diff --git a/lib/Events/res/EventsETW.man b/lib/Events/res/EventsETW.man index cffbfc6..190d38f 100644 Binary files a/lib/Events/res/EventsETW.man and b/lib/Events/res/EventsETW.man differ diff --git a/lib/TLS/include/TLS.h b/lib/TLS/include/TLS.h index 48b52e2..9cdcccd 100644 --- a/lib/TLS/include/TLS.h +++ b/lib/TLS/include/TLS.h @@ -404,9 +404,10 @@ namespace eap /// /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.7.1. RSA-Encrypted Premaster Secret Message)](https://tools.ietf.org/html/rfc5246#section-7.4.7.1) /// - /// \param[in] cp Handle of the cryptographics provider + /// \param[in] cp Handle of the cryptographics provider + /// \param[in] ver TLS version /// - tls_master_secret(_In_ HCRYPTPROV cp); + tls_master_secret(_In_ HCRYPTPROV cp, _In_ tls_version ver); /// /// Copies a master secret diff --git a/lib/TLS/src/Method.cpp b/lib/TLS/src/Method.cpp index 0ca6ce4..9b52192 100644 --- a/lib/TLS/src/Method.cpp +++ b/lib/TLS/src/Method.cpp @@ -107,7 +107,7 @@ eap::method_tls::method_tls(_In_ module &module, _In_ config_provider_list &cfg, #endif method(module, cfg, cred) { - m_tls_version = tls_version_1_0; + m_tls_version = tls_version_1_1; } @@ -413,7 +413,7 @@ void eap::method_tls::process_request_packet( } // Generate pre-master secret. PMS will get sanitized in its destructor when going out-of-scope. - tls_master_secret pms(m_cp); + tls_master_secret pms(m_cp, m_tls_version); // Derive master secret. static const unsigned char s_label[] = "master secret"; @@ -828,7 +828,7 @@ void eap::method_tls::derive_keys() m_key_server = create_key(m_state.m_alg_encrypt, key_exp1, _key_block, m_state.m_size_enc_key); _key_block += m_state.m_size_enc_key; - if (m_state.m_size_enc_iv) { + if (m_state.m_size_enc_iv && m_tls_version < tls_version_1_1) { // client_write_IV if (!CryptSetKeyParam(m_key_client, KP_IV, _key_block, 0)) throw win_runtime_error(__FUNCTION__ " Error setting client_write_IV."); @@ -875,7 +875,7 @@ void eap::method_tls::process_packet(_In_bytecount_(size_pck) const void *_pck, if (msg_end > pck_end) throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete message data."); - if (hdr->version == m_tls_version) { + if (hdr->version >= tls_version_1_0) { // Process TLS 1.0 message. switch (hdr->type) { case tls_message_type_change_cipher_spec: @@ -980,8 +980,9 @@ void eap::method_tls::process_handshake(_In_bytecount_(msg_size) const void *_ms // TLS version if (rec + 2 > rec_end) throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Server SSL/TLS version missing or incomplete."); - else if (rec[0] != m_tls_version.major || rec[1] != m_tls_version.minor) + else if (*(tls_version*)rec < tls_version_1_0 || m_tls_version < *(tls_version*)rec) throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Unsupported SSL/TLS version."); + m_tls_version = *(tls_version*)rec; m_state.m_alg_prf = CALG_TLS1PRF; rec += 2; @@ -1013,7 +1014,12 @@ void eap::method_tls::process_handshake(_In_bytecount_(msg_size) const void *_ms } else throw win_runtime_error(ERROR_NOT_SUPPORTED, string_printf(__FUNCTION__ " Other than requested cipher selected (received 0x%02x%02x).", rec[0], rec[1])); - m_module.log_event(&EAPMETHOD_TLS_SERVER_HELLO, event_data((unsigned int)eap_type_tls), event_data((unsigned int)m_session_id.size()), event_data(m_session_id.data(), (ULONG)m_session_id.size()), event_data::blank); + m_module.log_event(&EAPMETHOD_TLS_SERVER_HELLO1, + event_data((unsigned int)eap_type_tls), + event_data(((unsigned int)m_tls_version.major << 8) | (unsigned int)m_tls_version.minor), + event_data((unsigned int)m_session_id.size()), + event_data(m_session_id.data(), (ULONG)m_session_id.size()), + event_data::blank); break; case tls_handshake_type_certificate: { @@ -1241,10 +1247,11 @@ void eap::method_tls::encrypt_message(_In_ tls_message_type_t type, _Inout_ sani // Block cypher if (m_tls_version >= tls_version_1_1) { - // TLS 1.1+: Prepend random IV. - data.insert(data.begin(), m_state.m_size_enc_block, 0); - CryptGenRandom(m_cp, (DWORD)m_state.m_size_enc_block, data.data()); - size_data_enc += m_state.m_size_enc_block; + // TLS 1.1+: Set random IV. + data.insert(data.begin(), m_state.m_size_enc_iv, 0); + if (!CryptGenRandom(m_cp, (DWORD)m_state.m_size_enc_iv, data.data())) + throw win_runtime_error(__FUNCTION__ " Error generating IV."); + size_data_enc += m_state.m_size_enc_iv; } // Calculate padding. @@ -1299,8 +1306,8 @@ void eap::method_tls::decrypt_message(_In_ tls_message_type_t type, _Inout_ sani if (m_tls_version >= tls_version_1_1) { // TLS 1.1+: Remove random IV. - data.erase(data.begin(), data.begin() + m_state.m_size_enc_block); - size_data -= m_state.m_size_enc_block; + data.erase(data.begin(), data.begin() + m_state.m_size_enc_iv); + size_data -= m_state.m_size_enc_iv; } } diff --git a/lib/TLS/src/TLS.cpp b/lib/TLS/src/TLS.cpp index 72db63c..813ccc9 100644 --- a/lib/TLS/src/TLS.cpp +++ b/lib/TLS/src/TLS.cpp @@ -88,10 +88,10 @@ eap::tls_master_secret::tls_master_secret() } -eap::tls_master_secret::tls_master_secret(_In_ HCRYPTPROV cp) +eap::tls_master_secret::tls_master_secret(_In_ HCRYPTPROV cp, _In_ tls_version ver) { - data[0] = 3; - data[1] = 1; + data[0] = ver.major; + data[1] = ver.minor; if (!CryptGenRandom(cp, sizeof(data) - 2, data + 2)) throw win_runtime_error(__FUNCTION__ " Error creating PMS randomness.");