TLS and TTLS distinction

2016-08-13 18:55:33 +02:00 · 2016-08-13 18:55:33 +02:00 · ae37c9aa6c
commit ae37c9aa6c
parent cbda758178
4 changed files with 63 additions and 54 deletions
--- a/lib/TLS/include/Method.h
+++ b/lib/TLS/include/Method.h
@ -320,7 +320,9 @@ namespace eap
        ///
        /// Generates master session key
        ///
-        void derive_msk();
+        /// \sa [The EAP-TLS Authentication Protocol (Chapter 2.3. Key Hierarchy)](https://tools.ietf.org/html/rfc5216#section-2.3)
+        ///
+        virtual void derive_msk();

        ///
        /// Processes messages in a TLS packet
@ -335,40 +337,40 @@ namespace eap
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.1. Change Cipher Spec Protocol)](https://tools.ietf.org/html/rfc5246#section-7.1)
        ///
-        /// \param[in] msg      TLS change_cipher_spec message data
-        /// \param[in] msg_size TLS change_cipher_spec message data size
+        /// \param[in] msg       TLS change_cipher_spec message data
+        /// \param[in] msg_size  TLS change_cipher_spec message data size
        ///
-        void process_change_cipher_spec(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
+        virtual void process_change_cipher_spec(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);

        ///
        /// Processes a TLS alert message
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.2. Alert Protocol)](https://tools.ietf.org/html/rfc5246#section-7.2)
        ///
-        /// \param[in] msg      TLS alert message data
-        /// \param[in] msg_size TLS alert message data size
+        /// \param[in] msg       TLS alert message data
+        /// \param[in] msg_size  TLS alert message data size
        ///
-        void process_alert(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
+        virtual void process_alert(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);

        ///
        /// Processes a TLS handshake message
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4. Handshake Protocol)](https://tools.ietf.org/html/rfc5246#section-7.4)
        ///
-        /// \param[in] msg      TLS handshake message data
-        /// \param[in] msg_size TLS handshake message data size
+        /// \param[in] msg       TLS handshake message data
+        /// \param[in] msg_size  TLS handshake message data size
        ///
-        void process_handshake(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
+        virtual void process_handshake(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);

        ///
        /// Processes a TLS application_data message
        ///
        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 10. Application Data Protocol)](https://tools.ietf.org/html/rfc5246#section-10)
        ///
-        /// \param[in] msg      TLS application_data message data
-        /// \param[in] msg_size TLS application_data message data size
+        /// \param[in] msg       TLS application_data message data
+        /// \param[in] msg_size  TLS application_data message data size
        ///
-        void process_application_data(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
+        virtual void process_application_data(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);

        ///
        /// Processes a vendor-specific TLS message
@ -379,7 +381,7 @@ namespace eap
        /// \param[in] msg       TLS message data
        /// \param[in] msg_size  TLS message data size
        ///
-        void process_vendor_data(_In_ unsigned char type, _In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
+        virtual void process_vendor_data(_In_ unsigned char type, _In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);

        ///
        /// Verifies server's certificate if trusted by configuration
--- a/lib/TLS/src/Method.cpp
+++ b/lib/TLS/src/Method.cpp
@ -856,20 +856,20 @@ void eap::method_tls::derive_keys()
 void eap::method_tls::derive_msk()
 {
    sanitizing_blob seed;
-    static const unsigned char s_label[] = "ttls keying material";
+    static const unsigned char s_label[] = "client EAP encryption";
    seed.assign(s_label, s_label + _countof(s_label) - 1);
    seed.insert(seed.end(), (const unsigned char*)&m_state.m_random_client, (const unsigned char*)(&m_state.m_random_client + 1));
    seed.insert(seed.end(), (const unsigned char*)&m_state.m_random_server, (const unsigned char*)(&m_state.m_random_server + 1));
    sanitizing_blob key_block(prf(&m_state.m_master_secret, sizeof(tls_master_secret), seed.data(), seed.size(), 2*sizeof(tls_random)));
    const unsigned char *_key_block = key_block.data();

-    // MS-MPPE-Send-Key
-    memcpy(&m_key_mppe_send, _key_block, sizeof(tls_random));
-    _key_block += sizeof(tls_random);
-
    // MS-MPPE-Recv-Key
    memcpy(&m_key_mppe_recv, _key_block, sizeof(tls_random));
    _key_block += sizeof(tls_random);
+
+    // MS-MPPE-Send-Key
+    memcpy(&m_key_mppe_send, _key_block, sizeof(tls_random));
+    _key_block += sizeof(tls_random);
 }


--- a/lib/TTLS/include/Method.h
+++ b/lib/TTLS/include/Method.h
@ -96,17 +96,6 @@ namespace eap
        /// \name Packet processing
        /// @{

-        /////
-        ///// Starts an EAP authentication session on the peer EAPHost using the EAP method.
-        /////
-        ///// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
-        /////
-        //virtual void begin_session(
-        //    _In_        DWORD         dwFlags,
-        //    _In_  const EapAttributes *pAttributeArray,
-        //    _In_        HANDLE        hTokenImpersonateUser,
-        //    _In_        DWORD         dwMaxSendPacketSize);
-
        ///
        /// Processes a packet received by EAPHost from a supplicant.
        ///
@ -126,17 +115,15 @@ namespace eap
            _Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket,
            _Inout_                            DWORD     *pdwSendPacketSize);

-        /////
-        ///// Obtains the result of an authentication session from the EAP method.
-        /////
-        ///// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
-        /////
-        //virtual void get_result(
-        //    _In_    EapPeerMethodResultReason reason,
-        //    _Inout_ EapPeerMethodResult       *ppResult);
-
        /// @}

+        ///
+        /// Generates master session key
+        ///
+        /// \sa [The EAP-TLS Authentication Protocol (Chapter 2.3. Key Hierarchy)](https://tools.ietf.org/html/rfc5216#section-2.3)
+        ///
+        virtual void derive_msk();
+
    public:
        enum version_t {
            version_0 = 0,  ///< EAP-TTLS v0
--- a/lib/TTLS/src/Method.cpp
+++ b/lib/TTLS/src/Method.cpp
@ -71,14 +71,6 @@ eap::method_ttls& eap::method_ttls::operator=(_Inout_ method_ttls &&other)
 }


-//void eap::method_ttls::begin_session(
-//    _In_        DWORD         dwFlags,
-//    _In_  const EapAttributes *pAttributeArray,
-//    _In_        HANDLE        hTokenImpersonateUser,
-//    _In_        DWORD         dwMaxSendPacketSize)
-//{
-//    m_outer.begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize);
-//}


 void eap::method_ttls::process_request_packet(
@ -95,7 +87,24 @@ void eap::method_ttls::process_request_packet(
        m_module.log_event(&EAPMETHOD_TTLS_HANDSHAKE_START, event_data((unsigned int)eap_type_ttls), event_data((unsigned char)m_version), event_data((unsigned char)ver_remote), event_data::blank);
    }

-    method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
+    if (m_phase != phase_finished) {
+        // Do the TLS.
+        method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
+
+        if (m_phase == phase_finished) {
+            // Piggyback inner authentication.
+            if (!m_cipher_spec)
+                throw runtime_error(__FUNCTION__ " Refusing to send credentials unencrypted.");
+
+            //sanitizing_blob client(make_pap_client());
+            //sanitizing_blob application(make_message(tls_message_type_application_data, client, m_cipher_spec));
+            //m_packet_res.m_data.insert(m_packet_res.m_data.end(), application.begin(), application.end());
+            //pEapOutput->action = EapPeerMethodResponseActionSend;
+        }
+    } else {
+        // Do the TLS. Again.
+        method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
+    }
 }


@ -112,9 +121,20 @@ void eap::method_ttls::get_response_packet(
 }


-//void eap::method_ttls::get_result(
-//    _In_    EapPeerMethodResultReason reason,
-//    _Inout_ EapPeerMethodResult       *ppResult)
-//{
-//    m_outer.get_result(reason, ppResult);
-//}
+void eap::method_ttls::derive_msk()
+{
+    static const unsigned char s_label[] = "ttls keying material";
+    sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
+    seed.insert(seed.end(), (const unsigned char*)&m_state.m_random_client, (const unsigned char*)(&m_state.m_random_client + 1));
+    seed.insert(seed.end(), (const unsigned char*)&m_state.m_random_server, (const unsigned char*)(&m_state.m_random_server + 1));
+    sanitizing_blob key_block(prf(&m_state.m_master_secret, sizeof(tls_master_secret), seed.data(), seed.size(), 2*sizeof(tls_random)));
+    const unsigned char *_key_block = key_block.data();
+
+    // MS-MPPE-Recv-Key
+    memcpy(&m_key_mppe_recv, _key_block, sizeof(tls_random));
+    _key_block += sizeof(tls_random);
+
+    // MS-MPPE-Send-Key
+    memcpy(&m_key_mppe_send, _key_block, sizeof(tls_random));
+    _key_block += sizeof(tls_random);
+}