_len_limit,
100 				   u8 pame_bi)
101 {
102 	/* Advertisement Protocol IE */
103 	wpabuf_put_u8(buf, WLAN_EID_ADV_PROTO);
104 	wpabuf_put_u8(buf, 2); /* Length */
105 	wpabuf_put_u8(buf, (query_resp_len_limit & 0x7f) |
106 		      (pame_bi ? 0x80 : 0));
107 	/* Advertisement Protocol */
108 	wpabuf_put_u8(buf, ACCESS_NETWORK_QUERY_PROTOCOL);
109 }
110 
111 
gas_anqp_build_initial_req(u8 dialog_token,size_t size)112 struct wpabuf * gas_anqp_build_initial_req(u8 dialog_token, size_t size)
113 {
114 	struct wpabuf *buf;
115 
116 	buf = gas_build_initial_req(dialog_token, 4 + size);
117 	if (buf == NULL)
118 		return NULL;
119 
120 	gas_add_adv_proto_anqp(buf, 0, 0);
121 
122 	wpabuf_put(buf, 2); /* Query Request Length to be filled */
123 
124 	return buf;
125 }
126 
127 
gas_anqp_build_initial_resp(u8 dialog_token,u16 status_code,u16 comeback_delay,size_t size)128 struct wpabuf * gas_anqp_build_initial_resp(u8 dialog_token, u16 status_code,
129 					    u16 comeback_delay, size_t size)
130 {
131 	struct wpabuf *buf;
132 
133 	buf = gas_build_initial_resp(dialog_token, status_code, comeback_delay,
134 				     4 + size);
135 	if (buf == NULL)
136 		return NULL;
137 
138 	gas_add_adv_proto_anqp(buf, 0x7f, 0);
139 
140 	wpabuf_put(buf, 2); /* Query Response Length to be filled */
141 
142 	return buf;
143 }
144 
145 
gas_anqp_build_initial_resp_buf(u8 dialog_token,u16 status_code,u16 comeback_delay,struct wpabuf * payload)146 struct wpabuf * gas_anqp_build_initial_resp_buf(u8 dialog_token,
147 						u16 status_code,
148 						u16 comeback_delay,
149 						struct wpabuf *payload)
150 {
151 	struct wpabuf *buf;
152 
153 	buf = gas_anqp_build_initial_resp(dialog_token, status_code,
154 					  comeback_delay,
155 					  payload ? wpabuf_len(payload) : 0);
156 	if (buf == NULL)
157 		return NULL;
158 
159 	if (payload)
160 		wpabuf_put_buf(buf, payload);
161 
162 	gas_anqp_set_len(buf);
163 
164 	return buf;
165 }
166 
167 
gas_anqp_build_comeback_resp(u8 dialog_token,u16 status_code,u8 frag_id,u8 more,u16 comeback_delay,size_t size)168 struct wpabuf * gas_anqp_build_comeback_resp(u8 dialog_token, u16 status_code,
169 					     u8 frag_id, u8 more,
170 					     u16 comeback_delay, size_t size)
171 {
172 	struct wpabuf *buf;
173 
174 	buf = gas_build_comeback_resp(dialog_token, status_code,
175 				      frag_id, more, comeback_delay, 4 + size);
176 	if (buf == NULL)
177 		return NULL;
178 
179 	gas_add_adv_proto_anqp(buf, 0x7f, 0);
180 
181 	wpabuf_put(buf, 2); /* Query Response Length to be filled */
182 
183 	return buf;
184 }
185 
186 
gas_anqp_build_comeback_resp_buf(u8 dialog_token,u16 status_code,u8 frag_id,u8 more,u16 comeback_delay,struct wpabuf * payload)187 struct wpabuf * gas_anqp_build_comeback_resp_buf(u8 dialog_token,
188 						 u16 status_code,
189 						 u8 frag_id, u8 more,
190 						 u16 comeback_delay,
191 						 struct wpabuf *payload)
192 {
193 	struct wpabuf *buf;
194 
195 	buf = gas_anqp_build_comeback_resp(dialog_token, status_code, frag_id,
196 					   more, comeback_delay,
197 					   payload ? wpabuf_len(payload) : 0);
198 	if (buf == NULL)
199 		return NULL;
200 
201 	if (payload)
202 		wpabuf_put_buf(buf, payload);
203 
204 	gas_anqp_set_len(buf);
205 
206 	return buf;
207 }
208 
209 
210 /**
211  * gas_anqp_set_len - Set Query Request/Response Length
212  * @buf: GAS message
213  *
214  * This function is used to update the Query Request/Response Length field once
215  * the payload has been filled.
216  */
gas_anqp_set_len(struct wpabuf * buf)217 void gas_anqp_set_len(struct wpabuf *buf)
218 {
219 	u8 action;
220 	size_t offset;
221 	u8 *len;
222 
223 	if (buf == NULL || wpabuf_len(buf) < 2)
224 		return;
225 
226 	action = *(wpabuf_head_u8(buf) + 1);
227 	switch (action) {
228 	case WLAN_PA_GAS_INITIAL_REQ:
229 		offset = 3 + 4;
230 		break;
231 	case WLAN_PA_GAS_INITIAL_RESP:
232 		offset = 7 + 4;
233 		break;
234 	case WLAN_PA_GAS_COMEBACK_RESP:
235 		offset = 8 + 4;
236 		break;
237 	default:
238 		return;
239 	}
240 
241 	if (wpabuf_len(buf) < offset + 2)
242 		return;
243 
244 	len = wpabuf_mhead_u8(buf) + offset;
245 	WPA_PUT_LE16(len, (u8 *) wpabuf_put(buf, 0) - len - 2);
246 }
247 
248 
249 /**
250  * gas_anqp_add_element - Add ANQP element header
251  * @buf: GAS message
252  * @info_id: ANQP Info ID
253  * Returns: Pointer to the Length field for gas_anqp_set_element_len()
254  */
gas_anqp_add_element(struct wpabuf * buf,u16 info_id)255 u8 * gas_anqp_add_element(struct wpabuf *buf, u16 info_id)
256 {
257 	wpabuf_put_le16(buf, info_id);
258 	return wpabuf_put(buf, 2); /* Length to be filled */
259 }
260 
261 
262 /**
263  * gas_anqp_set_element_len - Update ANQP element Length field
264  * @buf: GAS message
265  * @len_pos: Length field position from gas_anqp_add_element()
266  *
267  * This function is called after the ANQP element payload has been added to the
268  * buffer.
269  */
gas_anqp_set_element_len(struct wpabuf * buf,u8 * len_pos)270 void gas_anqp_set_element_len(struct wpabuf *buf, u8 *len_pos)
271 {
272 	WPA_PUT_LE16(len_pos, (u8 *) wpabuf_put(buf, 0) - len_pos - 2);
273 }
274