diff --git a/lib/TLS/include/Method.h b/lib/TLS/include/Method.h index 2ec13ec..937997a 100644 --- a/lib/TLS/include/Method.h +++ b/lib/TLS/include/Method.h @@ -320,7 +320,9 @@ namespace eap /// /// Generates master session key /// - void derive_msk(); + /// \sa [The EAP-TLS Authentication Protocol (Chapter 2.3. Key Hierarchy)](https://tools.ietf.org/html/rfc5216#section-2.3) + /// + virtual void derive_msk(); /// /// Processes messages in a TLS packet @@ -335,40 +337,40 @@ namespace eap /// /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.1. Change Cipher Spec Protocol)](https://tools.ietf.org/html/rfc5246#section-7.1) /// - /// \param[in] msg TLS change_cipher_spec message data - /// \param[in] msg_size TLS change_cipher_spec message data size + /// \param[in] msg TLS change_cipher_spec message data + /// \param[in] msg_size TLS change_cipher_spec message data size /// - void process_change_cipher_spec(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size); + virtual void process_change_cipher_spec(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size); /// /// Processes a TLS alert message /// /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.2. Alert Protocol)](https://tools.ietf.org/html/rfc5246#section-7.2) /// - /// \param[in] msg TLS alert message data - /// \param[in] msg_size TLS alert message data size + /// \param[in] msg TLS alert message data + /// \param[in] msg_size TLS alert message data size /// - void process_alert(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size); + virtual void process_alert(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size); /// /// Processes a TLS handshake message /// /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4. Handshake Protocol)](https://tools.ietf.org/html/rfc5246#section-7.4) /// - /// \param[in] msg TLS handshake message data - /// \param[in] msg_size TLS handshake message data size + /// \param[in] msg TLS handshake message data + /// \param[in] msg_size TLS handshake message data size /// - void process_handshake(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size); + virtual void process_handshake(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size); /// /// Processes a TLS application_data message /// /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 10. Application Data Protocol)](https://tools.ietf.org/html/rfc5246#section-10) /// - /// \param[in] msg TLS application_data message data - /// \param[in] msg_size TLS application_data message data size + /// \param[in] msg TLS application_data message data + /// \param[in] msg_size TLS application_data message data size /// - void process_application_data(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size); + virtual void process_application_data(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size); /// /// Processes a vendor-specific TLS message @@ -379,7 +381,7 @@ namespace eap /// \param[in] msg TLS message data /// \param[in] msg_size TLS message data size /// - void process_vendor_data(_In_ unsigned char type, _In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size); + virtual void process_vendor_data(_In_ unsigned char type, _In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size); /// /// Verifies server's certificate if trusted by configuration diff --git a/lib/TLS/src/Method.cpp b/lib/TLS/src/Method.cpp index 9bb2559..f5e4bf4 100644 --- a/lib/TLS/src/Method.cpp +++ b/lib/TLS/src/Method.cpp @@ -856,20 +856,20 @@ void eap::method_tls::derive_keys() void eap::method_tls::derive_msk() { sanitizing_blob seed; - static const unsigned char s_label[] = "ttls keying material"; + static const unsigned char s_label[] = "client EAP encryption"; seed.assign(s_label, s_label + _countof(s_label) - 1); seed.insert(seed.end(), (const unsigned char*)&m_state.m_random_client, (const unsigned char*)(&m_state.m_random_client + 1)); seed.insert(seed.end(), (const unsigned char*)&m_state.m_random_server, (const unsigned char*)(&m_state.m_random_server + 1)); sanitizing_blob key_block(prf(&m_state.m_master_secret, sizeof(tls_master_secret), seed.data(), seed.size(), 2*sizeof(tls_random))); const unsigned char *_key_block = key_block.data(); - // MS-MPPE-Send-Key - memcpy(&m_key_mppe_send, _key_block, sizeof(tls_random)); - _key_block += sizeof(tls_random); - // MS-MPPE-Recv-Key memcpy(&m_key_mppe_recv, _key_block, sizeof(tls_random)); _key_block += sizeof(tls_random); + + // MS-MPPE-Send-Key + memcpy(&m_key_mppe_send, _key_block, sizeof(tls_random)); + _key_block += sizeof(tls_random); } diff --git a/lib/TTLS/include/Method.h b/lib/TTLS/include/Method.h index 48e29b3..dcddd4c 100644 --- a/lib/TTLS/include/Method.h +++ b/lib/TTLS/include/Method.h @@ -96,17 +96,6 @@ namespace eap /// \name Packet processing /// @{ - ///// - ///// Starts an EAP authentication session on the peer EAPHost using the EAP method. - ///// - ///// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx) - ///// - //virtual void begin_session( - // _In_ DWORD dwFlags, - // _In_ const EapAttributes *pAttributeArray, - // _In_ HANDLE hTokenImpersonateUser, - // _In_ DWORD dwMaxSendPacketSize); - /// /// Processes a packet received by EAPHost from a supplicant. /// @@ -126,17 +115,15 @@ namespace eap _Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket, _Inout_ DWORD *pdwSendPacketSize); - ///// - ///// Obtains the result of an authentication session from the EAP method. - ///// - ///// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx) - ///// - //virtual void get_result( - // _In_ EapPeerMethodResultReason reason, - // _Inout_ EapPeerMethodResult *ppResult); - /// @} + /// + /// Generates master session key + /// + /// \sa [The EAP-TLS Authentication Protocol (Chapter 2.3. Key Hierarchy)](https://tools.ietf.org/html/rfc5216#section-2.3) + /// + virtual void derive_msk(); + public: enum version_t { version_0 = 0, ///< EAP-TTLS v0 diff --git a/lib/TTLS/src/Method.cpp b/lib/TTLS/src/Method.cpp index 04f76bd..a5afc31 100644 --- a/lib/TTLS/src/Method.cpp +++ b/lib/TTLS/src/Method.cpp @@ -71,14 +71,6 @@ eap::method_ttls& eap::method_ttls::operator=(_Inout_ method_ttls &&other) } -//void eap::method_ttls::begin_session( -// _In_ DWORD dwFlags, -// _In_ const EapAttributes *pAttributeArray, -// _In_ HANDLE hTokenImpersonateUser, -// _In_ DWORD dwMaxSendPacketSize) -//{ -// m_outer.begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize); -//} void eap::method_ttls::process_request_packet( @@ -95,7 +87,24 @@ void eap::method_ttls::process_request_packet( m_module.log_event(&EAPMETHOD_TTLS_HANDSHAKE_START, event_data((unsigned int)eap_type_ttls), event_data((unsigned char)m_version), event_data((unsigned char)ver_remote), event_data::blank); } - method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput); + if (m_phase != phase_finished) { + // Do the TLS. + method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput); + + if (m_phase == phase_finished) { + // Piggyback inner authentication. + if (!m_cipher_spec) + throw runtime_error(__FUNCTION__ " Refusing to send credentials unencrypted."); + + //sanitizing_blob client(make_pap_client()); + //sanitizing_blob application(make_message(tls_message_type_application_data, client, m_cipher_spec)); + //m_packet_res.m_data.insert(m_packet_res.m_data.end(), application.begin(), application.end()); + //pEapOutput->action = EapPeerMethodResponseActionSend; + } + } else { + // Do the TLS. Again. + method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput); + } } @@ -112,9 +121,20 @@ void eap::method_ttls::get_response_packet( } -//void eap::method_ttls::get_result( -// _In_ EapPeerMethodResultReason reason, -// _Inout_ EapPeerMethodResult *ppResult) -//{ -// m_outer.get_result(reason, ppResult); -//} +void eap::method_ttls::derive_msk() +{ + static const unsigned char s_label[] = "ttls keying material"; + sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1); + seed.insert(seed.end(), (const unsigned char*)&m_state.m_random_client, (const unsigned char*)(&m_state.m_random_client + 1)); + seed.insert(seed.end(), (const unsigned char*)&m_state.m_random_server, (const unsigned char*)(&m_state.m_random_server + 1)); + sanitizing_blob key_block(prf(&m_state.m_master_secret, sizeof(tls_master_secret), seed.data(), seed.size(), 2*sizeof(tls_random))); + const unsigned char *_key_block = key_block.data(); + + // MS-MPPE-Recv-Key + memcpy(&m_key_mppe_recv, _key_block, sizeof(tls_random)); + _key_block += sizeof(tls_random); + + // MS-MPPE-Send-Key + memcpy(&m_key_mppe_send, _key_block, sizeof(tls_random)); + _key_block += sizeof(tls_random); +}