2
* EAP peer method: EAP-TNC (Trusted Network Connect)
3
* Copyright (c) 2007, Jouni Malinen <j@w1.fi>
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License version 2 as
7
* published by the Free Software Foundation.
9
* Alternatively, this software may be distributed under the terms of BSD
12
* See README and COPYING for more details.
25
struct tncc_data *tncc;
30
#define EAP_TNC_FLAGS_LENGTH_INCLUDED 0x80
31
#define EAP_TNC_FLAGS_MORE_FRAGMENTS 0x40
32
#define EAP_TNC_FLAGS_START 0x20
33
#define EAP_TNC_VERSION_MASK 0x07
35
#define EAP_TNC_VERSION 1
38
static void * eap_tnc_init(struct eap_sm *sm)
40
struct eap_tnc_data *data;
42
data = os_zalloc(sizeof(*data));
45
data->state = METHOD_INIT;
46
data->tncc = tncc_init();
47
if (data->tncc == NULL) {
56
static void eap_tnc_deinit(struct eap_sm *sm, void *priv)
58
struct eap_tnc_data *data = priv;
60
tncc_deinit(data->tncc);
65
static struct wpabuf * eap_tnc_process(struct eap_sm *sm, void *priv,
66
struct eap_method_ret *ret,
67
const struct wpabuf *reqData)
69
struct eap_tnc_data *data = priv;
72
u8 *rpos, *rpos1, *start;
75
char *start_buf, *end_buf;
76
size_t start_len, end_len;
79
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_TNC, reqData, &len);
80
if (pos == NULL || len == 0) {
81
wpa_printf(MSG_INFO, "EAP-TNC: Invalid frame (pos=%p len=%lu)",
82
pos, (unsigned long) len);
87
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-TNC: Received payload", pos, len);
89
if ((*pos & EAP_TNC_VERSION_MASK) != EAP_TNC_VERSION) {
90
wpa_printf(MSG_DEBUG, "EAP-TNC: Unsupported version %d",
91
*pos & EAP_TNC_VERSION_MASK);
96
if (data->state == METHOD_INIT) {
97
if (!(*pos & EAP_TNC_FLAGS_START)) {
98
wpa_printf(MSG_DEBUG, "EAP-TNC: Server did not use "
99
"start flag in the first message");
104
tncc_init_connection(data->tncc);
106
data->state = METHOD_MAY_CONT;
108
enum tncc_process_res res;
110
if (*pos & EAP_TNC_FLAGS_START) {
111
wpa_printf(MSG_DEBUG, "EAP-TNC: Server used start "
117
res = tncc_process_if_tnccs(data->tncc, pos + 1, len - 1);
119
case TNCCS_PROCESS_ERROR:
122
case TNCCS_PROCESS_OK_NO_RECOMMENDATION:
123
case TNCCS_RECOMMENDATION_ERROR:
124
wpa_printf(MSG_DEBUG, "EAP-TNC: No "
125
"TNCCS-Recommendation received");
127
case TNCCS_RECOMMENDATION_ALLOW:
128
wpa_msg(sm->msg_ctx, MSG_INFO,
129
"TNC: Recommendation = allow");
132
case TNCCS_RECOMMENDATION_NONE:
133
wpa_msg(sm->msg_ctx, MSG_INFO,
134
"TNC: Recommendation = none");
137
case TNCCS_RECOMMENDATION_ISOLATE:
138
wpa_msg(sm->msg_ctx, MSG_INFO,
139
"TNC: Recommendation = isolate");
146
ret->methodState = data->state;
147
ret->decision = DECISION_UNCOND_SUCC;
148
ret->allowNotifications = TRUE;
151
resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TNC, 1,
152
EAP_CODE_RESPONSE, eap_get_id(reqData));
156
wpabuf_put_u8(resp, EAP_TNC_VERSION);
157
wpa_printf(MSG_DEBUG, "EAP-TNC: TNCS done - reply with an "
158
"empty ACK message");
162
imc_len = tncc_total_send_len(data->tncc);
164
start_buf = tncc_if_tnccs_start(data->tncc);
165
if (start_buf == NULL)
167
start_len = os_strlen(start_buf);
168
end_buf = tncc_if_tnccs_end();
169
if (end_buf == NULL) {
173
end_len = os_strlen(end_buf);
175
rlen = 1 + start_len + imc_len + end_len;
176
resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TNC, rlen,
177
EAP_CODE_RESPONSE, eap_get_id(reqData));
184
start = wpabuf_put(resp, 0);
185
wpabuf_put_u8(resp, EAP_TNC_VERSION);
186
wpabuf_put_data(resp, start_buf, start_len);
189
rpos1 = wpabuf_put(resp, 0);
190
rpos = tncc_copy_send_buf(data->tncc, rpos1);
191
wpabuf_put(resp, rpos - rpos1);
193
wpabuf_put_data(resp, end_buf, end_len);
196
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-TNC: Response", start, rlen);
202
int eap_peer_tnc_register(void)
204
struct eap_method *eap;
207
eap = eap_peer_method_alloc(EAP_PEER_METHOD_INTERFACE_VERSION,
208
EAP_VENDOR_IETF, EAP_TYPE_TNC, "TNC");
212
eap->init = eap_tnc_init;
213
eap->deinit = eap_tnc_deinit;
214
eap->process = eap_tnc_process;
216
ret = eap_peer_method_register(eap);
218
eap_peer_method_free(eap);