Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Clean-up

Browse Source
This commit is contained in:
Simon Rozman 2016-08-11 09:44:01 +02:00
parent 6b4f597f27
commit 659629ed93
2 changed files with 36 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lib/TLS/include/Method.h
View File

@ -314,6 +314,9 @@ namespace eap
/// ///
class hash_hmac class hash_hmac
{ {
public:
typedef unsigned char padding_t[64];
public: public:
/// ///
/// Construct new HMAC hashing object /// Construct new HMAC hashing object
@ -339,7 +342,7 @@ namespace eap
hash_hmac( hash_hmac(
_In_ HCRYPTPROV hProv, _In_ HCRYPTPROV hProv,
_In_ ALG_ID alg, _In_ ALG_ID alg,
_In_ const unsigned char padding[64]); _In_ const padding_t padding);
/// ///
/// Provides access to inner hash object to hash data at will. /// Provides access to inner hash object to hash data at will.
@ -386,7 +389,7 @@ namespace eap
_In_ ALG_ID alg, _In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret, _In_bytecount_(size_secret ) const void *secret,
_In_ size_t size_secret, _In_ size_t size_secret,
_Out_ unsigned char padding[64]); _Out_ padding_t padding);
protected: protected:
winstd::crypt_hash m_hash_inner; ///< Inner hashing object winstd::crypt_hash m_hash_inner; ///< Inner hashing object
@ -671,7 +674,7 @@ namespace eap
return key.detach(); return key.detach();
} }
public: protected:
config_method_tls &m_cfg; ///< EAP-TLS method configuration config_method_tls &m_cfg; ///< EAP-TLS method configuration
credentials_tls &m_cred; ///< EAP-TLS user credentials credentials_tls &m_cred; ///< EAP-TLS user credentials
@ -686,7 +689,8 @@ namespace eap
packet m_packet_res; ///< Response packet packet m_packet_res; ///< Response packet
winstd::crypt_prov m_cp; ///< Cryptography provider winstd::crypt_prov m_cp; ///< Cryptography provider
sanitizing_blob m_padding_hmac_client; ///< Padding (key) for HMAC calculation sanitizing_blob m_padding_hmac_client; ///< Padding (key) for client side HMAC calculation
//sanitizing_blob m_padding_hmac_server; ///< Padding (key) for server side HMAC calculation
winstd::crypt_key m_key_client; ///< Key for encrypting messages winstd::crypt_key m_key_client; ///< Key for encrypting messages
winstd::crypt_key m_key_server; ///< Key for decrypting messages winstd::crypt_key m_key_server; ///< Key for decrypting messages
@ -707,7 +711,6 @@ namespace eap
bool m_server_finished; ///< Did server send a valid finish message? bool m_server_finished; ///< Did server send a valid finish message?
bool m_cipher_spec; ///< Did server specify cipher? bool m_cipher_spec; ///< Did server specify cipher?
protected:
unsigned __int64 m_seq_num; ///< Sequence number for encryption unsigned __int64 m_seq_num; ///< Sequence number for encryption
}; };
} }

30
lib/TLS/src/Method.cpp
View File

@ -189,7 +189,7 @@ eap::method_tls::hash_hmac::hash_hmac(
_In_ size_t size_secret) _In_ size_t size_secret)
{ {
// Prepare padding. // Prepare padding.
sanitizing_blob padding(64); sanitizing_blob padding(sizeof(padding_t));
inner_padding(hProv, alg, secret, size_secret, padding.data()); inner_padding(hProv, alg, secret, size_secret, padding.data());
// Continue with the other constructor. // Continue with the other constructor.
@ -200,19 +200,19 @@ eap::method_tls::hash_hmac::hash_hmac(
eap::method_tls::hash_hmac::hash_hmac( eap::method_tls::hash_hmac::hash_hmac(
_In_ HCRYPTPROV hProv, _In_ HCRYPTPROV hProv,
_In_ ALG_ID alg, _In_ ALG_ID alg,
_In_ const unsigned char padding[64]) _In_ const padding_t padding)
{ {
// Create inner hash. // Create inner hash.
if (!m_hash_inner.create(hProv, alg)) if (!m_hash_inner.create(hProv, alg))
throw win_runtime_error(__FUNCTION__ " Error creating inner hash."); throw win_runtime_error(__FUNCTION__ " Error creating inner hash.");
// Initialize it with the inner padding. // Initialize it with the inner padding.
if (!CryptHashData(m_hash_inner, padding, 64, 0)) if (!CryptHashData(m_hash_inner, padding, sizeof(padding_t), 0))
throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding."); throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding.");
// Convert inner padding to outer padding for final calculation. // Convert inner padding to outer padding for final calculation.
unsigned char padding_out[64]; padding_t padding_out;
for (size_t i = 0; i < 64; i++) for (size_t i = 0; i < sizeof(padding_t); i++)
padding_out[i] = padding[i] ^ (0x36 ^ 0x5c); padding_out[i] = padding[i] ^ (0x36 ^ 0x5c);
// Create outer hash. // Create outer hash.
@ -220,7 +220,7 @@ eap::method_tls::hash_hmac::hash_hmac(
throw win_runtime_error(__FUNCTION__ " Error creating outer hash."); throw win_runtime_error(__FUNCTION__ " Error creating outer hash.");
// Initialize it with the outer padding. // Initialize it with the outer padding.
if (!CryptHashData(m_hash_outer, padding_out, 64, 0)) if (!CryptHashData(m_hash_outer, padding_out, sizeof(padding_t), 0))
throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding."); throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding.");
} }
@ -230,16 +230,16 @@ void eap::method_tls::hash_hmac::inner_padding(
_In_ ALG_ID alg, _In_ ALG_ID alg,
_In_bytecount_(size_secret ) const void *secret, _In_bytecount_(size_secret ) const void *secret,
_In_ size_t size_secret, _In_ size_t size_secret,
_Out_ unsigned char padding[64]) _Out_ padding_t padding)
{ {
if (size_secret > 64) { if (size_secret > sizeof(padding_t)) {
// If the secret is longer than padding, use secret's hash instead. // If the secret is longer than padding, use secret's hash instead.
crypt_hash hash; crypt_hash hash;
if (!hash.create(hProv, alg)) if (!hash.create(hProv, alg))
throw win_runtime_error(__FUNCTION__ " Error creating hash."); throw win_runtime_error(__FUNCTION__ " Error creating hash.");
if (!CryptHashData(hash, (const BYTE*)secret, (DWORD)size_secret, 0)) if (!CryptHashData(hash, (const BYTE*)secret, (DWORD)size_secret, 0))
throw win_runtime_error(__FUNCTION__ " Error hashing."); throw win_runtime_error(__FUNCTION__ " Error hashing.");
DWORD size_hash = 64; DWORD size_hash = sizeof(padding_t);
if (!CryptGetHashParam(hash, HP_HASHVAL, padding, &size_hash, 0)) if (!CryptGetHashParam(hash, HP_HASHVAL, padding, &size_hash, 0))
throw win_runtime_error(__FUNCTION__ " Error finishing hash."); throw win_runtime_error(__FUNCTION__ " Error finishing hash.");
size_secret = size_hash; size_secret = size_hash;
@ -247,7 +247,7 @@ void eap::method_tls::hash_hmac::inner_padding(
memcpy(padding, secret, size_secret); memcpy(padding, secret, size_secret);
for (size_t i = 0; i < size_secret; i++) for (size_t i = 0; i < size_secret; i++)
padding[i] ^= 0x36; padding[i] ^= 0x36;
memset(padding + size_secret, 0x36, 64 - size_secret); memset(padding + size_secret, 0x36, sizeof(padding_t) - size_secret);
} }
@ -452,6 +452,7 @@ void eap::method_tls::process_request_packet(
m_phase = phase_client_hello; m_phase = phase_client_hello;
m_packet_res.clear(); m_packet_res.clear();
m_padding_hmac_client.clear(); m_padding_hmac_client.clear();
//m_padding_hmac_server.clear();
m_key_client.free(); m_key_client.free();
m_key_server.free(); m_key_server.free();
@ -874,12 +875,13 @@ void eap::method_tls::derive_keys()
const unsigned char *_key_block = key_block.data(); const unsigned char *_key_block = key_block.data();
// client_write_MAC_secret // client_write_MAC_secret
m_padding_hmac_client.resize(64); m_padding_hmac_client.resize(sizeof(hash_hmac::padding_t));
hash_hmac::inner_padding(m_cp, CALG_SHA1, _key_block, 20, m_padding_hmac_client.data()); hash_hmac::inner_padding(m_cp, CALG_SHA1, _key_block, 20, m_padding_hmac_client.data());
_key_block += 20; _key_block += 20;
// server_write_MAC_secret // server_write_MAC_secret
// Skip! //m_padding_hmac_server.resize(sizeof(hash_hmac::padding_t));
//hash_hmac::inner_padding(m_cp, CALG_SHA1, _key_block, 20, m_padding_hmac_server.data());
_key_block += 20; _key_block += 20;
// client_write_key // client_write_key
@ -1252,8 +1254,8 @@ eap::sanitizing_blob eap::method_tls::prf(
// Precalculate HMAC padding for speed. // Precalculate HMAC padding for speed.
sanitizing_blob sanitizing_blob
hmac_padding1(64), hmac_padding1(sizeof(hash_hmac::padding_t)),
hmac_padding2(64); hmac_padding2(sizeof(hash_hmac::padding_t));
hash_hmac::inner_padding(m_cp, CALG_MD5 , S1, size_S1, hmac_padding1.data()); hash_hmac::inner_padding(m_cp, CALG_MD5 , S1, size_S1, hmac_padding1.data());
hash_hmac::inner_padding(m_cp, CALG_SHA1, S2, size_S2, hmac_padding2.data()); hash_hmac::inner_padding(m_cp, CALG_SHA1, S2, size_S2, hmac_padding2.data());