1 /*
2 * EAP peer method: EAP-GTC (RFC 3748)
3 * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10
11 #include "common.h"
12 #include "eap_i.h"
13
14
15 struct eap_gtc_data {
16 int prefix;
17 };
18
19
eap_gtc_init(struct eap_sm * sm)20 static void * eap_gtc_init(struct eap_sm *sm)
21 {
22 struct eap_gtc_data *data;
23 data = os_zalloc(sizeof(*data));
24 if (data == NULL)
25 return NULL;
26
27 if (sm->m && sm->m->vendor == EAP_VENDOR_IETF &&
28 sm->m->method == EAP_TYPE_FAST) {
29 wpa_printf(MSG_DEBUG, "EAP-GTC: EAP-FAST tunnel - use prefix "
30 "with challenge/response");
31 data->prefix = 1;
32 }
33 return data;
34 }
35
36
eap_gtc_deinit(struct eap_sm * sm,void * priv)37 static void eap_gtc_deinit(struct eap_sm *sm, void *priv)
38 {
39 struct eap_gtc_data *data = priv;
40 os_free(data);
41 }
42
43
eap_gtc_process(struct eap_sm * sm,void * priv,struct eap_method_ret * ret,const struct wpabuf * reqData)44 static struct wpabuf * eap_gtc_process(struct eap_sm *sm, void *priv,
45 struct eap_method_ret *ret,
46 const struct wpabuf *reqData)
47 {
48 struct eap_gtc_data *data = priv;
49 struct wpabuf *resp;
50 const u8 *pos, *password, *identity;
51 size_t password_len, identity_len, len, plen;
52 int otp;
53 u8 id;
54
55 pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GTC, reqData, &len);
56 if (pos == NULL) {
57 ret->ignore = true;
58 return NULL;
59 }
60 id = eap_get_id(reqData);
61
62 wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-GTC: Request message", pos, len);
63 if (data->prefix &&
64 (len < 10 || os_memcmp(pos, "CHALLENGE=", 10) != 0)) {
65 wpa_printf(MSG_DEBUG, "EAP-GTC: Challenge did not start with "
66 "expected prefix");
67
68 /* Send an empty response in order to allow tunneled
69 * acknowledgement of the failure. This will also cover the
70 * error case which seems to use EAP-MSCHAPv2 like error
71 * reporting with EAP-GTC inside EAP-FAST tunnel. */
72 resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GTC,
73 0, EAP_CODE_RESPONSE, id);
74 return resp;
75 }
76
77 password = eap_get_config_otp(sm, &password_len);
78 if (password)
79 otp = 1;
80 else {
81 password = eap_get_config_password(sm, &password_len);
82 otp = 0;
83 }
84
85 if (password == NULL) {
86 wpa_printf(MSG_INFO, "EAP-GTC: Password not configured");
87 eap_sm_request_otp(sm, (const char *) pos, len);
88 ret->ignore = true;
89 return NULL;
90 }
91
92 ret->ignore = false;
93
94 ret->methodState = data->prefix ? METHOD_MAY_CONT : METHOD_DONE;
95 ret->decision = DECISION_COND_SUCC;
96 ret->allowNotifications = false;
97
98 plen = password_len;
99 identity = eap_get_config_identity(sm, &identity_len);
100 if (identity == NULL)
101 return NULL;
102 if (data->prefix)
103 plen += 9 + identity_len + 1;
104 resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GTC, plen,
105 EAP_CODE_RESPONSE, id);
106 if (resp == NULL)
107 return NULL;
108 if (data->prefix) {
109 wpabuf_put_data(resp, "RESPONSE=", 9);
110 wpabuf_put_data(resp, identity, identity_len);
111 wpabuf_put_u8(resp, '\0');
112 }
113 wpabuf_put_data(resp, password, password_len);
114 wpa_hexdump_ascii_key(MSG_MSGDUMP, "EAP-GTC: Response",
115 wpabuf_head_u8(resp) + sizeof(struct eap_hdr) +
116 1, plen);
117
118 if (otp) {
119 wpa_printf(MSG_DEBUG, "EAP-GTC: Forgetting used password");
120 eap_clear_config_otp(sm);
121 }
122
123 return resp;
124 }
125
126
eap_peer_gtc_register(void)127 int eap_peer_gtc_register(void)
128 {
129 struct eap_method *eap;
130
131 eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
132 EAP_VENDOR_IETF, EAP_TYPE_GTC, "GTC");
133 if (eap == NULL)
134 return -1;
135
136 eap->init = eap_gtc_init;
137 eap->deinit = eap_gtc_deinit;
138 eap->process = eap_gtc_process;
139
140 return eap_peer_method_register(eap);
141 }
142