2
* hostapd / EAP-GTC (RFC 3748)
3
* Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License version 2 as
7
* published by the Free Software Foundation.
9
* Alternatively, this software may be distributed under the terms of BSD
12
* See README and COPYING for more details.
22
enum { CONTINUE, SUCCESS, FAILURE } state;
27
static void * eap_gtc_init(struct eap_sm *sm)
29
struct eap_gtc_data *data;
31
data = os_zalloc(sizeof(*data));
34
data->state = CONTINUE;
36
#ifdef EAP_SERVER_FAST
37
if (sm->m && sm->m->vendor == EAP_VENDOR_IETF &&
38
sm->m->method == EAP_TYPE_FAST) {
39
wpa_printf(MSG_DEBUG, "EAP-GTC: EAP-FAST tunnel - use prefix "
40
"with challenge/response");
43
#endif /* EAP_SERVER_FAST */
49
static void eap_gtc_reset(struct eap_sm *sm, void *priv)
51
struct eap_gtc_data *data = priv;
56
static struct wpabuf * eap_gtc_buildReq(struct eap_sm *sm, void *priv, u8 id)
58
struct eap_gtc_data *data = priv;
63
msg = data->prefix ? "CHALLENGE=Password" : "Password";
65
msg_len = os_strlen(msg);
66
req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GTC, msg_len,
67
EAP_CODE_REQUEST, id);
69
wpa_printf(MSG_ERROR, "EAP-GTC: Failed to allocate memory for "
71
data->state = FAILURE;
75
wpabuf_put_data(req, msg, msg_len);
77
data->state = CONTINUE;
83
static Boolean eap_gtc_check(struct eap_sm *sm, void *priv,
84
struct wpabuf *respData)
89
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GTC, respData, &len);
90
if (pos == NULL || len < 1) {
91
wpa_printf(MSG_INFO, "EAP-GTC: Invalid frame");
99
static void eap_gtc_process(struct eap_sm *sm, void *priv,
100
struct wpabuf *respData)
102
struct eap_gtc_data *data = priv;
106
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GTC, respData, &rlen);
107
if (pos == NULL || rlen < 1)
108
return; /* Should not happen - frame already validated */
110
wpa_hexdump_ascii_key(MSG_MSGDUMP, "EAP-GTC: Response", pos, rlen);
112
#ifdef EAP_SERVER_FAST
114
const u8 *pos2, *end;
115
/* "RESPONSE=<user>\0<password>" */
117
wpa_printf(MSG_DEBUG, "EAP-GTC: Too short response "
118
"for EAP-FAST prefix");
119
data->state = FAILURE;
126
while (pos2 < end && *pos2)
129
wpa_printf(MSG_DEBUG, "EAP-GTC: No password in "
130
"response to EAP-FAST prefix");
131
data->state = FAILURE;
135
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-GTC: Response user",
137
if (sm->identity && sm->require_identity_match &&
138
(pos2 - pos != (int) sm->identity_len ||
139
os_memcmp(pos, sm->identity, sm->identity_len))) {
140
wpa_printf(MSG_DEBUG, "EAP-GTC: Phase 2 Identity did "
141
"not match with required Identity");
142
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-GTC: Expected "
144
sm->identity, sm->identity_len);
145
data->state = FAILURE;
148
os_free(sm->identity);
149
sm->identity_len = pos2 - pos;
150
sm->identity = os_malloc(sm->identity_len);
151
if (sm->identity == NULL) {
152
data->state = FAILURE;
155
os_memcpy(sm->identity, pos, sm->identity_len);
158
if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
159
wpa_hexdump_ascii(MSG_DEBUG, "EAP-GTC: Phase2 "
160
"Identity not found in the user "
162
sm->identity, sm->identity_len);
163
data->state = FAILURE;
169
wpa_hexdump_ascii_key(MSG_MSGDUMP,
170
"EAP-GTC: Response password",
173
#endif /* EAP_SERVER_FAST */
175
if (sm->user == NULL || sm->user->password == NULL ||
176
sm->user->password_hash) {
177
wpa_printf(MSG_INFO, "EAP-GTC: Plaintext password not "
179
data->state = FAILURE;
183
if (rlen != sm->user->password_len ||
184
os_memcmp(pos, sm->user->password, rlen) != 0) {
185
wpa_printf(MSG_DEBUG, "EAP-GTC: Done - Failure");
186
data->state = FAILURE;
188
wpa_printf(MSG_DEBUG, "EAP-GTC: Done - Success");
189
data->state = SUCCESS;
194
static Boolean eap_gtc_isDone(struct eap_sm *sm, void *priv)
196
struct eap_gtc_data *data = priv;
197
return data->state != CONTINUE;
201
static Boolean eap_gtc_isSuccess(struct eap_sm *sm, void *priv)
203
struct eap_gtc_data *data = priv;
204
return data->state == SUCCESS;
208
int eap_server_gtc_register(void)
210
struct eap_method *eap;
213
eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
214
EAP_VENDOR_IETF, EAP_TYPE_GTC, "GTC");
218
eap->init = eap_gtc_init;
219
eap->reset = eap_gtc_reset;
220
eap->buildReq = eap_gtc_buildReq;
221
eap->check = eap_gtc_check;
222
eap->process = eap_gtc_process;
223
eap->isDone = eap_gtc_isDone;
224
eap->isSuccess = eap_gtc_isSuccess;
226
ret = eap_server_method_register(eap);
228
eap_server_method_free(eap);