Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Our own TLS merged back to master and compiles conditionally

Browse Source
This commit is contained in:
Simon Rozman 2016-08-23 22:46:00 +02:00
parent a9baa07227
commit 5332b538aa
11 changed files with 1800 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/Common.props
View File

@ -32,7 +32,7 @@
<ItemDefinitionGroup>
<ClCompile>
<WarningLevel>Level4</WarningLevel>
<PreprocessorDefinitions>_WIN32_WINNT=0x0600;ISOLATION_AWARE_ENABLED=1;SECURITY_WIN32;CERT_CHAIN_PARA_HAS_EXTRA_FIELDS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>_WIN32_WINNT=0x0600;ISOLATION_AWARE_ENABLED=1;SECURITY_WIN32;CERT_CHAIN_PARA_HAS_EXTRA_FIELDS;EAP_TLS=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PrecompiledHeader>Use</PrecompiledHeader>
<PrecompiledHeaderFile>StdAfx.h</PrecompiledHeaderFile>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>

10
lib/TLS/include/Config.h
View File

@ -25,6 +25,10 @@
#include <sal.h>
#define EAP_TLS_OWN 0 ///< We do the TLS ourself
#define EAP_TLS_SCHANNEL 1 ///< TLS is done by Schannel, but server certificate check is done ourself
#define EAP_TLS_SCHANNEL_FULL 2 ///< TLS is fully done by Schannel
namespace eap
{
///
@ -168,5 +172,11 @@ namespace eap
public:
std::list<winstd::cert_context> m_trusted_root_ca; ///< Trusted root CAs
std::list<std::wstring> m_server_names; ///< Acceptable authenticating server names
#if EAP_TLS < EAP_TLS_SCHANNEL
// Following members are used for session resumptions. They are not exported/imported to XML.
sanitizing_blob m_session_id; ///< TLS session ID
tls_master_secret m_master_secret; ///< TLS master secret
#endif
};
}

315
lib/TLS/include/Method.h
View File

@ -128,6 +128,19 @@ namespace eap
std::vector<unsigned char> m_data; ///< Packet data
};
#pragma pack(push)
#pragma pack(1)
///
/// TLS message
///
struct message_header
{
tls_message_type_t type; ///< Message type (one of `message_type_t` constants)
tls_version version; ///< SSL/TLS version
unsigned char length[2]; ///< Message length (in network byte order)
};
#pragma pack(pop)
public:
///
/// Constructs an EAP method
@ -204,6 +217,152 @@ namespace eap
/// @}
protected:
#if EAP_TLS < EAP_TLS_SCHANNEL
/// \name Client handshake message generation
/// @{
///
/// Makes a TLS client hello message
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.1.2. Client Hello)](https://tools.ietf.org/html/rfc5246#section-7.4.1.2)
///
/// \returns Client hello message
///
sanitizing_blob make_client_hello();
///
/// Makes a TLS client certificate message
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.6. Client Certificate)](https://tools.ietf.org/html/rfc5246#section-7.4.6)
///
/// \returns Client certificate message
///
sanitizing_blob make_client_cert() const;
///
/// Makes a TLS client key exchange message
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.7. Client Key Exchange Message )](https://tools.ietf.org/html/rfc5246#section-7.4.7)
///
/// \param[in] pms Pre-master secret
///
/// \returns Client key exchange message
///
sanitizing_blob make_client_key_exchange(_In_ const tls_master_secret &pms) const;
///
/// Makes a TLS finished message
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1)
///
/// \returns Change cipher spec
///
eap::sanitizing_blob make_finished() const;
/// @}
/// \name Client/Server handshake hashing
/// @{
///
/// Hashes handshake message for "finished" message validation.
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.9. Finished)](https://tools.ietf.org/html/rfc5246#section-7.4.9)
///
/// \param[in] data Data to hash
/// \param[in] size \p data size in bytes
///
inline void hash_handshake(_In_count_(size) const void *data, _In_ size_t size)
{
CryptHashData(m_hash_handshake_msgs_md5 , (const BYTE*)data, (DWORD)size, 0);
CryptHashData(m_hash_handshake_msgs_sha1 , (const BYTE*)data, (DWORD)size, 0);
CryptHashData(m_hash_handshake_msgs_sha256, (const BYTE*)data, (DWORD)size, 0);
}
///
/// Hashes handshake message for "finished" message validation.
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.9. Finished)](https://tools.ietf.org/html/rfc5246#section-7.4.9)
///
/// \param[in] data Data to hash
/// \param[in] size \p data size in bytes
///
template<class _Ty, class _Ax>
inline void hash_handshake(_In_ const std::vector<_Ty, _Ax> &data)
{
hash_handshake(data.data(), data.size() * sizeof(_Ty));
}
/// @}
///
/// Makes a TLS message
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1)
///
/// \param[in] type Message type
/// \param[inout] data Message data contents
///
/// \returns TLS message message
///
eap::sanitizing_blob make_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &&data);
/// @}
/// \name Key derivation
/// @{
///
/// Generates master session key
///
/// \sa [The EAP-TLS Authentication Protocol (Chapter 2.3. Key Hierarchy)](https://tools.ietf.org/html/rfc5216#section-2.3)
///
virtual void derive_msk();
/// @}
/// \name Server message processing
/// @{
///
/// Processes messages in a TLS packet
///
/// \param[in] pck Packet data
/// \param[in] size_pck \p pck size in bytes
///
void process_packet(_In_bytecount_(size_pck) const void *pck, _In_ size_t size_pck);
///
/// Processes a TLS change_cipher_spec message
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.1. Change Cipher Spec Protocol)](https://tools.ietf.org/html/rfc5246#section-7.1)
///
/// \param[in] msg TLS change_cipher_spec message data
/// \param[in] msg_size TLS change_cipher_spec message data size
///
virtual void process_change_cipher_spec(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
///
/// Processes a TLS alert message
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.2. Alert Protocol)](https://tools.ietf.org/html/rfc5246#section-7.2)
///
/// \param[in] msg TLS alert message data
/// \param[in] msg_size TLS alert message data size
///
virtual void process_alert(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
///
/// Processes a TLS handshake message
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4. Handshake Protocol)](https://tools.ietf.org/html/rfc5246#section-7.4)
///
/// \param[in] msg TLS handshake message data
/// \param[in] msg_size TLS handshake message data size
///
virtual void process_handshake(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
#else
///
/// Process handshake
///
@ -213,29 +372,172 @@ namespace eap
/// Process application data
///
void process_application_data();
#endif
///
/// Processes an application message
/// Processes a TLS application_data message
///
/// \param[in] msg Application message data
/// \param[in] size_msg Application message data size
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 10. Application Data Protocol)](https://tools.ietf.org/html/rfc5246#section-10)
///
virtual void process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg);
/// \param[in] msg TLS application_data message data
/// \param[in] msg_size TLS application_data message data size
///
virtual void process_application_data(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
#ifndef SCHANNEL_SRV_CERT_CHECK
/// @}
#if EAP_TLS < EAP_TLS_SCHANNEL_FULL
///
/// Verifies server's certificate if trusted by configuration
///
void verify_server_trust() const;
#endif
#if EAP_TLS < EAP_TLS_SCHANNEL
/// \name Encryption
/// @{
///
/// Encrypt TLS message
///
/// \param[in] type Message type
/// \param[inout] data TLS message to encrypt
///
void encrypt_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &data);
///
/// Decrypt TLS message
///
/// \param[in] type Original message type for HMAC verification
/// \param[inout] data TLS message to decrypt
///
void decrypt_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &data);
/// @}
/// \name Pseudo-random generation
/// @{
///
/// Calculates pseudo-random P_hash data defined in RFC 5246
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.1 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc4346#section-5)
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc5246#section-5)
///
/// \param[in] cp Handle of the cryptographics provider
/// \param[in] alg Hashing Algorithm to use (CALG_TLS1PRF = combination of MD5 and SHA-1, CALG_SHA_256...)
/// \param[in] secret Hashing secret key
/// \param[in] seed Random seed
/// \param[in] size_seed \p seed size
/// \param[in] size Number of bytes of pseudo-random data required
///
/// \returns Generated pseudo-random data (\p size bytes)
///
static sanitizing_blob prf(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_ const tls_master_secret &secret,
_In_bytecount_(size_seed) const void *seed,
_In_ size_t size_seed,
_In_ size_t size);
///
/// Calculates pseudo-random P_hash data defined in RFC 5246
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.1 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc4346#section-5)
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc5246#section-5)
///
/// \param[in] cp Handle of the cryptographics provider
/// \param[in] alg Hashing Algorithm to use (CALG_TLS1PRF = combination of MD5 and SHA-1, CALG_SHA_256...)
/// \param[in] secret Hashing secret key
/// \param[in] seed Random seed
/// \param[in] size Number of bytes of pseudo-random data required
///
/// \returns Generated pseudo-random data (\p size bytes)
///
template<class _Ty, class _Ax>
inline static sanitizing_blob prf(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_ const tls_master_secret &secret,
_In_ const std::vector<_Ty, _Ax> &seed,
_In_ size_t size)
{
return prf(cp, alg, secret, seed.data(), seed.size() * sizeof(_Ty), size);
}
/// @}
///
/// Creates a key
///
/// \sa [How to export and import plain text session keys by using CryptoAPI](https://support.microsoft.com/en-us/kb/228786)
///
/// \param[in] cp Handle of the cryptographics provider
/// \param[in] alg Key algorithm
/// \param[in] key Key that decrypts \p secret
/// \param[in] secret Key data
/// \param[in] size_secret \p secret size
///
/// \returns Key
///
HCRYPTKEY create_key(
_In_ HCRYPTPROV cp,
_In_ ALG_ID alg,
_In_ HCRYPTKEY key,
_In_bytecount_(size_secret) const void *secret,
_In_ size_t size_secret);
#endif
protected:
credentials_tls &m_cred; ///< EAP-TLS user credentials
HANDLE m_user_ctx; ///< Handle to user context
packet m_packet_req; ///< Request packet
packet m_packet_res; ///< Response packet
HANDLE m_user_ctx; ///< Handle to user context
#if EAP_TLS < EAP_TLS_SCHANNEL
winstd::crypt_prov m_cp; ///< Cryptography provider for general services
winstd::crypt_prov m_cp_enc_client; ///< Cryptography provider for encryption
winstd::crypt_prov m_cp_enc_server; ///< Cryptography provider for encryption
winstd::crypt_key m_key_exp1; ///< Key for importing derived keys
tls_version m_tls_version; ///< TLS version in use
ALG_ID m_alg_prf; ///< Pseudo-random function algorithm in use
tls_conn_state m_state_client; ///< Client TLS connection state
tls_conn_state m_state_client_pending; ///< Client TLS connection state (pending)
tls_conn_state m_state_server; ///< Server TLS connection state
tls_conn_state m_state_server_pending; ///< Server TLS connection state (pending)
tls_master_secret m_master_secret; ///< TLS master secret
tls_random m_random_client; ///< Client random
tls_random m_random_server; ///< Server random
tls_random m_key_mppe_client; ///< MS-MPPE-Recv-Key
tls_random m_key_mppe_server; ///< MS-MPPE-Send-Key
sanitizing_blob m_session_id; ///< TLS session ID
std::list<winstd::cert_context> m_server_cert_chain; ///< Server certificate chain
winstd::crypt_hash m_hash_handshake_msgs_md5; ///< Running MD5 hash of handshake messages
winstd::crypt_hash m_hash_handshake_msgs_sha1; ///< Running SHA-1 hash of handshake messages
winstd::crypt_hash m_hash_handshake_msgs_sha256; ///< Running SHA-256 hash of handshake messages
bool m_handshake[tls_handshake_type_max]; ///< Handshake flags (map od handshake messages received)
enum {
phase_unknown = -1, ///< Unknown phase
phase_client_hello = 0, ///< Send client hello
phase_server_hello, ///< Wait for server hello
phase_change_cipher_spec, ///< Wait for change cipher spec
phase_application_data ///< Exchange application data
} m_phase; ///< What phase is our communication at?
unsigned __int64 m_seq_num_client; ///< Sequence number for encrypting
unsigned __int64 m_seq_num_server; ///< Sequence number for decrypting
#else
winstd::tstring m_sc_target_name; ///< Schannel target name
winstd::sec_credentials m_sc_cred; ///< Schannel client credentials
std::vector<unsigned char> m_sc_queue; ///< TLS data queue
@ -248,6 +550,7 @@ namespace eap
phase_application_data, ///< Exchange application data
phase_shutdown, ///< Connection shut down
} m_phase; ///< What phase is our communication at?
#endif
// The following members are required to avoid memory leakage in get_result()
EAP_ATTRIBUTES m_eap_attr_desc; ///< EAP Radius attributes descriptor

9
lib/TLS/include/TLS.h
View File

@ -503,7 +503,16 @@ namespace eap
///
tls_conn_state& operator=(_Inout_ tls_conn_state &&other);
///
/// Configures state according to given cipher
///
/// \param[in] cipher Cipher ID
///
void set_cipher(_In_ const unsigned char cipher[2]);
public:
LPCTSTR m_prov_name; ///< Cryptography provider name
DWORD m_prov_type; ///< Cryptography provider type
ALG_ID m_alg_encrypt; ///< Bulk encryption algorithm
size_t m_size_enc_key; ///< Encryption key size in bytes (has to comply with `m_alg_encrypt`)
size_t m_size_enc_iv; ///< Encryption initialization vector size in bytes (has to comply with `m_alg_encrypt`)

33
lib/TLS/src/Config.cpp
View File

@ -75,6 +75,10 @@ eap::config_method_tls::config_method_tls(_In_ module &mod) : config_method_with
eap::config_method_tls::config_method_tls(_In_ const config_method_tls &other) :
m_trusted_root_ca(other.m_trusted_root_ca),
m_server_names(other.m_server_names),
#if EAP_TLS < EAP_TLS_SCHANNEL
m_session_id(other.m_session_id),
m_master_secret(other.m_master_secret),
#endif
config_method_with_cred(other)
{
}
@ -83,6 +87,10 @@ eap::config_method_tls::config_method_tls(_In_ const config_method_tls &other) :
eap::config_method_tls::config_method_tls(_Inout_ config_method_tls &&other) :
m_trusted_root_ca(std::move(other.m_trusted_root_ca)),
m_server_names(std::move(other.m_server_names)),
#if EAP_TLS < EAP_TLS_SCHANNEL
m_session_id(std::move(other.m_session_id)),
m_master_secret(std::move(other.m_master_secret)),
#endif
config_method_with_cred(std::move(other))
{
}
@ -94,6 +102,10 @@ eap::config_method_tls& eap::config_method_tls::operator=(_In_ const config_meth
(config_method_with_cred&)*this = other;
m_trusted_root_ca = other.m_trusted_root_ca;
m_server_names = other.m_server_names;
#if EAP_TLS < EAP_TLS_SCHANNEL
m_session_id = other.m_session_id;
m_master_secret = other.m_master_secret;
#endif
}
return *this;
@ -106,6 +118,10 @@ eap::config_method_tls& eap::config_method_tls::operator=(_Inout_ config_method_
(config_method_with_cred&&)*this = std::move(other);
m_trusted_root_ca = std::move(other.m_trusted_root_ca);
m_server_names = std::move(other.m_server_names);
#if EAP_TLS < EAP_TLS_SCHANNEL
m_session_id = std::move(other.m_session_id);
m_master_secret = std::move(other.m_master_secret);
#endif
}
return *this;
@ -235,6 +251,10 @@ void eap::config_method_tls::operator<<(_Inout_ cursor_out &cursor) const
config_method_with_cred::operator<<(cursor);
cursor << m_trusted_root_ca;
cursor << m_server_names ;
#if EAP_TLS < EAP_TLS_SCHANNEL
cursor << m_session_id ;
cursor << m_master_secret ;
#endif
}
@ -243,7 +263,14 @@ size_t eap::config_method_tls::get_pk_size() const
return
config_method_with_cred::get_pk_size() +
pksizeof(m_trusted_root_ca) +
pksizeof(m_server_names );
pksizeof(m_server_names )
#if EAP_TLS < EAP_TLS_SCHANNEL
+
pksizeof(m_session_id ) +
pksizeof(m_master_secret );
#else
;
#endif
}
@ -252,6 +279,10 @@ void eap::config_method_tls::operator>>(_Inout_ cursor_in &cursor)
config_method_with_cred::operator>>(cursor);
cursor >> m_trusted_root_ca;
cursor >> m_server_names ;
#if EAP_TLS < EAP_TLS_SCHANNEL
cursor >> m_session_id ;
cursor >> m_master_secret ;
#endif
}

1189
lib/TLS/src/Method.cpp
View File

File diff suppressed because it is too large Load Diff

153
lib/TLS/src/TLS.cpp
View File

@ -182,6 +182,8 @@ eap::tls_conn_state::tls_conn_state()
#ifdef _DEBUG
// Initialize state primitive members for diagnostic purposes.
:
m_prov_name (NULL),
m_prov_type (0),
m_alg_encrypt (0),
m_size_enc_key (0),
m_size_enc_iv (0),
@ -195,6 +197,8 @@ eap::tls_conn_state::tls_conn_state()
eap::tls_conn_state::tls_conn_state(_In_ const tls_conn_state &other) :
m_prov_name (other.m_prov_name ),
m_prov_type (other.m_prov_type ),
m_alg_encrypt (other.m_alg_encrypt ),
m_size_enc_key (other.m_size_enc_key ),
m_size_enc_iv (other.m_size_enc_iv ),
@ -209,6 +213,8 @@ eap::tls_conn_state::tls_conn_state(_In_ const tls_conn_state &other) :
eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) :
m_prov_name (std::move(other.m_prov_name )),
m_prov_type (std::move(other.m_prov_type )),
m_alg_encrypt (std::move(other.m_alg_encrypt )),
m_size_enc_key (std::move(other.m_size_enc_key )),
m_size_enc_iv (std::move(other.m_size_enc_iv )),
@ -221,6 +227,8 @@ eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) :
{
#ifdef _DEBUG
// Reinitialize other state primitive members for diagnostic purposes.
other.m_prov_name = NULL;
other.m_prov_type = 0;
other.m_alg_encrypt = 0;
other.m_size_enc_key = 0;
other.m_size_enc_iv = 0;
@ -235,6 +243,8 @@ eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) :
eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &other)
{
if (this != std::addressof(other)) {
m_prov_name = other.m_prov_name ;
m_prov_type = other.m_prov_type ;
m_alg_encrypt = other.m_alg_encrypt ;
m_size_enc_key = other.m_size_enc_key ;
m_size_enc_iv = other.m_size_enc_iv ;
@ -253,6 +263,8 @@ eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &o
eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&other)
{
if (this != std::addressof(other)) {
m_prov_name = std::move(other.m_prov_name );
m_prov_type = std::move(other.m_prov_type );
m_alg_encrypt = std::move(other.m_alg_encrypt );
m_size_enc_key = std::move(other.m_size_enc_key );
m_size_enc_iv = std::move(other.m_size_enc_iv );
@ -265,6 +277,8 @@ eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&oth
#ifdef _DEBUG
// Reinitialize other state primitive members for diagnostic purposes.
other.m_prov_name = NULL;
other.m_prov_type = 0;
other.m_alg_encrypt = 0;
other.m_size_enc_key = 0;
other.m_size_enc_iv = 0;
@ -277,3 +291,142 @@ eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&oth
return *this;
}
void eap::tls_conn_state::set_cipher(_In_ const unsigned char cipher[2])
{
if (cipher[0] == 0x00 && cipher[1] == 0x0a) {
// TLS_RSA_WITH_3DES_EDE_CBC_SHA
m_prov_name = NULL;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_3DES;
m_size_enc_key = 192/8; // 3DES 192bits
m_size_enc_iv = 64/8; // 3DES 64bits
m_size_enc_block = 64/8; // 3DES 64bits
m_alg_mac = CALG_SHA1;
m_size_mac_key = 160/8; // SHA-1
m_size_mac_hash = 160/8; // SHA-1
} else if (cipher[0] == 0x00 && cipher[1] == 0x2f) {
// TLS_RSA_WITH_AES_128_CBC_SHA
m_prov_name = NULL;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA1;
m_size_mac_key = 160/8; // SHA-1
m_size_mac_hash = 160/8; // SHA-1
} else if (cipher[0] == 0x00 && cipher[1] == 0x3c) {
// AES128-SHA256
m_prov_name = NULL;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x3d) {
// AES256-SHA256
m_prov_name = MS_ENH_RSA_AES_PROV;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x40) {
// DHE-DSS-AES128-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x67) {
// DHE-RSA-AES128-SHA256
m_prov_name = MS_DEF_DH_SCHANNEL_PROV;
m_prov_type = PROV_DH_SCHANNEL;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x6a) {
// DHE-DSS-AES256-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x6b) {
// DHE-RSA-AES256-SHA256
m_prov_name = MS_DEF_DH_SCHANNEL_PROV;
m_prov_type = PROV_DH_SCHANNEL;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0xc0 && cipher[1] == 0x23) {
// ECDHE-ECDSA-AES128-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0xc0 && cipher[1] == 0x24) {
// ECDHE-ECDSA-AES256-SHA384
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_384;
m_size_mac_key = 384/8; // SHA-384
m_size_mac_hash = 384/8; // SHA-384
} else if (cipher[0] == 0xc0 && cipher[1] == 0x27) {
// ECDHE-RSA-AES128-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0xc0 && cipher[1] == 0x28) {
// ECDHE-RSA-AES256-SHA384
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_384;
m_size_mac_key = 384/8; // SHA-384
m_size_mac_hash = 384/8; // SHA-384
} else
throw win_runtime_error(ERROR_NOT_SUPPORTED, string_printf(__FUNCTION__ " Unknown cipher (received 0x%02x%02x).", cipher[0], cipher[1]));
}

3
lib/TLS_UI/include/TLS_UI.h
View File

@ -331,6 +331,9 @@ public:
protected:
/// \cond internal
virtual void OnInitDialog(wxInitDialogEvent& event);
#if EAP_TLS < EAP_TLS_SCHANNEL
virtual bool TransferDataFromWindow();
#endif
/// \endcond
protected:

20
lib/TLS_UI/src/TLS_UI.cpp
View File

@ -603,3 +603,23 @@ void wxTLSConfigPanel::OnInitDialog(wxInitDialogEvent& event)
if (m_credentials)
m_credentials->GetEventHandler()->ProcessEvent(event);
}
#if EAP_TLS < EAP_TLS_SCHANNEL
bool wxTLSConfigPanel::TransferDataFromWindow()
{
wxCHECK(wxPanel::TransferDataFromWindow(), false);
if (!m_prov.m_read_only) {
// This is not a provider-locked configuration. The data will get saved.
// Reset session ID and master secret to force clean connect next time.
m_cfg.m_session_id.clear();
m_cfg.m_master_secret.clear();
}
return true;
}
#endif

13
lib/TTLS/include/Method.h
View File

@ -113,6 +113,17 @@ namespace eap
/// @}
protected:
#if EAP_TLS < EAP_TLS_SCHANNEL
///
/// Generates master session key
///
/// \sa [The EAP-TLS Authentication Protocol (Chapter 2.3. Key Hierarchy)](https://tools.ietf.org/html/rfc5216#section-2.3)
///
virtual void derive_msk();
#else
///
/// Processes an application message
///
@ -121,6 +132,8 @@ namespace eap
///
virtual void process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg);
#endif
///
/// Makes a PAP client message
///

57
lib/TTLS/src/Method.cpp
View File

@ -71,6 +71,22 @@ void eap::method_ttls::process_request_packet(
// Do the TLS.
method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
#if EAP_TLS < EAP_TLS_SCHANNEL
if (m_phase == phase_application_data) {
// Send inner authentication.
if (!m_state_client.m_alg_encrypt)
throw runtime_error(__FUNCTION__ " Refusing to send credentials unencrypted.");
m_module.log_event(&EAPMETHOD_TTLS_INNER_CRED, event_data((unsigned int)eap_type_ttls), event_data(m_cred.m_inner->get_name()), event_data::blank);
m_packet_res.m_code = EapCodeResponse;
m_packet_res.m_id = m_packet_req.m_id;
m_packet_res.m_flags = 0;
sanitizing_blob msg_application(make_message(tls_message_type_application_data, make_pap_client()));
m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_application.begin(), msg_application.end());
}
#endif
}
@ -116,12 +132,14 @@ void eap::method_ttls::get_result(
throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported.");
}
#if EAP_TLS >= EAP_TLS_SCHANNEL
// EAP-TTLS uses different label in PRF for MSK derivation than EAP-TLS.
static const DWORD s_key_id = 0x01; // EAP-TTLSv0 Keying Material
static const SecPkgContext_EapPrfInfo s_prf_info = { 0, sizeof(s_key_id), (PBYTE)&s_key_id };
SECURITY_STATUS status = SetContextAttributes(m_sc_ctx, SECPKG_ATTR_EAP_PRF_INFO, (void*)&s_prf_info, sizeof(s_prf_info));
if (FAILED(status))
throw sec_runtime_error(status, __FUNCTION__ "Error setting EAP-TTLS PRF in Schannel.");
#endif
// The TLS was OK.
method_tls::get_result(EapPeerMethodResultSuccess, ppResult);
@ -136,6 +154,43 @@ void eap::method_ttls::get_result(
}
#if EAP_TLS < EAP_TLS_SCHANNEL
void eap::method_ttls::derive_msk()
{
//
// TLS versions 1.0 [RFC2246] and 1.1 [RFC4346] define the same PRF
// function, and any EAP-TTLSv0 implementation based on these versions
// of TLS must use the PRF defined therein. It is expected that future
// versions of or extensions to the TLS protocol will permit alternative
// PRF functions to be negotiated. If an alternative PRF function is
// specified for the underlying TLS version or has been negotiated
// during the TLS handshake negotiation, then that alternative PRF
// function must be used in EAP-TTLSv0 computations instead of the TLS
// 1.0/1.1 PRF.
//
// [Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0) (Chapter 7.8. Use of TLS PRF)](https://tools.ietf.org/html/rfc5281#section-7.8)
//
// If we use PRF_SHA256() the key exchange fails. Therefore we use PRF of TLS 1.0/1.1.
//
static const unsigned char s_label[] = "ttls keying material";
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
sanitizing_blob key_block(prf(m_cp, CALG_TLS1PRF, m_master_secret, seed, 2*sizeof(tls_random)));
const unsigned char *_key_block = key_block.data();
// MSK: MPPE-Recv-Key
memcpy(&m_key_mppe_client, _key_block, sizeof(tls_random));
_key_block += sizeof(tls_random);
// MSK: MPPE-Send-Key
memcpy(&m_key_mppe_server, _key_block, sizeof(tls_random));
_key_block += sizeof(tls_random);
}
#else
void eap::method_ttls::process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg)
{
UNREFERENCED_PARAMETER(msg);
@ -183,6 +238,8 @@ void eap::method_ttls::process_application_data(_In_bytecount_(size_msg) const v
m_packet_res.m_data.insert(m_packet_res.m_data.end(), (const unsigned char*)buf[0].pvBuffer, (const unsigned char*)buf[0].pvBuffer + buf[0].cbBuffer + buf[1].cbBuffer + buf[2].cbBuffer);
}
#endif
eap::sanitizing_blob eap::method_ttls::make_pap_client() const
{