diff --git a/lib/EAPBase/include/EAP.h b/lib/EAPBase/include/EAP.h index f1bac15..99bd34c 100644 --- a/lib/EAPBase/include/EAP.h +++ b/lib/EAPBase/include/EAP.h @@ -124,11 +124,6 @@ namespace eap _In_bytecount_(size) const void *data, _In_ unsigned int size, _Inout_ sanitizing_blob &packet); - - /// - /// EAP packet - /// - class packet; } /// @@ -728,58 +723,6 @@ namespace eap }; #pragma pack(pop) - - - class packet - { - public: - /// - /// Constructs an empty packet - /// - packet(); - - /// - /// Copies a packet - /// - /// \param[in] other Packet to copy from - /// - packet(_In_ const packet &other); - - /// - /// Moves a packet - /// - /// \param[in] other Packet to move from - /// - packet(_Inout_ packet &&other); - - /// - /// Copies a packet - /// - /// \param[in] other Packet to copy from - /// - /// \returns Reference to this object - /// - packet& operator=(_In_ const packet &other); - - /// - /// Moves a packet - /// - /// \param[in] other Packet to move from - /// - /// \returns Reference to this object - /// - packet& operator=(_Inout_ packet &&other); - - /// - /// Empty the packet - /// - virtual void clear(); - - public: - EapCode m_code; ///< Packet code - unsigned char m_id; ///< Packet ID - sanitizing_blob m_data; ///< Packet data - }; } diff --git a/lib/EAPBase/src/EAP.cpp b/lib/EAPBase/src/EAP.cpp index e3f84e1..e1a26d4 100644 --- a/lib/EAPBase/src/EAP.cpp +++ b/lib/EAPBase/src/EAP.cpp @@ -94,62 +94,3 @@ void eap::diameter_avp_append( packet.insert(packet.end(), reinterpret_cast(data), reinterpret_cast(data) + size); packet.insert(packet.end(), padding, 0); } - - -////////////////////////////////////////////////////////////////////// -// eap::packet -////////////////////////////////////////////////////////////////////// - -eap::packet::packet() : - m_code((EapCode)0), - m_id(0) -{ -} - - -eap::packet::packet(_In_ const packet &other) : - m_code(other.m_code), - m_id (other.m_id ), - m_data(other.m_data) -{ -} - - -eap::packet::packet(_Inout_ packet &&other) : - m_code(std::move(other.m_code)), - m_id (std::move(other.m_id )), - m_data(std::move(other.m_data)) -{ -} - - -eap::packet& eap::packet::operator=(_In_ const packet &other) -{ - if (this != std::addressof(other)) { - m_code = other.m_code; - m_id = other.m_id ; - m_data = other.m_data; - } - - return *this; -} - - -eap::packet& eap::packet::operator=(_Inout_ packet &&other) -{ - if (this != std::addressof(other)) { - m_code = std::move(other.m_code); - m_id = std::move(other.m_id ); - m_data = std::move(other.m_data); - } - - return *this; -} - - -void eap::packet::clear() -{ - m_code = (EapCode)0; - m_id = 0; - m_data.clear(); -} diff --git a/lib/TLS/build/TLS.vcxproj b/lib/TLS/build/TLS.vcxproj index 5056f7e..abcd14f 100644 --- a/lib/TLS/build/TLS.vcxproj +++ b/lib/TLS/build/TLS.vcxproj @@ -81,7 +81,6 @@ - @@ -93,7 +92,6 @@ Create - diff --git a/lib/TLS/build/TLS.vcxproj.filters b/lib/TLS/build/TLS.vcxproj.filters index 553f9db..3761eec 100644 --- a/lib/TLS/build/TLS.vcxproj.filters +++ b/lib/TLS/build/TLS.vcxproj.filters @@ -20,9 +20,6 @@ Header Files - - Header Files - @@ -34,8 +31,5 @@ Source Files - - Source Files - \ No newline at end of file diff --git a/lib/TLS/include/Config.h b/lib/TLS/include/Config.h index ec05344..0170f49 100644 --- a/lib/TLS/include/Config.h +++ b/lib/TLS/include/Config.h @@ -45,7 +45,6 @@ namespace eap #pragma once #include "Credentials.h" -#include "TLS.h" #include "../../EAPBase/include/Config.h" diff --git a/lib/TLS/include/TLS.h b/lib/TLS/include/TLS.h deleted file mode 100644 index 88cce47..0000000 --- a/lib/TLS/include/TLS.h +++ /dev/null @@ -1,671 +0,0 @@ -/* - Copyright 2015-2016 Amebis - Copyright 2016 GÉANT - - This file is part of GÉANTLink. - - GÉANTLink is free software: you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - GÉANTLink is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GÉANTLink. If not, see . -*/ - -#include "../../EAPBase/include/EAP.h" - -namespace eap -{ - /// - /// TLS packet type - /// - /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter: A.1. Record Layer](https://tools.ietf.org/html/rfc5246#appendix-A.1) - /// - enum tls_message_type_t; - - /// - /// TLS handshake type - /// - /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter: A.4. Handshake Protocol](https://tools.ietf.org/html/rfc5246#appendix-A.4) - /// - enum tls_handshake_type_t; - - /// - /// TLS alert level - /// - /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter: 7.2. Alert Protocol)](https://tools.ietf.org/html/rfc5246#section-7.2) - /// - enum tls_alert_level_t; - - /// - /// TLS alert description - /// - /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter: 7.2. Alert Protocol)](https://tools.ietf.org/html/rfc5246#section-7.2) - /// - enum tls_alert_desc_t; - - /// - /// TLS protocol version - /// - struct tls_version; - extern const tls_version tls_version_1_0; - extern const tls_version tls_version_1_1; - extern const tls_version tls_version_1_2; - - /// - /// TLS client/server random - /// - struct tls_random; - - /// - /// Master secret - /// - /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (8.1. Computing the Master Secret)](https://tools.ietf.org/html/rfc5246#section-8.1) - /// - struct tls_master_secret; - - /// - /// HMAC padding - /// - /// \sa [HMAC: Keyed-Hashing for Message Authentication](https://tools.ietf.org/html/rfc2104) - /// - struct hmac_padding; - - /// - /// Our own implementation of HMAC hashing - /// Microsoft's implementation ([MSDN](https://msdn.microsoft.com/en-us/library/windows/desktop/aa382379.aspx)) is flaky. - /// - /// \sa [HMAC: Keyed-Hashing for Message Authentication](https://tools.ietf.org/html/rfc2104) - /// - class hmac_hash; - - /// - /// TLS client connection state - /// - /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 6.1. Connection States)](https://tools.ietf.org/html/rfc5246#section-6.1) - /// - class tls_conn_state; - - /// - /// EAP-TLS packet - /// - class packet_tls; - - /// - /// TLS map of handshake messages received - /// - class tls_handshake_flags; -} - -#pragma once - -#include - -#include - - -namespace eap -{ -#pragma warning(push) -#pragma warning(disable: 4480) - - enum tls_message_type_t : unsigned char - { - tls_message_type_change_cipher_spec = 20, - tls_message_type_alert = 21, - tls_message_type_handshake = 22, - tls_message_type_application_data = 23, - }; - - - enum tls_handshake_type_t : unsigned char - { - tls_handshake_type_hello_request = 0, - tls_handshake_type_client_hello = 1, - tls_handshake_type_server_hello = 2, - tls_handshake_type_certificate = 11, - tls_handshake_type_server_key_exchange = 12, - tls_handshake_type_certificate_request = 13, - tls_handshake_type_server_hello_done = 14, - tls_handshake_type_certificate_verify = 15, - tls_handshake_type_client_key_exchange = 16, - tls_handshake_type_finished = 20, - - tls_handshake_type_min = 0, ///< First existing handshake message - tls_handshake_type_max = 21 ///< First non-existing (officially) handshake message - }; - - - enum tls_alert_level_t : unsigned char - { - tls_alert_level_warning = 1, - tls_alert_level_fatal = 2, - }; - - - enum tls_alert_desc_t : unsigned char - { - tls_alert_desc_close_notify = 0, - tls_alert_desc_unexpected_message = 10, - tls_alert_desc_bad_record_mac = 20, - tls_alert_desc_decryption_failed = 21, // reserved - tls_alert_desc_record_overflow = 22, - tls_alert_desc_decompression_failure = 30, - tls_alert_desc_handshake_failure = 40, - tls_alert_desc_no_certificate = 41, // reserved - tls_alert_desc_bad_certificate = 42, - tls_alert_desc_unsupported_certificate = 43, - tls_alert_desc_certificate_revoked = 44, - tls_alert_desc_certificate_expired = 45, - tls_alert_desc_certificate_unknown = 46, - tls_alert_desc_illegal_parameter = 47, - tls_alert_desc_unknown_ca = 48, - tls_alert_desc_access_denied = 49, - tls_alert_desc_decode_error = 50, - tls_alert_desc_decrypt_error = 51, - tls_alert_desc_export_restriction = 60, // reserved - tls_alert_desc_protocol_version = 70, - tls_alert_desc_insufficient_security = 71, - tls_alert_desc_internal_error = 80, - tls_alert_desc_user_canceled = 90, - tls_alert_desc_no_renegotiation = 100, - tls_alert_desc_unsupported_extension = 110, - }; - -#pragma warning(pop) - - -#pragma pack(push) -#pragma pack(1) - /// - /// TLS protocol version - /// - struct __declspec(novtable) tls_version - { - unsigned char major; ///< Major version - unsigned char minor; ///< Minor version - - /// - /// Copies a TLS version - /// - /// \param[in] other Version to copy from - /// - /// \returns Reference to this object - /// - inline tls_version& operator=(_In_ const tls_version &other) - { - if (this != std::addressof(other)) { - major = other.major; - minor = other.minor; - } - return *this; - } - - /// - /// Is version less than? - /// - /// \param[in] other Protocol version to compare against - /// \return - /// - Non zero when protocol version is less than h; - /// - Zero otherwise. - /// - inline bool operator<(_In_ const tls_version &other) const - { - return major < other.major || major == other.major && minor < other.minor; - } - - /// - /// Is version less than or equal to? - /// - /// \param[in] other Protocol version to compare against - /// \return - /// - Non zero when protocol version is less than or equal to h; - /// - Zero otherwise. - /// - inline bool operator<=(_In_ const tls_version &other) const - { - return !operator>(other); - } - - /// - /// Is version greater than or equal to? - /// - /// \param[in] other Protocol version to compare against - /// \return - /// - Non zero when protocol version is greater than or equal to h; - /// - Zero otherwise. - /// - inline bool operator>=(_In_ const tls_version &other) const - { - return !operator<(other); - } - - /// - /// Is version greater than? - /// - /// \param[in] other Protocol version to compare against - /// \return - /// - Non zero when protocol version is greater than h; - /// - Zero otherwise. - /// - inline bool operator>(_In_ const tls_version &other) const - { - return other.major < major || other.major == major && other.minor < minor; - } - - /// - /// Is version not equal to? - /// - /// \param[in] other Protocol version to compare against - /// \return - /// - Non zero when protocol version is not equal to h; - /// - Zero otherwise. - /// - inline bool operator!=(_In_ const tls_version &other) const - { - return !operator==(other); - } - - /// - /// Is version equal to? - /// - /// \param[in] other Protocol version to compare against - /// \return - /// - Non zero when protocol version is equal to h; - /// - Zero otherwise. - /// - inline bool operator==(_In_ const tls_version &other) const - { - return major == other.major && minor == other.minor; - } - }; -#pragma pack(pop) - - -#pragma pack(push) -#pragma pack(1) - struct __declspec(novtable) tls_random : public sanitizing_blob_xf<32> - { - /// - /// Generate TLS random - /// - /// \param[in] cp Handle of the cryptographics provider - /// - void randomize(_In_ HCRYPTPROV cp); - }; -#pragma pack(pop) - - -#pragma pack(push) -#pragma pack(1) - struct __declspec(novtable) tls_master_secret : public sanitizing_blob_xf<48> - { - /// - /// Constructor - /// - tls_master_secret(); - - /// - /// Constructs a pre-master secret - /// - /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.7.1. RSA-Encrypted Premaster Secret Message)](https://tools.ietf.org/html/rfc5246#section-7.4.7.1) - /// - /// \param[in] cp Handle of the cryptographics provider - /// \param[in] ver TLS version - /// - tls_master_secret(_In_ HCRYPTPROV cp, _In_ tls_version ver); - - /// - /// Copies a master secret - /// - /// \param[in] other Master secret to copy from - /// - tls_master_secret(_In_ const sanitizing_blob_f<48> &other); - -#ifdef _DEBUG - /// - /// Moves the master secret - /// - /// \param[inout] other Master secret to move from - /// - tls_master_secret(_Inout_ sanitizing_blob_zf<48> &&other); -#endif - }; -#pragma pack(pop) - - -#pragma pack(push) -#pragma pack(1) - struct __declspec(novtable) hmac_padding : public sanitizing_blob_xf<64> - { - /// - /// Constructor - /// - hmac_padding(); - - /// - /// Derive padding from secret - /// - /// \param[in] cp Handle of the cryptographics provider - /// \param[in] alg Hashing algorithm - /// \param[in] secret HMAC secret - /// \param[in] size_secret \p secret size - /// \param[in] pad Padding value to XOR with (0x36=inner, 0x5c=outer...) - /// - hmac_padding( - _In_ HCRYPTPROV cp, - _In_ ALG_ID alg, - _In_bytecount_(size_secret ) const void *secret, - _In_ size_t size_secret, - _In_opt_ unsigned char pad = 0x36); - - /// - /// Copies a padding - /// - /// \param[in] other Master secret to copy from - /// - hmac_padding(_In_ const sanitizing_blob_f<64> &other); - -#ifdef _DEBUG - /// - /// Moves the padding - /// - /// \param[inout] other Padding to move from - /// - hmac_padding(_Inout_ sanitizing_blob_zf<64> &&other); -#endif - }; -#pragma pack(pop) - - - class hmac_hash - { - public: - /// - /// Construct new HMAC hashing object - /// - /// \param[in] cp Handle of the cryptographics provider - /// \param[in] alg Hashing algorithm - /// \param[in] secret HMAC secret - /// \param[in] size_secret \p secret size - /// - hmac_hash( - _In_ HCRYPTPROV cp, - _In_ ALG_ID alg, - _In_bytecount_(size_secret ) const void *secret, - _In_ size_t size_secret); - - /// - /// Construct new HMAC hashing object using already prepared inner padding - /// - /// \param[in] cp Handle of the cryptographics provider - /// \param[in] alg Hashing algorithm - /// \param[in] padding HMAC secret XOR inner padding - /// - hmac_hash( - _In_ HCRYPTPROV cp, - _In_ ALG_ID alg, - _In_ const hmac_padding &padding); - - /// - /// Provides access to inner hash object to hash data at will. - /// - /// \returns Inner hashing object handle - /// - inline operator HCRYPTHASH() - { - return m_hash_inner; - } - - /// - /// Completes hashing and returns hashed data. - /// - /// \param[out] val Calculated hash value - /// - template - inline void calculate(_Out_ std::vector<_Ty, _Ax> &val) - { - // Calculate inner hash. - if (!CryptGetHashParam(m_hash_inner, HP_HASHVAL, val, 0)) - throw win_runtime_error(__FUNCTION__ " Error calculating inner hash."); - - // Hash inner hash with outer hash. - if (!CryptHashData(m_hash_outer, (const BYTE*)val.data(), (DWORD)(val.size() * sizeof(_Ty)), 0)) - throw win_runtime_error(__FUNCTION__ " Error hashing inner hash."); - - // Calculate outer hash. - if (!CryptGetHashParam(m_hash_outer, HP_HASHVAL, val, 0)) - throw win_runtime_error(__FUNCTION__ " Error calculating outer hash."); - } - - protected: - winstd::crypt_hash m_hash_inner; ///< Inner hashing object - winstd::crypt_hash m_hash_outer; ///< Outer hashing object - }; - - - class tls_conn_state - { - public: - /// - /// Constructs a connection state - /// - tls_conn_state(); - - /// - /// Copy a connection state - /// - /// \param[in] other Connection state to copy from - /// - tls_conn_state(_In_ const tls_conn_state &other); - - /// - /// Moves a connection state - /// - /// \param[inout] other Connection state to move from - /// - tls_conn_state(_Inout_ tls_conn_state &&other); - - /// - /// Copy a connection state - /// - /// \param[inout] other Connection state to copy from - /// - /// \returns Reference to this object - /// - tls_conn_state& operator=(_In_ const tls_conn_state &other); - - /// - /// Moves a connection state - /// - /// \param[in] other Connection state to move from - /// - /// \returns Reference to this object - /// - tls_conn_state& operator=(_Inout_ tls_conn_state &&other); - - /// - /// Configures state according to given cipher - /// - /// \param[in] cipher Cipher ID - /// - void set_cipher(_In_ const unsigned char cipher[2]); - - public: - LPCTSTR m_prov_name; ///< Cryptography provider name - DWORD m_prov_type; ///< Cryptography provider type - ALG_ID m_alg_encrypt; ///< Bulk encryption algorithm - size_t m_size_enc_key; ///< Encryption key size in bytes (has to comply with `m_alg_encrypt`) - size_t m_size_enc_iv; ///< Encryption initialization vector size in bytes (has to comply with `m_alg_encrypt`) - size_t m_size_enc_block; ///< Encryption block size in bytes (has to comply with `m_alg_encrypt`) - winstd::crypt_key m_key; ///< Key for encrypting messages - ALG_ID m_alg_mac; ///< Message authenticy check algorithm - size_t m_size_mac_key; ///< Message authenticy check algorithm key size (has to comply with `m_alg_mac`) - size_t m_size_mac_hash; ///< Message authenticy check algorithm result size (has to comply with `m_alg_mac`) - hmac_padding m_padding_hmac; ///< Padding (key) for HMAC calculation - }; - - - class packet_tls : public packet - { - public: -#pragma warning(push) -#pragma warning(disable: 4480) - - /// - /// EAP-TLS request packet flags - /// - /// \sa [The EAP-TLS Authentication Protocol (Chapter: 3.1 EAP-TLS Request Packet)](https://tools.ietf.org/html/rfc5216#section-3.1) - /// - enum flags_req_t : unsigned char { - flags_req_length_incl = 0x80, ///< Length included - flags_req_more_frag = 0x40, ///< More fragments - flags_req_start = 0x20, ///< Start - }; - - /// - /// EAP-TLS response packet flags - /// - /// \sa [The EAP-TLS Authentication Protocol (Chapter: 3.2 EAP-TLS Response Packet)](https://tools.ietf.org/html/rfc5216#section-3.2) - /// - enum flags_res_t : unsigned char { - flags_res_length_incl = 0x80, ///< Length included - flags_res_more_frag = 0x40, ///< More fragments - }; - -#pragma warning(pop) - - public: - /// - /// Constructs an empty packet - /// - packet_tls(); - - /// - /// Copies a packet - /// - /// \param[in] other Packet to copy from - /// - packet_tls(_In_ const packet_tls &other); - - /// - /// Moves a packet - /// - /// \param[in] other Packet to move from - /// - packet_tls(_Inout_ packet_tls &&other); - - /// - /// Copies a packet - /// - /// \param[in] other Packet to copy from - /// - /// \returns Reference to this object - /// - packet_tls& operator=(_In_ const packet_tls &other); - - /// - /// Moves a packet - /// - /// \param[in] other Packet to move from - /// - /// \returns Reference to this object - /// - packet_tls& operator=(_Inout_ packet_tls &&other); - - /// - /// Empty the packet - /// - virtual void clear(); - - /// - /// Appends fragment - /// - /// \param[in] pck EAP packet fragment - /// - /// \returns - /// - \c true if this was the last fragment of a packet - /// - \c false if more fragments are to follow - /// - bool append_frag(_In_ const EapPacket *pck); - - /// - /// Gets next fragment of the packet - /// - /// \param[out ] pck Memory to write EAP packet to - /// \param[inout] size_max Available size of \p pck (in bytes) - /// - /// \returns Final size of the packet (fragment) - /// - unsigned short get_frag(_Out_bytecap_(size_max) EapPacket *pck, _In_ size_t size_max); - - /// - /// Is this packet an ACK - /// - /// \param[in] id ID of originating EAP packet - /// - inline bool is_ack(_In_ unsigned char id) const - { - return - m_code == EapCodeRequest && - m_id == id && - m_data.empty() && - !(m_flags & (flags_req_length_incl | flags_req_more_frag | flags_req_start)); - } - - public: - unsigned char m_flags; ///< Packet flags - }; - - - class tls_handshake_flags - { - public: - /// - /// Constructs an empty set of flags - /// - inline tls_handshake_flags() - { - memset(m_flags, 0, sizeof(m_flags)); - } - - /// - /// Empty set of flags - /// - inline void clear() - { - memset(m_flags, 0, sizeof(m_flags)); - } - - /// - /// Set particular flag - /// - /// \param[in] type TLS handshake message to set its flag - /// - inline void set(_In_ tls_handshake_type_t type) - { - assert(tls_handshake_type_min <= type && type < tls_handshake_type_max); - m_flags[type] = true; - } - - /// - /// Get particular flag - /// - /// \param[in] type TLS handshake message to get its flag - /// - inline bool operator[](_In_ tls_handshake_type_t type) const - { - assert(tls_handshake_type_min <= type && type < tls_handshake_type_max); - return m_flags[type]; - } - - protected: - bool m_flags[tls_handshake_type_max]; ///< Set of flags - }; -} diff --git a/lib/TLS/src/StdAfx.h b/lib/TLS/src/StdAfx.h index 22c9463..80b2f3a 100644 --- a/lib/TLS/src/StdAfx.h +++ b/lib/TLS/src/StdAfx.h @@ -22,7 +22,6 @@ #include "../include/Config.h" #include "../include/Credentials.h" -#include "../include/TLS.h" #include "../../EAPBase/include/EAPXML.h" diff --git a/lib/TLS/src/TLS.cpp b/lib/TLS/src/TLS.cpp deleted file mode 100644 index 84df3f4..0000000 --- a/lib/TLS/src/TLS.cpp +++ /dev/null @@ -1,594 +0,0 @@ -/* - Copyright 2015-2016 Amebis - Copyright 2016 GÉANT - - This file is part of GÉANTLink. - - GÉANTLink is free software: you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - GÉANTLink is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GÉANTLink. If not, see . -*/ - -#include "StdAfx.h" - -using namespace std; -using namespace winstd; - - -////////////////////////////////////////////////////////////////////// -// eap::tls_version -////////////////////////////////////////////////////////////////////// - -const eap::tls_version eap::tls_version_1_0 = { 3, 1 }; -const eap::tls_version eap::tls_version_1_1 = { 3, 2 }; -const eap::tls_version eap::tls_version_1_2 = { 3, 3 }; - - -////////////////////////////////////////////////////////////////////// -// eap::tls_random -////////////////////////////////////////////////////////////////////// - -void eap::tls_random::randomize(_In_ HCRYPTPROV cp) -{ - _time32((__time32_t*)data); - if (!CryptGenRandom(cp, sizeof(data) - sizeof(__time32_t), data + sizeof(__time32_t))) - throw win_runtime_error(__FUNCTION__ " Error creating randomness."); -} - - -////////////////////////////////////////////////////////////////////// -// eap::tls_master_secret -////////////////////////////////////////////////////////////////////// - -eap::tls_master_secret::tls_master_secret() -{ -} - - -eap::tls_master_secret::tls_master_secret(_In_ HCRYPTPROV cp, _In_ tls_version ver) -{ - data[0] = ver.major; - data[1] = ver.minor; - - if (!CryptGenRandom(cp, sizeof(data) - 2, data + 2)) - throw win_runtime_error(__FUNCTION__ " Error creating PMS randomness."); -} - - -eap::tls_master_secret::tls_master_secret(_In_ const sanitizing_blob_f<48> &other) : - sanitizing_blob_xf<48>(other) -{ -} - - -#ifdef _DEBUG - -eap::tls_master_secret::tls_master_secret(_Inout_ sanitizing_blob_zf<48> &&other) : - sanitizing_blob_xf<48>(std::move(other)) -{ -} - -#endif - - -////////////////////////////////////////////////////////////////////// -// eap::hmac_padding -////////////////////////////////////////////////////////////////////// - -eap::hmac_padding::hmac_padding() -{ -} - - -eap::hmac_padding::hmac_padding( - _In_ HCRYPTPROV cp, - _In_ ALG_ID alg, - _In_bytecount_(size_secret ) const void *secret, - _In_ size_t size_secret, - _In_opt_ unsigned char pad) -{ - if (size_secret > sizeof(hmac_padding)) { - // If the secret is longer than padding, use secret's hash instead. - crypt_hash hash; - if (!hash.create(cp, alg)) - throw win_runtime_error(__FUNCTION__ " Error creating hash."); - if (!CryptHashData(hash, (const BYTE*)secret, (DWORD)size_secret, 0)) - throw win_runtime_error(__FUNCTION__ " Error hashing."); - DWORD size_hash = sizeof(hmac_padding); - if (!CryptGetHashParam(hash, HP_HASHVAL, data, &size_hash, 0)) - throw win_runtime_error(__FUNCTION__ " Error finishing hash."); - size_secret = size_hash; - } else - memcpy(data, secret, size_secret); - for (size_t i = 0; i < size_secret; i++) - data[i] ^= pad; - memset(data + size_secret, pad, sizeof(hmac_padding) - size_secret); -} - - -eap::hmac_padding::hmac_padding(_In_ const sanitizing_blob_f<64> &other) : - sanitizing_blob_xf<64>(other) -{ -} - - -#ifdef _DEBUG - -eap::hmac_padding::hmac_padding(_Inout_ sanitizing_blob_zf<64> &&other) : - sanitizing_blob_xf<64>(std::move(other)) -{ -} - -#endif - - -////////////////////////////////////////////////////////////////////// -// eap::hmac_hash -////////////////////////////////////////////////////////////////////// - -eap::hmac_hash::hmac_hash( - _In_ HCRYPTPROV cp, - _In_ ALG_ID alg, - _In_bytecount_(size_secret ) const void *secret, - _In_ size_t size_secret) -{ - // Prepare inner padding and forward to the other constructor. - this->hmac_hash::hmac_hash(cp, alg, hmac_padding(cp, alg, secret, size_secret)); -} - - -eap::hmac_hash::hmac_hash( - _In_ HCRYPTPROV cp, - _In_ ALG_ID alg, - _In_ const hmac_padding &padding) -{ - // Create inner hash. - if (!m_hash_inner.create(cp, alg)) - throw win_runtime_error(__FUNCTION__ " Error creating inner hash."); - - // Initialize it with the inner padding. - if (!CryptHashData(m_hash_inner, padding.data, sizeof(hmac_padding), 0)) - throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding."); - - // Convert inner padding to outer padding for final calculation. - hmac_padding padding_out; - for (size_t i = 0; i < sizeof(hmac_padding); i++) - padding_out.data[i] = padding.data[i] ^ (0x36 ^ 0x5c); - - // Create outer hash. - if (!m_hash_outer.create(cp, alg)) - throw win_runtime_error(__FUNCTION__ " Error creating outer hash."); - - // Initialize it with the outer padding. - if (!CryptHashData(m_hash_outer, padding_out.data, sizeof(hmac_padding), 0)) - throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding."); -} - - -////////////////////////////////////////////////////////////////////// -// eap::tls_conn_state -////////////////////////////////////////////////////////////////////// - -eap::tls_conn_state::tls_conn_state() -#ifdef _DEBUG - // Initialize state primitive members for diagnostic purposes. - : - m_prov_name (NULL), - m_prov_type (0), - m_alg_encrypt (0), - m_size_enc_key (0), - m_size_enc_iv (0), - m_size_enc_block(0), - m_alg_mac (0), - m_size_mac_key (0), - m_size_mac_hash (0) -#endif -{ -} - - -eap::tls_conn_state::tls_conn_state(_In_ const tls_conn_state &other) : - m_prov_name (other.m_prov_name ), - m_prov_type (other.m_prov_type ), - m_alg_encrypt (other.m_alg_encrypt ), - m_size_enc_key (other.m_size_enc_key ), - m_size_enc_iv (other.m_size_enc_iv ), - m_size_enc_block(other.m_size_enc_block), - m_key (other.m_key ), - m_alg_mac (other.m_alg_mac ), - m_size_mac_key (other.m_size_mac_key ), - m_size_mac_hash (other.m_size_mac_hash ), - m_padding_hmac (other.m_padding_hmac ) -{ -} - - -eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) : - m_prov_name (std::move(other.m_prov_name )), - m_prov_type (std::move(other.m_prov_type )), - m_alg_encrypt (std::move(other.m_alg_encrypt )), - m_size_enc_key (std::move(other.m_size_enc_key )), - m_size_enc_iv (std::move(other.m_size_enc_iv )), - m_size_enc_block(std::move(other.m_size_enc_block)), - m_key (std::move(other.m_key )), - m_alg_mac (std::move(other.m_alg_mac )), - m_size_mac_key (std::move(other.m_size_mac_key )), - m_size_mac_hash (std::move(other.m_size_mac_hash )), - m_padding_hmac (std::move(other.m_padding_hmac )) -{ -#ifdef _DEBUG - // Reinitialize other state primitive members for diagnostic purposes. - other.m_prov_name = NULL; - other.m_prov_type = 0; - other.m_alg_encrypt = 0; - other.m_size_enc_key = 0; - other.m_size_enc_iv = 0; - other.m_size_enc_block = 0; - other.m_alg_mac = 0; - other.m_size_mac_key = 0; - other.m_size_mac_hash = 0; -#endif -} - - -eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &other) -{ - if (this != std::addressof(other)) { - m_prov_name = other.m_prov_name ; - m_prov_type = other.m_prov_type ; - m_alg_encrypt = other.m_alg_encrypt ; - m_size_enc_key = other.m_size_enc_key ; - m_size_enc_iv = other.m_size_enc_iv ; - m_size_enc_block = other.m_size_enc_block; - m_key = other.m_key ; - m_alg_mac = other.m_alg_mac ; - m_size_mac_key = other.m_size_mac_key ; - m_size_mac_hash = other.m_size_mac_hash ; - m_padding_hmac = other.m_padding_hmac ; - } - - return *this; -} - - -eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&other) -{ - if (this != std::addressof(other)) { - m_prov_name = std::move(other.m_prov_name ); - m_prov_type = std::move(other.m_prov_type ); - m_alg_encrypt = std::move(other.m_alg_encrypt ); - m_size_enc_key = std::move(other.m_size_enc_key ); - m_size_enc_iv = std::move(other.m_size_enc_iv ); - m_size_enc_block = std::move(other.m_size_enc_block); - m_key = std::move(other.m_key ); - m_alg_mac = std::move(other.m_alg_mac ); - m_size_mac_key = std::move(other.m_size_mac_key ); - m_size_mac_hash = std::move(other.m_size_mac_hash ); - m_padding_hmac = std::move(other.m_padding_hmac ); - -#ifdef _DEBUG - // Reinitialize other state primitive members for diagnostic purposes. - other.m_prov_name = NULL; - other.m_prov_type = 0; - other.m_alg_encrypt = 0; - other.m_size_enc_key = 0; - other.m_size_enc_iv = 0; - other.m_size_enc_block = 0; - other.m_alg_mac = 0; - other.m_size_mac_key = 0; - other.m_size_mac_hash = 0; -#endif - } - - return *this; -} - - -void eap::tls_conn_state::set_cipher(_In_ const unsigned char cipher[2]) -{ - if (cipher[0] == 0x00 && cipher[1] == 0x0a) { - // TLS_RSA_WITH_3DES_EDE_CBC_SHA - m_prov_name = NULL; - m_prov_type = PROV_RSA_AES; - m_alg_encrypt = CALG_3DES; - m_size_enc_key = 192/8; // 3DES 192bits - m_size_enc_iv = 64/8; // 3DES 64bits - m_size_enc_block = 64/8; // 3DES 64bits - m_alg_mac = CALG_SHA1; - m_size_mac_key = 160/8; // SHA-1 - m_size_mac_hash = 160/8; // SHA-1 - } else if (cipher[0] == 0x00 && cipher[1] == 0x2f) { - // TLS_RSA_WITH_AES_128_CBC_SHA - m_prov_name = NULL; - m_prov_type = PROV_RSA_AES; - m_alg_encrypt = CALG_AES_128; - m_size_enc_key = 128/8; // AES-128 - m_size_enc_iv = 128/8; // AES-128 - m_size_enc_block = 128/8; // AES-128 - m_alg_mac = CALG_SHA1; - m_size_mac_key = 160/8; // SHA-1 - m_size_mac_hash = 160/8; // SHA-1 - } else if (cipher[0] == 0x00 && cipher[1] == 0x3c) { - // AES128-SHA256 - m_prov_name = NULL; - m_prov_type = PROV_RSA_AES; - m_alg_encrypt = CALG_AES_128; - m_size_enc_key = 128/8; // AES-128 - m_size_enc_iv = 128/8; // AES-128 - m_size_enc_block = 128/8; // AES-128 - m_alg_mac = CALG_SHA_256; - m_size_mac_key = 256/8; // SHA-256 - m_size_mac_hash = 256/8; // SHA-256 - } else if (cipher[0] == 0x00 && cipher[1] == 0x3d) { - // AES256-SHA256 - m_prov_name = MS_ENH_RSA_AES_PROV; - m_prov_type = PROV_RSA_AES; - m_alg_encrypt = CALG_AES_256; - m_size_enc_key = 256/8; // AES-256 - m_size_enc_iv = 128/8; // AES-256 - m_size_enc_block = 128/8; // AES-256 - m_alg_mac = CALG_SHA_256; - m_size_mac_key = 256/8; // SHA-256 - m_size_mac_hash = 256/8; // SHA-256 - } else if (cipher[0] == 0x00 && cipher[1] == 0x40) { - // DHE-DSS-AES128-SHA256 - m_prov_name = MS_ENH_DSS_DH_PROV; - m_prov_type = PROV_DSS_DH; - m_alg_encrypt = CALG_AES_128; - m_size_enc_key = 128/8; // AES-128 - m_size_enc_iv = 128/8; // AES-128 - m_size_enc_block = 128/8; // AES-128 - m_alg_mac = CALG_SHA_256; - m_size_mac_key = 256/8; // SHA-256 - m_size_mac_hash = 256/8; // SHA-256 - } else if (cipher[0] == 0x00 && cipher[1] == 0x67) { - // DHE-RSA-AES128-SHA256 - m_prov_name = MS_DEF_DH_SCHANNEL_PROV; - m_prov_type = PROV_DH_SCHANNEL; - m_alg_encrypt = CALG_AES_128; - m_size_enc_key = 128/8; // AES-128 - m_size_enc_iv = 128/8; // AES-128 - m_size_enc_block = 128/8; // AES-128 - m_alg_mac = CALG_SHA_256; - m_size_mac_key = 256/8; // SHA-256 - m_size_mac_hash = 256/8; // SHA-256 - } else if (cipher[0] == 0x00 && cipher[1] == 0x6a) { - // DHE-DSS-AES256-SHA256 - m_prov_name = MS_ENH_DSS_DH_PROV; - m_prov_type = PROV_DSS_DH; - m_alg_encrypt = CALG_AES_256; - m_size_enc_key = 256/8; // AES-256 - m_size_enc_iv = 128/8; // AES-256 - m_size_enc_block = 128/8; // AES-256 - m_alg_mac = CALG_SHA_256; - m_size_mac_key = 256/8; // SHA-256 - m_size_mac_hash = 256/8; // SHA-256 - } else if (cipher[0] == 0x00 && cipher[1] == 0x6b) { - // DHE-RSA-AES256-SHA256 - m_prov_name = MS_DEF_DH_SCHANNEL_PROV; - m_prov_type = PROV_DH_SCHANNEL; - m_alg_encrypt = CALG_AES_256; - m_size_enc_key = 256/8; // AES-256 - m_size_enc_iv = 128/8; // AES-256 - m_size_enc_block = 128/8; // AES-256 - m_alg_mac = CALG_SHA_256; - m_size_mac_key = 256/8; // SHA-256 - m_size_mac_hash = 256/8; // SHA-256 - } else if (cipher[0] == 0xc0 && cipher[1] == 0x23) { - // ECDHE-ECDSA-AES128-SHA256 - m_prov_name = MS_ENH_DSS_DH_PROV; - m_prov_type = PROV_DSS_DH; - m_alg_encrypt = CALG_AES_128; - m_size_enc_key = 128/8; // AES-128 - m_size_enc_iv = 128/8; // AES-128 - m_size_enc_block = 128/8; // AES-128 - m_alg_mac = CALG_SHA_256; - m_size_mac_key = 256/8; // SHA-256 - m_size_mac_hash = 256/8; // SHA-256 - } else if (cipher[0] == 0xc0 && cipher[1] == 0x24) { - // ECDHE-ECDSA-AES256-SHA384 - m_prov_name = MS_ENH_DSS_DH_PROV; - m_prov_type = PROV_DSS_DH; - m_alg_encrypt = CALG_AES_256; - m_size_enc_key = 256/8; // AES-256 - m_size_enc_iv = 128/8; // AES-256 - m_size_enc_block = 128/8; // AES-256 - m_alg_mac = CALG_SHA_384; - m_size_mac_key = 384/8; // SHA-384 - m_size_mac_hash = 384/8; // SHA-384 - } else if (cipher[0] == 0xc0 && cipher[1] == 0x27) { - // ECDHE-RSA-AES128-SHA256 - m_prov_name = MS_ENH_DSS_DH_PROV; - m_prov_type = PROV_DSS_DH; - m_alg_encrypt = CALG_AES_128; - m_size_enc_key = 128/8; // AES-128 - m_size_enc_iv = 128/8; // AES-128 - m_size_enc_block = 128/8; // AES-128 - m_alg_mac = CALG_SHA_256; - m_size_mac_key = 256/8; // SHA-256 - m_size_mac_hash = 256/8; // SHA-256 - } else if (cipher[0] == 0xc0 && cipher[1] == 0x28) { - // ECDHE-RSA-AES256-SHA384 - m_prov_name = MS_ENH_DSS_DH_PROV; - m_prov_type = PROV_DSS_DH; - m_alg_encrypt = CALG_AES_256; - m_size_enc_key = 256/8; // AES-256 - m_size_enc_iv = 128/8; // AES-256 - m_size_enc_block = 128/8; // AES-256 - m_alg_mac = CALG_SHA_384; - m_size_mac_key = 384/8; // SHA-384 - m_size_mac_hash = 384/8; // SHA-384 - } else - throw win_runtime_error(ERROR_NOT_SUPPORTED, string_printf(__FUNCTION__ " Unknown cipher (received: 0x%02x%02x).", cipher[0], cipher[1])); -} - - -////////////////////////////////////////////////////////////////////// -// eap::packet_tls -////////////////////////////////////////////////////////////////////// - -eap::packet_tls::packet_tls() : - m_flags(0), - packet() -{ -} - - -eap::packet_tls::packet_tls(_In_ const packet_tls &other) : - m_flags(other.m_flags), - packet (other ) -{ -} - - -eap::packet_tls::packet_tls(_Inout_ packet_tls &&other) : - m_flags(std::move(other.m_flags)), - packet (std::move(other )) -{ -} - - -eap::packet_tls& eap::packet_tls::operator=(_In_ const packet_tls &other) -{ - if (this != std::addressof(other)) { - (packet&)*this = other; - m_flags = other.m_flags; - } - - return *this; -} - - -eap::packet_tls& eap::packet_tls::operator=(_Inout_ packet_tls &&other) -{ - if (this != std::addressof(other)) { - (packet&)*this = std::move(other); - m_flags = std::move(other.m_flags); - } - - return *this; -} - - -void eap::packet_tls::clear() -{ - packet::clear(); - m_flags = 0; -} - - -bool eap::packet_tls::append_frag(_In_ const EapPacket *pck) -{ - assert(pck); - - // Get packet data pointer and size for more readable code later on. - const unsigned char *packet_data_ptr; - size_t size_packet_data; - if (pck->Data[1] & flags_req_length_incl) { - // Length field is included. - packet_data_ptr = pck->Data + 6; - size_packet_data = ntohs(*reinterpret_cast(pck->Length)) - 10; - } else { - // Length field not included. - packet_data_ptr = pck->Data + 2; - size_packet_data = ntohs(*reinterpret_cast(pck->Length)) - 6; - } - - // Do the EAP-TLS defragmentation. - if (pck->Data[1] & flags_req_more_frag) { - if (m_data.empty()) { - // Start a new packet. - if (pck->Data[1] & flags_req_length_incl) { - // Preallocate data according to the Length field. - size_t size_tot = ntohl(*reinterpret_cast(pck->Data + 2)); - m_data.reserve(size_tot); - //m_module.log_event(&EAPMETHOD_PACKET_RECV_FRAG_FIRST, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_packet_data), event_data((unsigned int)size_tot), event_data::blank); - } else { - // The Length field was not included. Odd. Nevermind, no pre-allocation then. - //m_module.log_event(&EAPMETHOD_PACKET_RECV_FRAG_FIRST1, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_packet_data), event_data::blank); - } - } else { - // Mid fragment received. - //m_module.log_event(&EAPMETHOD_PACKET_RECV_FRAG_MID, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_packet_data), event_data((unsigned int)m_data.size()), event_data::blank); - } - m_data.insert(m_data.end(), packet_data_ptr, packet_data_ptr + size_packet_data); - - return false; - } else if (!m_data.empty()) { - // Last fragment received. Append data. - m_data.insert(m_data.end(), packet_data_ptr, packet_data_ptr + size_packet_data); - //m_module.log_event(&EAPMETHOD_PACKET_RECV_FRAG_LAST, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_packet_data), event_data((unsigned int)m_data.size()), event_data::blank); - } else { - // This is a complete non-fragmented packet. - m_data.assign(packet_data_ptr, packet_data_ptr + size_packet_data); - //m_module.log_event(&EAPMETHOD_PACKET_RECV, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_packet_data), event_data::blank); - } - - m_code = (EapCode)pck->Code; - m_id = pck->Id; - m_flags = pck->Data[1]; - - return true; -} - - -unsigned short eap::packet_tls::get_frag(_Out_bytecap_(size_pck) EapPacket *pck, _In_ size_t size_max) -{ - assert(pck); - - size_t size_data = m_data.size(); - assert(size_data <= UINT_MAX - 6); // Packets spanning over 4GB are not supported by EAP. - unsigned int size_packet = (unsigned int)size_data + 6; - unsigned short size_packet_limit = (unsigned short)std::min(size_max, USHRT_MAX); - unsigned char *data_dst; - - if (!(m_flags & flags_res_more_frag)) { - // Not fragmented. - if (size_packet <= size_packet_limit) { - // No need to fragment the packet. - m_flags &= ~flags_res_length_incl; // No need to explicitly include the Length field either. - data_dst = pck->Data + 2; - //m_module.log_event(&EAPMETHOD_PACKET_SEND, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_data), event_data::blank); - } else { - // But it should be fragmented. - m_flags |= flags_res_length_incl | flags_res_more_frag; - *reinterpret_cast(pck->Data + 2) = htonl(size_packet); - data_dst = pck->Data + 6; - size_data = size_packet_limit - 10; - size_packet = size_packet_limit; - //m_module.log_event(&EAPMETHOD_PACKET_SEND_FRAG_FIRST, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_data), event_data((unsigned int)(m_data.size() - size_data)), event_data::blank); - } - } else { - // Continuing the fragmented packet... - if (size_packet > size_packet_limit) { - // This is a mid fragment. - m_flags &= ~flags_res_length_incl; - size_data = size_packet_limit - 6; - size_packet = size_packet_limit; - //m_module.log_event(&EAPMETHOD_PACKET_SEND_FRAG_MID, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_data), event_data((unsigned int)(m_data.size() - size_data)), event_data::blank); - } else { - // This is the last fragment. - m_flags &= ~(flags_res_length_incl | flags_res_more_frag); - //m_module.log_event(&EAPMETHOD_PACKET_SEND_FRAG_LAST, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_data), event_data((unsigned int)(m_data.size() - size_data)), event_data::blank); - } - data_dst = pck->Data + 2; - } - - pck->Code = (BYTE)m_code; - pck->Id = m_id; - *reinterpret_cast(pck->Length) = htons((unsigned short)size_packet); - pck->Data[0] = (BYTE)eap_type_tls; - pck->Data[1] = m_flags; - memcpy(data_dst, m_data.data(), size_data); - m_data.erase(m_data.begin(), m_data.begin() + size_data); - return (unsigned short)size_packet; -} diff --git a/lib/TTLS/build/TTLS.vcxproj b/lib/TTLS/build/TTLS.vcxproj index 8539920..0f5716f 100644 --- a/lib/TTLS/build/TTLS.vcxproj +++ b/lib/TTLS/build/TTLS.vcxproj @@ -83,7 +83,6 @@ - diff --git a/lib/TTLS/build/TTLS.vcxproj.filters b/lib/TTLS/build/TTLS.vcxproj.filters index 1aa920b..5cd912e 100644 --- a/lib/TTLS/build/TTLS.vcxproj.filters +++ b/lib/TTLS/build/TTLS.vcxproj.filters @@ -26,9 +26,6 @@ Header Files - - Header Files - diff --git a/lib/TTLS/include/Method.h b/lib/TTLS/include/Method.h index d3c771f..95fd74b 100644 --- a/lib/TTLS/include/Method.h +++ b/lib/TTLS/include/Method.h @@ -40,7 +40,6 @@ namespace eap #include "Config.h" #include "Credentials.h" -#include "TTLS.h" #include "../../EAPBase/include/Method.h" diff --git a/lib/TTLS/include/TTLS.h b/lib/TTLS/include/TTLS.h deleted file mode 100644 index 7f22386..0000000 --- a/lib/TTLS/include/TTLS.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - Copyright 2015-2016 Amebis - Copyright 2016 GÉANT - - This file is part of GÉANTLink. - - GÉANTLink is free software: you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - GÉANTLink is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GÉANTLink. If not, see . -*/ - -namespace eap -{ - /// - /// EAP-TTLS packet - /// - class packet_ttls; -} - -#pragma once - -#include "../../TLS/include/TLS.h" - - -namespace eap -{ - class packet_ttls : public packet_tls - { - public: - /// - /// EAP-TTLS packet flags - /// - /// \sa [Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0) (Chapter: 9.1 Packet Format)](https://tools.ietf.org/html/rfc5281#section-9.1) - /// - #pragma warning(suppress: 4480) - enum flags_t : unsigned char { - flags_length_incl = packet_tls::flags_req_length_incl, ///< Length included - flags_more_frag = packet_tls::flags_req_more_frag, ///< More fragments - flags_start = packet_tls::flags_req_start, ///< Start - flags_ver_mask = 0x07, ///< Version mask - }; - }; -} diff --git a/lib/TTLS/src/Method.cpp b/lib/TTLS/src/Method.cpp index 51a84b5..6f2720f 100644 --- a/lib/TTLS/src/Method.cpp +++ b/lib/TTLS/src/Method.cpp @@ -781,14 +781,14 @@ void eap::method_ttls::get_result( const unsigned char *_key_block = key_block.rgbKeys; // MSK: MPPE-Recv-Key - a.create_ms_mppe_key(16, _key_block, sizeof(tls_random)); + a.create_ms_mppe_key(16, _key_block, 32); m_eap_attr.push_back(std::move(a)); - _key_block += sizeof(tls_random); + _key_block += 32; // MSK: MPPE-Send-Key - a.create_ms_mppe_key(17, _key_block, sizeof(tls_random)); + a.create_ms_mppe_key(17, _key_block, 32); m_eap_attr.push_back(std::move(a)); - _key_block += sizeof(tls_random); + _key_block += 32; SecureZeroMemory(&key_block, sizeof(key_block)); diff --git a/lib/TTLS/src/StdAfx.h b/lib/TTLS/src/StdAfx.h index 2c8306d..a58249a 100644 --- a/lib/TTLS/src/StdAfx.h +++ b/lib/TTLS/src/StdAfx.h @@ -24,7 +24,6 @@ #include "../include/Credentials.h" #include "../include/Method.h" #include "../include/Module.h" -#include "../include/TTLS.h" #include "../../PAP/include/Config.h" #include "../../PAP/include/Method.h"