Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Simple BLOB encryption/decryption added & comment updates

Browse Source
This commit is contained in:
Simon Rozman 2017-02-01 10:12:57 +01:00
parent 33e5bc90a5
commit 9b174b7855
2 changed files with 74 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
lib/EAPBase/include/Module.h
View File

@ -514,9 +514,10 @@ namespace eap
/// @{
///
/// Unencrypts and unpacks the BLOB
/// Decrypts a BLOB
///
/// \note When EAP_ENCRYPT_BLOBS is defined non-zero, the BLOB is decrypted; otherwise, it is copied only.
///
/// \param[inout] record Object to unpack to
/// \param[in ] pDataIn Pointer to encrypted BLOB
/// \param[in ] dwDataInSize Size of \p pDataIn
/// \param[out ] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
@ -525,9 +526,38 @@ namespace eap
/// - \c true if succeeded
/// - \c false otherwise. See \p ppEapError for details.
///
/// \returns Encrypted BLOB
///
sanitizing_blob unpack(
_In_count_(dwDataInSize) const BYTE *pDataIn,
_In_ DWORD dwDataInSize)
{
#if EAP_ENCRYPT_BLOBS
// Prepare cryptographics provider.
winstd::crypt_prov cp;
if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
throw winstd::win_runtime_error(__FUNCTION__ " CryptAcquireContext failed.");
// Decrypt data.
return std::move(decrypt_md5<unsigned char, winstd::sanitizing_allocator<unsigned char> >(cp, pDataIn, dwDataInSize));
#else
return sanitizing_blob(pDataIn, pDataIn + dwDataInSize);
#endif
}
///
/// Decrypts and unpacks the BLOB
///
/// \note When EAP_ENCRYPT_BLOBS is defined non-zero, the BLOB is decrypted and unpacked to the \p record; otherwise, it is unpacked to the \p record only.
///
/// \param[out] record Object to unpack to
/// \param[in ] pDataIn Pointer to encrypted BLOB
/// \param[in ] dwDataInSize Size of \p pDataIn
///
template<class T>
void unpack(
_Inout_ T &record,
_Out_ T &record,
_In_count_(dwDataInSize) const BYTE *pDataIn,
_In_ DWORD dwDataInSize)
{
@ -549,9 +579,49 @@ namespace eap
}
///
/// Encrypts a BLOB
///
/// \note When EAP_ENCRYPT_BLOBS is defined non-zero, the BLOB is encrypted; otherwise, it is copied only.
///
/// \param[in ] data BLOB to encrypt
/// \param[out] ppDataOut Pointer to pointer to receive encrypted BLOB. Pointer must be freed using `module::free_memory()`.
/// \param[out] pdwDataOutSize Pointer to \p ppDataOut size
///
void pack(
_In_ const sanitizing_blob &data,
_Out_ BYTE **ppDataOut,
_Out_ DWORD *pdwDataOutSize)
{
assert(ppDataOut);
assert(pdwDataOutSize);
#if EAP_ENCRYPT_BLOBS
// Prepare cryptographics provider.
winstd::crypt_prov cp;
if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
throw winstd::win_runtime_error(__FUNCTION__ " CryptAcquireContext failed.");
// Encrypt BLOB.
std::vector<unsigned char> data_enc(std::move(encrypt_md5(cp, data.data(), data.size())));
// Copy encrypted BLOB to output.
*pdwDataOutSize = (DWORD)data_enc.size();
*ppDataOut = alloc_memory(*pdwDataOutSize);
memcpy(*ppDataOut, data_enc.data(), *pdwDataOutSize);
#else
// Allocate and copy BLOB.
*pdwDataOutSize = (DWORD)data.size();
memcpy(*ppDataOut = alloc_memory(*pdwDataOutSize), data.data(), *pdwDataOutSize);
#endif
}
///
/// Packs and encrypts to the BLOB
///
/// \note When EAP_ENCRYPT_BLOBS is defined non-zero, the \p record is packed and encrypted; otherwise, it is packed to an unencrypted BLOB only.
///
/// \param[in ] record Object to pack
/// \param[out] ppDataOut Pointer to pointer to receive encrypted BLOB. Pointer must be freed using `module::free_memory()`.
/// \param[out] pdwDataOutSize Pointer to \p ppDataOut size

2
lib/TLS/src/Method.cpp
View File

@ -1216,7 +1216,7 @@ void eap::method_tls::process_handshake()
void eap::method_tls::process_application_data()
{
if (m_sc_queue.empty()) {
// An ACK packet received. Nothing to unencrypt.
// An ACK packet received. Nothing to decrypt.
process_application_data(NULL, 0);
return;
}