From 659629ed93cce9ad65cdff9a1127590eb340ada1 Mon Sep 17 00:00:00 2001 From: Simon Rozman Date: Thu, 11 Aug 2016 09:44:01 +0200 Subject: [PATCH] Clean-up --- lib/TLS/include/Method.h | 25 +++++++++++++----------- lib/TLS/src/Method.cpp | 42 +++++++++++++++++++++------------------- 2 files changed, 36 insertions(+), 31 deletions(-) diff --git a/lib/TLS/include/Method.h b/lib/TLS/include/Method.h index 8a9425f..55984cf 100644 --- a/lib/TLS/include/Method.h +++ b/lib/TLS/include/Method.h @@ -314,6 +314,9 @@ namespace eap /// class hash_hmac { + public: + typedef unsigned char padding_t[64]; + public: /// /// Construct new HMAC hashing object @@ -337,9 +340,9 @@ namespace eap /// \param[in] padding HMAC secret XOR inner padding /// hash_hmac( - _In_ HCRYPTPROV hProv, - _In_ ALG_ID alg, - _In_ const unsigned char padding[64]); + _In_ HCRYPTPROV hProv, + _In_ ALG_ID alg, + _In_ const padding_t padding); /// /// Provides access to inner hash object to hash data at will. @@ -382,11 +385,11 @@ namespace eap /// \param[out] padding HMAC secret XOR inner padding /// static void inner_padding( - _In_ HCRYPTPROV hProv, - _In_ ALG_ID alg, - _In_bytecount_(size_secret ) const void *secret, - _In_ size_t size_secret, - _Out_ unsigned char padding[64]); + _In_ HCRYPTPROV hProv, + _In_ ALG_ID alg, + _In_bytecount_(size_secret ) const void *secret, + _In_ size_t size_secret, + _Out_ padding_t padding); protected: winstd::crypt_hash m_hash_inner; ///< Inner hashing object @@ -671,7 +674,7 @@ namespace eap return key.detach(); } - public: + protected: config_method_tls &m_cfg; ///< EAP-TLS method configuration credentials_tls &m_cred; ///< EAP-TLS user credentials @@ -686,7 +689,8 @@ namespace eap packet m_packet_res; ///< Response packet winstd::crypt_prov m_cp; ///< Cryptography provider - sanitizing_blob m_padding_hmac_client; ///< Padding (key) for HMAC calculation + sanitizing_blob m_padding_hmac_client; ///< Padding (key) for client side HMAC calculation + //sanitizing_blob m_padding_hmac_server; ///< Padding (key) for server side HMAC calculation winstd::crypt_key m_key_client; ///< Key for encrypting messages winstd::crypt_key m_key_server; ///< Key for decrypting messages @@ -707,7 +711,6 @@ namespace eap bool m_server_finished; ///< Did server send a valid finish message? bool m_cipher_spec; ///< Did server specify cipher? - protected: unsigned __int64 m_seq_num; ///< Sequence number for encryption }; } diff --git a/lib/TLS/src/Method.cpp b/lib/TLS/src/Method.cpp index 42873a4..2998992 100644 --- a/lib/TLS/src/Method.cpp +++ b/lib/TLS/src/Method.cpp @@ -189,7 +189,7 @@ eap::method_tls::hash_hmac::hash_hmac( _In_ size_t size_secret) { // Prepare padding. - sanitizing_blob padding(64); + sanitizing_blob padding(sizeof(padding_t)); inner_padding(hProv, alg, secret, size_secret, padding.data()); // Continue with the other constructor. @@ -198,21 +198,21 @@ eap::method_tls::hash_hmac::hash_hmac( eap::method_tls::hash_hmac::hash_hmac( - _In_ HCRYPTPROV hProv, - _In_ ALG_ID alg, - _In_ const unsigned char padding[64]) + _In_ HCRYPTPROV hProv, + _In_ ALG_ID alg, + _In_ const padding_t padding) { // Create inner hash. if (!m_hash_inner.create(hProv, alg)) throw win_runtime_error(__FUNCTION__ " Error creating inner hash."); // Initialize it with the inner padding. - if (!CryptHashData(m_hash_inner, padding, 64, 0)) + if (!CryptHashData(m_hash_inner, padding, sizeof(padding_t), 0)) throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding."); // Convert inner padding to outer padding for final calculation. - unsigned char padding_out[64]; - for (size_t i = 0; i < 64; i++) + padding_t padding_out; + for (size_t i = 0; i < sizeof(padding_t); i++) padding_out[i] = padding[i] ^ (0x36 ^ 0x5c); // Create outer hash. @@ -220,26 +220,26 @@ eap::method_tls::hash_hmac::hash_hmac( throw win_runtime_error(__FUNCTION__ " Error creating outer hash."); // Initialize it with the outer padding. - if (!CryptHashData(m_hash_outer, padding_out, 64, 0)) + if (!CryptHashData(m_hash_outer, padding_out, sizeof(padding_t), 0)) throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding."); } void eap::method_tls::hash_hmac::inner_padding( - _In_ HCRYPTPROV hProv, - _In_ ALG_ID alg, - _In_bytecount_(size_secret ) const void *secret, - _In_ size_t size_secret, - _Out_ unsigned char padding[64]) + _In_ HCRYPTPROV hProv, + _In_ ALG_ID alg, + _In_bytecount_(size_secret ) const void *secret, + _In_ size_t size_secret, + _Out_ padding_t padding) { - if (size_secret > 64) { + if (size_secret > sizeof(padding_t)) { // If the secret is longer than padding, use secret's hash instead. crypt_hash hash; if (!hash.create(hProv, alg)) throw win_runtime_error(__FUNCTION__ " Error creating hash."); if (!CryptHashData(hash, (const BYTE*)secret, (DWORD)size_secret, 0)) throw win_runtime_error(__FUNCTION__ " Error hashing."); - DWORD size_hash = 64; + DWORD size_hash = sizeof(padding_t); if (!CryptGetHashParam(hash, HP_HASHVAL, padding, &size_hash, 0)) throw win_runtime_error(__FUNCTION__ " Error finishing hash."); size_secret = size_hash; @@ -247,7 +247,7 @@ void eap::method_tls::hash_hmac::inner_padding( memcpy(padding, secret, size_secret); for (size_t i = 0; i < size_secret; i++) padding[i] ^= 0x36; - memset(padding + size_secret, 0x36, 64 - size_secret); + memset(padding + size_secret, 0x36, sizeof(padding_t) - size_secret); } @@ -452,6 +452,7 @@ void eap::method_tls::process_request_packet( m_phase = phase_client_hello; m_packet_res.clear(); m_padding_hmac_client.clear(); + //m_padding_hmac_server.clear(); m_key_client.free(); m_key_server.free(); @@ -874,12 +875,13 @@ void eap::method_tls::derive_keys() const unsigned char *_key_block = key_block.data(); // client_write_MAC_secret - m_padding_hmac_client.resize(64); + m_padding_hmac_client.resize(sizeof(hash_hmac::padding_t)); hash_hmac::inner_padding(m_cp, CALG_SHA1, _key_block, 20, m_padding_hmac_client.data()); _key_block += 20; // server_write_MAC_secret - // Skip! + //m_padding_hmac_server.resize(sizeof(hash_hmac::padding_t)); + //hash_hmac::inner_padding(m_cp, CALG_SHA1, _key_block, 20, m_padding_hmac_server.data()); _key_block += 20; // client_write_key @@ -1252,8 +1254,8 @@ eap::sanitizing_blob eap::method_tls::prf( // Precalculate HMAC padding for speed. sanitizing_blob - hmac_padding1(64), - hmac_padding2(64); + hmac_padding1(sizeof(hash_hmac::padding_t)), + hmac_padding2(sizeof(hash_hmac::padding_t)); hash_hmac::inner_padding(m_cp, CALG_MD5 , S1, size_S1, hmac_padding1.data()); hash_hmac::inner_padding(m_cp, CALG_SHA1, S2, size_S2, hmac_padding2.data());