1 /* Copyright (C) 2011 NORDUnet A/S
2 * See LICENSE for information about licensing.
5 #include "radsecproxy.h"
8 #include "fticks_hashmac.h"
11 fticks_configure(struct options *options,
17 const char *reporting = (const char *) *reportingp;
18 const char *mac = (const char *) *macp;
20 if (reporting == NULL)
22 if (strcasecmp(reporting, "None") == 0)
23 options->fticks_reporting = RSP_FTICKS_REPORTING_NONE;
24 else if (strcasecmp(reporting, "Basic") == 0)
25 options->fticks_reporting = RSP_FTICKS_REPORTING_BASIC;
26 else if (strcasecmp(reporting, "Full") == 0)
27 options->fticks_reporting = RSP_FTICKS_REPORTING_FULL;
29 debugx(1, DBG_ERR, "config error: invalid FTicksReporting value: %s",
37 if (strcasecmp(mac, "Static") == 0)
38 options->fticks_mac = RSP_FTICKS_MAC_STATIC;
39 else if (strcasecmp(mac, "Original") == 0)
40 options->fticks_mac = RSP_FTICKS_MAC_ORIGINAL;
41 else if (strcasecmp(mac, "VendorHashed") == 0)
42 options->fticks_mac = RSP_FTICKS_MAC_VENDOR_HASHED;
43 else if (strcasecmp(mac, "VendorKeyHashed") == 0)
44 options->fticks_mac = RSP_FTICKS_MAC_VENDOR_KEY_HASHED;
45 else if (strcasecmp(mac, "FullyHashed") == 0)
46 options->fticks_mac = RSP_FTICKS_MAC_FULLY_HASHED;
47 else if (strcasecmp(mac, "FullyKeyHashed") == 0)
48 options->fticks_mac = RSP_FTICKS_MAC_FULLY_KEY_HASHED;
50 debugx(1, DBG_ERR, "config error: invalid FTicksMAC value: %s", mac);
56 && (options->fticks_mac == RSP_FTICKS_MAC_VENDOR_KEY_HASHED
57 || options->fticks_mac == RSP_FTICKS_MAC_FULLY_KEY_HASHED)) {
59 "config error: FTicksMAC %s requires an FTicksKey", mac);
60 options->fticks_mac = RSP_FTICKS_MAC_STATIC;
66 options->fticks_key = *keyp;
69 if (*reportingp != NULL) {
81 fticks_log(const struct options *options,
82 const struct client *client,
83 const struct radmsg *msg,
84 const struct rqout *rqout)
86 uint8_t *username = NULL;
87 uint8_t *realm = NULL;
88 uint8_t visinst[8+40+1+1]; /* Room for 40 octets of VISINST. */
89 uint8_t *macin = NULL;
90 uint8_t macout[2*32+1]; /* Room for ASCII representation of SHA256. */
92 username = radattr2ascii(radmsg_gettype(rqout->rq->msg,
94 if (username != NULL) {
95 realm = (uint8_t *) strrchr((char *) username, '@');
100 realm = (uint8_t *) "";
102 memset(visinst, 0, sizeof(visinst));
103 if (options->fticks_reporting == RSP_FTICKS_REPORTING_FULL) {
104 snprintf((char *) visinst, sizeof(visinst), "VISINST=%s#",
108 memset(macout, 0, sizeof(macout));
109 if (options->fticks_mac == RSP_FTICKS_MAC_STATIC) {
110 strncpy((char *) macout, "undisclosed", sizeof(macout) - 1);
113 macin = radattr2ascii(radmsg_gettype(rqout->rq->msg,
114 RAD_Attr_Calling_Station_Id));
116 switch (options->fticks_mac)
118 case RSP_FTICKS_MAC_ORIGINAL:
119 memcpy(macout, macin, sizeof(macout));
121 case RSP_FTICKS_MAC_VENDOR_HASHED:
122 memcpy(macout, macin, 9);
123 fticks_hashmac(macin, NULL, sizeof(macout) - 9, macout + 9);
125 case RSP_FTICKS_MAC_VENDOR_KEY_HASHED:
126 memcpy(macout, macin, 9);
127 /* We are hashing the first nine octets too for easier
128 * correlation between vendor-key-hashed and
129 * fully-key-hashed log records. This opens up for a
130 * known plaintext attack on the key but the
131 * consequences of that is considered outweighed by
132 * the convenience gained. */
133 fticks_hashmac(macin, options->fticks_key,
134 sizeof(macout) - 9, macout + 9);
136 case RSP_FTICKS_MAC_FULLY_HASHED:
137 fticks_hashmac(macin, NULL, sizeof(macout), macout);
139 case RSP_FTICKS_MAC_FULLY_KEY_HASHED:
140 fticks_hashmac(macin, options->fticks_key, sizeof(macout),
144 debugx(2, DBG_ERR, "invalid fticks mac configuration: %d",
145 options->fticks_mac);
150 "F-TICKS/eduroam/1.0#REALM=%s#VISCOUNTRY=%s#%sCSI=%s#RESULT=%s#",
152 client->conf->fticks_viscountry,
155 msg->code == RAD_Access_Accept ? "OK" : "FAIL");
158 if (username != NULL)
162 /* Local Variables: */
163 /* c-file-style: "stroustrup" */