diff --git a/lib/TLS/include/Method.h b/lib/TLS/include/Method.h index 1bb9c66..172901b 100644 --- a/lib/TLS/include/Method.h +++ b/lib/TLS/include/Method.h @@ -492,8 +492,8 @@ namespace eap winstd::crypt_key m_key_client; ///< Key for encrypting messages winstd::crypt_key m_key_server; ///< Key for decrypting messages - tls_random m_key_mppe_send; ///< MS-MPPE-Send-Key - tls_random m_key_mppe_recv; ///< MS-MPPE-Recv-Key + tls_random m_key_mppe_client; ///< MS-MPPE-Recv-Key + tls_random m_key_mppe_server; ///< MS-MPPE-Send-Key sanitizing_blob m_session_id; ///< TLS session ID diff --git a/lib/TLS/include/TLS.h b/lib/TLS/include/TLS.h index 79b9ec7..37f03f9 100644 --- a/lib/TLS/include/TLS.h +++ b/lib/TLS/include/TLS.h @@ -217,7 +217,7 @@ namespace eap #pragma pack(push) #pragma pack(1) - struct tls_random + struct __declspec(novtable) tls_random { unsigned char data[32]; ///< Randomness @@ -264,7 +264,7 @@ namespace eap #pragma pack(push) #pragma pack(1) - struct tls_master_secret + struct __declspec(novtable) tls_master_secret { unsigned char data[48]; diff --git a/lib/TLS/src/Method.cpp b/lib/TLS/src/Method.cpp index 98a6af2..1ba80f9 100644 --- a/lib/TLS/src/Method.cpp +++ b/lib/TLS/src/Method.cpp @@ -120,8 +120,8 @@ eap::method_tls::method_tls(_In_ const method_tls &other) : m_padding_hmac_server(other.m_padding_hmac_server), m_key_client(other.m_key_client), m_key_server(other.m_key_server), - m_key_mppe_send(other.m_key_mppe_send), - m_key_mppe_recv(other.m_key_mppe_recv), + m_key_mppe_client(other.m_key_mppe_client), + m_key_mppe_server(other.m_key_mppe_server), m_session_id(other.m_session_id), m_server_cert_chain(other.m_server_cert_chain), m_hash_handshake_msgs_md5(other.m_hash_handshake_msgs_md5), @@ -148,8 +148,8 @@ eap::method_tls::method_tls(_Inout_ method_tls &&other) : m_padding_hmac_server(std::move(other.m_padding_hmac_server)), m_key_client(std::move(other.m_key_client)), m_key_server(std::move(other.m_key_server)), - m_key_mppe_send(std::move(other.m_key_mppe_send)), - m_key_mppe_recv(std::move(other.m_key_mppe_recv)), + m_key_mppe_client(std::move(other.m_key_mppe_client)), + m_key_mppe_server(std::move(other.m_key_mppe_server)), m_session_id(std::move(other.m_session_id)), m_server_cert_chain(std::move(other.m_server_cert_chain)), m_hash_handshake_msgs_md5(std::move(other.m_hash_handshake_msgs_md5)), @@ -186,8 +186,8 @@ eap::method_tls& eap::method_tls::operator=(_In_ const method_tls &other) m_padding_hmac_server = other.m_padding_hmac_server; m_key_client = other.m_key_client; m_key_server = other.m_key_server; - m_key_mppe_send = other.m_key_mppe_send; - m_key_mppe_recv = other.m_key_mppe_recv; + m_key_mppe_client = other.m_key_mppe_client; + m_key_mppe_server = other.m_key_mppe_server; m_session_id = other.m_session_id; m_server_cert_chain = other.m_server_cert_chain; m_hash_handshake_msgs_md5 = other.m_hash_handshake_msgs_md5; @@ -218,8 +218,8 @@ eap::method_tls& eap::method_tls::operator=(_Inout_ method_tls &&other) m_padding_hmac_server = std::move(other.m_padding_hmac_server); m_key_client = std::move(other.m_key_client); m_key_server = std::move(other.m_key_server); - m_key_mppe_send = std::move(other.m_key_mppe_send); - m_key_mppe_recv = std::move(other.m_key_mppe_recv); + m_key_mppe_client = std::move(other.m_key_mppe_client); + m_key_mppe_server = std::move(other.m_key_mppe_server); m_session_id = std::move(other.m_session_id); m_server_cert_chain = std::move(other.m_server_cert_chain); m_hash_handshake_msgs_md5 = std::move(other.m_hash_handshake_msgs_md5); @@ -351,8 +351,8 @@ void eap::method_tls::process_request_packet( m_padding_hmac_server.clear(); m_key_client.free(); m_key_server.free(); - m_key_mppe_send.clear(); - m_key_mppe_recv.clear(); + m_key_mppe_client.clear(); + m_key_mppe_server.clear(); m_server_cert_chain.clear(); @@ -565,12 +565,12 @@ void eap::method_tls::get_result( derive_msk(); // Fill array with RADIUS attributes. - // Note: MS-MPPE-Send-Key/MS-MPPE-Recv-Key are sent in swapped to change between client and server point of view. eap_attr a; m_eap_attr.clear(); - a.create_ms_mppe_key(16, (LPCBYTE)&m_key_mppe_recv, sizeof(tls_random)); + m_eap_attr.reserve(3); + a.create_ms_mppe_key(16, (LPCBYTE)&m_key_mppe_client, sizeof(tls_random)); m_eap_attr.push_back(std::move(a)); - a.create_ms_mppe_key(17, (LPCBYTE)&m_key_mppe_send, sizeof(tls_random)); + a.create_ms_mppe_key(17, (LPCBYTE)&m_key_mppe_server, sizeof(tls_random)); m_eap_attr.push_back(std::move(a)); m_eap_attr.push_back(eap_attr::blank); @@ -882,11 +882,11 @@ void eap::method_tls::derive_msk() const unsigned char *_key_block = key_block.data(); // MS-MPPE-Recv-Key - memcpy(&m_key_mppe_recv, _key_block, sizeof(tls_random)); + memcpy(&m_key_mppe_client, _key_block, sizeof(tls_random)); _key_block += sizeof(tls_random); // MS-MPPE-Send-Key - memcpy(&m_key_mppe_send, _key_block, sizeof(tls_random)); + memcpy(&m_key_mppe_server, _key_block, sizeof(tls_random)); _key_block += sizeof(tls_random); } diff --git a/lib/TTLS/src/Method.cpp b/lib/TTLS/src/Method.cpp index 98017e0..bbcf769 100644 --- a/lib/TTLS/src/Method.cpp +++ b/lib/TTLS/src/Method.cpp @@ -99,9 +99,14 @@ void eap::method_ttls::process_request_packet( if (!m_cipher_spec) throw runtime_error(__FUNCTION__ " Refusing to send credentials unencrypted."); + m_packet_res.m_code = EapCodeResponse; + m_packet_res.m_id = m_packet_req.m_id; + m_packet_res.m_flags = 0; sanitizing_blob client(make_pap_client()); sanitizing_blob application(make_message(tls_message_type_application_data, client, m_cipher_spec)); - m_packet_res.m_data.insert(m_packet_res.m_data.end(), application.begin(), application.end()); + m_packet_res.m_data.assign(application.begin(), application.end()); + + pEapOutput->fAllowNotifications = FALSE; pEapOutput->action = EapPeerMethodResponseActionSend; } } else { @@ -133,12 +138,12 @@ void eap::method_ttls::derive_msk() sanitizing_blob key_block(prf(m_state.m_master_secret, seed, 2*sizeof(tls_random))); const unsigned char *_key_block = key_block.data(); - // MS-MPPE-Recv-Key - memcpy(&m_key_mppe_recv, _key_block, sizeof(tls_random)); + // MSK: MPPE-Recv-Key + memcpy(&m_key_mppe_client, _key_block, sizeof(tls_random)); _key_block += sizeof(tls_random); - // MS-MPPE-Send-Key - memcpy(&m_key_mppe_send, _key_block, sizeof(tls_random)); + // MSK: MPPE-Send-Key + memcpy(&m_key_mppe_server, _key_block, sizeof(tls_random)); _key_block += sizeof(tls_random); } @@ -154,25 +159,25 @@ eap::sanitizing_blob eap::method_ttls::make_pap_client() const WideCharToMultiByte(CP_UTF8, 0, cred->m_identity.c_str(), (int)cred->m_identity.length(), identity_utf8, NULL, NULL); WideCharToMultiByte(CP_UTF8, 0, cred->m_password.c_str(), (int)cred->m_password.length(), password_utf8, NULL, NULL); - unsigned char rnd; - if (!CryptGenRandom(m_cp, sizeof(rnd), &rnd)) - rnd = 0; - size_t size_identity = identity_utf8.length(), size_password = password_utf8.length(), - padding_identity = (4 - size_identity ) % 4, - padding_password = (16 - (password_utf8.length() + rnd)) % 16; // According to RFC 5281 passwords must be padded to 16B boundary with random padding blocks to make password length guessing harder. + padding_identity = (4 - size_identity ) % 4, + padding_password = (4 - password_utf8.length()) % 4, + size_identity_outer, + size_password_outer; sanitizing_blob msg; msg.reserve( + (size_identity_outer = 4 + // Diameter AVP Code 4 + // Diameter AVP Flags & Length - size_identity + // Identity + size_identity) + // Identity padding_identity + // Identity padding + (size_password_outer = 4 + // Diameter AVP Code 4 + // Diameter AVP Flags & Length - size_password + // Password + size_password) + // Password padding_password); // Password padding // Diameter AVP Code User-Name (0x00000001) @@ -182,7 +187,7 @@ eap::sanitizing_blob eap::method_ttls::make_pap_client() const msg.push_back(0x01); // Diameter AVP Flags & Length - unsigned int identity_hdr = htonl((diameter_avp_flag_mandatory << 24) | (unsigned int)size_identity); + unsigned int identity_hdr = htonl((diameter_avp_flag_mandatory << 24) | (unsigned int)size_identity_outer); msg.insert(msg.end(), (unsigned char*)&identity_hdr, (unsigned char*)(&identity_hdr + 1)); // Identity @@ -196,7 +201,7 @@ eap::sanitizing_blob eap::method_ttls::make_pap_client() const msg.push_back(0x02); // Diameter AVP Flags & Length - unsigned int password_hdr = htonl((diameter_avp_flag_mandatory << 24) | (unsigned int)size_password); + unsigned int password_hdr = htonl((diameter_avp_flag_mandatory << 24) | (unsigned int)size_password_outer); msg.insert(msg.end(), (unsigned char*)&password_hdr, (unsigned char*)(&password_hdr + 1)); // Password diff --git a/lib/WinStd b/lib/WinStd index 25c8867..0289795 160000 --- a/lib/WinStd +++ b/lib/WinStd @@ -1 +1 @@ -Subproject commit 25c886754dafdf0d7fef2dc9d28f5328d2bf7ddd +Subproject commit 028979524a6c944549b4adda490e48c91d998361