From 38e1443276e5429e132b7d8b0097a4ebd07e0e95 Mon Sep 17 00:00:00 2001 From: Simon Rozman Date: Wed, 24 Aug 2016 11:04:04 +0200 Subject: [PATCH] Logging of handshake progress introduced --- lib/Events/res/EventsETW.man | Bin 56252 -> 91238 bytes lib/TLS/src/Method.cpp | 28 +++++++++++++++++++++++++++- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/lib/Events/res/EventsETW.man b/lib/Events/res/EventsETW.man index 495ac59e1fb0d341f9527e548f06ebf6bdb8c392..a66984845a44806f480eee7086f6a291a4759602 100644 GIT binary patch literal 91238 zcmeHQZEqa8k?yZKApb!zvcVp3>s`IrYj2zcKT5d{vEu3h4(M;4WC+?;$RuJ{UbiRtlm`L zRbS(Ef!2S-lP^)~0;pc1l@^ed2mZ z6c?^f(r>o+-Ly=zUA7mZ?Ao?qItIe`Xm2)_U+_c|$$ON1k6ym7R`L5a`hJRfq>syZ z_m^s?+O7@)I^CFZg53DkTz&}Ge&wDFDdj(B9d8`X-+{u%pyxTb_6igtcZv8xwNZ_# zUC70@d%1czsjd$GhA3WEJmLz~?oT8o6igSN~mW<)Zokl+V%rnM10mHh}eE^$4|2 z@NVCg-@yBg>Ir_>lL^r86@KwjT(gWun5K_u^9NLGFr*ZXtC%ok2DKLxNDAp9- zwO)8B`wxJ51G?p)1JVQVo?8FJp%9Ad?>c4g^gw!mu{y%fMgrqK$U`ipD#x*`6VIEZ zjK9M-XOQI+aE{N!Qm)!0)N%E3LhUK_)6!~f9Hq<9V8Xvx3#3P|w0{%*q+X?_J*YT# zn-ZUIab-HzDBGdlY1d-cHg9$A<=(Wn<^7~*B4eVopF5!I7`A~_eh2$f+V(PRlxT_) z8dE>)eQb;VnR;rw81M9wo;hv$)=AJAbR|D|h2J6%!cn!fzsKi0PT!wEcQ2v*YxkQP zZmD|gY&WgWPtYW<@EM<>9z4PC(3cZSE!zI;KzccV< z_gGsVqtBds(a)t`;yms{h6?#n%#m2GpL3X~&raY+zQJ#LoYZGK`0f4batX1-cOQ~+ z3{Q&a#G9sOJSwJIH|w3F8ac|D^as#Qy>!a8%wmo^pp$XcZ)B^Sh17Zk-9>%#!pYwI zVq~kP(k66c#DQ~Skur&FDD^laJSj%GW{UD5IQa@vcY#^WGv@>MMJHCthP%`qW5-j` zAdKnAT%mNNu1$R{8(cC{t&nx`?sKD+I_?7VkT-ZyhlrN5LMk&w8ycoDaXh~Ra?Zxe zb;}weLw5Eejc~(Rke}Sx?Sin&j3dYGG(yV2&-h_1@l^-?@~t5ax1fvZ1)gHuo?+&q zQ54REsjJJ!vBUsuWH6=_V^8IHWR_urX9WFr1iH{8q5Yue+GQNvGPMzE$&P_#13Y77 zsho4SI>i)nk}sIlE9s8vwkf4VH;CS)Cezrek8hUBm(D6}^b@Cb%k2|qT!O35yqlww^H2J390#0to#H*cIKRSIDsRisAa>Z&o)Ske`Ab<8 zZ#|9DcIMvn!gtXADdeMlw4{qPJw#7wpM^_*ckyfLtaP7e&C|;znGpgV;~qz8%U$M@ z)F|iExnlR0DUIxP$v8>-Yo&c&?hrQ)`}{rn{{foo7mQHO`WPE4pNHzIMF0L%L-dh7 znU$2_2&v&EU>)OtnyQ>1GV3Tokd_3o$6aG(GP5W{;m4qjRB*pR>8Rj}I6Ym)AoAX> zmBy7F5R`iInsXBRv)(5v(YfmXltxYS81`Vn51pM0WwcZxRVxmGE7aSixHNuXhl^{@ z+t7#KI6qOfdMPfQQx1Wv54~jP6j7DgnY?@ny%_22BVVf@qiOcI`q1k(_V|b=VuefQ zpY%KX(2EvZWvoO$=lSSy^`X}a;$>apQS)&v_o5eL1**er>9q{~>TO=Bo}e6XCt0b5 zn@_KmUi6~=TboLlExlG+(96m)k70>rmFacGHB`AyzCOYtaG7q&Dq4jIcyiN z@D5~HcX*U(qZEcmkdH0wv)V28PVcy#391)Mq@#&r9VqzfgQQDzxrv1P;)rHcOb_zJ z+tq&b*mnrJ(u4BB6$_zAKO}0`cR&&DbmKnMa_uH~#8UOeBYUHEA+a0q&_Z0?Gj)KS zQ(f_u@9SyGkM7+H@o}f+M)lW@xHOX7k8bM!hxF=3r`wS78-;#jicaERTi_9k-j6=& z_gLVOb=Q7)>T<+A;a%lu1-=-gN*1`d6TQp6PeD-b;WQ;@A9Tp=Gs{O3l?GiRDs}H+ z)$PacPK7SQ>s{u z5ZcJ@2rNd(7`A2`^wA4+h@ z9K9kONx^7f#$C@mW}r}wloF5N}bPk(UMKXNwVc1QX!s%9a* z#IcHqX;*D_2feVuA<^zq%ffx&cioJ!KMqFIcB&t+AFL}13$6ALC(a%~LO65nrcu@) z9d{j9`_n{XdlC^UpTDg^x^6*6ETnZEG&$%nautJxq!I&l34iZ&kP@MWg_Mk@r;RsY zbA&t0C{P}?Q|egExSe8*b&TEW2zShJ-`og4l1<<_ zp5Uh!)BP1ZbH&pLAD}hM_q3I*pU_tyquuWzDHC8i#A_e#7^nXmzAKLi$tW&gg-_$y z1t!k-%W=p^w!*>K!=}T*Q^n;gOEQ|R(5yQjW#Zx?oA6c2Ezu3PPr^!8C^H<@%*4=L za%4(TsI}jLS~4@R;vTi6tmQt!*q=_Jn8||VCbZ@Q= zs>h%c*Hf8AhI6S0_`jS^s=G^OP&rG+HPr`@sY6hR_H7IA$;0mSQeAF?PB1Y;(ge7= zTDxV;&TcrJZh@)~?^KIh;1Fq=V6Me@B6CJbR+{w=GNt<50@v8tJFZtTs}<#HJK$cq zysK`vz{boy`%Wh?-{&Iw>>n#v6!onB}H7YZOJ#zZA+^6FF^@f?uhjc5Y zkM88Q(V^-qsB|$CSE#qjrC;aPHu$!|F>2IJyvV;T=b@L&>NX<0{QfgOvfn7Lh zX%AznSs}Evl*}wgN#p#B8kJNnmwrndd4L(u9$v&kF4Ci?o$TTfa$lyMrXNE)NOVpj z9Wr~}1v1Xi%KgibZD^Bnbe6LwoeOi%EF)sfS6Yt9a>kVQin@+ZM#sv}!{&5aY~%Z2 zDqoe%VN(4sdmjAUyp)S_vWg?qVwRHfH}sSS=bewIV<3$(ze=W=NBP7{oSgT$fa5&D zT=`<&w=Lg<$nITt>c^uuPkZ*7`sXcl(IrOuP$OA1R>Bls9vNn|7}pC8F} z-IecsTgl6h2kDn;&{_JWj!Nu9dySgMK>Co2ybXb8QOieXlk54`I6j#VgPEk>qQw)$ z5ab4qS-pSYEXsOP!e+H~0;|JZvgZS~!mJ`^Xh-iH8LmHXz^6L(VtX@7s+j|YdD*CW z<5DI3BL+{^xE`z4ZEWNinchyZ4#qrcyg4Clq1)?`HeLX;epyi2qn zISc$OyALbvV=a=h)NXIVC0eUl@)}yeCPni)C*~Z-o3utv-LCDcJI0Z)@{svXPaKO%W5y^6TV9NTvp@b9Cn%h2=y^@ zcb>r`ESWpSF^pOIyu>aK*}JWvzxn;jX-OHTw|QIE#Cjbm%xGkL%hjI7p@+b@Vp)Xi z`chrap*3^LaxTF9>-4OKpm)g#&QmweN!`W=oW9Za3*0SsBV3E?EOk+t=odT3&Dh3h5x zBdplSz9_vDYPPMliAyx^iD+xz!`M?k6F66*I1gybLf#v=4@#V2Zn*)=eT3C3`hh=I z^ej0e>VmJCbu7-o-5;H-NVi8<(jq0Dw}^Zy6i_@v_Bp<{<@A&3dmUGQ8d&N?pTR`$ zyX88^_0of)k;2R>T}Hg81U(A5-L8Eumy*#b@#jnEEUqEtvBnlWzq@Nud)t^lhUb%r zi#GxAmOWV)yI%70sjn6Zl{uf$dwl%9llJQszD!=i7Q2HZ->n5BON{P1x9(NHslLK%31^47zl~nY3I4l)zrx!+dE*&(Wz~28U*Hp# zYu4vmV=W&r4|?wWr*OaJ2FC3}oW$WNO`eC8EQmbO_XPh>+&SiTcMgVUnR)VKglDOl z-ocNMJ!z~@PH?by{;pL2IeWtI&Rpb0_t(peo|rE19qX)9F+>{f^Ivjn1s|~Ilb#oE zX6KWl>rb8DVYG=gGMdZxjDMfFr+!;~iU0ln_M7Oda^+@3`)$~{awWT1jCx%mKNii0 z`uUx@mCo@(^wJQ#Xd?Pl_>r?Pa++nySy?%UHLT5$_ULi#wIE0SsZE>N|R8&3MxOfyN=kFOTU;UwgI}U2i|+w$7U9 z)meDZrF>w13y!oA&eFH%Nq=iqr%9eC;Xe9BaL2c|Xg)EcE@MVrM@oOYRp&}N>ahqe zd>XXxHaf(w=;J@M;e(e`j@y)_vejC?y+!lpKKuY?M`^F0#6z&;fS#XN46Q>7=lubR zD9iplIcdSj7UN2ckonnvY_Ep)12_w1{EYcMm~V&oX2@qv{z+z?GMmqs`U}kL&JoS> zJ`m?vtUnbq)7X1RsSD^?e@aD8ZKOw$g}&jZGVdE+y! zMbk29miT|1QNZjON3aZw8wDW;QllWxgU@#yES?LDhdhCQ%bPkFGucXv2H72WHDiHe zb7(tEFXA0+0NWu27GnjPluwO<9PMq#fJ6j$(0`x5?H`Bkx)KOsA8d7r z&NgSyccsmt$HY}|f{}+uF0VB60XIj(YN!1;uHId6PoZlB`T~ArGyU7Hd_6{$m%VrmZ_c-{qVTJ*tE0 z4qR*L=Pp6XhM%HyZm*8)v`w${%$^OT=y{)jRJ%+HP>HaUmhUQuxg7)DZDZKyY zX+qvtr}x=3>29k{u0m^*);_nyF8+HT%?J9eF^a9M-$f(qypJ*0+9;y7t(0Fqwf7zE z-?~#4*0QZP#l*MSq%38ZeRN%Qc`hr$(7HU`?qX;zx8eMNm>YLDq~@wC(;I_6NBxqf zJSG3{h`CYsTn?gdQl1QV+VghAl-609-j(+`@*r(b*Ac(rSySs#z}vI9kC%~}^jhu8 z^ya_Mk=FIR7uM93S!Wyv+rlh#7m`i8n$qyOD6*~hlADEV29lw5d@}~OH9hIZog$0i z!+gnKU67W^@uDuBl$N0)`fV{-b4DyJ?|PfyjKK(+h;f3{D%WZ!J=89)FTMAf58@mU zLsLE7t~I532b#Z=ys3FstHnfNuEvvpi`5TZ|FEX4%B|cYm!j-qA~07$Ssf`nlWD29 zWkkyTf%E~n`mMLNrYNlObH*@vs~f$gd1vyw%!>pUOV%@g45=k@t=dU)ir(`z#$slp zieoSk^(&QfyK<7=m{Xc2zG z-n5@Enor?fS>+ayNZKC!nX%jX$Lu2X_s59XH?`Mtr*)<$z<%zsoLt}?Yt65Dgc-8= z zeLlKIDX*GtQMNb5i@eUy?ZN+i`LGC`pW?wRo!=$i-&OypJYJ0+($-TtzwNA!cTn>T zjqZMD?z=^th4*_S{95I1HFCQmB%9=8XVufO>y=J>(!0c`h%;P440D7IJL^ledWabZ zv-@&pYHx=)(&lp`HRH(hW7dqrk{{B}=gkq_)zW5sD3|Qww~M2#?wZI;drrG?2N!c| zFF}jZFZ~I7Q=cKG!yT{8%JvRF%)lLbt>584u7%xnuT;#6dC`5@IQuTYlhYuKdND`F zd5}#vSCXGIM#hoM5zU+<#N~CbWaO28-UEJ~HsN_c-WXSZio4YAp&srhVK(pc>BH5BZ+MvV)f2fR|FI#Ds~$zv3B- zJf~-Sn)gGrZKv5%t{r_+d!@S!+qJ~q^&?O!>{GfW|75q8b|59P(|->mM^}WxQ>RM1 z=98r@GUgTcN%-*@D~zP;5!(0wit1cO*T3Wzk`Q5? zp0wfh(i2FGcoQtYge>r4ZE5Z4Q>1>NHJ77l-AoMq3)~hO={AIjw8rc4)=Y z`SQb}rDgsZKh(T(6h1OhM+0QhT73jQ_?+WBPG~vAh+w5$fZppr1tB%WM^OsSMG@*yyup=?UyY zSl$XDQPGyO_6_jW=VT9Y`S&qGmeSG_y!Yj8@u{aZA7KigmL3M7=o``T)RY>(@EKoY zd5jT?wvp1JDVybowy2V=ggGC{%QNhFA}4iEW{jSa5cfc0Q@-?M>JR$zRAIz|GW{8 z-Y4}9HFs?1{rInQpKAq_7SWt>c`GW?SLMj!Ec6ub>2dl9NdLamjL7NcE~InK2q_rzS1>OJ+zLFBy7*({m_B z6Vt{^27NU-`&rJVw2X*F4x@@Ok{n$`YPDQBkNn7MFER0WwUe0C**eu(;oq1t^c3iI zGo~U|O{q|#JM(vb@4;>!B7em<(HcG_CdMJpE#XP70xZ>@R!nU*X&XGDww;eBe%cNX z_cm-}Jz*YwtKY+_O6lLBCjQ^W*J&bp1U^Z= z1?s@uYjKE}34*VAm|{frQl;a)$t#{jW38j2=w?`|KL(!7;z@`yTGUJR$04?G6+3w3 zTn6_Prlck2NxGB;8qHP7Q_tHGDrOU5o))63qiIuW7<6*N@vjlh=A-ka`lC{>xr~G9 zQvK10WUNG-Yb#InQvK1W1udgZx>SEOx<6|d)`HT_Q#oD|yndc7KXIx4sCa)V_ZRy1 z)9+$bTB?8h`=EjBol3W>pT_NLss8P+!WOilK-|7B)gOVh|ChNuh!OZw{Sjzym~(j+ zFJc7sQvGop;Jo-2R!IL0UC)t`lgb!Jvs8a1ymKPozRG0X5^1Ua?T?WYXdATH1q$Y# z%wdTskt)?63&)zA&Gh|Fy^FDEss8Pc-1wwq%9*WH+x#qUKQ3j5;_l25l0zY-tWd0g zACd{9gce%L3Po;odQ2&fSj=rGTas1Cx0QMqx38u8_n&8PnA3Y61>*L7ss0FdV6|px zYNbYuKug)QU(Nxx&r&w+m+K_9&r)X|Lar@~~{n0#hGmiQ6h|%~`{SoM_fj9JQ&d>}of_ka`ICP%Oj5~YK zQIwJmWZZmOLlxtgU8+ASkrK5)DjUteF{-$f6$+joo2|Q2D72Inid%Dh?Ybu+w9r!h zQ81phQ~fZ_$<*Y8eiG9nEY%;wL!51U;BxOC0E_5mZ8!WIV@Q?ik40i@yshc4)vUQ# zjHO6%qgMhk&Ig#a#F>N#c+e8qS>W_n&tf<9!s$BTOlZbJw zjfi3#`BME65yfbVrM-;QOZCSgv1o~f#ypAtiz(wvDT0zU4|=a-NX7Rqzt{*X^@rfj z#Ko}xhVRN_NNs9Vr0rMp(^5o?13@@TC^*LHLYqY|;?)(bL zQMx(3dncAY|6eSJIjqeZt*|oV6g3GmR?L&wc3AT@T45HAXGz~?jaFDku;YiY7tHIv zg?CLIT`CKy8m-XE9h!$gJDxCIcxO2yusQA44spIlE6mIfAvvNq-F)u> z{!i1mt<^}^XoZ)nUk@M=hoCO~2$hZ$t=rLfevNk61u^fQn?N=s2U42eZL#NSw8A`J zDs&9Cm5;DSE0iL06U;{$S!Je9(nT{$d4zn|j}*|{n!^1L0$#f=WSd0vfH z$mKp_YB}a-*0Hw_56O>7#ovzJ?P|2b&$t#NTeL6CvGmAUm$c8^4u8HzE6gE7_DaK>I?D zq$Rwq#H4Gq!b=UZhZm8G=QMHho|+G|qxb9@t#H?GB$rqX?<;3aA@;4?;htZk74{T` zd^CV#l{ra8YT99MTccGE(w0JE40UO5*Mr$LTHzKw$eABcjm?@vwjG`GYP3QwdH6IM zGO6xEMrfN-d%W6Fd{&KCs5vj7cHxZ7TTp5kSqTVbr5)<|HCkb>M~!s06Jk~ms~z@y zjaHb2+Pnvr6rO!np&jOCjaFFGzDj(bbD0)wTccGE#xCX{^BqdJdMmW1^vAigQl+IG zwcFKbhkuMw8KRXtmuOA4AwPvOWjNc?wfixSRU z7t(Gh?O(z|oq&VP-7ep+;)Wq+rT+r=Wm6M<;Z7-ZMLI@4u2XQ4GV&HJg|th_{~v0U zDUqXkTO&uGXVYxUF?~oAwzUdG-TOvaJBEGdU&+iWpESodGii|nyqA)^ClC1SS5Y~R zCaFR67;{;j;fWDkB_!`{=vRsHL)#k`Iw3$!2^R$aC4) z5s9exNX}%m>(Qsuheyyfk{d5v*@^ogI+1;5UNvSdPzv)73n{$>j;>F2A?cucq6=Lm zkD}ZK@^UICb^RxLg!fnw14lh`F3R21-dgi^kxPe=xvzPf2%lB-7xJ^_^ z+(zn3y%9Mv(9DiaJ;lthlxWpb@;AlFcTSfxcaoOksGv4rmMKz+yk;&e-VjW!!pxZ= zT> zdzqzwE=l=~7L4P21zhZj{2s1VLY;kGSDWqZf zCC3-ZXqd*$EOTNt#C!AlYM6ec&xiHzhsY)Mp>iVMvo!+_d7ABlg6Vq=C{OcyM!!h3 zl<1UaD8*c&@9{V8Lm&C4RCvtv3~05e=bMr>AG79;ru7iia&ME!nD;q&2l;FCL#?FP z6}hj^vUlmchRvR}<48K+VS4=Z*Z67dpRV9+7jb zPHINiW`4_d)ThU;8mm0hWz(Xz&Ft6?T|VPuiBFfa^;?+TG4mCx$KtMAsl zo7>n3Qu=X_a8-iec1{^iIfe@@_W_}L$$y^I%$wx?d< z{XaeybcC8HWf#c%*|q%j?ww~J|yJ`(x1~5 zO1@%^Dg;(2K%{Que7_K`>uvAa<8*)Zsq5HdwPxDG`4+ILiB2$n84cI@^_Q@Y!|5SK zJggqd_le$l*k7+}DWQzqy#OVK&`I^4+m6P#SM;lui=R%9b)>1Z_8pI(N}tJDjY{Zk z-tmp>+T;5CDJ;oYoUVt+ijUlQP8;2K))2O%QJ^jeb1|RUNO^}ld%=6HxT<`Je#+{S rzcZcB(0hpQW!LZdEoT_AeFFQ58F{7`I5P5V|Kz|ZAiO*+jFArjH`*Jy diff --git a/lib/TLS/src/Method.cpp b/lib/TLS/src/Method.cpp index 97dd692..15dabf1 100644 --- a/lib/TLS/src/Method.cpp +++ b/lib/TLS/src/Method.cpp @@ -579,6 +579,7 @@ void eap::method_tls::process_request_packet( #else if (pReceivedPacket->Code == EapCodeRequest && (m_packet_req.m_flags & flags_req_start)) { // This is the EAP-TLS start message: (re)initialize method. + m_module.log_event(&EAPMETHOD_TLS_HANDSHAKE_START2, event_data((unsigned int)eap_type_tls), event_data::blank); m_phase = phase_handshake_init; m_sc_queue.assign(m_packet_req.m_data.begin(), m_packet_req.m_data.end()); } else @@ -1352,7 +1353,32 @@ void eap::method_tls::process_handshake() } m_sc_queue.clear(); - m_phase = status == SEC_E_OK ? phase_application_data : phase_handshake_cont; + if (status == SEC_E_OK) { + SecPkgContext_Authority auth; + if (FAILED(status = QueryContextAttributes(m_sc_ctx, SECPKG_ATTR_AUTHORITY, &auth))) { + m_module.log_event(&EAPMETHOD_TLS_QUERY_FAILED, event_data((unsigned int)SECPKG_ATTR_AUTHORITY), event_data(status), event_data::blank); + auth.sAuthorityName = _T(""); + } + + SecPkgContext_ConnectionInfo info; + if (SUCCEEDED(status = QueryContextAttributes(m_sc_ctx, SECPKG_ATTR_CONNECTION_INFO, &info))) + m_module.log_event(&EAPMETHOD_TLS_HANDSHAKE_FINISHED, + event_data((unsigned int)eap_type_tls), + event_data(auth.sAuthorityName), + event_data(info.dwProtocol), + event_data(info.aiCipher), + event_data(info.dwCipherStrength), + event_data(info.aiHash), + event_data(info.dwHashStrength), + event_data(info.aiExch), + event_data(info.dwExchStrength), + event_data::blank); + else + m_module.log_event(&EAPMETHOD_TLS_QUERY_FAILED, event_data((unsigned int)SECPKG_ATTR_CONNECTION_INFO), event_data(status), event_data::blank); + + m_phase = phase_application_data; + } else + m_phase = phase_handshake_cont; } else if (status == SEC_E_INCOMPLETE_MESSAGE) { // Schannel neeeds more data. Send ACK packet to server to send more. } else if (FAILED(status)) {