12 files changed, 1009 insertions, 6 deletions

diff --git a/configure.in b/configure.in
index 30a383d70..718fa0e00 100644
--- a/configure.in
+++ b/configure.in
@@ -402,6 +402,14 @@ AC_ARG_ENABLE(
 )
 
 AC_ARG_ENABLE(
+	[eap-gtc],
+	AS_HELP_STRING([--enable-eap-gtc],[build PAM based GTC authenication module for EAP (default is NO).]),
+	[if test x$enableval = xyes; then
+		eap_gtc=true
+	fi]
+)
+
+AC_ARG_ENABLE(
 	[eap-aka],
 	AS_HELP_STRING([--enable-eap-aka],[build AKA authentication module for EAP (default is NO).]),
 	[if test x$enableval = xyes; then
@@ -719,6 +727,11 @@ if test x$nm = xtrue; then
 	AC_SUBST(nm_LIBS)
 fi
 
+if test x$eap_gtc = xtrue; then
+	AC_HAVE_LIBRARY([pam],[LIBS="$LIBS"],[AC_MSG_ERROR([PAM library not found])])
+	AC_CHECK_HEADER([security/pam_appl.h],,[AC_MSG_ERROR([PAM header security/pam_appl.h not found!])])
+fi
+
 dnl ======================================
 dnl  collect all plugins for libstrongswan
 dnl ======================================
@@ -820,6 +833,7 @@ AM_CONDITIONAL(USE_UNIT_TESTS, test x$unittest = xtrue)
 AM_CONDITIONAL(USE_EAP_SIM, test x$eap_sim = xtrue)
 AM_CONDITIONAL(USE_EAP_IDENTITY, test x$eap_identity = xtrue)
 AM_CONDITIONAL(USE_EAP_MD5, test x$eap_md5 = xtrue)
+AM_CONDITIONAL(USE_EAP_GTC, test x$eap_gtc = xtrue)
 AM_CONDITIONAL(USE_EAP_AKA, test x$eap_aka = xtrue)
 
 dnl other options
@@ -887,6 +901,7 @@ AC_OUTPUT(
 	src/charon/plugins/eap_aka/Makefile
 	src/charon/plugins/eap_identity/Makefile
 	src/charon/plugins/eap_md5/Makefile
+	src/charon/plugins/eap_gtc/Makefile
 	src/charon/plugins/eap_sim/Makefile
 	src/charon/plugins/smp/Makefile
 	src/charon/plugins/sql/Makefile
diff --git a/doc/standards/draft-sheffer-ikev2-gtc-00.txt b/doc/standards/draft-sheffer-ikev2-gtc-00.txt
new file mode 100644
index 000000000..037c90215
--- /dev/null
+++ b/doc/standards/draft-sheffer-ikev2-gtc-00.txt
@@ -0,0 +1,505 @@
+
+
+
+Network Working Group                                         Y. Sheffer
+Internet-Draft                                               Check Point
+Intended status: Informational                              July 6, 2008
+Expires: January 7, 2009
+
+
+         Using EAP-GTC for Simple User Authentication in IKEv2
+                     draft-sheffer-ikev2-gtc-00.txt
+
+Status of this Memo
+
+   By submitting this Internet-Draft, each author represents that any
+   applicable patent or other IPR claims of which he or she is aware
+   have been or will be disclosed, and any of which he or she becomes
+   aware will be disclosed, in accordance with Section 6 of BCP 79.
+
+   Internet-Drafts are working documents of the Internet Engineering
+   Task Force (IETF), its areas, and its working groups.  Note that
+   other groups may also distribute working documents as Internet-
+   Drafts.
+
+   Internet-Drafts are draft documents valid for a maximum of six months
+   and may be updated, replaced, or obsoleted by other documents at any
+   time.  It is inappropriate to use Internet-Drafts as reference
+   material or to cite them other than as "work in progress."
+
+   The list of current Internet-Drafts can be accessed at
+   http://www.ietf.org/ietf/1id-abstracts.txt.
+
+   The list of Internet-Draft Shadow Directories can be accessed at
+   http://www.ietf.org/shadow.html.
+
+   This Internet-Draft will expire on January 7, 2009.
+
+Abstract
+
+   Despite many years of effort, simple username-password authentication
+   is still prevalent.  In many cases a password is the only credential
+   available to the end user.  IKEv2 uses EAP as a sub-protocol for user
+   authentication.  This provides a well-specified and extensible
+   architecture.  To this day EAP does not provide a simple password-
+   based authentication method.  The only existing password
+   authentication methods either require the peer to know the password
+   in advance (EAP-MD5), or are needlessly complex when used within
+   IKEv2 (e.g.  PEAP).  This document codifies the common practice of
+   using EAP-GTC for this type of authentication, with the goal of
+   achieving maximum interoperability.  The various security issues are
+   extensively analyzed.
+
+
+
+Sheffer                  Expires January 7, 2009                [Page 1]
+
+Internet-Draft              EAP-GTC in IKEv2                   July 2008
+
+
+Table of Contents
+
+   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
+   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 4
+   3.  Alternatives to EAP-GTC in IKEv2  . . . . . . . . . . . . . . . 4
+     3.1.  Non-password credentials  . . . . . . . . . . . . . . . . . 4
+     3.2.  Using the IKE preshared secret  . . . . . . . . . . . . . . 4
+     3.3.  EAP-MD5 , EAP-MSCHAPv2 and mutual authentication
+           schemes . . . . . . . . . . . . . . . . . . . . . . . . . . 4
+   4.  Using EAP-GTC in IKE: Details . . . . . . . . . . . . . . . . . 5
+   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
+   6.  Security Considerations . . . . . . . . . . . . . . . . . . . . 6
+     6.1.  Key generation and MITM protection  . . . . . . . . . . . . 6
+     6.2.  Protection of credentials between the IKE gateway and
+           the AAA server  . . . . . . . . . . . . . . . . . . . . . . 6
+     6.3.  Server authentication . . . . . . . . . . . . . . . . . . . 6
+   7.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 7
+   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 7
+     8.1.  Normative References  . . . . . . . . . . . . . . . . . . . 7
+     8.2.  Informative References  . . . . . . . . . . . . . . . . . . 7
+   Appendix A.  Change Log . . . . . . . . . . . . . . . . . . . . . . 8
+     A.1.  -00 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
+   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . . . 8
+   Intellectual Property and Copyright Statements  . . . . . . . . . . 9
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sheffer                  Expires January 7, 2009                [Page 2]
+
+Internet-Draft              EAP-GTC in IKEv2                   July 2008
+
+
+1.  Introduction
+
+   "Oh dear!  It's possible that we have added EAP to IKE to support a
+   case that EAP can't support." -- C. Kaufman.
+
+   Despite many years of effort, simple username-password authentication
+   is still prevalent.  In many cases a password is the only credential
+   available to the end user.
+
+   IKEv2 [RFC4306] uses the Extensible Authentication Protocol (EAP) as
+   a sub-protocol for user authentication.  This provides a well-
+   specified and extensible architecture and enables useful capabilities
+   like SIM authentication.  Unfortunately, for a number of reasons EAP
+   still does not provide a simple password-based authentication method.
+   The only existing password authentication methods either require the
+   peer to know the password in advance (EAP-MD5), or are needlessly
+   complex when used within IKEv2 (e.g.  PEAP).
+
+   Technically, the IKE preshared secret authentication mode can be used
+   for password authentication.  In fact even the IKEv2 RFC winks at
+   this practice.  But this use jeopardizes the protocol's security and
+   should clearly be avoided (more details below).
+
+   EAP is used in IKEv2 at a stage when the remote access gateway has
+   already been authenticated.  At this point the user has a high enough
+   level of trust to send his or her password to the gateway.  Such an
+   exchange is enabled by the EAP Generic Token Card (GTC) method, which
+   is a simple text transport between the two EAP peers.  To quote
+   [RFC3748]:
+
+      The EAP GTC method is intended for use with the Token Cards
+      supporting challenge/response authentication and MUST NOT be used
+      to provide support for cleartext passwords in the absence of a
+      protected tunnel with server authentication.
+
+   IKEv2 does indeed provide "a protected tunnel with server
+   authentication".  The current document updates [RFC3748] by making an
+   exception and allowing the use of GTC to carry secret credentials, in
+   this specific situation.  Section 6 further elaborates on the
+   security properties of this solution.
+
+   Other protocols provide a similar protected tunnel, for example TLS-
+   EAP, described in [I-D.nir-tls-eap].  These protocols however are out
+   of scope for this document.
+
+
+
+
+
+
+
+Sheffer                  Expires January 7, 2009                [Page 3]
+
+Internet-Draft              EAP-GTC in IKEv2                   July 2008
+
+
+2.  Terminology
+
+   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+   document are to be interpreted as described in [RFC2119].
+
+
+3.  Alternatives to EAP-GTC in IKEv2
+
+   This section presents a few of the alternatives to EAP-GTC, and
+   explains why they are either insecure or impractical given today's
+   common identity management infrastructure.
+
+3.1.  Non-password credentials
+
+   Certificate-based authentication, especially when combined with
+   hardware protection (e.g. a hardware token), can be deployed in a
+   more secure manner than the form of password authentication which we
+   discuss.  However, due to a host of issues to do with cost,
+   inconvenience and reliability this solution has not gained wide
+   market acceptance over the last 10 years.
+
+3.2.  Using the IKE preshared secret
+
+   Sec. 2.15 of RFC 4306 points out that the generation of the IKE
+   preshared secret from a weak password is insecure.  Such use is
+   vulnerable to off line password guessing by an active attacker.  All
+   the attacker needs to do is respond correctly to the first IKE_INIT
+   message, and then record the third IKE message.  This is then
+   followed by a dictionary attack to obtain the password.
+
+3.3.  EAP-MD5 , EAP-MSCHAPv2 and mutual authentication schemes
+
+   Challenge-response schemes, like EAP-MD5 and EAP-MSCHAPv2, have a
+   clear security advantage over sending the plaintext password to the
+   gateway.  Password-based mutual authentication schemes like SRP have
+   a further advantage in that the gateway's authentication is much
+   stronger than when using certificates alone, since the AAA server
+   proves its knowledge of a per-client credential, and the gateway
+   proves that it has been authorized by the AAA server for that
+   particular client.
+
+   Unfortunately all of these methods also suffer from a major drawback:
+   the gateway must have a priori access to the plaintext password.
+   While many RADIUS servers may indeed have such access, other very
+   common deployments do not provide it.  One typical example is when
+   the gateway directly accesses an LDAP directory (or a Microsoft
+   Active Directory) to authenticate the user.  The usual way to do that
+
+
+
+Sheffer                  Expires January 7, 2009                [Page 4]
+
+Internet-Draft              EAP-GTC in IKEv2                   July 2008
+
+
+   is by issuing an LDAP Bind operation into the directory, using the
+   just-received plaintext password.  Often in this case it is the IKE
+   gateway that terminates the EAP protocol, and it needs a way to
+   obtain the raw password.
+
+   An additional issue with mutual authentication schemes is their heavy
+   IP encumbrance, which has resulted in a scarcity of standards using
+   them and a low rate of market adoption.
+
+
+4.  Using EAP-GTC in IKE: Details
+
+   EAP-GTC is specified in [RFC3748], Sec. 5.6.  This section is non-
+   normative, and is merely an interpretation of this specification in
+   the context of IKEv2.
+
+   Simple authentication requires a non secret identity ("user name")
+   and a secret credential ("password").  Both of these are arbitrary
+   Unicode strings, although implementations may impose length
+   constraints.
+
+   In the case of EAP-GTC, the user name is conveyed in the IKE IDi
+   payload.  According to [RFC4718], Sec. 3.4, the user name can be
+   encoded in one of two ways: as a simple user name, in which case the
+   ID_KEY_ID identification type is used; or as a combination user name
+   plus realm, in which case the format is a NAI [RFC4282] and the
+   identification type is ID_RFC822_ADDR.  In either case, the user name
+   is a Unicode string encoded as UTF-8.  Using the EAP Identity payload
+   is redundant, and if it is used, it should be identical to the IDi
+   payload.
+
+   EAP-GTC consists of a simple 2-message exchange.  The contents of the
+   Type-Data field in the Request should not be interpreted in any way,
+   and should be displayed to the user.  This field contains a Unicode
+   string, encoded as UTF-8.
+
+   The password is sent in the EAP Response.  The Type-Data field of the
+   Response is also a Unicode string encoded as UTF-8.  Note that none
+   of the IDi payload, the EAP Request or the EAP Response is null-
+   terminated.
+
+   If either or both the user name and the password are non-ASCII, they
+   should be normalized by the IKE client before the IKE/EAP message is
+   constructed.  The normalization method is SASLprep, [RFC4013].
+
+
+
+
+
+
+
+Sheffer                  Expires January 7, 2009                [Page 5]
+
+Internet-Draft              EAP-GTC in IKEv2                   July 2008
+
+
+5.  IANA Considerations
+
+   This document does not require any action by IANA.
+
+
+6.  Security Considerations
+
+6.1.  Key generation and MITM protection
+
+   Modern EAP methods generate a key shared between the two protocol
+   peers.  GTC does not (and cannot) generate such a key.  RFC 4306
+   mandates that:
+
+      EAP methods that do not establish a shared key SHOULD NOT be used,
+      as they are subject to a number of man-in-the-middle attacks
+      [EAPMITM] if these EAP methods are used in other protocols that do
+      not use a server-authenticated tunnel.
+
+   However GTC must never be used in such a situation, since the client
+   would be sending its credentials openly to an unauthenticated server.
+   When using GTC with IKEv2, the implementation (or local
+   administrators) MUST ensure that the same credentials are never used
+   in such a manner.
+
+6.2.  Protection of credentials between the IKE gateway and the AAA
+      server
+
+   In the proposed solution, the raw credentials are sent from the IKE
+   gateway to a AAA server, typically a RADIUS server.  These
+   credentials and the associated messaging MUST be strongly protected.
+   Some of the existing options include:
+   o  An IPsec tunnel between the gateway and the AAA server.
+   o  RADIUS over TCP with TLS, [I-D.winter-radsec].
+   o  RADIUS over UDP with DTLS, [I-D.dekok-radext-dtls] (expired).
+   The legacy RADIUS security mechanism (Sec. 5.2 of [RFC2865]) is
+   considered weak and SHOULD NOT be used when better alternatives are
+   available.
+
+6.3.  Server authentication
+
+   The client may only send its cleartext credentials after it has
+   positively authenticated the server.  This authentication is
+   specified, albeit rather vaguely, in [RFC4306] and is out of scope of
+   the current document.  Unauthenticated (BTNS) derivatives of IKE MUST
+   NOT be used with EAP-GTC.
+
+
+
+
+
+
+Sheffer                  Expires January 7, 2009                [Page 6]
+
+Internet-Draft              EAP-GTC in IKEv2                   July 2008
+
+
+7.  Acknowledgments
+
+   I would like to thank Yoav Nir and Charlie Kaufman for their helpful
+   comments.
+
+
+8.  References
+
+8.1.  Normative References
+
+   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
+              Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+   [RFC3748]  Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H.
+              Levkowetz, "Extensible Authentication Protocol (EAP)",
+              RFC 3748, June 2004.
+
+   [RFC4013]  Zeilenga, K., "SASLprep: Stringprep Profile for User Names
+              and Passwords", RFC 4013, February 2005.
+
+   [RFC4306]  Kaufman, C., "Internet Key Exchange (IKEv2) Protocol",
+              RFC 4306, December 2005.
+
+8.2.  Informative References
+
+   [EAPMITM]  Asokan, N., Niemi, V., and K. Nyberg, "Man-in-the-Middle
+              in Tunneled Authentication Protocols", November 2002,
+              <http://eprint.iacr.org/2002/163>.
+
+   [I-D.dekok-radext-dtls]
+              DeKok, A., "DTLS as a Transport Layer for RADIUS",
+              draft-dekok-radext-dtls-00 (work in progress),
+              February 2007.
+
+   [I-D.nir-tls-eap]
+              Nir, Y., Tschofenig, H., and P. Gutmann, "TLS using EAP
+              Authentication", draft-nir-tls-eap-03 (work in progress),
+              April 2008.
+
+   [I-D.winter-radsec]
+              Winter, S., McCauley, M., and S. Venaas, "RadSec Version 2
+              - A Secure and Reliable Transport for the RADIUS
+              Protocol", draft-winter-radsec-01 (work in progress),
+              February 2008.
+
+   [RFC2865]  Rigney, C., Willens, S., Rubens, A., and W. Simpson,
+              "Remote Authentication Dial In User Service (RADIUS)",
+              RFC 2865, June 2000.
+
+
+
+Sheffer                  Expires January 7, 2009                [Page 7]
+
+Internet-Draft              EAP-GTC in IKEv2                   July 2008
+
+
+   [RFC4282]  Aboba, B., Beadles, M., Arkko, J., and P. Eronen, "The
+              Network Access Identifier", RFC 4282, December 2005.
+
+   [RFC4718]  Eronen, P. and P. Hoffman, "IKEv2 Clarifications and
+              Implementation Guidelines", RFC 4718, October 2006.
+
+
+Appendix A.  Change Log
+
+A.1.  -00
+
+   Initial version.
+
+
+Author's Address
+
+   Yaron Sheffer
+   Check Point Software Technologies Ltd.
+   5 Hasolelim St.
+   Tel Aviv  67897
+   Israel
+
+   Email: yaronf@checkpoint.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sheffer                  Expires January 7, 2009                [Page 8]
+
+Internet-Draft              EAP-GTC in IKEv2                   July 2008
+
+
+Full Copyright Statement
+
+   Copyright (C) The IETF Trust (2008).
+
+   This document is subject to the rights, licenses and restrictions
+   contained in BCP 78, and except as set forth therein, the authors
+   retain all their rights.
+
+   This document and the information contained herein are provided on an
+   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
+   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
+   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
+   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+Intellectual Property
+
+   The IETF takes no position regarding the validity or scope of any
+   Intellectual Property Rights or other rights that might be claimed to
+   pertain to the implementation or use of the technology described in
+   this document or the extent to which any license under such rights
+   might or might not be available; nor does it represent that it has
+   made any independent effort to identify any such rights.  Information
+   on the procedures with respect to rights in RFC documents can be
+   found in BCP 78 and BCP 79.
+
+   Copies of IPR disclosures made to the IETF Secretariat and any
+   assurances of licenses to be made available, or the result of an
+   attempt made to obtain a general license or permission for the use of
+   such proprietary rights by implementers or users of this
+   specification can be obtained from the IETF on-line IPR repository at
+   http://www.ietf.org/ipr.
+
+   The IETF invites any interested party to bring to its attention any
+   copyrights, patents or patent applications, or other proprietary
+   rights that may cover technology that may be required to implement
+   this standard.  Please address the information to the IETF at
+   ietf-ipr@ietf.org.
+
+
+
+
+
+
+
+
+
+
+
+Sheffer                  Expires January 7, 2009                [Page 9]
+
+
diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am
index 3ea21a020..82f521fc6 100644
--- a/src/charon/Makefile.am
+++ b/src/charon/Makefile.am
@@ -165,6 +165,11 @@ if USE_EAP_MD5
   PLUGINS += eapmd5
 endif
 
+if USE_EAP_GTC
+  SUBDIRS += plugins/eap_gtc
+  PLUGINS += eapgtc
+endif
+
 if USE_EAP_AKA
   SUBDIRS += plugins/eap_aka
   PLUGINS += eapaka
diff --git a/src/charon/plugins/eap_gtc/Makefile.am b/src/charon/plugins/eap_gtc/Makefile.am
new file mode 100644
index 000000000..1057bd506
--- /dev/null
+++ b/src/charon/plugins/eap_gtc/Makefile.am
@@ -0,0 +1,10 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+
+AM_CFLAGS = -rdynamic
+
+plugin_LTLIBRARIES = libstrongswan-eapgtc.la
+
+libstrongswan_eapgtc_la_SOURCES = eap_gtc_plugin.h eap_gtc_plugin.c eap_gtc.h eap_gtc.c
+libstrongswan_eapgtc_la_LDFLAGS = -module -lpam
+
diff --git a/src/charon/plugins/eap_gtc/eap_gtc.c b/src/charon/plugins/eap_gtc/eap_gtc.c
new file mode 100644
index 000000000..f178786e4
--- /dev/null
+++ b/src/charon/plugins/eap_gtc/eap_gtc.c
@@ -0,0 +1,300 @@
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id: eap_gtc.c 3806 2008-04-15 05:56:35Z martin $
+ */
+ 
+#include "eap_gtc.h"
+
+#include <daemon.h>
+#include <library.h>
+#include <crypto/hashers/hasher.h>
+
+#include <security/pam_appl.h>
+
+#define GTC_REQUEST_MSG "login"
+#define GTC_PAM_SERVICE "login"
+
+typedef struct private_eap_gtc_t private_eap_gtc_t;
+
+/**
+ * Private data of an eap_gtc_t object.
+ */
+struct private_eap_gtc_t {
+	
+	/**
+	 * Public authenticator_t interface.
+	 */
+	eap_gtc_t public;
+	
+	/**
+	 * ID of the server
+	 */
+	identification_t *server;
+	
+	/**
+	 * ID of the peer
+	 */
+	identification_t *peer;
+	
+	/**
+	 * EAP message identififier
+	 */
+	u_int8_t identifier;
+};
+
+typedef struct eap_gtc_header_t eap_gtc_header_t;
+
+/**
+ * packed eap GTC header struct
+ */
+struct eap_gtc_header_t {
+	/** EAP code (REQUEST/RESPONSE) */
+	u_int8_t code;
+	/** unique message identifier */
+	u_int8_t identifier;
+	/** length of whole message */
+	u_int16_t length;
+	/** EAP type */
+	u_int8_t type;
+	/** type data */
+	u_int8_t data[];
+} __attribute__((__packed__));
+
+/**
+ * Implementation of eap_method_t.initiate for the peer
+ */
+static status_t initiate_peer(private_eap_gtc_t *this, eap_payload_t **out)
+{
+	/* peer never initiates */
+	return FAILED;
+}
+
+/**
+ * PAM conv callback function
+ */
+static int auth_conv(int num_msg, const struct pam_message **msg,
+                	 struct pam_response **resp, char *password)
+{
+	struct pam_response *response;
+	
+	if (num_msg != 1)
+	{
+		return PAM_CONV_ERR;
+	}
+	response = malloc(sizeof(struct pam_response));
+	response->resp = strdup(password);
+	response->resp_retcode = 0;
+	*resp = response;
+	return PAM_SUCCESS;
+}
+
+/**
+ * Authenticate a username/password using PAM
+ */
+static bool authenticate(char *service, char *user, char *password)
+{
+    pam_handle_t *pamh;
+	static struct pam_conv conv;
+    int ret;
+	
+	conv.conv = (void*)auth_conv;
+	conv.appdata_ptr = password;
+	
+	if (pam_start(service, user, &conv, &pamh) != PAM_SUCCESS)
+	{
+		return FALSE;
+	}
+	ret = pam_authenticate(pamh, 0);
+	pam_end(pamh, ret);
+	return ret == PAM_SUCCESS;
+}
+
+/**
+ * Implementation of eap_method_t.initiate for the server
+ */
+static status_t initiate_server(private_eap_gtc_t *this, eap_payload_t **out)
+{
+	eap_gtc_header_t *req;
+	size_t len;
+	
+	len = strlen(GTC_REQUEST_MSG);
+	req = alloca(sizeof(eap_gtc_header_t) + len);
+	req->length = htons(sizeof(eap_gtc_header_t) + len);
+	req->code = EAP_REQUEST;
+	req->identifier = this->identifier;
+	req->type = EAP_GTC;
+	memcpy(req->data, GTC_REQUEST_MSG, len);
+	
+	*out = eap_payload_create_data(chunk_create((void*)req,
+								   sizeof(eap_gtc_header_t) + len));
+	return NEED_MORE;
+}
+
+/**
+ * Implementation of eap_method_t.process for the peer
+ */
+static status_t process_peer(private_eap_gtc_t *this,
+							 eap_payload_t *in, eap_payload_t **out)
+{
+	eap_gtc_header_t *res;
+	shared_key_t *shared;
+	chunk_t key;
+	size_t len;
+
+	shared = charon->credentials->get_shared(charon->credentials, SHARED_EAP,
+											 this->server, this->peer);
+	if (shared == NULL)
+	{
+		DBG1(DBG_IKE, "no EAP key found for '%D' - '%D'",
+			 this->server, this->peer);
+		return FAILED;
+	}
+	key = shared->get_key(shared);
+	len = key.len;
+
+	res = alloca(sizeof(eap_gtc_header_t) + len);
+	res->length = htons(sizeof(eap_gtc_header_t) + len);
+	res->code = EAP_RESPONSE;
+	res->identifier = in->get_identifier(in);
+	res->type = EAP_GTC;
+	memcpy(res->data, key.ptr, len);
+	
+	shared->destroy(shared);
+	
+	*out = eap_payload_create_data(chunk_create((void*)res,
+								   sizeof(eap_gtc_header_t) + len));
+	return NEED_MORE;
+}
+
+/**
+ * Implementation of eap_method_t.process for the server
+ */
+static status_t process_server(private_eap_gtc_t *this,
+							   eap_payload_t *in, eap_payload_t **out)
+{
+	chunk_t data, encoding;
+	char *user, *password, *service;
+	
+	data = chunk_skip(in->get_data(in), 5);
+	if (this->identifier != in->get_identifier(in) || !data.len)
+	{
+		DBG1(DBG_IKE, "received invalid EAP-GTC message");
+		return FAILED;
+	}
+	
+	encoding = this->peer->get_encoding(this->peer);
+	user = alloca(encoding.len + 1);
+	memcpy(user, encoding.ptr, encoding.len);
+	user[encoding.len] = '\0';
+	
+	password = alloca(data.len + 1);
+	memcpy(password, data.ptr, data.len);
+	password[data.len] = '\0';
+	
+	service = lib->settings->get_str(lib->settings,
+						"charon.plugins.eap_gtc.pam_service", GTC_PAM_SERVICE);
+	
+	/* TODO: According to the draft we should "SASLprep" username and
+	 * passwords... RFC4013 */
+	if (!authenticate(service, user, password))
+	{
+		DBG1(DBG_IKE, "EAP-GTC PAM authentication failed");
+		return FAILED;
+	}
+	return SUCCESS;
+}
+
+/**
+ * Implementation of eap_method_t.get_type.
+ */
+static eap_type_t get_type(private_eap_gtc_t *this, u_int32_t *vendor)
+{
+	*vendor = 0;
+	return EAP_GTC;
+}
+
+/**
+ * Implementation of eap_method_t.get_msk.
+ */
+static status_t get_msk(private_eap_gtc_t *this, chunk_t *msk)
+{
+	return FAILED;
+}
+
+/**
+ * Implementation of eap_method_t.is_mutual.
+ */
+static bool is_mutual(private_eap_gtc_t *this)
+{
+	return FALSE;
+}
+
+/**
+ * Implementation of eap_method_t.destroy.
+ */
+static void destroy(private_eap_gtc_t *this)
+{
+	free(this);
+}
+
+/**
+ * Generic constructor
+ */
+static private_eap_gtc_t *eap_gtc_create_generic(identification_t *server,
+												 identification_t *peer)
+{
+	private_eap_gtc_t *this = malloc_thing(private_eap_gtc_t);
+	
+	this->public.eap_method_interface.initiate = NULL;
+	this->public.eap_method_interface.process = NULL;
+	this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type;
+	this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual;
+	this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk;
+	this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy;
+	
+	/* private data */
+	this->peer = peer;
+	this->server = server;
+	this->identifier = random();
+	
+	return this;
+}
+
+/*
+ * see header
+ */
+eap_gtc_t *eap_gtc_create_server(identification_t *server, identification_t *peer)
+{
+	private_eap_gtc_t *this = eap_gtc_create_generic(server, peer);
+	
+	this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_server;
+	this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process_server;
+
+	return &this->public;
+}
+
+/*
+ * see header
+ */
+eap_gtc_t *eap_gtc_create_peer(identification_t *server, identification_t *peer)
+{
+	private_eap_gtc_t *this = eap_gtc_create_generic(server, peer);
+	
+	this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_peer;
+	this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process_peer;
+
+	return &this->public;
+}
+
diff --git a/src/charon/plugins/eap_gtc/eap_gtc.h b/src/charon/plugins/eap_gtc/eap_gtc.h
new file mode 100644
index 000000000..478ac81cf
--- /dev/null
+++ b/src/charon/plugins/eap_gtc/eap_gtc.h
@@ -0,0 +1,62 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id: eap_gtc.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup eap_gtc_i eap_gtc
+ * @{ @ingroup eap_gtc
+ */
+
+#ifndef EAP_GTC_H_
+#define EAP_GTC_H_
+
+typedef struct eap_gtc_t eap_gtc_t;
+
+#include <sa/authenticators/eap/eap_method.h>
+
+/**
+ * Implementation of the eap_method_t interface using EAP-GTC.
+ *
+ * This implementation of draft-sheffer-ikev2-gtc-00.txt uses PAM to
+ * verify user credentials.
+ */
+struct eap_gtc_t {
+
+	/**
+	 * Implemented eap_method_t interface.
+	 */
+	eap_method_t eap_method_interface;
+};
+
+/**
+ * Creates the EAP method EAP-GTC acting as server.
+ *
+ * @param server	ID of the EAP server
+ * @param peer		ID of the EAP client
+ * @return			eap_gtc_t object
+ */
+eap_gtc_t *eap_gtc_create_server(identification_t *server, identification_t *peer);
+
+/**
+ * Creates the EAP method EAP-GTC acting as peer.
+ *
+ * @param server	ID of the EAP server
+ * @param peer		ID of the EAP client
+ * @return			eap_gtc_t object
+ */
+eap_gtc_t *eap_gtc_create_peer(identification_t *server, identification_t *peer);
+
+#endif /* EAP_GTC_H_ @}*/
diff --git a/src/charon/plugins/eap_gtc/eap_gtc_plugin.c b/src/charon/plugins/eap_gtc/eap_gtc_plugin.c
new file mode 100644
index 000000000..58a231058
--- /dev/null
+++ b/src/charon/plugins/eap_gtc/eap_gtc_plugin.c
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+#include "eap_gtc_plugin.h"
+
+#include "eap_gtc.h"
+
+#include <daemon.h>
+
+/**
+ * Implementation of plugin_t.destroy
+ */
+static void destroy(eap_gtc_plugin_t *this)
+{
+	charon->eap->remove_method(charon->eap,
+							   (eap_constructor_t)eap_gtc_create_server);
+	charon->eap->remove_method(charon->eap,
+							   (eap_constructor_t)eap_gtc_create_peer);
+	free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *plugin_create()
+{
+	eap_gtc_plugin_t *this = malloc_thing(eap_gtc_plugin_t);
+	
+	this->plugin.destroy = (void(*)(plugin_t*))destroy;
+	
+	charon->eap->add_method(charon->eap, EAP_GTC, 0, EAP_SERVER,
+							(eap_constructor_t)eap_gtc_create_server);
+	charon->eap->add_method(charon->eap, EAP_GTC, 0, EAP_PEER,
+							(eap_constructor_t)eap_gtc_create_peer);
+	
+	return &this->plugin;
+}
+
diff --git a/src/charon/plugins/eap_gtc/eap_gtc_plugin.h b/src/charon/plugins/eap_gtc/eap_gtc_plugin.h
new file mode 100644
index 000000000..8b2f5435f
--- /dev/null
+++ b/src/charon/plugins/eap_gtc/eap_gtc_plugin.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup eap_gtc eap_gtc
+ * @ingroup cplugins
+ *
+ * @defgroup eap_gtc_plugin eap_gtc_plugin
+ * @{ @ingroup eap_gtc
+ */
+
+#ifndef EAP_GTC_PLUGIN_H_
+#define EAP_GTC_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct eap_gtc_plugin_t eap_gtc_plugin_t;
+
+/**
+ * EAP-GTC plugin
+ */
+struct eap_gtc_plugin_t {
+
+	/**
+	 * implements plugin interface
+	 */
+	plugin_t plugin;
+};
+
+/**
+ * Create a eap_gtc_plugin instance.
+ */
+plugin_t *plugin_create();
+
+#endif /* EAP_GTC_PLUGIN_H_ @}*/
diff --git a/src/charon/sa/authenticators/eap/eap_method.c b/src/charon/sa/authenticators/eap/eap_method.c
index a9f7abda0..b87bcca0d 100644
--- a/src/charon/sa/authenticators/eap/eap_method.c
+++ b/src/charon/sa/authenticators/eap/eap_method.c
@@ -17,14 +17,14 @@
 
 #include "eap_method.h"
 
-ENUM_BEGIN(eap_type_names, EAP_IDENTITY, EAP_TOKEN_CARD,
+ENUM_BEGIN(eap_type_names, EAP_IDENTITY, EAP_GTC,
 	"EAP_IDENTITY",
 	"EAP_NOTIFICATION",
 	"EAP_NAK",
 	"EAP_MD5",
-	"EAP_ONE_TIME_PASSWORD",
-	"EAP_TOKEN_CARD");
-ENUM_NEXT(eap_type_names, EAP_SIM, EAP_SIM, EAP_TOKEN_CARD,
+	"EAP_OTP",
+	"EAP_GTC");
+ENUM_NEXT(eap_type_names, EAP_SIM, EAP_SIM, EAP_GTC,
 	"EAP_SIM");
 ENUM_NEXT(eap_type_names, EAP_AKA, EAP_AKA, EAP_SIM,
 	"EAP_AKA");
diff --git a/src/charon/sa/authenticators/eap/eap_method.h b/src/charon/sa/authenticators/eap/eap_method.h
index ca7b36800..2652f6e6f 100644
--- a/src/charon/sa/authenticators/eap/eap_method.h
+++ b/src/charon/sa/authenticators/eap/eap_method.h
@@ -52,8 +52,8 @@ enum eap_type_t {
 	EAP_NOTIFICATION = 2,
 	EAP_NAK = 3,
 	EAP_MD5 = 4,
-	EAP_ONE_TIME_PASSWORD = 5,
-	EAP_TOKEN_CARD = 6,
+	EAP_OTP = 5,
+	EAP_GTC = 6,
 	EAP_SIM = 18,
 	EAP_AKA = 23,
 	EAP_EXPANDED = 254,
diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c
index cb7a74f0d..72da4bd37 100644
--- a/src/libstrongswan/utils/leak_detective.c
+++ b/src/libstrongswan/utils/leak_detective.c
@@ -262,6 +262,7 @@ char *whitelist[] = {
 	/* ignore dlopen, as we do not dlclose to get proper leak reports */
 	"dlopen",
 	"dlerror",
+	"dlclose",
 	/* mysql functions */
 	"mysql_init_character_set",
 	"init_client_errs",
diff --git a/src/starter/confread.c b/src/starter/confread.c
index 914024dca..1b3f31a55 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -588,6 +588,10 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
 			{
 				conn->eap_type = 4;
 			}
+			else if (streq(kw->value, "gtc"))
+			{
+				conn->eap_type = 6;
+			}
 			else
 			{
 				conn->eap_type = atoi(kw->value);