Line data Source code
1 : /*
2 : * EAP peer method: EAP-GTC (RFC 3748)
3 : * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
4 : *
5 : * This software may be distributed under the terms of the BSD license.
6 : * See README for more details.
7 : */
8 :
9 : #include "includes.h"
10 :
11 : #include "common.h"
12 : #include "eap_i.h"
13 :
14 :
15 : struct eap_gtc_data {
16 : int prefix;
17 : };
18 :
19 :
20 13 : static void * eap_gtc_init(struct eap_sm *sm)
21 : {
22 : struct eap_gtc_data *data;
23 13 : data = os_zalloc(sizeof(*data));
24 13 : if (data == NULL)
25 0 : return NULL;
26 :
27 26 : if (sm->m && sm->m->vendor == EAP_VENDOR_IETF &&
28 13 : sm->m->method == EAP_TYPE_FAST) {
29 7 : wpa_printf(MSG_DEBUG, "EAP-GTC: EAP-FAST tunnel - use prefix "
30 : "with challenge/response");
31 7 : data->prefix = 1;
32 : }
33 13 : return data;
34 : }
35 :
36 :
37 13 : static void eap_gtc_deinit(struct eap_sm *sm, void *priv)
38 : {
39 13 : struct eap_gtc_data *data = priv;
40 13 : os_free(data);
41 13 : }
42 :
43 :
44 15 : static struct wpabuf * eap_gtc_process(struct eap_sm *sm, void *priv,
45 : struct eap_method_ret *ret,
46 : const struct wpabuf *reqData)
47 : {
48 15 : struct eap_gtc_data *data = priv;
49 : struct wpabuf *resp;
50 : const u8 *pos, *password, *identity;
51 : size_t password_len, identity_len, len, plen;
52 : int otp;
53 : u8 id;
54 :
55 15 : pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GTC, reqData, &len);
56 15 : if (pos == NULL) {
57 0 : ret->ignore = TRUE;
58 0 : return NULL;
59 : }
60 15 : id = eap_get_id(reqData);
61 :
62 15 : wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-GTC: Request message", pos, len);
63 22 : if (data->prefix &&
64 14 : (len < 10 || os_memcmp(pos, "CHALLENGE=", 10) != 0)) {
65 0 : wpa_printf(MSG_DEBUG, "EAP-GTC: Challenge did not start with "
66 : "expected prefix");
67 :
68 : /* Send an empty response in order to allow tunneled
69 : * acknowledgement of the failure. This will also cover the
70 : * error case which seems to use EAP-MSCHAPv2 like error
71 : * reporting with EAP-GTC inside EAP-FAST tunnel. */
72 0 : resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GTC,
73 : 0, EAP_CODE_RESPONSE, id);
74 0 : return resp;
75 : }
76 :
77 15 : password = eap_get_config_otp(sm, &password_len);
78 15 : if (password)
79 1 : otp = 1;
80 : else {
81 14 : password = eap_get_config_password(sm, &password_len);
82 14 : otp = 0;
83 : }
84 :
85 15 : if (password == NULL) {
86 1 : wpa_printf(MSG_INFO, "EAP-GTC: Password not configured");
87 1 : eap_sm_request_otp(sm, (const char *) pos, len);
88 1 : ret->ignore = TRUE;
89 1 : return NULL;
90 : }
91 :
92 14 : ret->ignore = FALSE;
93 :
94 14 : ret->methodState = data->prefix ? METHOD_MAY_CONT : METHOD_DONE;
95 14 : ret->decision = DECISION_COND_SUCC;
96 14 : ret->allowNotifications = FALSE;
97 :
98 14 : plen = password_len;
99 14 : identity = eap_get_config_identity(sm, &identity_len);
100 14 : if (identity == NULL)
101 0 : return NULL;
102 14 : if (data->prefix)
103 7 : plen += 9 + identity_len + 1;
104 14 : resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GTC, plen,
105 : EAP_CODE_RESPONSE, id);
106 14 : if (resp == NULL)
107 0 : return NULL;
108 14 : if (data->prefix) {
109 7 : wpabuf_put_data(resp, "RESPONSE=", 9);
110 7 : wpabuf_put_data(resp, identity, identity_len);
111 7 : wpabuf_put_u8(resp, '\0');
112 : }
113 14 : wpabuf_put_data(resp, password, password_len);
114 14 : wpa_hexdump_ascii_key(MSG_MSGDUMP, "EAP-GTC: Response",
115 14 : wpabuf_head_u8(resp) + sizeof(struct eap_hdr) +
116 : 1, plen);
117 :
118 14 : if (otp) {
119 1 : wpa_printf(MSG_DEBUG, "EAP-GTC: Forgetting used password");
120 1 : eap_clear_config_otp(sm);
121 : }
122 :
123 14 : return resp;
124 : }
125 :
126 :
127 49 : int eap_peer_gtc_register(void)
128 : {
129 : struct eap_method *eap;
130 : int ret;
131 :
132 49 : eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
133 : EAP_VENDOR_IETF, EAP_TYPE_GTC, "GTC");
134 49 : if (eap == NULL)
135 0 : return -1;
136 :
137 49 : eap->init = eap_gtc_init;
138 49 : eap->deinit = eap_gtc_deinit;
139 49 : eap->process = eap_gtc_process;
140 :
141 49 : ret = eap_peer_method_register(eap);
142 49 : if (ret)
143 0 : eap_peer_method_free(eap);
144 49 : return ret;
145 : }
|
