Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Various ownTLS leftover clean-up

Browse Source
This commit is contained in:
Simon Rozman 2016-11-01 05:33:55 +01:00
parent 655cbe70d1
commit 52a428bb5e
14 changed files with 4 additions and 1453 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
lib/EAPBase/include/EAP.h
View File

@ -124,11 +124,6 @@ namespace eap
_In_bytecount_(size) const void *data, _In_bytecount_(size) const void *data,
_In_ unsigned int size, _In_ unsigned int size,
_Inout_ sanitizing_blob &packet); _Inout_ sanitizing_blob &packet);
///
/// EAP packet
///
class packet;
} }
/// ///
@ -728,58 +723,6 @@ namespace eap
}; };
#pragma pack(pop) #pragma pack(pop)
class packet
{
public:
///
/// Constructs an empty packet
///
packet();
///
/// Copies a packet
///
/// \param[in] other Packet to copy from
///
packet(_In_ const packet &other);
///
/// Moves a packet
///
/// \param[in] other Packet to move from
///
packet(_Inout_ packet &&other);
///
/// Copies a packet
///
/// \param[in] other Packet to copy from
///
/// \returns Reference to this object
///
packet& operator=(_In_ const packet &other);
///
/// Moves a packet
///
/// \param[in] other Packet to move from
///
/// \returns Reference to this object
///
packet& operator=(_Inout_ packet &&other);
///
/// Empty the packet
///
virtual void clear();
public:
EapCode m_code; ///< Packet code
unsigned char m_id; ///< Packet ID
sanitizing_blob m_data; ///< Packet data
};
} }

59
lib/EAPBase/src/EAP.cpp
View File

@ -94,62 +94,3 @@ void eap::diameter_avp_append(
packet.insert(packet.end(), reinterpret_cast<const unsigned char*>(data), reinterpret_cast<const unsigned char*>(data) + size); packet.insert(packet.end(), reinterpret_cast<const unsigned char*>(data), reinterpret_cast<const unsigned char*>(data) + size);
packet.insert(packet.end(), padding, 0); packet.insert(packet.end(), padding, 0);
} }
//////////////////////////////////////////////////////////////////////
// eap::packet
//////////////////////////////////////////////////////////////////////
eap::packet::packet() :
m_code((EapCode)0),
m_id(0)
{
}
eap::packet::packet(_In_ const packet &other) :
m_code(other.m_code),
m_id (other.m_id ),
m_data(other.m_data)
{
}
eap::packet::packet(_Inout_ packet &&other) :
m_code(std::move(other.m_code)),
m_id (std::move(other.m_id )),
m_data(std::move(other.m_data))
{
}
eap::packet& eap::packet::operator=(_In_ const packet &other)
{
if (this != std::addressof(other)) {
m_code = other.m_code;
m_id = other.m_id ;
m_data = other.m_data;
}
return *this;
}
eap::packet& eap::packet::operator=(_Inout_ packet &&other)
{
if (this != std::addressof(other)) {
m_code = std::move(other.m_code);
m_id = std::move(other.m_id );
m_data = std::move(other.m_data);
}
return *this;
}
void eap::packet::clear()
{
m_code = (EapCode)0;
m_id = 0;
m_data.clear();
}

2
lib/TLS/build/TLS.vcxproj
View File

@ -81,7 +81,6 @@
<ItemGroup> <ItemGroup>
<ClInclude Include="..\include\Config.h" /> <ClInclude Include="..\include\Config.h" />
<ClInclude Include="..\include\Credentials.h" /> <ClInclude Include="..\include\Credentials.h" />
<ClInclude Include="..\include\TLS.h" />
<ClInclude Include="..\src\StdAfx.h" /> <ClInclude Include="..\src\StdAfx.h" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
@ -93,7 +92,6 @@
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader> <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
</ClCompile> </ClCompile>
<ClCompile Include="..\src\Credentials.cpp" /> <ClCompile Include="..\src\Credentials.cpp" />
<ClCompile Include="..\src\TLS.cpp" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ProjectReference Include="..\..\Events\build\Events.vcxproj"> <ProjectReference Include="..\..\Events\build\Events.vcxproj">

6
lib/TLS/build/TLS.vcxproj.filters
View File

@ -20,9 +20,6 @@
<ClInclude Include="..\include\Credentials.h"> <ClInclude Include="..\include\Credentials.h">
<Filter>Header Files</Filter> <Filter>Header Files</Filter>
</ClInclude> </ClInclude>
<ClInclude Include="..\include\TLS.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClCompile Include="..\src\StdAfx.cpp"> <ClCompile Include="..\src\StdAfx.cpp">
@ -34,8 +31,5 @@
<ClCompile Include="..\src\Credentials.cpp"> <ClCompile Include="..\src\Credentials.cpp">
<Filter>Source Files</Filter> <Filter>Source Files</Filter>
</ClCompile> </ClCompile>
<ClCompile Include="..\src\TLS.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup> </ItemGroup>
</Project> </Project>

1
lib/TLS/include/Config.h
View File

@ -45,7 +45,6 @@ namespace eap
#pragma once #pragma once
#include "Credentials.h" #include "Credentials.h"
#include "TLS.h"
#include "../../EAPBase/include/Config.h" #include "../../EAPBase/include/Config.h"

671
lib/TLS/include/TLS.h
View File

@ -1,671 +0,0 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "../../EAPBase/include/EAP.h"
namespace eap
{
///
/// TLS packet type
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter: A.1. Record Layer](https://tools.ietf.org/html/rfc5246#appendix-A.1)
///
enum tls_message_type_t;
///
/// TLS handshake type
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter: A.4. Handshake Protocol](https://tools.ietf.org/html/rfc5246#appendix-A.4)
///
enum tls_handshake_type_t;
///
/// TLS alert level
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter: 7.2. Alert Protocol)](https://tools.ietf.org/html/rfc5246#section-7.2)
///
enum tls_alert_level_t;
///
/// TLS alert description
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter: 7.2. Alert Protocol)](https://tools.ietf.org/html/rfc5246#section-7.2)
///
enum tls_alert_desc_t;
///
/// TLS protocol version
///
struct tls_version;
extern const tls_version tls_version_1_0;
extern const tls_version tls_version_1_1;
extern const tls_version tls_version_1_2;
///
/// TLS client/server random
///
struct tls_random;
///
/// Master secret
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (8.1. Computing the Master Secret)](https://tools.ietf.org/html/rfc5246#section-8.1)
///
struct tls_master_secret;
///
/// HMAC padding
///
/// \sa [HMAC: Keyed-Hashing for Message Authentication](https://tools.ietf.org/html/rfc2104)
///
struct hmac_padding;
///
/// Our own implementation of HMAC hashing
/// Microsoft's implementation ([MSDN](https://msdn.microsoft.com/en-us/library/windows/desktop/aa382379.aspx)) is flaky.
///
/// \sa [HMAC: Keyed-Hashing for Message Authentication](https://tools.ietf.org/html/rfc2104)
///
class hmac_hash;
///
/// TLS client connection state
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 6.1. Connection States)](https://tools.ietf.org/html/rfc5246#section-6.1)
///
class tls_conn_state;
///
/// EAP-TLS packet
///
class packet_tls;
///
/// TLS map of handshake messages received
///
class tls_handshake_flags;
}
#pragma once
#include <memory>
#include <assert.h>
namespace eap
{
#pragma warning(push)
#pragma warning(disable: 4480)
enum tls_message_type_t : unsigned char
{
tls_message_type_change_cipher_spec = 20,
tls_message_type_alert = 21,
tls_message_type_handshake = 22,
tls_message_type_application_data = 23,
};
enum tls_handshake_type_t : unsigned char
{
tls_handshake_type_hello_request = 0,
tls_handshake_type_client_hello = 1,
tls_handshake_type_server_hello = 2,
tls_handshake_type_certificate = 11,
tls_handshake_type_server_key_exchange = 12,
tls_handshake_type_certificate_request = 13,
tls_handshake_type_server_hello_done = 14,
tls_handshake_type_certificate_verify = 15,
tls_handshake_type_client_key_exchange = 16,
tls_handshake_type_finished = 20,
tls_handshake_type_min = 0, ///< First existing handshake message
tls_handshake_type_max = 21 ///< First non-existing (officially) handshake message
};
enum tls_alert_level_t : unsigned char
{
tls_alert_level_warning = 1,
tls_alert_level_fatal = 2,
};
enum tls_alert_desc_t : unsigned char
{
tls_alert_desc_close_notify = 0,
tls_alert_desc_unexpected_message = 10,
tls_alert_desc_bad_record_mac = 20,
tls_alert_desc_decryption_failed = 21, // reserved
tls_alert_desc_record_overflow = 22,
tls_alert_desc_decompression_failure = 30,
tls_alert_desc_handshake_failure = 40,
tls_alert_desc_no_certificate = 41, // reserved
tls_alert_desc_bad_certificate = 42,
tls_alert_desc_unsupported_certificate = 43,
tls_alert_desc_certificate_revoked = 44,
tls_alert_desc_certificate_expired = 45,
tls_alert_desc_certificate_unknown = 46,
tls_alert_desc_illegal_parameter = 47,
tls_alert_desc_unknown_ca = 48,
tls_alert_desc_access_denied = 49,
tls_alert_desc_decode_error = 50,
tls_alert_desc_decrypt_error = 51,
tls_alert_desc_export_restriction = 60, // reserved
tls_alert_desc_protocol_version = 70,
tls_alert_desc_insufficient_security = 71,
tls_alert_desc_internal_error = 80,
tls_alert_desc_user_canceled = 90,
tls_alert_desc_no_renegotiation = 100,
tls_alert_desc_unsupported_extension = 110,
};
#pragma warning(pop)
#pragma pack(push)
#pragma pack(1)
///
/// TLS protocol version
///
struct __declspec(novtable) tls_version
{
unsigned char major; ///< Major version
unsigned char minor; ///< Minor version
///
/// Copies a TLS version
///
/// \param[in] other Version to copy from
///
/// \returns Reference to this object
///
inline tls_version& operator=(_In_ const tls_version &other)
{
if (this != std::addressof(other)) {
major = other.major;
minor = other.minor;
}
return *this;
}
///
/// Is version less than?
///
/// \param[in] other Protocol version to compare against
/// \return
/// - Non zero when protocol version is less than h;
/// - Zero otherwise.
///
inline bool operator<(_In_ const tls_version &other) const
{
return major < other.major || major == other.major && minor < other.minor;
}
///
/// Is version less than or equal to?
///
/// \param[in] other Protocol version to compare against
/// \return
/// - Non zero when protocol version is less than or equal to h;
/// - Zero otherwise.
///
inline bool operator<=(_In_ const tls_version &other) const
{
return !operator>(other);
}
///
/// Is version greater than or equal to?
///
/// \param[in] other Protocol version to compare against
/// \return
/// - Non zero when protocol version is greater than or equal to h;
/// - Zero otherwise.
///
inline bool operator>=(_In_ const tls_version &other) const
{
return !operator<(other);
}
///
/// Is version greater than?
///
/// \param[in] other Protocol version to compare against
/// \return
/// - Non zero when protocol version is greater than h;
/// - Zero otherwise.
///
inline bool operator>(_In_ const tls_version &other) const
{
return other.major < major || other.major == major && other.minor < minor;
}
///
/// Is version not equal to?
///
/// \param[in] other Protocol version to compare against
/// \return
/// - Non zero when protocol version is not equal to h;
/// - Zero otherwise.
///
inline bool operator!=(_In_ const tls_version &other) const
{
return !operator==(other);
}
///
/// Is version equal to?
///
/// \param[in] other Protocol version to compare against
/// \return
/// - Non zero when protocol version is equal to h;
/// - Zero otherwise.
///
inline bool operator==(_In_ const tls_version &other) const
{
return major == other.major && minor == other.minor;
}
};
#pragma pack(pop)
#pragma pack(push)
#pragma pack(1)
struct __declspec(novtable) tls_random : public sanitizing_blob_xf<32>
{
///
/// Generate TLS random
///
/// \param[in] cp Handle of the cryptographics provider
///
void randomize(_In_ HCRYPTPROV cp);
};
#pragma pack(pop)
#pragma pack(push)
#pragma pack(1)
struct __declspec(novtable) tls_master_secret : public sanitizing_blob_xf<48>
{
///
/// Constructor
///
tls_master_secret();
///
/// Constructs a pre-master secret
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.7.1. RSA-Encrypted Premaster Secret Message)](https://tools.ietf.org/html/rfc5246#section-7.4.7.1)
///
/// \param[in] cp Handle of the cryptographics provider
/// \param[in] ver TLS version
///
tls_master_secret(_In_ HCRYPTPROV cp, _In_ tls_version ver);
///
/// Copies a master secret
///
/// \param[in] other Master secret to copy from
///
tls_master_secret(_In_ const sanitizing_blob_f<48> &other);
#ifdef _DEBUG
///
/// Moves the master secret
///
/// \param[inout] other Master secret to move from
///
tls_master_secret(_Inout_ sanitizing_blob_zf<48> &&other);
#endif
};
#pragma pack(pop)
#pragma pack(push)
#pragma pack(1)
struct __declspec(novtable) hmac_padding : public sanitizing_blob_xf<64>
{
///
/// Constructor
///
hmac_padding();
///
/// Derive padding from secret
///
/// \param[in] cp Handle of the cryptographics provider
/// \param[in] alg Hashing algorithm
/// \param[in] secret HMAC secret
/// \param[in] size_secret \p secret size
/// \param[in] pad Padding value to XOR with (0x36=inner, 0x5c=outer...)
///
hmac_padding(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret,
_In_ size_t size_secret,
_In_opt_ unsigned char pad = 0x36);
///
/// Copies a padding
///
/// \param[in] other Master secret to copy from
///
hmac_padding(_In_ const sanitizing_blob_f<64> &other);
#ifdef _DEBUG
///
/// Moves the padding
///
/// \param[inout] other Padding to move from
///
hmac_padding(_Inout_ sanitizing_blob_zf<64> &&other);
#endif
};
#pragma pack(pop)
class hmac_hash
{
public:
///
/// Construct new HMAC hashing object
///
/// \param[in] cp Handle of the cryptographics provider
/// \param[in] alg Hashing algorithm
/// \param[in] secret HMAC secret
/// \param[in] size_secret \p secret size
///
hmac_hash(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret,
_In_ size_t size_secret);
///
/// Construct new HMAC hashing object using already prepared inner padding
///
/// \param[in] cp Handle of the cryptographics provider
/// \param[in] alg Hashing algorithm
/// \param[in] padding HMAC secret XOR inner padding
///
hmac_hash(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_ const hmac_padding &padding);
///
/// Provides access to inner hash object to hash data at will.
///
/// \returns Inner hashing object handle
///
inline operator HCRYPTHASH()
{
return m_hash_inner;
}
///
/// Completes hashing and returns hashed data.
///
/// \param[out] val Calculated hash value
///
template<class _Ty, class _Ax>
inline void calculate(_Out_ std::vector<_Ty, _Ax> &val)
{
// Calculate inner hash.
if (!CryptGetHashParam(m_hash_inner, HP_HASHVAL, val, 0))
throw win_runtime_error(__FUNCTION__ " Error calculating inner hash.");
// Hash inner hash with outer hash.
if (!CryptHashData(m_hash_outer, (const BYTE*)val.data(), (DWORD)(val.size() * sizeof(_Ty)), 0))
throw win_runtime_error(__FUNCTION__ " Error hashing inner hash.");
// Calculate outer hash.
if (!CryptGetHashParam(m_hash_outer, HP_HASHVAL, val, 0))
throw win_runtime_error(__FUNCTION__ " Error calculating outer hash.");
}
protected:
winstd::crypt_hash m_hash_inner; ///< Inner hashing object
winstd::crypt_hash m_hash_outer; ///< Outer hashing object
};
class tls_conn_state
{
public:
///
/// Constructs a connection state
///
tls_conn_state();
///
/// Copy a connection state
///
/// \param[in] other Connection state to copy from
///
tls_conn_state(_In_ const tls_conn_state &other);
///
/// Moves a connection state
///
/// \param[inout] other Connection state to move from
///
tls_conn_state(_Inout_ tls_conn_state &&other);
///
/// Copy a connection state
///
/// \param[inout] other Connection state to copy from
///
/// \returns Reference to this object
///
tls_conn_state& operator=(_In_ const tls_conn_state &other);
///
/// Moves a connection state
///
/// \param[in] other Connection state to move from
///
/// \returns Reference to this object
///
tls_conn_state& operator=(_Inout_ tls_conn_state &&other);
///
/// Configures state according to given cipher
///
/// \param[in] cipher Cipher ID
///
void set_cipher(_In_ const unsigned char cipher[2]);
public:
LPCTSTR m_prov_name; ///< Cryptography provider name
DWORD m_prov_type; ///< Cryptography provider type
ALG_ID m_alg_encrypt; ///< Bulk encryption algorithm
size_t m_size_enc_key; ///< Encryption key size in bytes (has to comply with `m_alg_encrypt`)
size_t m_size_enc_iv; ///< Encryption initialization vector size in bytes (has to comply with `m_alg_encrypt`)
size_t m_size_enc_block; ///< Encryption block size in bytes (has to comply with `m_alg_encrypt`)
winstd::crypt_key m_key; ///< Key for encrypting messages
ALG_ID m_alg_mac; ///< Message authenticy check algorithm
size_t m_size_mac_key; ///< Message authenticy check algorithm key size (has to comply with `m_alg_mac`)
size_t m_size_mac_hash; ///< Message authenticy check algorithm result size (has to comply with `m_alg_mac`)
hmac_padding m_padding_hmac; ///< Padding (key) for HMAC calculation
};
class packet_tls : public packet
{
public:
#pragma warning(push)
#pragma warning(disable: 4480)
///
/// EAP-TLS request packet flags
///
/// \sa [The EAP-TLS Authentication Protocol (Chapter: 3.1 EAP-TLS Request Packet)](https://tools.ietf.org/html/rfc5216#section-3.1)
///
enum flags_req_t : unsigned char {
flags_req_length_incl = 0x80, ///< Length included
flags_req_more_frag = 0x40, ///< More fragments
flags_req_start = 0x20, ///< Start
};
///
/// EAP-TLS response packet flags
///
/// \sa [The EAP-TLS Authentication Protocol (Chapter: 3.2 EAP-TLS Response Packet)](https://tools.ietf.org/html/rfc5216#section-3.2)
///
enum flags_res_t : unsigned char {
flags_res_length_incl = 0x80, ///< Length included
flags_res_more_frag = 0x40, ///< More fragments
};
#pragma warning(pop)
public:
///
/// Constructs an empty packet
///
packet_tls();
///
/// Copies a packet
///
/// \param[in] other Packet to copy from
///
packet_tls(_In_ const packet_tls &other);
///
/// Moves a packet
///
/// \param[in] other Packet to move from
///
packet_tls(_Inout_ packet_tls &&other);
///
/// Copies a packet
///
/// \param[in] other Packet to copy from
///
/// \returns Reference to this object
///
packet_tls& operator=(_In_ const packet_tls &other);
///
/// Moves a packet
///
/// \param[in] other Packet to move from
///
/// \returns Reference to this object
///
packet_tls& operator=(_Inout_ packet_tls &&other);
///
/// Empty the packet
///
virtual void clear();
///
/// Appends fragment
///
/// \param[in] pck EAP packet fragment
///
/// \returns
/// - \c true if this was the last fragment of a packet
/// - \c false if more fragments are to follow
///
bool append_frag(_In_ const EapPacket *pck);
///
/// Gets next fragment of the packet
///
/// \param[out ] pck Memory to write EAP packet to
/// \param[inout] size_max Available size of \p pck (in bytes)
///
/// \returns Final size of the packet (fragment)
///
unsigned short get_frag(_Out_bytecap_(size_max) EapPacket *pck, _In_ size_t size_max);
///
/// Is this packet an ACK
///
/// \param[in] id ID of originating EAP packet
///
inline bool is_ack(_In_ unsigned char id) const
{
return
m_code == EapCodeRequest &&
m_id == id &&
m_data.empty() &&
!(m_flags & (flags_req_length_incl | flags_req_more_frag | flags_req_start));
}
public:
unsigned char m_flags; ///< Packet flags
};
class tls_handshake_flags
{
public:
///
/// Constructs an empty set of flags
///
inline tls_handshake_flags()
{
memset(m_flags, 0, sizeof(m_flags));
}
///
/// Empty set of flags
///
inline void clear()
{
memset(m_flags, 0, sizeof(m_flags));
}
///
/// Set particular flag
///
/// \param[in] type TLS handshake message to set its flag
///
inline void set(_In_ tls_handshake_type_t type)
{
assert(tls_handshake_type_min <= type && type < tls_handshake_type_max);
m_flags[type] = true;
}
///
/// Get particular flag
///
/// \param[in] type TLS handshake message to get its flag
///
inline bool operator[](_In_ tls_handshake_type_t type) const
{
assert(tls_handshake_type_min <= type && type < tls_handshake_type_max);
return m_flags[type];
}
protected:
bool m_flags[tls_handshake_type_max]; ///< Set of flags
};
}

1
lib/TLS/src/StdAfx.h
View File

@ -22,7 +22,6 @@
#include "../include/Config.h" #include "../include/Config.h"
#include "../include/Credentials.h" #include "../include/Credentials.h"
#include "../include/TLS.h"
#include "../../EAPBase/include/EAPXML.h" #include "../../EAPBase/include/EAPXML.h"

594
lib/TLS/src/TLS.cpp
View File

@ -1,594 +0,0 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
#include "StdAfx.h"
using namespace std;
using namespace winstd;
//////////////////////////////////////////////////////////////////////
// eap::tls_version
//////////////////////////////////////////////////////////////////////
const eap::tls_version eap::tls_version_1_0 = { 3, 1 };
const eap::tls_version eap::tls_version_1_1 = { 3, 2 };
const eap::tls_version eap::tls_version_1_2 = { 3, 3 };
//////////////////////////////////////////////////////////////////////
// eap::tls_random
//////////////////////////////////////////////////////////////////////
void eap::tls_random::randomize(_In_ HCRYPTPROV cp)
{
_time32((__time32_t*)data);
if (!CryptGenRandom(cp, sizeof(data) - sizeof(__time32_t), data + sizeof(__time32_t)))
throw win_runtime_error(__FUNCTION__ " Error creating randomness.");
}
//////////////////////////////////////////////////////////////////////
// eap::tls_master_secret
//////////////////////////////////////////////////////////////////////
eap::tls_master_secret::tls_master_secret()
{
}
eap::tls_master_secret::tls_master_secret(_In_ HCRYPTPROV cp, _In_ tls_version ver)
{
data[0] = ver.major;
data[1] = ver.minor;
if (!CryptGenRandom(cp, sizeof(data) - 2, data + 2))
throw win_runtime_error(__FUNCTION__ " Error creating PMS randomness.");
}
eap::tls_master_secret::tls_master_secret(_In_ const sanitizing_blob_f<48> &other) :
sanitizing_blob_xf<48>(other)
{
}
#ifdef _DEBUG
eap::tls_master_secret::tls_master_secret(_Inout_ sanitizing_blob_zf<48> &&other) :
sanitizing_blob_xf<48>(std::move(other))
{
}
#endif
//////////////////////////////////////////////////////////////////////
// eap::hmac_padding
//////////////////////////////////////////////////////////////////////
eap::hmac_padding::hmac_padding()
{
}
eap::hmac_padding::hmac_padding(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret,
_In_ size_t size_secret,
_In_opt_ unsigned char pad)
{
if (size_secret > sizeof(hmac_padding)) {
// If the secret is longer than padding, use secret's hash instead.
crypt_hash hash;
if (!hash.create(cp, alg))
throw win_runtime_error(__FUNCTION__ " Error creating hash.");
if (!CryptHashData(hash, (const BYTE*)secret, (DWORD)size_secret, 0))
throw win_runtime_error(__FUNCTION__ " Error hashing.");
DWORD size_hash = sizeof(hmac_padding);
if (!CryptGetHashParam(hash, HP_HASHVAL, data, &size_hash, 0))
throw win_runtime_error(__FUNCTION__ " Error finishing hash.");
size_secret = size_hash;
} else
memcpy(data, secret, size_secret);
for (size_t i = 0; i < size_secret; i++)
data[i] ^= pad;
memset(data + size_secret, pad, sizeof(hmac_padding) - size_secret);
}
eap::hmac_padding::hmac_padding(_In_ const sanitizing_blob_f<64> &other) :
sanitizing_blob_xf<64>(other)
{
}
#ifdef _DEBUG
eap::hmac_padding::hmac_padding(_Inout_ sanitizing_blob_zf<64> &&other) :
sanitizing_blob_xf<64>(std::move(other))
{
}
#endif
//////////////////////////////////////////////////////////////////////
// eap::hmac_hash
//////////////////////////////////////////////////////////////////////
eap::hmac_hash::hmac_hash(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret,
_In_ size_t size_secret)
{
// Prepare inner padding and forward to the other constructor.
this->hmac_hash::hmac_hash(cp, alg, hmac_padding(cp, alg, secret, size_secret));
}
eap::hmac_hash::hmac_hash(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_ const hmac_padding &padding)
{
// Create inner hash.
if (!m_hash_inner.create(cp, alg))
throw win_runtime_error(__FUNCTION__ " Error creating inner hash.");
// Initialize it with the inner padding.
if (!CryptHashData(m_hash_inner, padding.data, sizeof(hmac_padding), 0))
throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding.");
// Convert inner padding to outer padding for final calculation.
hmac_padding padding_out;
for (size_t i = 0; i < sizeof(hmac_padding); i++)
padding_out.data[i] = padding.data[i] ^ (0x36 ^ 0x5c);
// Create outer hash.
if (!m_hash_outer.create(cp, alg))
throw win_runtime_error(__FUNCTION__ " Error creating outer hash.");
// Initialize it with the outer padding.
if (!CryptHashData(m_hash_outer, padding_out.data, sizeof(hmac_padding), 0))
throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding.");
}
//////////////////////////////////////////////////////////////////////
// eap::tls_conn_state
//////////////////////////////////////////////////////////////////////
eap::tls_conn_state::tls_conn_state()
#ifdef _DEBUG
// Initialize state primitive members for diagnostic purposes.
:
m_prov_name (NULL),
m_prov_type (0),
m_alg_encrypt (0),
m_size_enc_key (0),
m_size_enc_iv (0),
m_size_enc_block(0),
m_alg_mac (0),
m_size_mac_key (0),
m_size_mac_hash (0)
#endif
{
}
eap::tls_conn_state::tls_conn_state(_In_ const tls_conn_state &other) :
m_prov_name (other.m_prov_name ),
m_prov_type (other.m_prov_type ),
m_alg_encrypt (other.m_alg_encrypt ),
m_size_enc_key (other.m_size_enc_key ),
m_size_enc_iv (other.m_size_enc_iv ),
m_size_enc_block(other.m_size_enc_block),
m_key (other.m_key ),
m_alg_mac (other.m_alg_mac ),
m_size_mac_key (other.m_size_mac_key ),
m_size_mac_hash (other.m_size_mac_hash ),
m_padding_hmac (other.m_padding_hmac )
{
}
eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) :
m_prov_name (std::move(other.m_prov_name )),
m_prov_type (std::move(other.m_prov_type )),
m_alg_encrypt (std::move(other.m_alg_encrypt )),
m_size_enc_key (std::move(other.m_size_enc_key )),
m_size_enc_iv (std::move(other.m_size_enc_iv )),
m_size_enc_block(std::move(other.m_size_enc_block)),
m_key (std::move(other.m_key )),
m_alg_mac (std::move(other.m_alg_mac )),
m_size_mac_key (std::move(other.m_size_mac_key )),
m_size_mac_hash (std::move(other.m_size_mac_hash )),
m_padding_hmac (std::move(other.m_padding_hmac ))
{
#ifdef _DEBUG
// Reinitialize other state primitive members for diagnostic purposes.
other.m_prov_name = NULL;
other.m_prov_type = 0;
other.m_alg_encrypt = 0;
other.m_size_enc_key = 0;
other.m_size_enc_iv = 0;
other.m_size_enc_block = 0;
other.m_alg_mac = 0;
other.m_size_mac_key = 0;
other.m_size_mac_hash = 0;
#endif
}
eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &other)
{
if (this != std::addressof(other)) {
m_prov_name = other.m_prov_name ;
m_prov_type = other.m_prov_type ;
m_alg_encrypt = other.m_alg_encrypt ;
m_size_enc_key = other.m_size_enc_key ;
m_size_enc_iv = other.m_size_enc_iv ;
m_size_enc_block = other.m_size_enc_block;
m_key = other.m_key ;
m_alg_mac = other.m_alg_mac ;
m_size_mac_key = other.m_size_mac_key ;
m_size_mac_hash = other.m_size_mac_hash ;
m_padding_hmac = other.m_padding_hmac ;
}
return *this;
}
eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&other)
{
if (this != std::addressof(other)) {
m_prov_name = std::move(other.m_prov_name );
m_prov_type = std::move(other.m_prov_type );
m_alg_encrypt = std::move(other.m_alg_encrypt );
m_size_enc_key = std::move(other.m_size_enc_key );
m_size_enc_iv = std::move(other.m_size_enc_iv );
m_size_enc_block = std::move(other.m_size_enc_block);
m_key = std::move(other.m_key );
m_alg_mac = std::move(other.m_alg_mac );
m_size_mac_key = std::move(other.m_size_mac_key );
m_size_mac_hash = std::move(other.m_size_mac_hash );
m_padding_hmac = std::move(other.m_padding_hmac );
#ifdef _DEBUG
// Reinitialize other state primitive members for diagnostic purposes.
other.m_prov_name = NULL;
other.m_prov_type = 0;
other.m_alg_encrypt = 0;
other.m_size_enc_key = 0;
other.m_size_enc_iv = 0;
other.m_size_enc_block = 0;
other.m_alg_mac = 0;
other.m_size_mac_key = 0;
other.m_size_mac_hash = 0;
#endif
}
return *this;
}
void eap::tls_conn_state::set_cipher(_In_ const unsigned char cipher[2])
{
if (cipher[0] == 0x00 && cipher[1] == 0x0a) {
// TLS_RSA_WITH_3DES_EDE_CBC_SHA
m_prov_name = NULL;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_3DES;
m_size_enc_key = 192/8; // 3DES 192bits
m_size_enc_iv = 64/8; // 3DES 64bits
m_size_enc_block = 64/8; // 3DES 64bits
m_alg_mac = CALG_SHA1;
m_size_mac_key = 160/8; // SHA-1
m_size_mac_hash = 160/8; // SHA-1
} else if (cipher[0] == 0x00 && cipher[1] == 0x2f) {
// TLS_RSA_WITH_AES_128_CBC_SHA
m_prov_name = NULL;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA1;
m_size_mac_key = 160/8; // SHA-1
m_size_mac_hash = 160/8; // SHA-1
} else if (cipher[0] == 0x00 && cipher[1] == 0x3c) {
// AES128-SHA256
m_prov_name = NULL;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x3d) {
// AES256-SHA256
m_prov_name = MS_ENH_RSA_AES_PROV;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x40) {
// DHE-DSS-AES128-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x67) {
// DHE-RSA-AES128-SHA256
m_prov_name = MS_DEF_DH_SCHANNEL_PROV;
m_prov_type = PROV_DH_SCHANNEL;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x6a) {
// DHE-DSS-AES256-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x6b) {
// DHE-RSA-AES256-SHA256
m_prov_name = MS_DEF_DH_SCHANNEL_PROV;
m_prov_type = PROV_DH_SCHANNEL;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0xc0 && cipher[1] == 0x23) {
// ECDHE-ECDSA-AES128-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0xc0 && cipher[1] == 0x24) {
// ECDHE-ECDSA-AES256-SHA384
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_384;
m_size_mac_key = 384/8; // SHA-384
m_size_mac_hash = 384/8; // SHA-384
} else if (cipher[0] == 0xc0 && cipher[1] == 0x27) {
// ECDHE-RSA-AES128-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0xc0 && cipher[1] == 0x28) {
// ECDHE-RSA-AES256-SHA384
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_384;
m_size_mac_key = 384/8; // SHA-384
m_size_mac_hash = 384/8; // SHA-384
} else
throw win_runtime_error(ERROR_NOT_SUPPORTED, string_printf(__FUNCTION__ " Unknown cipher (received: 0x%02x%02x).", cipher[0], cipher[1]));
}
//////////////////////////////////////////////////////////////////////
// eap::packet_tls
//////////////////////////////////////////////////////////////////////
eap::packet_tls::packet_tls() :
m_flags(0),
packet()
{
}
eap::packet_tls::packet_tls(_In_ const packet_tls &other) :
m_flags(other.m_flags),
packet (other )
{
}
eap::packet_tls::packet_tls(_Inout_ packet_tls &&other) :
m_flags(std::move(other.m_flags)),
packet (std::move(other ))
{
}
eap::packet_tls& eap::packet_tls::operator=(_In_ const packet_tls &other)
{
if (this != std::addressof(other)) {
(packet&)*this = other;
m_flags = other.m_flags;
}
return *this;
}
eap::packet_tls& eap::packet_tls::operator=(_Inout_ packet_tls &&other)
{
if (this != std::addressof(other)) {
(packet&)*this = std::move(other);
m_flags = std::move(other.m_flags);
}
return *this;
}
void eap::packet_tls::clear()
{
packet::clear();
m_flags = 0;
}
bool eap::packet_tls::append_frag(_In_ const EapPacket *pck)
{
assert(pck);
// Get packet data pointer and size for more readable code later on.
const unsigned char *packet_data_ptr;
size_t size_packet_data;
if (pck->Data[1] & flags_req_length_incl) {
// Length field is included.
packet_data_ptr = pck->Data + 6;
size_packet_data = ntohs(*reinterpret_cast<const unsigned short*>(pck->Length)) - 10;
} else {
// Length field not included.
packet_data_ptr = pck->Data + 2;
size_packet_data = ntohs(*reinterpret_cast<const unsigned short*>(pck->Length)) - 6;
}
// Do the EAP-TLS defragmentation.
if (pck->Data[1] & flags_req_more_frag) {
if (m_data.empty()) {
// Start a new packet.
if (pck->Data[1] & flags_req_length_incl) {
// Preallocate data according to the Length field.
size_t size_tot = ntohl(*reinterpret_cast<const unsigned int*>(pck->Data + 2));
m_data.reserve(size_tot);
//m_module.log_event(&EAPMETHOD_PACKET_RECV_FRAG_FIRST, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_packet_data), event_data((unsigned int)size_tot), event_data::blank);
} else {
// The Length field was not included. Odd. Nevermind, no pre-allocation then.
//m_module.log_event(&EAPMETHOD_PACKET_RECV_FRAG_FIRST1, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_packet_data), event_data::blank);
}
} else {
// Mid fragment received.
//m_module.log_event(&EAPMETHOD_PACKET_RECV_FRAG_MID, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_packet_data), event_data((unsigned int)m_data.size()), event_data::blank);
}
m_data.insert(m_data.end(), packet_data_ptr, packet_data_ptr + size_packet_data);
return false;
} else if (!m_data.empty()) {
// Last fragment received. Append data.
m_data.insert(m_data.end(), packet_data_ptr, packet_data_ptr + size_packet_data);
//m_module.log_event(&EAPMETHOD_PACKET_RECV_FRAG_LAST, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_packet_data), event_data((unsigned int)m_data.size()), event_data::blank);
} else {
// This is a complete non-fragmented packet.
m_data.assign(packet_data_ptr, packet_data_ptr + size_packet_data);
//m_module.log_event(&EAPMETHOD_PACKET_RECV, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_packet_data), event_data::blank);
}
m_code = (EapCode)pck->Code;
m_id = pck->Id;
m_flags = pck->Data[1];
return true;
}
unsigned short eap::packet_tls::get_frag(_Out_bytecap_(size_pck) EapPacket *pck, _In_ size_t size_max)
{
assert(pck);
size_t size_data = m_data.size();
assert(size_data <= UINT_MAX - 6); // Packets spanning over 4GB are not supported by EAP.
unsigned int size_packet = (unsigned int)size_data + 6;
unsigned short size_packet_limit = (unsigned short)std::min<size_t>(size_max, USHRT_MAX);
unsigned char *data_dst;
if (!(m_flags & flags_res_more_frag)) {
// Not fragmented.
if (size_packet <= size_packet_limit) {
// No need to fragment the packet.
m_flags &= ~flags_res_length_incl; // No need to explicitly include the Length field either.
data_dst = pck->Data + 2;
//m_module.log_event(&EAPMETHOD_PACKET_SEND, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_data), event_data::blank);
} else {
// But it should be fragmented.
m_flags |= flags_res_length_incl | flags_res_more_frag;
*reinterpret_cast<unsigned int*>(pck->Data + 2) = htonl(size_packet);
data_dst = pck->Data + 6;
size_data = size_packet_limit - 10;
size_packet = size_packet_limit;
//m_module.log_event(&EAPMETHOD_PACKET_SEND_FRAG_FIRST, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_data), event_data((unsigned int)(m_data.size() - size_data)), event_data::blank);
}
} else {
// Continuing the fragmented packet...
if (size_packet > size_packet_limit) {
// This is a mid fragment.
m_flags &= ~flags_res_length_incl;
size_data = size_packet_limit - 6;
size_packet = size_packet_limit;
//m_module.log_event(&EAPMETHOD_PACKET_SEND_FRAG_MID, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_data), event_data((unsigned int)(m_data.size() - size_data)), event_data::blank);
} else {
// This is the last fragment.
m_flags &= ~(flags_res_length_incl | flags_res_more_frag);
//m_module.log_event(&EAPMETHOD_PACKET_SEND_FRAG_LAST, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_data), event_data((unsigned int)(m_data.size() - size_data)), event_data::blank);
}
data_dst = pck->Data + 2;
}
pck->Code = (BYTE)m_code;
pck->Id = m_id;
*reinterpret_cast<unsigned short*>(pck->Length) = htons((unsigned short)size_packet);
pck->Data[0] = (BYTE)eap_type_tls;
pck->Data[1] = m_flags;
memcpy(data_dst, m_data.data(), size_data);
m_data.erase(m_data.begin(), m_data.begin() + size_data);
return (unsigned short)size_packet;
}

1
lib/TTLS/build/TTLS.vcxproj
View File

@ -83,7 +83,6 @@
<ClInclude Include="..\include\Credentials.h" /> <ClInclude Include="..\include\Credentials.h" />
<ClInclude Include="..\include\Method.h" /> <ClInclude Include="..\include\Method.h" />
<ClInclude Include="..\include\Module.h" /> <ClInclude Include="..\include\Module.h" />
<ClInclude Include="..\include\TTLS.h" />
<ClInclude Include="..\src\StdAfx.h" /> <ClInclude Include="..\src\StdAfx.h" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>

3
lib/TTLS/build/TTLS.vcxproj.filters
View File

@ -26,9 +26,6 @@
<ClInclude Include="..\include\Module.h"> <ClInclude Include="..\include\Module.h">
<Filter>Header Files</Filter> <Filter>Header Files</Filter>
</ClInclude> </ClInclude>
<ClInclude Include="..\include\TTLS.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClCompile Include="..\src\StdAfx.cpp"> <ClCompile Include="..\src\StdAfx.cpp">

1
lib/TTLS/include/Method.h
View File

@ -40,7 +40,6 @@ namespace eap
#include "Config.h" #include "Config.h"
#include "Credentials.h" #include "Credentials.h"
#include "TTLS.h"
#include "../../EAPBase/include/Method.h" #include "../../EAPBase/include/Method.h"

52
lib/TTLS/include/TTLS.h
View File

@ -1,52 +0,0 @@
/*
Copyright 2015-2016 Amebis
Copyright 2016 GÉANT
This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/
namespace eap
{
///
/// EAP-TTLS packet
///
class packet_ttls;
}
#pragma once
#include "../../TLS/include/TLS.h"
namespace eap
{
class packet_ttls : public packet_tls
{
public:
///
/// EAP-TTLS packet flags
///
/// \sa [Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0) (Chapter: 9.1 Packet Format)](https://tools.ietf.org/html/rfc5281#section-9.1)
///
#pragma warning(suppress: 4480)
enum flags_t : unsigned char {
flags_length_incl = packet_tls::flags_req_length_incl, ///< Length included
flags_more_frag = packet_tls::flags_req_more_frag, ///< More fragments
flags_start = packet_tls::flags_req_start, ///< Start
flags_ver_mask = 0x07, ///< Version mask
};
};
}

8
lib/TTLS/src/Method.cpp
View File

@ -781,14 +781,14 @@ void eap::method_ttls::get_result(
const unsigned char *_key_block = key_block.rgbKeys; const unsigned char *_key_block = key_block.rgbKeys;
// MSK: MPPE-Recv-Key // MSK: MPPE-Recv-Key
a.create_ms_mppe_key(16, _key_block, sizeof(tls_random)); a.create_ms_mppe_key(16, _key_block, 32);
m_eap_attr.push_back(std::move(a)); m_eap_attr.push_back(std::move(a));
_key_block += sizeof(tls_random); _key_block += 32;
// MSK: MPPE-Send-Key // MSK: MPPE-Send-Key
a.create_ms_mppe_key(17, _key_block, sizeof(tls_random)); a.create_ms_mppe_key(17, _key_block, 32);
m_eap_attr.push_back(std::move(a)); m_eap_attr.push_back(std::move(a));
_key_block += sizeof(tls_random); _key_block += 32;
SecureZeroMemory(&key_block, sizeof(key_block)); SecureZeroMemory(&key_block, sizeof(key_block));

1
lib/TTLS/src/StdAfx.h
View File

@ -24,7 +24,6 @@
#include "../include/Credentials.h" #include "../include/Credentials.h"
#include "../include/Method.h" #include "../include/Method.h"
#include "../include/Module.h" #include "../include/Module.h"
#include "../include/TTLS.h"
#include "../../PAP/include/Config.h" #include "../../PAP/include/Config.h"
#include "../../PAP/include/Method.h" #include "../../PAP/include/Method.h"