Simple BLOB encryption/decryption added & comment updates
This commit is contained in:
parent
33e5bc90a5
commit
9b174b7855
@ -514,9 +514,10 @@ namespace eap
|
|||||||
/// @{
|
/// @{
|
||||||
|
|
||||||
///
|
///
|
||||||
/// Unencrypts and unpacks the BLOB
|
/// Decrypts a BLOB
|
||||||
|
///
|
||||||
|
/// \note When EAP_ENCRYPT_BLOBS is defined non-zero, the BLOB is decrypted; otherwise, it is copied only.
|
||||||
///
|
///
|
||||||
/// \param[inout] record Object to unpack to
|
|
||||||
/// \param[in ] pDataIn Pointer to encrypted BLOB
|
/// \param[in ] pDataIn Pointer to encrypted BLOB
|
||||||
/// \param[in ] dwDataInSize Size of \p pDataIn
|
/// \param[in ] dwDataInSize Size of \p pDataIn
|
||||||
/// \param[out ] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
/// \param[out ] ppEapError Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
|
||||||
@ -525,9 +526,38 @@ namespace eap
|
|||||||
/// - \c true if succeeded
|
/// - \c true if succeeded
|
||||||
/// - \c false otherwise. See \p ppEapError for details.
|
/// - \c false otherwise. See \p ppEapError for details.
|
||||||
///
|
///
|
||||||
|
/// \returns Encrypted BLOB
|
||||||
|
///
|
||||||
|
sanitizing_blob unpack(
|
||||||
|
_In_count_(dwDataInSize) const BYTE *pDataIn,
|
||||||
|
_In_ DWORD dwDataInSize)
|
||||||
|
{
|
||||||
|
#if EAP_ENCRYPT_BLOBS
|
||||||
|
// Prepare cryptographics provider.
|
||||||
|
winstd::crypt_prov cp;
|
||||||
|
if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
|
||||||
|
throw winstd::win_runtime_error(__FUNCTION__ " CryptAcquireContext failed.");
|
||||||
|
|
||||||
|
// Decrypt data.
|
||||||
|
return std::move(decrypt_md5<unsigned char, winstd::sanitizing_allocator<unsigned char> >(cp, pDataIn, dwDataInSize));
|
||||||
|
#else
|
||||||
|
return sanitizing_blob(pDataIn, pDataIn + dwDataInSize);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
///
|
||||||
|
/// Decrypts and unpacks the BLOB
|
||||||
|
///
|
||||||
|
/// \note When EAP_ENCRYPT_BLOBS is defined non-zero, the BLOB is decrypted and unpacked to the \p record; otherwise, it is unpacked to the \p record only.
|
||||||
|
///
|
||||||
|
/// \param[out] record Object to unpack to
|
||||||
|
/// \param[in ] pDataIn Pointer to encrypted BLOB
|
||||||
|
/// \param[in ] dwDataInSize Size of \p pDataIn
|
||||||
|
///
|
||||||
template<class T>
|
template<class T>
|
||||||
void unpack(
|
void unpack(
|
||||||
_Inout_ T &record,
|
_Out_ T &record,
|
||||||
_In_count_(dwDataInSize) const BYTE *pDataIn,
|
_In_count_(dwDataInSize) const BYTE *pDataIn,
|
||||||
_In_ DWORD dwDataInSize)
|
_In_ DWORD dwDataInSize)
|
||||||
{
|
{
|
||||||
@ -549,9 +579,49 @@ namespace eap
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
///
|
||||||
|
/// Encrypts a BLOB
|
||||||
|
///
|
||||||
|
/// \note When EAP_ENCRYPT_BLOBS is defined non-zero, the BLOB is encrypted; otherwise, it is copied only.
|
||||||
|
///
|
||||||
|
/// \param[in ] data BLOB to encrypt
|
||||||
|
/// \param[out] ppDataOut Pointer to pointer to receive encrypted BLOB. Pointer must be freed using `module::free_memory()`.
|
||||||
|
/// \param[out] pdwDataOutSize Pointer to \p ppDataOut size
|
||||||
|
///
|
||||||
|
void pack(
|
||||||
|
_In_ const sanitizing_blob &data,
|
||||||
|
_Out_ BYTE **ppDataOut,
|
||||||
|
_Out_ DWORD *pdwDataOutSize)
|
||||||
|
{
|
||||||
|
assert(ppDataOut);
|
||||||
|
assert(pdwDataOutSize);
|
||||||
|
|
||||||
|
#if EAP_ENCRYPT_BLOBS
|
||||||
|
// Prepare cryptographics provider.
|
||||||
|
winstd::crypt_prov cp;
|
||||||
|
if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
|
||||||
|
throw winstd::win_runtime_error(__FUNCTION__ " CryptAcquireContext failed.");
|
||||||
|
|
||||||
|
// Encrypt BLOB.
|
||||||
|
std::vector<unsigned char> data_enc(std::move(encrypt_md5(cp, data.data(), data.size())));
|
||||||
|
|
||||||
|
// Copy encrypted BLOB to output.
|
||||||
|
*pdwDataOutSize = (DWORD)data_enc.size();
|
||||||
|
*ppDataOut = alloc_memory(*pdwDataOutSize);
|
||||||
|
memcpy(*ppDataOut, data_enc.data(), *pdwDataOutSize);
|
||||||
|
#else
|
||||||
|
// Allocate and copy BLOB.
|
||||||
|
*pdwDataOutSize = (DWORD)data.size();
|
||||||
|
memcpy(*ppDataOut = alloc_memory(*pdwDataOutSize), data.data(), *pdwDataOutSize);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
///
|
///
|
||||||
/// Packs and encrypts to the BLOB
|
/// Packs and encrypts to the BLOB
|
||||||
///
|
///
|
||||||
|
/// \note When EAP_ENCRYPT_BLOBS is defined non-zero, the \p record is packed and encrypted; otherwise, it is packed to an unencrypted BLOB only.
|
||||||
|
///
|
||||||
/// \param[in ] record Object to pack
|
/// \param[in ] record Object to pack
|
||||||
/// \param[out] ppDataOut Pointer to pointer to receive encrypted BLOB. Pointer must be freed using `module::free_memory()`.
|
/// \param[out] ppDataOut Pointer to pointer to receive encrypted BLOB. Pointer must be freed using `module::free_memory()`.
|
||||||
/// \param[out] pdwDataOutSize Pointer to \p ppDataOut size
|
/// \param[out] pdwDataOutSize Pointer to \p ppDataOut size
|
||||||
|
|||||||
@ -1216,7 +1216,7 @@ void eap::method_tls::process_handshake()
|
|||||||
void eap::method_tls::process_application_data()
|
void eap::method_tls::process_application_data()
|
||||||
{
|
{
|
||||||
if (m_sc_queue.empty()) {
|
if (m_sc_queue.empty()) {
|
||||||
// An ACK packet received. Nothing to unencrypt.
|
// An ACK packet received. Nothing to decrypt.
|
||||||
process_application_data(NULL, 0);
|
process_application_data(NULL, 0);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user