Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Switched to Schannel to do the TLS

Browse Source
This commit is contained in:
Simon Rozman
2016-08-23 13:53:23 +02:00
parent 5720524abe
commit 9b997408a1
17 changed files with 383 additions and 1528 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
lib/TTLS/src/Method.cpp
View File

@@ -71,23 +71,6 @@ void eap::method_ttls::process_request_packet(
// Do the TLS.
method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
if (m_phase == phase_application_data) {
// Send inner authentication.
if (!m_state_client.m_alg_encrypt)
throw runtime_error(__FUNCTION__ " Refusing to send credentials unencrypted.");
m_module.log_event(&EAPMETHOD_TTLS_INNER_CRED, event_data((unsigned int)eap_type_ttls), event_data(m_cred.m_inner->get_name()), event_data::blank);
m_packet_res.m_code = EapCodeResponse;
m_packet_res.m_id = m_packet_req.m_id;
m_packet_res.m_flags = 0;
sanitizing_blob msg_application(make_message(tls_message_type_application_data, make_pap_client()));
m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_application.begin(), msg_application.end());
pEapOutput->fAllowNotifications = FALSE;
pEapOutput->action = EapPeerMethodResponseActionSend;
}
}
@@ -133,6 +116,13 @@ void eap::method_ttls::get_result(
throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported.");
}
// EAP-TTLS uses different label in PRF for MSK derivation than EAP-TLS.
static const DWORD s_key_id = 0x01; // EAP-TTLSv0 Keying Material
static const SecPkgContext_EapPrfInfo s_prf_info = { 0, sizeof(s_key_id), (PBYTE)&s_key_id };
SECURITY_STATUS status = SetContextAttributes(m_sc_ctx, SECPKG_ATTR_EAP_PRF_INFO, (void*)&s_prf_info, sizeof(s_prf_info));
if (FAILED(status))
throw sec_runtime_error(status, __FUNCTION__ "Error setting EAP-TTLS PRF in Schannel.");
// The TLS was OK.
method_tls::get_result(EapPeerMethodResultSuccess, ppResult);
@@ -146,37 +136,51 @@ void eap::method_ttls::get_result(
}
void eap::method_ttls::derive_msk()
void eap::method_ttls::process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg)
{
//
// TLS versions 1.0 [RFC2246] and 1.1 [RFC4346] define the same PRF
// function, and any EAP-TTLSv0 implementation based on these versions
// of TLS must use the PRF defined therein. It is expected that future
// versions of or extensions to the TLS protocol will permit alternative
// PRF functions to be negotiated. If an alternative PRF function is
// specified for the underlying TLS version or has been negotiated
// during the TLS handshake negotiation, then that alternative PRF
// function must be used in EAP-TTLSv0 computations instead of the TLS
// 1.0/1.1 PRF.
//
// [Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0) (Chapter 7.8. Use of TLS PRF)](https://tools.ietf.org/html/rfc5281#section-7.8)
//
// If we use PRF_SHA256() the key exchange fails. Therefore we use PRF of TLS 1.0/1.1.
//
static const unsigned char s_label[] = "ttls keying material";
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
sanitizing_blob key_block(prf(m_cp, CALG_TLS1PRF, m_master_secret, seed, 2*sizeof(tls_random)));
const unsigned char *_key_block = key_block.data();
UNREFERENCED_PARAMETER(msg);
UNREFERENCED_PARAMETER(size_msg);
// MSK: MPPE-Recv-Key
memcpy(&m_key_mppe_client, _key_block, sizeof(tls_random));
_key_block += sizeof(tls_random);
// Prepare inner authentication.
if (!(m_sc_ctx.m_attrib & ISC_RET_CONFIDENTIALITY))
throw runtime_error(__FUNCTION__ " Refusing to send credentials unencrypted.");
// MSK: MPPE-Send-Key
memcpy(&m_key_mppe_server, _key_block, sizeof(tls_random));
_key_block += sizeof(tls_random);
m_module.log_event(&EAPMETHOD_TTLS_INNER_CRED, event_data((unsigned int)eap_type_ttls), event_data(m_cred.m_inner->get_name()), event_data::blank);
SECURITY_STATUS status;
// Get maximum message sizes.
SecPkgContext_StreamSizes sizes;
status = QueryContextAttributes(m_sc_ctx, SECPKG_ATTR_STREAM_SIZES, &sizes);
if (FAILED(status))
throw sec_runtime_error(status, __FUNCTION__ " Error getting Schannel required encryption sizes.");
// Make PAP message.
sanitizing_blob msg_pap(make_pap_client());
assert(msg_pap.size() < sizes.cbMaximumMessage);
unsigned long size_data = std::min<unsigned long>(sizes.cbMaximumMessage, (unsigned long)msg_pap.size()); // Truncate
sanitizing_blob data(sizes.cbHeader + size_data + sizes.cbTrailer, 0);
memcpy(data.data() + sizes.cbHeader, msg_pap.data(), size_data);
// Prepare input/output buffer(s).
SecBuffer buf[] = {
{ sizes.cbHeader, SECBUFFER_STREAM_HEADER , data.data() },
{ size_data, SECBUFFER_DATA , data.data() + sizes.cbHeader },
{ sizes.cbTrailer, SECBUFFER_STREAM_TRAILER, data.data() + sizes.cbHeader + size_data },
{ 0, SECBUFFER_EMPTY , NULL },
};
SecBufferDesc buf_desc = {
SECBUFFER_VERSION,
_countof(buf),
buf
};
// Encrypt the message.
status = EncryptMessage(m_sc_ctx, 0, &buf_desc, 0);
if (FAILED(status))
throw sec_runtime_error(status, __FUNCTION__ " Error encrypting message.");
m_packet_res.m_data.insert(m_packet_res.m_data.end(), (const unsigned char*)buf[0].pvBuffer, (const unsigned char*)buf[0].pvBuffer + buf[0].cbBuffer + buf[1].cbBuffer + buf[2].cbBuffer);
}

1
lib/TTLS/src/StdAfx.h
View File

@@ -30,3 +30,4 @@
#include <WinStd/EAP.h>
#include <EapHostError.h>
#include <schannel.h>