search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Sync usage with man page.
[netbsd-mini2440.git] / dist / wpa / src / eap_peer / eap_fast_pac.c
blob1583f490bfce1ba3d37bdb045eea20cd3d68de95
1 /*
2 * EAP peer method: EAP-FAST PAC file processing
3 * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15 #include "includes.h"
16
17 #include "common.h"
18 #include "eap_config.h"
19 #include "eap_i.h"
20 #include "eap_fast_pac.h"
21
22 /* TODO: encrypt PAC-Key in the PAC file */
23
24
25 /* Text data format */
26 static const char *pac_file_hdr =
27 "wpa_supplicant EAP-FAST PAC file - version 1";
28
29 /*
30 * Binary data format
31 * 4-octet magic value: 6A E4 92 0C
32 * 2-octet version (big endian)
33 * <version specific data>
34 *
35 * version=0:
36 * Sequence of PAC entries:
37 * 2-octet PAC-Type (big endian)
38 * 32-octet PAC-Key
39 * 2-octet PAC-Opaque length (big endian)
40 * <variable len> PAC-Opaque data (length bytes)
41 * 2-octet PAC-Info length (big endian)
42 * <variable len> PAC-Info data (length bytes)
43 */
44
45 #define EAP_FAST_PAC_BINARY_MAGIC 0x6ae4920c
46 #define EAP_FAST_PAC_BINARY_FORMAT_VERSION 0
47
48
49 /**
50 * eap_fast_free_pac - Free PAC data
51 * @pac: Pointer to the PAC entry
52 *
53 * Note that the PAC entry must not be in a list since this function does not
54 * remove the list links.
55 */
56 void eap_fast_free_pac(struct eap_fast_pac *pac)
57 {
58 os_free(pac->pac_opaque);
59 os_free(pac->pac_info);
60 os_free(pac->a_id);
61 os_free(pac->i_id);
62 os_free(pac->a_id_info);
63 os_free(pac);
64 }
65
66
67 /**
68 * eap_fast_get_pac - Get a PAC entry based on A-ID
69 * @pac_root: Pointer to root of the PAC list
70 * @a_id: A-ID to search for
71 * @a_id_len: Length of A-ID
72 * @pac_type: PAC-Type to search for
73 * Returns: Pointer to the PAC entry, or %NULL if A-ID not found
74 */
75 struct eap_fast_pac * eap_fast_get_pac(struct eap_fast_pac *pac_root,
76 const u8 *a_id, size_t a_id_len,
77 u16 pac_type)
78 {
79 struct eap_fast_pac *pac = pac_root;
80
81 while (pac) {
82 if (pac->pac_type == pac_type && pac->a_id_len == a_id_len &&
83 os_memcmp(pac->a_id, a_id, a_id_len) == 0) {
84 return pac;
85 }
86 pac = pac->next;
87 }
88 return NULL;
89 }
90
91
92 static void eap_fast_remove_pac(struct eap_fast_pac **pac_root,
93 struct eap_fast_pac **pac_current,
94 const u8 *a_id, size_t a_id_len, u16 pac_type)
95 {
96 struct eap_fast_pac *pac, *prev;
97
98 pac = *pac_root;
99 prev = NULL;
100
101 while (pac) {
102 if (pac->pac_type == pac_type && pac->a_id_len == a_id_len &&
103 os_memcmp(pac->a_id, a_id, a_id_len) == 0) {
104 if (prev == NULL)
105 *pac_root = pac->next;
106 else
107 prev->next = pac->next;
108 if (*pac_current == pac)
109 *pac_current = NULL;
110 eap_fast_free_pac(pac);
111 break;
112 }
113 prev = pac;
114 pac = pac->next;
115 }
116 }
117
118
119 static int eap_fast_copy_buf(u8 **dst, size_t *dst_len,
120 const u8 *src, size_t src_len)
121 {
122 if (src) {
123 *dst = os_malloc(src_len);
124 if (*dst == NULL)
125 return -1;
126 os_memcpy(*dst, src, src_len);
127 *dst_len = src_len;
128 }
129 return 0;
130 }
131
132
133 /**
134 * eap_fast_add_pac - Add a copy of a PAC entry to a list
135 * @pac_root: Pointer to PAC list root pointer
136 * @pac_current: Pointer to the current PAC pointer
137 * @entry: New entry to clone and add to the list
138 * Returns: 0 on success, -1 on failure
139 *
140 * This function makes a clone of the given PAC entry and adds this copied
141 * entry to the list (pac_root). If an old entry for the same A-ID is found,
142 * it will be removed from the PAC list and in this case, pac_current entry
143 * is set to %NULL if it was the removed entry.
144 */
145 int eap_fast_add_pac(struct eap_fast_pac **pac_root,
146 struct eap_fast_pac **pac_current,
147 struct eap_fast_pac *entry)
148 {
149 struct eap_fast_pac *pac;
150
151 if (entry == NULL || entry->a_id == NULL)
152 return -1;
153
154 /* Remove a possible old entry for the matching A-ID. */
155 eap_fast_remove_pac(pac_root, pac_current,
156 entry->a_id, entry->a_id_len, entry->pac_type);
157
158 /* Allocate a new entry and add it to the list of PACs. */
159 pac = os_zalloc(sizeof(*pac));
160 if (pac == NULL)
161 return -1;
162
163 pac->pac_type = entry->pac_type;
164 os_memcpy(pac->pac_key, entry->pac_key, EAP_FAST_PAC_KEY_LEN);
165 if (eap_fast_copy_buf(&pac->pac_opaque, &pac->pac_opaque_len,
166 entry->pac_opaque, entry->pac_opaque_len) < 0 ||
167 eap_fast_copy_buf(&pac->pac_info, &pac->pac_info_len,
168 entry->pac_info, entry->pac_info_len) < 0 ||
169 eap_fast_copy_buf(&pac->a_id, &pac->a_id_len,
170 entry->a_id, entry->a_id_len) < 0 ||
171 eap_fast_copy_buf(&pac->i_id, &pac->i_id_len,
172 entry->i_id, entry->i_id_len) < 0 ||
173 eap_fast_copy_buf(&pac->a_id_info, &pac->a_id_info_len,
174 entry->a_id_info, entry->a_id_info_len) < 0) {
175 eap_fast_free_pac(pac);
176 return -1;
177 }
178
179 pac->next = *pac_root;
180 *pac_root = pac;
181
182 return 0;
183 }
184
185
186 struct eap_fast_read_ctx {
187 FILE *f;
188 const char *pos;
189 const char *end;
190 int line;
191 char *buf;
192 size_t buf_len;
193 };
194
195 static int eap_fast_read_line(struct eap_fast_read_ctx *rc, char **value)
196 {
197 char *pos;
198
199 rc->line++;
200 if (rc->f) {
201 if (fgets(rc->buf, rc->buf_len, rc->f) == NULL)
202 return -1;
203 } else {
204 const char *l_end;
205 size_t len;
206 if (rc->pos >= rc->end)
207 return -1;
208 l_end = rc->pos;
209 while (l_end < rc->end && *l_end != '\n')
210 l_end++;
211 len = l_end - rc->pos;
212 if (len >= rc->buf_len)
213 len = rc->buf_len - 1;
214 os_memcpy(rc->buf, rc->pos, len);
215 rc->buf[len] = '\0';
216 rc->pos = l_end + 1;
217 }
218
219 rc->buf[rc->buf_len - 1] = '\0';
220 pos = rc->buf;
221 while (*pos != '\0') {
222 if (*pos == '\n' || *pos == '\r') {
223 *pos = '\0';
224 break;
225 }
226 pos++;
227 }
228
229 pos = os_strchr(rc->buf, '=');
230 if (pos)
231 *pos++ = '\0';
232 *value = pos;
233
234 return 0;
235 }
236
237
238 static u8 * eap_fast_parse_hex(const char *value, size_t *len)
239 {
240 int hlen;
241 u8 *buf;
242
243 if (value == NULL)
244 return NULL;
245 hlen = os_strlen(value);
246 if (hlen & 1)
247 return NULL;
248 *len = hlen / 2;
249 buf = os_malloc(*len);
250 if (buf == NULL)
251 return NULL;
252 if (hexstr2bin(value, buf, *len)) {
253 os_free(buf);
254 return NULL;
255 }
256 return buf;
257 }
258
259
260 static int eap_fast_init_pac_data(struct eap_sm *sm, const char *pac_file,
261 struct eap_fast_read_ctx *rc)
262 {
263 os_memset(rc, 0, sizeof(*rc));
264
265 rc->buf_len = 2048;
266 rc->buf = os_malloc(rc->buf_len);
267 if (rc->buf == NULL)
268 return -1;
269
270 if (os_strncmp(pac_file, "blob://", 7) == 0) {
271 const struct wpa_config_blob *blob;
272 blob = eap_get_config_blob(sm, pac_file + 7);
273 if (blob == NULL) {
274 wpa_printf(MSG_INFO, "EAP-FAST: No PAC blob '%s' - "
275 "assume no PAC entries have been "
276 "provisioned", pac_file + 7);
277 os_free(rc->buf);
278 return -1;
279 }
280 rc->pos = (char *) blob->data;
281 rc->end = (char *) blob->data + blob->len;
282 } else {
283 rc->f = fopen(pac_file, "rb");
284 if (rc->f == NULL) {
285 wpa_printf(MSG_INFO, "EAP-FAST: No PAC file '%s' - "
286 "assume no PAC entries have been "
287 "provisioned", pac_file);
288 os_free(rc->buf);
289 return -1;
290 }
291 }
292
293 return 0;
294 }
295
296
297 static void eap_fast_deinit_pac_data(struct eap_fast_read_ctx *rc)
298 {
299 os_free(rc->buf);
300 if (rc->f)
301 fclose(rc->f);
302 }
303
304
305 static const char * eap_fast_parse_start(struct eap_fast_pac **pac)
306 {
307 if (*pac)
308 return "START line without END";
309
310 *pac = os_zalloc(sizeof(struct eap_fast_pac));
311 if (*pac == NULL)
312 return "No memory for PAC entry";
313 (*pac)->pac_type = PAC_TYPE_TUNNEL_PAC;
314 return NULL;
315 }
316
317
318 static const char * eap_fast_parse_end(struct eap_fast_pac **pac_root,
319 struct eap_fast_pac **pac)
320 {
321 if (*pac == NULL)
322 return "END line without START";
323 if (*pac_root) {
324 struct eap_fast_pac *end = *pac_root;
325 while (end->next)
326 end = end->next;
327 end->next = *pac;
328 } else
329 *pac_root = *pac;
330
331 *pac = NULL;
332 return NULL;
333 }
334
335
336 static const char * eap_fast_parse_pac_type(struct eap_fast_pac *pac,
337 char *pos)
338 {
339 pac->pac_type = atoi(pos);
340 if (pac->pac_type != PAC_TYPE_TUNNEL_PAC &&
341 pac->pac_type != PAC_TYPE_USER_AUTHORIZATION &&
342 pac->pac_type != PAC_TYPE_MACHINE_AUTHENTICATION)
343 return "Unrecognized PAC-Type";
344
345 return NULL;
346 }
347
348
349 static const char * eap_fast_parse_pac_key(struct eap_fast_pac *pac, char *pos)
350 {
351 u8 *key;
352 size_t key_len;
353
354 key = eap_fast_parse_hex(pos, &key_len);
355 if (key == NULL || key_len != EAP_FAST_PAC_KEY_LEN) {
356 os_free(key);
357 return "Invalid PAC-Key";
358 }
359
360 os_memcpy(pac->pac_key, key, EAP_FAST_PAC_KEY_LEN);
361 os_free(key);
362
363 return NULL;
364 }
365
366
367 static const char * eap_fast_parse_pac_opaque(struct eap_fast_pac *pac,
368 char *pos)
369 {
370 os_free(pac->pac_opaque);
371 pac->pac_opaque = eap_fast_parse_hex(pos, &pac->pac_opaque_len);
372 if (pac->pac_opaque == NULL)
373 return "Invalid PAC-Opaque";
374 return NULL;
375 }
376
377
378 static const char * eap_fast_parse_a_id(struct eap_fast_pac *pac, char *pos)
379 {
380 os_free(pac->a_id);
381 pac->a_id = eap_fast_parse_hex(pos, &pac->a_id_len);
382 if (pac->a_id == NULL)
383 return "Invalid A-ID";
384 return NULL;
385 }
386
387
388 static const char * eap_fast_parse_i_id(struct eap_fast_pac *pac, char *pos)
389 {
390 os_free(pac->i_id);
391 pac->i_id = eap_fast_parse_hex(pos, &pac->i_id_len);
392 if (pac->i_id == NULL)
393 return "Invalid I-ID";
394 return NULL;
395 }
396
397
398 static const char * eap_fast_parse_a_id_info(struct eap_fast_pac *pac,
399 char *pos)
400 {
401 os_free(pac->a_id_info);
402 pac->a_id_info = eap_fast_parse_hex(pos, &pac->a_id_info_len);
403 if (pac->a_id_info == NULL)
404 return "Invalid A-ID-Info";
405 return NULL;
406 }
407
408
409 /**
410 * eap_fast_load_pac - Load PAC entries (text format)
411 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
412 * @pac_root: Pointer to root of the PAC list (to be filled)
413 * @pac_file: Name of the PAC file/blob to load
414 * Returns: 0 on success, -1 on failure
415 */
416 int eap_fast_load_pac(struct eap_sm *sm, struct eap_fast_pac **pac_root,
417 const char *pac_file)
418 {
419 struct eap_fast_read_ctx rc;
420 struct eap_fast_pac *pac = NULL;
421 int count = 0;
422 char *pos;
423 const char *err = NULL;
424
425 if (pac_file == NULL)
426 return -1;
427
428 if (eap_fast_init_pac_data(sm, pac_file, &rc) < 0)
429 return 0;
430
431 if (eap_fast_read_line(&rc, &pos) < 0 ||
432 os_strcmp(pac_file_hdr, rc.buf) != 0)
433 err = "Unrecognized header line";
434
435 while (!err && eap_fast_read_line(&rc, &pos) == 0) {
436 if (os_strcmp(rc.buf, "START") == 0)
437 err = eap_fast_parse_start(&pac);
438 else if (os_strcmp(rc.buf, "END") == 0) {
439 err = eap_fast_parse_end(pac_root, &pac);
440 count++;
441 } else if (!pac)
442 err = "Unexpected line outside START/END block";
443 else if (os_strcmp(rc.buf, "PAC-Type") == 0)
444 err = eap_fast_parse_pac_type(pac, pos);
445 else if (os_strcmp(rc.buf, "PAC-Key") == 0)
446 err = eap_fast_parse_pac_key(pac, pos);
447 else if (os_strcmp(rc.buf, "PAC-Opaque") == 0)
448 err = eap_fast_parse_pac_opaque(pac, pos);
449 else if (os_strcmp(rc.buf, "A-ID") == 0)
450 err = eap_fast_parse_a_id(pac, pos);
451 else if (os_strcmp(rc.buf, "I-ID") == 0)
452 err = eap_fast_parse_i_id(pac, pos);
453 else if (os_strcmp(rc.buf, "A-ID-Info") == 0)
454 err = eap_fast_parse_a_id_info(pac, pos);
455 }
456
457 if (pac) {
458 err = "PAC block not terminated with END";
459 eap_fast_free_pac(pac);
460 }
461
462 eap_fast_deinit_pac_data(&rc);
463
464 if (err) {
465 wpa_printf(MSG_INFO, "EAP-FAST: %s in '%s:%d'",
466 err, pac_file, rc.line);
467 return -1;
468 }
469
470 wpa_printf(MSG_DEBUG, "EAP-FAST: Read %d PAC entries from '%s'",
471 count, pac_file);
472
473 return 0;
474 }
475
476
477 static void eap_fast_write(char **buf, char **pos, size_t *buf_len,
478 const char *field, const u8 *data,
479 size_t len, int txt)
480 {
481 size_t i, need;
482 int ret;
483
484 if (data == NULL || *buf == NULL)
485 return;
486
487 need = os_strlen(field) + len * 2 + 30;
488 if (txt)
489 need += os_strlen(field) + len + 20;
490
491 if (*pos - *buf + need > *buf_len) {
492 char *nbuf = os_realloc(*buf, *buf_len + need);
493 if (nbuf == NULL) {
494 os_free(*buf);
495 *buf = NULL;
496 return;
497 }
498 *buf = nbuf;
499 *buf_len += need;
500 }
501
502 ret = os_snprintf(*pos, *buf + *buf_len - *pos, "%s=", field);
503 if (ret < 0 || ret >= *buf + *buf_len - *pos)
504 return;
505 *pos += ret;
506 *pos += wpa_snprintf_hex(*pos, *buf + *buf_len - *pos, data, len);
507 ret = os_snprintf(*pos, *buf + *buf_len - *pos, "\n");
508 if (ret < 0 || ret >= *buf + *buf_len - *pos)
509 return;
510 *pos += ret;
511
512 if (txt) {
513 ret = os_snprintf(*pos, *buf + *buf_len - *pos,
514 "%s-txt=", field);
515 if (ret < 0 || ret >= *buf + *buf_len - *pos)
516 return;
517 *pos += ret;
518 for (i = 0; i < len; i++) {
519 ret = os_snprintf(*pos, *buf + *buf_len - *pos,
520 "%c", data[i]);
521 if (ret < 0 || ret >= *buf + *buf_len - *pos)
522 return;
523 *pos += ret;
524 }
525 ret = os_snprintf(*pos, *buf + *buf_len - *pos, "\n");
526 if (ret < 0 || ret >= *buf + *buf_len - *pos)
527 return;
528 *pos += ret;
529 }
530 }
531
532
533 static int eap_fast_write_pac(struct eap_sm *sm, const char *pac_file,
534 char *buf, size_t len)
535 {
536 if (os_strncmp(pac_file, "blob://", 7) == 0) {
537 struct wpa_config_blob *blob;
538 blob = os_zalloc(sizeof(*blob));
539 if (blob == NULL)
540 return -1;
541 blob->data = (u8 *) buf;
542 blob->len = len;
543 buf = NULL;
544 blob->name = os_strdup(pac_file + 7);
545 if (blob->name == NULL) {
546 os_free(blob);
547 return -1;
548 }
549 eap_set_config_blob(sm, blob);
550 } else {
551 FILE *f;
552 f = fopen(pac_file, "wb");
553 if (f == NULL) {
554 wpa_printf(MSG_INFO, "EAP-FAST: Failed to open PAC "
555 "file '%s' for writing", pac_file);
556 return -1;
557 }
558 fwrite(buf, 1, len, f);
559 os_free(buf);
560 fclose(f);
561 }
562
563 return 0;
564 }
565
566
567 static int eap_fast_add_pac_data(struct eap_fast_pac *pac, char **buf,
568 char **pos, size_t *buf_len)
569 {
570 int ret;
571
572 ret = os_snprintf(*pos, *buf + *buf_len - *pos,
573 "START\nPAC-Type=%d\n", pac->pac_type);
574 if (ret < 0 || ret >= *buf + *buf_len - *pos)
575 return -1;
576
577 *pos += ret;
578 eap_fast_write(buf, pos, buf_len, "PAC-Key",
579 pac->pac_key, EAP_FAST_PAC_KEY_LEN, 0);
580 eap_fast_write(buf, pos, buf_len, "PAC-Opaque",
581 pac->pac_opaque, pac->pac_opaque_len, 0);
582 eap_fast_write(buf, pos, buf_len, "PAC-Info",
583 pac->pac_info, pac->pac_info_len, 0);
584 eap_fast_write(buf, pos, buf_len, "A-ID",
585 pac->a_id, pac->a_id_len, 0);
586 eap_fast_write(buf, pos, buf_len, "I-ID",
587 pac->i_id, pac->i_id_len, 1);
588 eap_fast_write(buf, pos, buf_len, "A-ID-Info",
589 pac->a_id_info, pac->a_id_info_len, 1);
590 if (*buf == NULL) {
591 wpa_printf(MSG_DEBUG, "EAP-FAST: No memory for PAC "
592 "data");
593 return -1;
594 }
595 ret = os_snprintf(*pos, *buf + *buf_len - *pos, "END\n");
596 if (ret < 0 || ret >= *buf + *buf_len - *pos)
597 return -1;
598 *pos += ret;
599
600 return 0;
601 }
602
603
604 /**
605 * eap_fast_save_pac - Save PAC entries (text format)
606 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
607 * @pac_root: Root of the PAC list
608 * @pac_file: Name of the PAC file/blob
609 * Returns: 0 on success, -1 on failure
610 */
611 int eap_fast_save_pac(struct eap_sm *sm, struct eap_fast_pac *pac_root,
612 const char *pac_file)
613 {
614 struct eap_fast_pac *pac;
615 int ret, count = 0;
616 char *buf, *pos;
617 size_t buf_len;
618
619 if (pac_file == NULL)
620 return -1;
621
622 buf_len = 1024;
623 pos = buf = os_malloc(buf_len);
624 if (buf == NULL)
625 return -1;
626
627 ret = os_snprintf(pos, buf + buf_len - pos, "%s\n", pac_file_hdr);
628 if (ret < 0 || ret >= buf + buf_len - pos) {
629 os_free(buf);
630 return -1;
631 }
632 pos += ret;
633
634 pac = pac_root;
635 while (pac) {
636 if (eap_fast_add_pac_data(pac, &buf, &pos, &buf_len)) {
637 os_free(buf);
638 return -1;
639 }
640 count++;
641 pac = pac->next;
642 }
643
644 if (eap_fast_write_pac(sm, pac_file, buf, pos - buf)) {
645 os_free(buf);
646 return -1;
647 }
648
649 wpa_printf(MSG_DEBUG, "EAP-FAST: Wrote %d PAC entries into '%s'",
650 count, pac_file);
651
652 return 0;
653 }
654
655
656 /**
657 * eap_fast_pac_list_truncate - Truncate a PAC list to the given length
658 * @pac_root: Root of the PAC list
659 * @max_len: Maximum length of the list (>= 1)
660 * Returns: Number of PAC entries removed
661 */
662 size_t eap_fast_pac_list_truncate(struct eap_fast_pac *pac_root,
663 size_t max_len)
664 {
665 struct eap_fast_pac *pac, *prev;
666 size_t count;
667
668 pac = pac_root;
669 prev = NULL;
670 count = 0;
671
672 while (pac) {
673 count++;
674 if (count > max_len)
675 break;
676 prev = pac;
677 pac = pac->next;
678 }
679
680 if (count <= max_len || prev == NULL)
681 return 0;
682
683 count = 0;
684 prev->next = NULL;
685
686 while (pac) {
687 prev = pac;
688 pac = pac->next;
689 eap_fast_free_pac(prev);
690 count++;
691 }
692
693 return count;
694 }
695
696
697 static void eap_fast_pac_get_a_id(struct eap_fast_pac *pac)
698 {
699 u8 *pos, *end;
700 u16 type, len;
701
702 pos = pac->pac_info;
703 end = pos + pac->pac_info_len;
704
705 while (pos + 4 < end) {
706 type = WPA_GET_BE16(pos);
707 pos += 2;
708 len = WPA_GET_BE16(pos);
709 pos += 2;
710 if (pos + len > end)
711 break;
712
713 if (type == PAC_TYPE_A_ID) {
714 os_free(pac->a_id);
715 pac->a_id = os_malloc(len);
716 if (pac->a_id == NULL)
717 break;
718 os_memcpy(pac->a_id, pos, len);
719 pac->a_id_len = len;
720 }
721
722 if (type == PAC_TYPE_A_ID_INFO) {
723 os_free(pac->a_id_info);
724 pac->a_id_info = os_malloc(len);
725 if (pac->a_id_info == NULL)
726 break;
727 os_memcpy(pac->a_id_info, pos, len);
728 pac->a_id_info_len = len;
729 }
730
731 pos += len;
732 }
733 }
734
735
736 /**
737 * eap_fast_load_pac_bin - Load PAC entries (binary format)
738 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
739 * @pac_root: Pointer to root of the PAC list (to be filled)
740 * @pac_file: Name of the PAC file/blob to load
741 * Returns: 0 on success, -1 on failure
742 */
743 int eap_fast_load_pac_bin(struct eap_sm *sm, struct eap_fast_pac **pac_root,
744 const char *pac_file)
745 {
746 const struct wpa_config_blob *blob = NULL;
747 u8 *buf, *end, *pos;
748 size_t len, count = 0;
749 struct eap_fast_pac *pac, *prev;
750
751 *pac_root = NULL;
752
753 if (pac_file == NULL)
754 return -1;
755
756 if (os_strncmp(pac_file, "blob://", 7) == 0) {
757 blob = eap_get_config_blob(sm, pac_file + 7);
758 if (blob == NULL) {
759 wpa_printf(MSG_INFO, "EAP-FAST: No PAC blob '%s' - "
760 "assume no PAC entries have been "
761 "provisioned", pac_file + 7);
762 return 0;
763 }
764 buf = blob->data;
765 len = blob->len;
766 } else {
767 buf = (u8 *) os_readfile(pac_file, &len);
768 if (buf == NULL) {
769 wpa_printf(MSG_INFO, "EAP-FAST: No PAC file '%s' - "
770 "assume no PAC entries have been "
771 "provisioned", pac_file);
772 return 0;
773 }
774 }
775
776 if (len == 0) {
777 if (blob == NULL)
778 os_free(buf);
779 return 0;
780 }
781
782 if (len < 6 || WPA_GET_BE32(buf) != EAP_FAST_PAC_BINARY_MAGIC ||
783 WPA_GET_BE16(buf + 4) != EAP_FAST_PAC_BINARY_FORMAT_VERSION) {
784 wpa_printf(MSG_INFO, "EAP-FAST: Invalid PAC file '%s' (bin)",
785 pac_file);
786 if (blob == NULL)
787 os_free(buf);
788 return -1;
789 }
790
791 pac = prev = NULL;
792 pos = buf + 6;
793 end = buf + len;
794 while (pos < end) {
795 if (end - pos < 2 + 32 + 2 + 2)
796 goto parse_fail;
797
798 pac = os_zalloc(sizeof(*pac));
799 if (pac == NULL)
800 goto parse_fail;
801
802 pac->pac_type = WPA_GET_BE16(pos);
803 pos += 2;
804 os_memcpy(pac->pac_key, pos, EAP_FAST_PAC_KEY_LEN);
805 pos += EAP_FAST_PAC_KEY_LEN;
806 pac->pac_opaque_len = WPA_GET_BE16(pos);
807 pos += 2;
808 if (pos + pac->pac_opaque_len + 2 > end)
809 goto parse_fail;
810 pac->pac_opaque = os_malloc(pac->pac_opaque_len);
811 if (pac->pac_opaque == NULL)
812 goto parse_fail;
813 os_memcpy(pac->pac_opaque, pos, pac->pac_opaque_len);
814 pos += pac->pac_opaque_len;
815 pac->pac_info_len = WPA_GET_BE16(pos);
816 pos += 2;
817 if (pos + pac->pac_info_len > end)
818 goto parse_fail;
819 pac->pac_info = os_malloc(pac->pac_info_len);
820 if (pac->pac_info == NULL)
821 goto parse_fail;
822 os_memcpy(pac->pac_info, pos, pac->pac_info_len);
823 pos += pac->pac_info_len;
824 eap_fast_pac_get_a_id(pac);
825
826 count++;
827 if (prev)
828 prev->next = pac;
829 else
830 *pac_root = pac;
831 prev = pac;
832 }
833
834 if (blob == NULL)
835 os_free(buf);
836
837 wpa_printf(MSG_DEBUG, "EAP-FAST: Read %d PAC entries from '%s' (bin)",
838 count, pac_file);
839
840 return 0;
841
842 parse_fail:
843 wpa_printf(MSG_INFO, "EAP-FAST: Failed to parse PAC file '%s' (bin)",
844 pac_file);
845 if (blob == NULL)
846 os_free(buf);
847 if (pac)
848 eap_fast_free_pac(pac);
849 return -1;
850 }
851
852
853 /**
854 * eap_fast_save_pac_bin - Save PAC entries (binary format)
855 * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init()
856 * @pac_root: Root of the PAC list
857 * @pac_file: Name of the PAC file/blob
858 * Returns: 0 on success, -1 on failure
859 */
860 int eap_fast_save_pac_bin(struct eap_sm *sm, struct eap_fast_pac *pac_root,
861 const char *pac_file)
862 {
863 size_t len, count = 0;
864 struct eap_fast_pac *pac;
865 u8 *buf, *pos;
866
867 len = 6;
868 pac = pac_root;
869 while (pac) {
870 if (pac->pac_opaque_len > 65535 ||
871 pac->pac_info_len > 65535)
872 return -1;
873 len += 2 + EAP_FAST_PAC_KEY_LEN + 2 + pac->pac_opaque_len +
874 2 + pac->pac_info_len;
875 pac = pac->next;
876 }
877
878 buf = os_malloc(len);
879 if (buf == NULL)
880 return -1;
881
882 pos = buf;
883 WPA_PUT_BE32(pos, EAP_FAST_PAC_BINARY_MAGIC);
884 pos += 4;
885 WPA_PUT_BE16(pos, EAP_FAST_PAC_BINARY_FORMAT_VERSION);
886 pos += 2;
887
888 pac = pac_root;
889 while (pac) {
890 WPA_PUT_BE16(pos, pac->pac_type);
891 pos += 2;
892 os_memcpy(pos, pac->pac_key, EAP_FAST_PAC_KEY_LEN);
893 pos += EAP_FAST_PAC_KEY_LEN;
894 WPA_PUT_BE16(pos, pac->pac_opaque_len);
895 pos += 2;
896 os_memcpy(pos, pac->pac_opaque, pac->pac_opaque_len);
897 pos += pac->pac_opaque_len;
898 WPA_PUT_BE16(pos, pac->pac_info_len);
899 pos += 2;
900 os_memcpy(pos, pac->pac_info, pac->pac_info_len);
901 pos += pac->pac_info_len;
902
903 pac = pac->next;
904 count++;
905 }
906
907 if (eap_fast_write_pac(sm, pac_file, (char *) buf, len)) {
908 os_free(buf);
909 return -1;
910 }
911
912 wpa_printf(MSG_DEBUG, "EAP-FAST: Wrote %d PAC entries into '%s' (bin)",
913 count, pac_file);
914
915 return 0;
916 }
NetBSD on the FriendlyARM MINI2440