Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Pre-master secret encryption moved to make_client_key_exchange()

Browse Source
This commit is contained in:
Simon Rozman 2016-08-13 18:39:22 +02:00
parent 9498e8c9a9
commit 6d54d45512
2 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/TLS/include/Method.h
View File

@ -254,11 +254,11 @@ namespace eap
///
/// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.7. Client Key Exchange Message )](https://tools.ietf.org/html/rfc5246#section-7.4.7)
///
/// \param[in] pms_enc Encoded pre master secret
/// \param[in] pms Pre-master secret
///
/// \returns Client key exchange message
///
sanitizing_blob make_client_key_exchange(_In_ const sanitizing_blob &pms_enc) const;
sanitizing_blob make_client_key_exchange(_In_ const tls_master_secret &pms) const;
///
/// Makes a TLS change cipher spec message

23
lib/TLS/src/Method.cpp
View File

@ -422,25 +422,18 @@ void eap::method_tls::process_request_packet(
CryptHashData(m_hash_handshake_msgs_sha1, client_cert.data(), (DWORD)client_cert.size(), 0);
}
// Generate pre-master secret and encrypt it. PMS will get sanitized in its destructor when going out-of-scope.
// Generate pre-master secret. PMS will get sanitized in its destructor when going out-of-scope.
tls_master_secret pms(m_cp);
sanitizing_blob pms_enc((const unsigned char*)&pms, (const unsigned char*)(&pms + 1));
crypt_key key;
if (!key.import_public(m_cp, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(m_server_cert_chain.front()->pCertInfo->SubjectPublicKeyInfo)))
throw win_runtime_error(__FUNCTION__ " Error importing server's public key.");
if (!CryptEncrypt(key, NULL, TRUE, 0, pms_enc))
throw win_runtime_error(__FUNCTION__ " Error encrypting PMS.");
// Derive master secret.
sanitizing_blob seed;
static const unsigned char s_label[] = "master secret";
seed.assign(s_label, s_label + _countof(s_label) - 1);
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_state.m_random_client, (const unsigned char*)(&m_state.m_random_client + 1));
seed.insert(seed.end(), (const unsigned char*)&m_state.m_random_server, (const unsigned char*)(&m_state.m_random_server + 1));
memcpy(&m_state.m_master_secret, prf(&pms, sizeof(pms), seed.data(), seed.size(), sizeof(tls_master_secret)).data(), sizeof(tls_master_secret));
// Create client key exchange message, and append to packet.
sanitizing_blob client_key_exchange(make_client_key_exchange(pms_enc));
sanitizing_blob client_key_exchange(make_client_key_exchange(pms));
sanitizing_blob handshake(make_handshake(client_key_exchange, m_cipher_spec));
m_packet_res.m_data.insert(m_packet_res.m_data.end(), handshake.begin(), handshake.end());
CryptHashData(m_hash_handshake_msgs_md5 , client_key_exchange.data(), (DWORD)client_key_exchange.size(), 0);
@ -710,8 +703,16 @@ eap::sanitizing_blob eap::method_tls::make_client_cert() const
}
eap::sanitizing_blob eap::method_tls::make_client_key_exchange(_In_ const sanitizing_blob &pms_enc) const
eap::sanitizing_blob eap::method_tls::make_client_key_exchange(_In_ const tls_master_secret &pms) const
{
// Encrypt pre-master key first.
sanitizing_blob pms_enc((const unsigned char*)&pms, (const unsigned char*)(&pms + 1));
crypt_key key;
if (!key.import_public(m_cp, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(m_server_cert_chain.front()->pCertInfo->SubjectPublicKeyInfo)))
throw win_runtime_error(__FUNCTION__ " Error importing server's public key.");
if (!CryptEncrypt(key, NULL, TRUE, 0, pms_enc))
throw win_runtime_error(__FUNCTION__ " Error encrypting PMS.");
size_t size_data, size_pms_enc = pms_enc.size();
sanitizing_blob msg;
msg.reserve(