From d68fd6ce08081c81d01480deec45591adde93ac8 Mon Sep 17 00:00:00 2001
From: Simon Rozman <simon@rozman.si>
Date: Mon, 15 Aug 2016 22:49:45 +0200
Subject: [PATCH] Support for TLS 1.1 finished

---
 lib/Events/res/EventsETW.man | Bin 49340 -> 51280 bytes
 lib/TLS/include/TLS.h        |   5 +++--
 lib/TLS/src/Method.cpp       |  31 +++++++++++++++++++------------
 lib/TLS/src/TLS.cpp          |   6 +++---
 4 files changed, 25 insertions(+), 17 deletions(-)

diff --git a/lib/Events/res/EventsETW.man b/lib/Events/res/EventsETW.man
index cffbfc643944d5bd6c72e8d7ed1c6e67ca2a36a1..190d38fee522eb3f032d25934716f62b85417ae7 100644
GIT binary patch
delta 324
zcmdnf$b4Y}^M)=i-Y|w#h9ZVyhD?ThhP=s!mg18WIK)`Z8O#_gCpRh>PA=eQV>V<k
zn0%4lklCEUe6pjIC6I3j;saHg16c@FMw1T$bu>tuZ0_RPU^-dDnP;+|EEl68(Af2p
zcbM@_o@T2uxj~I%@&_v}_7DaihG2%U$^LWYCqK}V+015t&Uo^LQi;ivl0+tV6iQ9L
zkR5_#L}OPz%&^+P$sQ$Qn_m^B$bg-uSR=};2Xvz2L`$Gu6O%+)4H@)+4g>Om@<x*(
z@<y8l`-4>`KPVFeD%v<(bn=AFN|Oz?@=X4=NkkCh7zKth22}<l1|0^4$();|8BHcX
i+#EW&p_pZ|z*L3F0ee{{D{K{*{A|C(=2M$L@c;lc4rFuy

delta 46
zcmV+}0MY-@kORDd1F(t;ll(pwvtA6EHM4j`nliJFczPU@zzi6(AeR0klbm@LvktpL
E4d4G0%K!iX

diff --git a/lib/TLS/include/TLS.h b/lib/TLS/include/TLS.h
index 48b52e2..9cdcccd 100644
--- a/lib/TLS/include/TLS.h
+++ b/lib/TLS/include/TLS.h
@@ -404,9 +404,10 @@ namespace eap
         ///
         /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.7.1. RSA-Encrypted Premaster Secret Message)](https://tools.ietf.org/html/rfc5246#section-7.4.7.1)
         ///
-        /// \param[in] cp  Handle of the cryptographics provider
+        /// \param[in] cp   Handle of the cryptographics provider
+        /// \param[in] ver  TLS version
         ///
-        tls_master_secret(_In_ HCRYPTPROV cp);
+        tls_master_secret(_In_ HCRYPTPROV cp, _In_ tls_version ver);
 
         ///
         /// Copies a master secret
diff --git a/lib/TLS/src/Method.cpp b/lib/TLS/src/Method.cpp
index 0ca6ce4..9b52192 100644
--- a/lib/TLS/src/Method.cpp
+++ b/lib/TLS/src/Method.cpp
@@ -107,7 +107,7 @@ eap::method_tls::method_tls(_In_ module &module, _In_ config_provider_list &cfg,
 #endif
     method(module, cfg, cred)
 {
-    m_tls_version = tls_version_1_0;
+    m_tls_version = tls_version_1_1;
 }
 
 
@@ -413,7 +413,7 @@ void eap::method_tls::process_request_packet(
                 }
 
                 // Generate pre-master secret. PMS will get sanitized in its destructor when going out-of-scope.
-                tls_master_secret pms(m_cp);
+                tls_master_secret pms(m_cp, m_tls_version);
 
                 // Derive master secret.
                 static const unsigned char s_label[] = "master secret";
@@ -828,7 +828,7 @@ void eap::method_tls::derive_keys()
     m_key_server = create_key(m_state.m_alg_encrypt, key_exp1, _key_block, m_state.m_size_enc_key);
     _key_block += m_state.m_size_enc_key;
 
-    if (m_state.m_size_enc_iv) {
+    if (m_state.m_size_enc_iv && m_tls_version < tls_version_1_1) {
         // client_write_IV
         if (!CryptSetKeyParam(m_key_client, KP_IV, _key_block, 0))
             throw win_runtime_error(__FUNCTION__ " Error setting client_write_IV.");
@@ -875,7 +875,7 @@ void eap::method_tls::process_packet(_In_bytecount_(size_pck) const void *_pck,
         if (msg_end > pck_end)
             throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete message data.");
 
-        if (hdr->version == m_tls_version) {
+        if (hdr->version >= tls_version_1_0) {
             // Process TLS 1.0 message.
             switch (hdr->type) {
             case tls_message_type_change_cipher_spec:
@@ -980,8 +980,9 @@ void eap::method_tls::process_handshake(_In_bytecount_(msg_size) const void *_ms
                 // TLS version
                 if (rec + 2 > rec_end)
                     throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Server SSL/TLS version missing or incomplete.");
-                else if (rec[0] != m_tls_version.major || rec[1] != m_tls_version.minor)
+                else if (*(tls_version*)rec < tls_version_1_0 || m_tls_version < *(tls_version*)rec)
                     throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Unsupported SSL/TLS version.");
+                m_tls_version = *(tls_version*)rec;
                 m_state.m_alg_prf = CALG_TLS1PRF;
                 rec += 2;
 
@@ -1013,7 +1014,12 @@ void eap::method_tls::process_handshake(_In_bytecount_(msg_size) const void *_ms
                 } else
                     throw win_runtime_error(ERROR_NOT_SUPPORTED, string_printf(__FUNCTION__ " Other than requested cipher selected (received 0x%02x%02x).", rec[0], rec[1]));
 
-                m_module.log_event(&EAPMETHOD_TLS_SERVER_HELLO, event_data((unsigned int)eap_type_tls), event_data((unsigned int)m_session_id.size()), event_data(m_session_id.data(), (ULONG)m_session_id.size()), event_data::blank);
+                m_module.log_event(&EAPMETHOD_TLS_SERVER_HELLO1,
+                    event_data((unsigned int)eap_type_tls),
+                    event_data(((unsigned int)m_tls_version.major << 8) | (unsigned int)m_tls_version.minor),
+                    event_data((unsigned int)m_session_id.size()),
+                    event_data(m_session_id.data(), (ULONG)m_session_id.size()),
+                    event_data::blank);
                 break;
 
             case tls_handshake_type_certificate: {
@@ -1241,10 +1247,11 @@ void eap::method_tls::encrypt_message(_In_ tls_message_type_t type, _Inout_ sani
         // Block cypher
 
         if (m_tls_version >= tls_version_1_1) {
-            // TLS 1.1+: Prepend random IV.
-            data.insert(data.begin(), m_state.m_size_enc_block, 0);
-            CryptGenRandom(m_cp, (DWORD)m_state.m_size_enc_block, data.data());
-            size_data_enc += m_state.m_size_enc_block;
+            // TLS 1.1+: Set random IV.
+            data.insert(data.begin(), m_state.m_size_enc_iv, 0);
+            if (!CryptGenRandom(m_cp, (DWORD)m_state.m_size_enc_iv, data.data()))
+                throw win_runtime_error(__FUNCTION__ " Error generating IV.");
+            size_data_enc += m_state.m_size_enc_iv;
         }
 
         // Calculate padding.
@@ -1299,8 +1306,8 @@ void eap::method_tls::decrypt_message(_In_ tls_message_type_t type, _Inout_ sani
 
             if (m_tls_version >= tls_version_1_1) {
                 // TLS 1.1+: Remove random IV.
-                data.erase(data.begin(), data.begin() + m_state.m_size_enc_block);
-                size_data -= m_state.m_size_enc_block;
+                data.erase(data.begin(), data.begin() + m_state.m_size_enc_iv);
+                size_data -= m_state.m_size_enc_iv;
             }
         }
 
diff --git a/lib/TLS/src/TLS.cpp b/lib/TLS/src/TLS.cpp
index 72db63c..813ccc9 100644
--- a/lib/TLS/src/TLS.cpp
+++ b/lib/TLS/src/TLS.cpp
@@ -88,10 +88,10 @@ eap::tls_master_secret::tls_master_secret()
 }
 
 
-eap::tls_master_secret::tls_master_secret(_In_ HCRYPTPROV cp)
+eap::tls_master_secret::tls_master_secret(_In_ HCRYPTPROV cp, _In_ tls_version ver)
 {
-    data[0] = 3;
-    data[1] = 1;
+    data[0] = ver.major;
+    data[1] = ver.minor;
 
     if (!CryptGenRandom(cp, sizeof(data) - 2, data + 2))
         throw win_runtime_error(__FUNCTION__ " Error creating PMS randomness.");