Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Simple BLOB encryption/decryption added & comment updates

Browse Source
This commit is contained in:
Simon Rozman 2017-02-01 10:12:57 +01:00
parent 172cd18c16
commit 57372b8f95
2 changed files with 75 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
lib/EAPBase/include/Module.h
View File

@ -530,15 +530,45 @@ namespace eap
/// @{ /// @{
/// ///
/// Unencrypts and unpacks the BLOB /// Decrypts a BLOB
///
/// \note When EAP_ENCRYPT_BLOBS is defined non-zero, the BLOB is decrypted; otherwise, it is copied only.
/// ///
/// \param[inout] record Object to unpack to
/// \param[in ] pDataIn Pointer to encrypted BLOB /// \param[in ] pDataIn Pointer to encrypted BLOB
/// \param[in ] dwDataInSize Size of \p pDataIn /// \param[in ] dwDataInSize Size of \p pDataIn
/// ///
/// \returns Encrypted BLOB
///
sanitizing_blob unpack(
_In_count_(dwDataInSize) const BYTE *pDataIn,
_In_ DWORD dwDataInSize)
{
#if EAP_ENCRYPT_BLOBS
// Prepare cryptographics provider.
winstd::crypt_prov cp;
if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
throw winstd::win_runtime_error(__FUNCTION__ " CryptAcquireContext failed.");
// Decrypt data.
return std::move(decrypt_md5<unsigned char, winstd::sanitizing_allocator<unsigned char> >(cp, pDataIn, dwDataInSize));
#else
return sanitizing_blob(pDataIn, pDataIn + dwDataInSize);
#endif
}
///
/// Decrypts and unpacks the BLOB
///
/// \note When EAP_ENCRYPT_BLOBS is defined non-zero, the BLOB is decrypted and unpacked to the \p record; otherwise, it is unpacked to the \p record only.
///
/// \param[out] record Object to unpack to
/// \param[in ] pDataIn Pointer to encrypted BLOB
/// \param[in ] dwDataInSize Size of \p pDataIn
///
template<class T> template<class T>
void unpack( void unpack(
_Inout_ T &record, _Out_ T &record,
_In_count_(dwDataInSize) const BYTE *pDataIn, _In_count_(dwDataInSize) const BYTE *pDataIn,
_In_ DWORD dwDataInSize) _In_ DWORD dwDataInSize)
{ {
@ -560,9 +590,49 @@ namespace eap
} }
///
/// Encrypts a BLOB
///
/// \note When EAP_ENCRYPT_BLOBS is defined non-zero, the BLOB is encrypted; otherwise, it is copied only.
///
/// \param[in ] data BLOB to encrypt
/// \param[out] ppDataOut Pointer to pointer to receive encrypted BLOB. Pointer must be freed using `module::free_memory()`.
/// \param[out] pdwDataOutSize Pointer to \p ppDataOut size
///
void pack(
_In_ const sanitizing_blob &data,
_Out_ BYTE **ppDataOut,
_Out_ DWORD *pdwDataOutSize)
{
assert(ppDataOut);
assert(pdwDataOutSize);
#if EAP_ENCRYPT_BLOBS
// Prepare cryptographics provider.
winstd::crypt_prov cp;
if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
throw winstd::win_runtime_error(__FUNCTION__ " CryptAcquireContext failed.");
// Encrypt BLOB.
std::vector<unsigned char> data_enc(std::move(encrypt_md5(cp, data.data(), data.size())));
// Copy encrypted BLOB to output.
*pdwDataOutSize = (DWORD)data_enc.size();
*ppDataOut = alloc_memory(*pdwDataOutSize);
memcpy(*ppDataOut, data_enc.data(), *pdwDataOutSize);
#else
// Allocate and copy BLOB.
*pdwDataOutSize = (DWORD)data.size();
memcpy(*ppDataOut = alloc_memory(*pdwDataOutSize), data.data(), *pdwDataOutSize);
#endif
}
/// ///
/// Packs and encrypts to the BLOB /// Packs and encrypts to the BLOB
/// ///
/// \note When EAP_ENCRYPT_BLOBS is defined non-zero, the \p record is packed and encrypted; otherwise, it is packed to an unencrypted BLOB only.
///
/// \param[in ] record Object to pack /// \param[in ] record Object to pack
/// \param[out] ppDataOut Pointer to pointer to receive encrypted BLOB. Pointer must be freed using `module::free_memory()`. /// \param[out] ppDataOut Pointer to pointer to receive encrypted BLOB. Pointer must be freed using `module::free_memory()`.
/// \param[out] pdwDataOutSize Pointer to \p ppDataOut size /// \param[out] pdwDataOutSize Pointer to \p ppDataOut size

4
lib/TTLS/src/Method.cpp
View File

@ -661,7 +661,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
// No extra initial data for inner authentication avaliable. // No extra initial data for inner authentication avaliable.
action = method_tunnel::process_request_packet(NULL, 0); action = method_tunnel::process_request_packet(NULL, 0);
} else { } else {
// Authenticator sent some data for inner authentication. Unencrypt it. // Authenticator sent some data for inner authentication. Decrypt it.
// Decrypt the message. // Decrypt the message.
SecBuffer buf[] = { SecBuffer buf[] = {
@ -722,7 +722,7 @@ EapPeerMethodResponseAction eap::method_ttls::process_request_packet(
// No extra data for inner authentication. // No extra data for inner authentication.
return method_tunnel::process_request_packet(NULL, 0); return method_tunnel::process_request_packet(NULL, 0);
} else { } else {
// Authenticator sent data for inner authentication. Unencrypt it. // Authenticator sent data for inner authentication. Decrypt it.
// Decrypt the message. // Decrypt the message.
SecBuffer buf[] = { SecBuffer buf[] = {