1 /* 2 * EAP peer method: EAP-GTC (RFC 3748) 3 * Copyright (c) 2004-2006, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "eap_i.h" 13 14 15 struct eap_gtc_data { 16 int prefix; 17 }; 18 19 20 static void * eap_gtc_init(struct eap_sm *sm) 21 { 22 struct eap_gtc_data *data; 23 data = os_zalloc(sizeof(*data)); 24 if (data == NULL) 25 return NULL; 26 27 if (sm->m && sm->m->vendor == EAP_VENDOR_IETF && 28 sm->m->method == EAP_TYPE_FAST) { 29 wpa_printf(MSG_DEBUG, "EAP-GTC: EAP-FAST tunnel - use prefix " 30 "with challenge/response"); 31 data->prefix = 1; 32 } 33 return data; 34 } 35 36 37 static void eap_gtc_deinit(struct eap_sm *sm, void *priv) 38 { 39 struct eap_gtc_data *data = priv; 40 os_free(data); 41 } 42 43 44 static struct wpabuf * eap_gtc_process(struct eap_sm *sm, void *priv, 45 struct eap_method_ret *ret, 46 const struct wpabuf *reqData) 47 { 48 struct eap_gtc_data *data = priv; 49 struct wpabuf *resp; 50 const u8 *pos, *password, *identity; 51 size_t password_len, identity_len, len, plen; 52 int otp; 53 u8 id; 54 55 pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GTC, reqData, &len); 56 if (pos == NULL) { 57 ret->ignore = TRUE; 58 return NULL; 59 } 60 id = eap_get_id(reqData); 61 62 wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-GTC: Request message", pos, len); 63 if (data->prefix && 64 (len < 10 || os_memcmp(pos, "CHALLENGE=", 10) != 0)) { 65 wpa_printf(MSG_DEBUG, "EAP-GTC: Challenge did not start with " 66 "expected prefix"); 67 68 /* Send an empty response in order to allow tunneled 69 * acknowledgement of the failure. This will also cover the 70 * error case which seems to use EAP-MSCHAPv2 like error 71 * reporting with EAP-GTC inside EAP-FAST tunnel. */ 72 resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GTC, 73 0, EAP_CODE_RESPONSE, id); 74 return resp; 75 } 76 77 password = eap_get_config_otp(sm, &password_len); 78 if (password) 79 otp = 1; 80 else { 81 password = eap_get_config_password(sm, &password_len); 82 otp = 0; 83 } 84 85 if (password == NULL) { 86 wpa_printf(MSG_INFO, "EAP-GTC: Password not configured"); 87 eap_sm_request_otp(sm, (const char *) pos, len); 88 ret->ignore = TRUE; 89 return NULL; 90 } 91 92 ret->ignore = FALSE; 93 94 ret->methodState = data->prefix ? METHOD_MAY_CONT : METHOD_DONE; 95 ret->decision = DECISION_COND_SUCC; 96 ret->allowNotifications = FALSE; 97 98 plen = password_len; 99 identity = eap_get_config_identity(sm, &identity_len); 100 if (identity == NULL) 101 return NULL; 102 if (data->prefix) 103 plen += 9 + identity_len + 1; 104 resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GTC, plen, 105 EAP_CODE_RESPONSE, id); 106 if (resp == NULL) 107 return NULL; 108 if (data->prefix) { 109 wpabuf_put_data(resp, "RESPONSE=", 9); 110 wpabuf_put_data(resp, identity, identity_len); 111 wpabuf_put_u8(resp, '\0'); 112 } 113 wpabuf_put_data(resp, password, password_len); 114 wpa_hexdump_ascii_key(MSG_MSGDUMP, "EAP-GTC: Response", 115 wpabuf_head_u8(resp) + sizeof(struct eap_hdr) + 116 1, plen); 117 118 if (otp) { 119 wpa_printf(MSG_DEBUG, "EAP-GTC: Forgetting used password"); 120 eap_clear_config_otp(sm); 121 } 122 123 return resp; 124 } 125 126 127 int eap_peer_gtc_register(void) 128 { 129 struct eap_method *eap; 130 131 eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION, 132 EAP_VENDOR_IETF, EAP_TYPE_GTC, "GTC"); 133 if (eap == NULL) 134 return -1; 135 136 eap->init = eap_gtc_init; 137 eap->deinit = eap_gtc_deinit; 138 eap->process = eap_gtc_process; 139 140 return eap_peer_method_register(eap); 141 } 142
