1 /* 2 * EAP peer method: EAP-GTC (RFC 3748) 3 * Copyright (c) 2004-2006, Jouni Malinen <j (at) w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15 #include "includes.h" 16 17 #include "common.h" 18 #include "eap_i.h" 19 20 21 struct eap_gtc_data { 22 int prefix; 23 }; 24 25 26 static void * eap_gtc_init(struct eap_sm *sm) 27 { 28 struct eap_gtc_data *data; 29 data = os_zalloc(sizeof(*data)); 30 if (data == NULL) 31 return NULL; 32 33 if (sm->m && sm->m->vendor == EAP_VENDOR_IETF && 34 sm->m->method == EAP_TYPE_FAST) { 35 wpa_printf(MSG_DEBUG, "EAP-GTC: EAP-FAST tunnel - use prefix " 36 "with challenge/response"); 37 data->prefix = 1; 38 } 39 return data; 40 } 41 42 43 static void eap_gtc_deinit(struct eap_sm *sm, void *priv) 44 { 45 struct eap_gtc_data *data = priv; 46 os_free(data); 47 } 48 49 50 static struct wpabuf * eap_gtc_process(struct eap_sm *sm, void *priv, 51 struct eap_method_ret *ret, 52 const struct wpabuf *reqData) 53 { 54 struct eap_gtc_data *data = priv; 55 struct wpabuf *resp; 56 const u8 *pos, *password, *identity; 57 size_t password_len, identity_len, len, plen; 58 int otp; 59 u8 id; 60 61 pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GTC, reqData, &len); 62 if (pos == NULL) { 63 ret->ignore = TRUE; 64 return NULL; 65 } 66 id = eap_get_id(reqData); 67 68 wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-GTC: Request message", pos, len); 69 if (data->prefix && 70 (len < 10 || os_memcmp(pos, "CHALLENGE=", 10) != 0)) { 71 wpa_printf(MSG_DEBUG, "EAP-GTC: Challenge did not start with " 72 "expected prefix"); 73 74 /* Send an empty response in order to allow tunneled 75 * acknowledgement of the failure. This will also cover the 76 * error case which seems to use EAP-MSCHAPv2 like error 77 * reporting with EAP-GTC inside EAP-FAST tunnel. */ 78 resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GTC, 79 0, EAP_CODE_RESPONSE, id); 80 return resp; 81 } 82 83 password = eap_get_config_otp(sm, &password_len); 84 if (password) 85 otp = 1; 86 else { 87 password = eap_get_config_password(sm, &password_len); 88 otp = 0; 89 } 90 91 if (password == NULL) { 92 wpa_printf(MSG_INFO, "EAP-GTC: Password not configured"); 93 eap_sm_request_otp(sm, (const char *) pos, len); 94 ret->ignore = TRUE; 95 return NULL; 96 } 97 98 ret->ignore = FALSE; 99 100 ret->methodState = data->prefix ? METHOD_MAY_CONT : METHOD_DONE; 101 ret->decision = DECISION_COND_SUCC; 102 ret->allowNotifications = FALSE; 103 104 plen = password_len; 105 identity = eap_get_config_identity(sm, &identity_len); 106 if (identity == NULL) 107 return NULL; 108 if (data->prefix) 109 plen += 9 + identity_len + 1; 110 resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GTC, plen, 111 EAP_CODE_RESPONSE, id); 112 if (resp == NULL) 113 return NULL; 114 if (data->prefix) { 115 wpabuf_put_data(resp, "RESPONSE=", 9); 116 wpabuf_put_data(resp, identity, identity_len); 117 wpabuf_put_u8(resp, '\0'); 118 } 119 wpabuf_put_data(resp, password, password_len); 120 wpa_hexdump_ascii_key(MSG_MSGDUMP, "EAP-GTC: Response", 121 wpabuf_head_u8(resp) + sizeof(struct eap_hdr) + 122 1, plen); 123 124 if (otp) { 125 wpa_printf(MSG_DEBUG, "EAP-GTC: Forgetting used password"); 126 eap_clear_config_otp(sm); 127 } 128 129 return resp; 130 } 131 132 133 int eap_peer_gtc_register(void) 134 { 135 struct eap_method *eap; 136 int ret; 137 138 eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION, 139 EAP_VENDOR_IETF, EAP_TYPE_GTC, "GTC"); 140 if (eap == NULL) 141 return -1; 142 143 eap->init = eap_gtc_init; 144 eap->deinit = eap_gtc_deinit; 145 eap->process = eap_gtc_process; 146 147 ret = eap_peer_method_register(eap); 148 if (ret) 149 eap_peer_method_free(eap); 150 return ret; 151 } 152
