From df1d431bd05494c48cb1a85c0438198ed9388ae7 Mon Sep 17 00:00:00 2001 From: Simon Rozman Date: Wed, 17 Aug 2016 11:50:34 +0200 Subject: [PATCH] - TLS revised (again) - TLS Session resumption issues resolved - Credential prompt has "Remember" checkbox initially selected when credentials originate from Windows Credential Manager - Last authentication attempt failure notice is more general and no longer insinuate user credentials are the likely cause of the failure - Additional log messages added --- lib/EAPBase/include/Config.h | 2 +- lib/EAPBase/include/Credentials.h | 32 ++-- lib/EAPBase/src/Config.cpp | 16 +- lib/EAPBase/src/Credentials.cpp | 13 -- lib/EAPBase_UI/include/EAP_UI.h | 5 + lib/EAPBase_UI/src/EAP_UI.cpp | 2 +- lib/Events/res/EventsETW.man | Bin 51280 -> 55626 bytes lib/PAP/include/Credentials.h | 2 +- lib/PAP/src/Credentials.cpp | 10 +- lib/TLS/include/Credentials.h | 2 +- lib/TLS/include/Method.h | 21 ++- lib/TLS/src/Credentials.cpp | 10 +- lib/TLS/src/Method.cpp | 282 +++++++++++++++++------------- lib/TTLS/include/Credentials.h | 3 +- lib/TTLS/src/Credentials.cpp | 11 +- lib/TTLS/src/Method.cpp | 54 +++--- lib/TTLS/src/Module.cpp | 11 +- lib/TTLS_UI/src/Module.cpp | 15 +- lib/TTLS_UI/src/TTLS_UI.cpp | 4 +- 19 files changed, 277 insertions(+), 218 deletions(-) diff --git a/lib/EAPBase/include/Config.h b/lib/EAPBase/include/Config.h index 2093c23..8e44fbd 100644 --- a/lib/EAPBase/include/Config.h +++ b/lib/EAPBase/include/Config.h @@ -342,7 +342,7 @@ namespace eap bool m_allow_save; ///< Are credentials allowed to be saved to Windows Credential Manager? bool m_use_preshared; ///< Use pre-shared credentials std::unique_ptr m_preshared; ///< Pre-shared credentials - bool m_cred_failed; ///< Did credential fail last time? + bool m_auth_failed; ///< Did credential fail last time? }; diff --git a/lib/EAPBase/include/Credentials.h b/lib/EAPBase/include/Credentials.h index c562279..2dc8428 100644 --- a/lib/EAPBase/include/Credentials.h +++ b/lib/EAPBase/include/Credentials.h @@ -54,6 +54,18 @@ namespace eap { class credentials : public config { + public: + /// + /// Credential source when combined + /// + enum source_t { + source_unknown = -1, ///< Unknown source + source_cache = 0, ///< Credentials were obtained from EAPHost cache + source_preshared, ///< Credentials were set by method configuration + source_storage ///< Credentials were loaded from Windows Credential Manager + }; + + public: /// /// Constructs credentials @@ -158,26 +170,6 @@ namespace eap /// Returns credential name (for GUI display). /// virtual winstd::tstring get_name() const; - - /// - /// Combine credentials in the following order: - /// - /// 1. Cached credentials - /// 2. Pre-configured credentials - /// 3. Stored credentials - /// - /// \param[in] cred_cached Cached credentials (optional, can be \c NULL) - /// \param[in] cfg Method configuration - /// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL) - /// - /// \returns - /// - \c true if credentials were set; - /// - \c false otherwise - /// - virtual bool combine( - _In_ const credentials *cred_cached, - _In_ config_method_with_cred &cfg, - _In_opt_z_ LPCTSTR pszTargetName); }; diff --git a/lib/EAPBase/src/Config.cpp b/lib/EAPBase/src/Config.cpp index a7b2237..6a0acf3 100644 --- a/lib/EAPBase/src/Config.cpp +++ b/lib/EAPBase/src/Config.cpp @@ -139,7 +139,7 @@ eap::config_method& eap::config_method::operator=(_Inout_ config_method &&other) eap::config_method_with_cred::config_method_with_cred(_In_ module &mod) : m_allow_save(true), m_use_preshared(false), - m_cred_failed(false), + m_auth_failed(false), config_method(mod) { } @@ -149,7 +149,7 @@ eap::config_method_with_cred::config_method_with_cred(_In_ const config_method_w m_allow_save(other.m_allow_save), m_use_preshared(other.m_use_preshared), m_preshared(other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr), - m_cred_failed(other.m_cred_failed), + m_auth_failed(other.m_auth_failed), config_method(other) { } @@ -159,7 +159,7 @@ eap::config_method_with_cred::config_method_with_cred(_Inout_ config_method_with m_allow_save(std::move(other.m_allow_save)), m_use_preshared(std::move(other.m_use_preshared)), m_preshared(std::move(other.m_preshared)), - m_cred_failed(std::move(other.m_cred_failed)), + m_auth_failed(std::move(other.m_auth_failed)), config_method(std::move(other)) { } @@ -172,7 +172,7 @@ eap::config_method_with_cred& eap::config_method_with_cred::operator=(_In_ const m_allow_save = other.m_allow_save; m_use_preshared = other.m_use_preshared; m_preshared.reset(other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr); - m_cred_failed = other.m_cred_failed; + m_auth_failed = other.m_auth_failed; } return *this; @@ -186,7 +186,7 @@ eap::config_method_with_cred& eap::config_method_with_cred::operator=(_Inout_ co m_allow_save = std::move(other.m_allow_save ); m_use_preshared = std::move(other.m_use_preshared); m_preshared = std::move(other.m_preshared ); - m_cred_failed = std::move(other.m_cred_failed ); + m_auth_failed = std::move(other.m_auth_failed ); } return *this; @@ -248,7 +248,7 @@ void eap::config_method_with_cred::operator<<(_Inout_ cursor_out &cursor) const cursor << m_allow_save; cursor << m_use_preshared; cursor << *m_preshared; - cursor << m_cred_failed; + cursor << m_auth_failed; } @@ -259,7 +259,7 @@ size_t eap::config_method_with_cred::get_pk_size() const pksizeof(m_allow_save ) + pksizeof(m_use_preshared) + pksizeof(*m_preshared ) + - pksizeof(m_cred_failed ); + pksizeof(m_auth_failed ); } @@ -269,7 +269,7 @@ void eap::config_method_with_cred::operator>>(_Inout_ cursor_in &cursor) cursor >> m_allow_save; cursor >> m_use_preshared; cursor >> *m_preshared; - cursor >> m_cred_failed; + cursor >> m_auth_failed; } diff --git a/lib/EAPBase/src/Credentials.cpp b/lib/EAPBase/src/Credentials.cpp index 7d25795..16cc690 100644 --- a/lib/EAPBase/src/Credentials.cpp +++ b/lib/EAPBase/src/Credentials.cpp @@ -83,19 +83,6 @@ tstring eap::credentials::get_name() const } -bool eap::credentials::combine( - _In_ const credentials *cred_cached, - _In_ config_method_with_cred &cfg, - _In_opt_z_ LPCTSTR pszTargetName) -{ - UNREFERENCED_PARAMETER(cred_cached); - UNREFERENCED_PARAMETER(cfg); - UNREFERENCED_PARAMETER(pszTargetName); - - // When there's nothing to combine... - return true; -} - ////////////////////////////////////////////////////////////////////// // eap::credentials_pass ////////////////////////////////////////////////////////////////////// diff --git a/lib/EAPBase_UI/include/EAP_UI.h b/lib/EAPBase_UI/include/EAP_UI.h index 6abf1ed..809aa48 100644 --- a/lib/EAPBase_UI/include/EAP_UI.h +++ b/lib/EAPBase_UI/include/EAP_UI.h @@ -486,6 +486,11 @@ public: this->Disconnect(wxEVT_UPDATE_UI, wxUpdateUIEventHandler(_Tthis::OnUpdateUI)); } + inline void SetRememberValue(bool val) + { + return m_remember->SetValue(val); + } + inline bool GetRememberValue() const { return m_remember->GetValue(); diff --git a/lib/EAPBase_UI/src/EAP_UI.cpp b/lib/EAPBase_UI/src/EAP_UI.cpp index dd328bb..6598b51 100644 --- a/lib/EAPBase_UI/src/EAP_UI.cpp +++ b/lib/EAPBase_UI/src/EAP_UI.cpp @@ -182,7 +182,7 @@ wxEAPCredentialWarningPanel::wxEAPCredentialWarningPanel(const eap::config_provi if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE)) wxSetIconFromResource(m_note_icon, m_icon, m_shell32, MAKEINTRESOURCE(161)); - m_note_label->SetLabel(_("Previous attempt to connect using provided credentials failed. Please, make sure your credentials are correct, or try again later.")); + m_note_label->SetLabel(_("Previous attempt to connect failed. Please, make sure your credentials are correct, or try again later.")); m_note_label->Wrap(449); CreateContactFields(prov); diff --git a/lib/Events/res/EventsETW.man b/lib/Events/res/EventsETW.man index 190d38fee522eb3f032d25934716f62b85417ae7..955ffc3a5c4482cc04f5e221006cb6ea95541937 100644 GIT binary patch delta 1186 zcmcgr-%C?r7=Fhre~hKuoZA}aF)9dRWYd1Y1`|=yZ2p*|=w@3s*C02yv#DjYb{hzb z_o6O#kxA zxN>9AK1m}Kq9ID*iBp#P@Wwe-@8YQM2?u(fD$zktmpw%Na1)NB6r>2=e!9wEr)>r= z7c(w?5D)TjBE`}|Q?pDmB`FQSARy;?Yc7mau*rLxA2HU<0u_~3W(Y;g}OnI8ZBS2)(7;hY)UPu_BFcaHU?|jah1L_;YMrpt<&< zg-FL2`FoK6d%He91j!ojOgd!Wi=)?YUSKrqFgRjy^QV%NU(Z;TZ-rrt;eyifXy-JS zw(DvdR4m(BT0hk(Q;uTje-0J9NfP#wIu-L+Wl=>oKl8Hmq3ysH6@U`hIDR=+(`Cu{iRWfKX&rjmxuYq z(lN7usT2+Z_|JB)X#gUUbXySMLfOHR<{h7|-U+cDq#lD`95#{q49;Q|lx9`pbLvdz zVU^&QrUX_YXbSr*5QKeN-Ak~Ej6$Y|f397!>6#;cGVa)DN4cEt6k?Mov%ot^=kOIL z^=ITCt1kYvcJUtrQY_nm)Y_=UJzwgqsfFLIXR*IFqIo)u|5hPCx4diRdz&6*W%FU3 J5_sQo=r2UEGjad` delta 89 zcmX@LiTT0=<_$^ilOI^IOmg6vJZ~1q=0_ePhLhdu#5TXEVPl`XCq!cMix~o&mAZWd t84Wk*&$+2N`9ZDN<`2iCm?sNd6q(#~UT?C{6rs&~&eySk8E#itSOM6=CUF1& diff --git a/lib/PAP/include/Credentials.h b/lib/PAP/include/Credentials.h index 2fc59d6..1c73db3 100644 --- a/lib/PAP/include/Credentials.h +++ b/lib/PAP/include/Credentials.h @@ -113,7 +113,7 @@ namespace eap /// - \c true if credentials were set; /// - \c false otherwise /// - bool combine( + source_t combine( _In_ const credentials_pap *cred_cached, _In_ const config_method_pap &cfg, _In_opt_z_ LPCTSTR pszTargetName); diff --git a/lib/PAP/src/Credentials.cpp b/lib/PAP/src/Credentials.cpp index 2135ba8..9c6382f 100644 --- a/lib/PAP/src/Credentials.cpp +++ b/lib/PAP/src/Credentials.cpp @@ -75,7 +75,7 @@ LPCTSTR eap::credentials_pap::target_suffix() const } -bool eap::credentials_pap::combine( +eap::credentials::source_t eap::credentials_pap::combine( _In_ const credentials_pap *cred_cached, _In_ const config_method_pap &cfg, _In_opt_z_ LPCTSTR pszTargetName) @@ -84,14 +84,14 @@ bool eap::credentials_pap::combine( // Using EAP service cached credentials. *this = *cred_cached; m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank); - return true; + return source_cache; } if (cfg.m_use_preshared) { // Using preshared credentials. *this = *(credentials_pap*)cfg.m_preshared.get(); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank); - return true; + return source_preshared; } if (pszTargetName) { @@ -102,11 +102,11 @@ bool eap::credentials_pap::combine( // Using stored credentials. *this = std::move(cred_loaded); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank); - return true; + return source_storage; } catch (...) { // Not actually an error. } } - return false; + return source_unknown; } diff --git a/lib/TLS/include/Credentials.h b/lib/TLS/include/Credentials.h index ae64473..7a0a485 100644 --- a/lib/TLS/include/Credentials.h +++ b/lib/TLS/include/Credentials.h @@ -200,7 +200,7 @@ namespace eap /// - \c true if credentials were set; /// - \c false otherwise /// - bool combine( + source_t combine( _In_ const credentials_tls *cred_cached, _In_ const config_method_tls &cfg, _In_opt_z_ LPCTSTR pszTargetName); diff --git a/lib/TLS/include/Method.h b/lib/TLS/include/Method.h index 02b00ba..819d240 100644 --- a/lib/TLS/include/Method.h +++ b/lib/TLS/include/Method.h @@ -467,6 +467,7 @@ namespace eap /// /// \sa [How to export and import plain text session keys by using CryptoAPI](https://support.microsoft.com/en-us/kb/228786) /// + /// \param[in] cp Handle of the cryptographics provider /// \param[in] alg Key algorithm /// \param[in] key Key that decrypts \p secret /// \param[in] secret Key data @@ -475,10 +476,11 @@ namespace eap /// \returns Key /// HCRYPTKEY create_key( - _In_ ALG_ID alg, - _In_ HCRYPTKEY key, - _In_bytecount_(size_secret) const void *secret, - _In_ size_t size_secret); + _In_ HCRYPTPROV cp, + _In_ ALG_ID alg, + _In_ HCRYPTKEY key, + _In_bytecount_(size_secret) const void *secret, + _In_ size_t size_secret); protected: credentials_tls &m_cred; ///< EAP-TLS user credentials @@ -487,7 +489,8 @@ namespace eap packet m_packet_res; ///< Response packet winstd::crypt_prov m_cp; ///< Cryptography provider for general services - winstd::crypt_prov m_cp_enc; ///< Cryptography provider for encryption + winstd::crypt_prov m_cp_enc_client; ///< Cryptography provider for encryption + winstd::crypt_prov m_cp_enc_server; ///< Cryptography provider for encryption winstd::crypt_key m_key_exp1; ///< Key for importing derived keys tls_version m_tls_version; ///< TLS version in use @@ -515,6 +518,14 @@ namespace eap bool m_handshake[tls_handshake_type_max]; ///< Handshake flags (map od handshake messages received) + enum { + phase_unknown = -1, ///< Unknown phase + phase_client_hello = 0, ///< Send client hello + phase_server_hello, ///< Wait for server hello + phase_change_cipher_spec, ///< Wait for change cipher spec + phase_application_data ///< Exchange application data + } m_phase; ///< What phase is our communication at? + unsigned __int64 m_seq_num_client; ///< Sequence number for encrypting unsigned __int64 m_seq_num_server; ///< Sequence number for decrypting diff --git a/lib/TLS/src/Credentials.cpp b/lib/TLS/src/Credentials.cpp index 482ef22..691df9c 100644 --- a/lib/TLS/src/Credentials.cpp +++ b/lib/TLS/src/Credentials.cpp @@ -254,7 +254,7 @@ tstring eap::credentials_tls::get_name() const } -bool eap::credentials_tls::combine( +eap::credentials::source_t eap::credentials_tls::combine( _In_ const credentials_tls *cred_cached, _In_ const config_method_tls &cfg, _In_opt_z_ LPCTSTR pszTargetName) @@ -263,14 +263,14 @@ bool eap::credentials_tls::combine( // Using EAP service cached credentials. *this = *cred_cached; m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank); - return true; + return source_cache; } if (cfg.m_use_preshared) { // Using preshared credentials. *this = *(credentials_tls*)cfg.m_preshared.get(); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank); - return true; + return source_preshared; } if (pszTargetName) { @@ -281,13 +281,13 @@ bool eap::credentials_tls::combine( // Using stored credentials. *this = std::move(cred_loaded); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank); - return true; + return source_storage; } catch (...) { // Not actually an error. } } - return false; + return source_unknown; } diff --git a/lib/TLS/src/Method.cpp b/lib/TLS/src/Method.cpp index 7074ca2..4addcf9 100644 --- a/lib/TLS/src/Method.cpp +++ b/lib/TLS/src/Method.cpp @@ -95,6 +95,7 @@ void eap::method_tls::packet::clear() eap::method_tls::method_tls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_tls &cred) : m_cred(cred), + m_phase(phase_unknown), m_seq_num_client(0), m_seq_num_server(0), m_blob_cfg(NULL), @@ -113,7 +114,8 @@ eap::method_tls::method_tls(_Inout_ method_tls &&other) : m_packet_req (std::move(other.m_packet_req )), m_packet_res (std::move(other.m_packet_res )), m_cp (std::move(other.m_cp )), - m_cp_enc (std::move(other.m_cp_enc )), + m_cp_enc_client (std::move(other.m_cp_enc_client )), + m_cp_enc_server (std::move(other.m_cp_enc_server )), m_key_exp1 (std::move(other.m_key_exp1 )), m_tls_version (std::move(other.m_tls_version )), m_alg_prf (std::move(other.m_alg_prf )), @@ -131,6 +133,7 @@ eap::method_tls::method_tls(_Inout_ method_tls &&other) : m_hash_handshake_msgs_md5 (std::move(other.m_hash_handshake_msgs_md5 )), m_hash_handshake_msgs_sha1 (std::move(other.m_hash_handshake_msgs_sha1 )), m_hash_handshake_msgs_sha256(std::move(other.m_hash_handshake_msgs_sha256)), + m_phase (std::move(other.m_phase )), m_seq_num_client (std::move(other.m_seq_num_client )), m_seq_num_server (std::move(other.m_seq_num_server )), method (std::move(other )) @@ -162,7 +165,8 @@ eap::method_tls& eap::method_tls::operator=(_Inout_ method_tls &&other) m_packet_req = std::move(other.m_packet_req ); m_packet_res = std::move(other.m_packet_res ); m_cp = std::move(other.m_cp ); - m_cp_enc = std::move(other.m_cp_enc ); + m_cp_enc_client = std::move(other.m_cp_enc_client ); + m_cp_enc_server = std::move(other.m_cp_enc_server ); m_key_exp1 = std::move(other.m_key_exp1 ); m_tls_version = std::move(other.m_tls_version ); m_alg_prf = std::move(other.m_alg_prf ); @@ -180,6 +184,7 @@ eap::method_tls& eap::method_tls::operator=(_Inout_ method_tls &&other) m_hash_handshake_msgs_md5 = std::move(other.m_hash_handshake_msgs_md5 ); m_hash_handshake_msgs_sha1 = std::move(other.m_hash_handshake_msgs_sha1 ); m_hash_handshake_msgs_sha256 = std::move(other.m_hash_handshake_msgs_sha256); + m_phase = std::move(other.m_phase ); m_seq_num_client = std::move(other.m_seq_num_client ); m_seq_num_server = std::move(other.m_seq_num_server ); @@ -201,7 +206,7 @@ void eap::method_tls::begin_session( { method::begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize); - // Create cryptographics provider. + // Create cryptographics provider for support needs (handshake hashing, client random, temporary keys...). if (!m_cp.create(NULL, NULL, PROV_RSA_AES)) throw win_runtime_error(__FUNCTION__ " Error creating cryptographics provider."); @@ -217,9 +222,9 @@ void eap::method_tls::begin_session( const config_method_tls *cfg_method = dynamic_cast(cfg_prov.m_methods.front().get()); assert(cfg_method); - //// Restore previous session ID and master secret. We might get lucky. - //m_session_id = cfg_method->m_session_id; - //m_master_secret = cfg_method->m_master_secret; + // Restore previous session ID and master secret. We might get lucky. + m_session_id = cfg_method->m_session_id; + m_master_secret = cfg_method->m_master_secret; } @@ -314,6 +319,17 @@ void eap::method_tls::process_request_packet( if (pReceivedPacket->Code == EapCodeRequest && (m_packet_req.m_flags & flags_req_start)) { // This is the EAP-TLS start message: (re)initialize method. m_module.log_event(&EAPMETHOD_TLS_HANDSHAKE_START2, event_data((unsigned int)eap_type_tls), event_data::blank); + m_phase = phase_client_hello; + } else { + // Process the packet. + memset(m_handshake, 0, sizeof(m_handshake)); + m_packet_res.m_data.clear(); + process_packet(m_packet_req.m_data.data(), m_packet_req.m_data.size()); + } + + switch (m_phase) { + case phase_client_hello: { + m_tls_version = tls_version_1_2; m_key_mppe_client.clear(); m_key_mppe_server.clear(); @@ -328,109 +344,122 @@ void eap::method_tls::process_request_packet( if (!m_hash_handshake_msgs_sha256.create(m_cp, CALG_SHA_256)) throw win_runtime_error(__FUNCTION__ " Error creating SHA-256 hashing object."); - memset(m_handshake, 0, sizeof(m_handshake)); - m_seq_num_client = 0; m_seq_num_server = 0; // Build client hello packet. sanitizing_blob msg_client_hello(make_message(tls_message_type_handshake, make_client_hello())); - m_packet_res.m_data.assign(msg_client_hello.begin(), msg_client_hello.end()); - } else { - // Process the packet. - m_packet_res.m_data.clear(); - process_packet(m_packet_req.m_data.data(), m_packet_req.m_data.size()); + m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_client_hello.begin(), msg_client_hello.end()); - if (m_handshake[tls_handshake_type_finished]) { - // Server finished. - } else if (m_state_server.m_alg_encrypt) { - // Cipher specified (server). - } else if (m_handshake[tls_handshake_type_server_hello_done]) { - // Server hello specified. + m_phase = phase_server_hello; + break; + } - // Create cryptographics provider (based on server selected cipher?). - if (!m_cp_enc.create(NULL, NULL, PROV_RSA_AES)) - throw win_runtime_error(__FUNCTION__ " Error creating cryptographics provider."); + case phase_server_hello: { + if (!m_handshake[tls_handshake_type_server_hello]) + throw win_runtime_error(__FUNCTION__ " Server did not hello back. No server random! What cipher to use?"); + // Create cryptographics provider (based on server selected cipher?). + if (!m_cp_enc_client.create(NULL, NULL, PROV_RSA_AES)) + throw win_runtime_error(__FUNCTION__ " Error creating cryptographics provider."); + + if (m_handshake[tls_handshake_type_certificate]) { // Do we trust this server? if (m_server_cert_chain.empty()) - throw win_runtime_error(ERROR_ENCRYPTION_FAILED, __FUNCTION__ " Can not continue without server's certificate."); + throw win_runtime_error(ERROR_ENCRYPTION_FAILED, __FUNCTION__ " Server sent an empty certificate (chain)."); verify_server_trust(); - - if (m_handshake[tls_handshake_type_certificate_request]) { - // Client certificate requested. - sanitizing_blob msg_client_cert(make_message(tls_message_type_handshake, make_client_cert())); - m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_client_cert.begin(), msg_client_cert.end()); - } - - { - // Generate pre-master secret. PMS will get sanitized in its destructor when going out-of-scope. - tls_master_secret pms(m_cp_enc, m_tls_version); - - // Derive master secret. - static const unsigned char s_label[] = "master secret"; - sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1); - seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1)); - seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1)); - memcpy(&m_master_secret, prf(m_cp_enc, m_alg_prf, pms, seed, sizeof(tls_master_secret)).data(), sizeof(tls_master_secret)); - - // Create client key exchange message, and append to packet. - sanitizing_blob msg_client_key_exchange(make_message(tls_message_type_handshake, make_client_key_exchange(pms))); - m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_client_key_exchange.begin(), msg_client_key_exchange.end()); - } - - if (m_handshake[tls_handshake_type_certificate_request]) { - // TODO: Create and append certificate_verify message! - } - - // Append change cipher spec to packet. - sanitizing_blob ccs(make_message(tls_message_type_change_cipher_spec, sanitizing_blob(1, 1))); - m_packet_res.m_data.insert(m_packet_res.m_data.end(), ccs.begin(), ccs.end()); - - { - // Adopt server provided pending state as client pending. - m_state_client_pending = m_state_server_pending; - - // Derive client side keys - static const unsigned char s_label[] = "key expansion"; - sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1); - seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1)); - seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1)); - sanitizing_blob key_block(prf(m_cp_enc, m_alg_prf, m_master_secret, seed, - 2*m_state_client_pending.m_size_mac_key + // client_write_MAC_secret & server_write_MAC_secret (SHA1) - 2*m_state_client_pending.m_size_enc_key + // client_write_key & server_write_key - 2*m_state_client_pending.m_size_enc_iv )); // client_write_IV & server_write_IV - const unsigned char *_key_block = key_block.data(); - - // client_write_MAC_secret - m_state_client_pending.m_padding_hmac = hmac_padding(m_cp_enc, m_state_client_pending.m_alg_mac, _key_block, m_state_client_pending.m_size_mac_key); - _key_block += m_state_client_pending.m_size_mac_key; - - // server_write_MAC_secret - _key_block += m_state_client_pending.m_size_mac_key; - - // client_write_key - m_state_client_pending.m_key = create_key(m_state_client_pending.m_alg_encrypt, m_key_exp1, _key_block, m_state_client_pending.m_size_enc_key); - _key_block += m_state_client_pending.m_size_enc_key; - - // server_write_key - _key_block += m_state_client_pending.m_size_enc_key; - - if (m_state_client_pending.m_size_enc_iv && m_tls_version < tls_version_1_1) { - // client_write_IV - if (!CryptSetKeyParam(m_state_client_pending.m_key, KP_IV, _key_block, 0)) - throw win_runtime_error(__FUNCTION__ " Error setting client_write_IV."); - _key_block += m_state_client_pending.m_size_enc_iv; - } - - // Accept client pending state as current client state. - m_state_client = std::move(m_state_client_pending); - } - - // Create finished message, and append to packet. - sanitizing_blob msg_finished(make_message(tls_message_type_handshake, make_finished())); - m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_finished.begin(), msg_finished.end()); } + + if (m_handshake[tls_handshake_type_certificate_request]) { + // Client certificate requested. + sanitizing_blob msg_client_cert(make_message(tls_message_type_handshake, make_client_cert())); + m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_client_cert.begin(), msg_client_cert.end()); + } + + if (m_handshake[tls_handshake_type_server_hello_done]) { + if (m_server_cert_chain.empty()) + throw win_runtime_error(ERROR_ENCRYPTION_FAILED, __FUNCTION__ " Can not do a client key exchange without a server public key (missing server certificate)."); + + // Generate pre-master secret. PMS will get sanitized in its destructor when going out-of-scope. + // Always use latest supported version by client (not negotiated one, to detect version rollback attacks). + tls_master_secret pms(m_cp_enc_client, tls_version_1_2); + + // Derive master secret. + static const unsigned char s_label[] = "master secret"; + sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1); + seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1)); + seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1)); + memcpy(&m_master_secret, prf(m_cp_enc_client, m_alg_prf, pms, seed, sizeof(tls_master_secret)).data(), sizeof(tls_master_secret)); + + // Create client key exchange message, and append to packet. + sanitizing_blob msg_client_key_exchange(make_message(tls_message_type_handshake, make_client_key_exchange(pms))); + m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_client_key_exchange.begin(), msg_client_key_exchange.end()); + } + + if (m_handshake[tls_handshake_type_certificate_request]) { + // TODO: Create and append client certificate verify message! + } + + // Append change cipher spec to packet. + sanitizing_blob ccs(make_message(tls_message_type_change_cipher_spec, sanitizing_blob(1, 1))); + m_packet_res.m_data.insert(m_packet_res.m_data.end(), ccs.begin(), ccs.end()); + + // Adopt server state as client pending. + // If server already send the change cipher spec, use active server state. Otherwise pending. + m_state_client_pending = m_state_server.m_alg_encrypt ? m_state_server : m_state_server_pending; + + // Derive client side keys. + static const unsigned char s_label[] = "key expansion"; + sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1); + seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1)); + seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1)); + sanitizing_blob key_block(prf(m_cp_enc_client, m_alg_prf, m_master_secret, seed, + 2*m_state_client_pending.m_size_mac_key + // client_write_MAC_secret & server_write_MAC_secret (SHA1) + 2*m_state_client_pending.m_size_enc_key + // client_write_key & server_write_key + 2*m_state_client_pending.m_size_enc_iv )); // client_write_IV & server_write_IV + const unsigned char *_key_block = key_block.data(); + + // client_write_MAC_secret + m_state_client_pending.m_padding_hmac = hmac_padding(m_cp_enc_client, m_state_client_pending.m_alg_mac, _key_block, m_state_client_pending.m_size_mac_key); + _key_block += m_state_client_pending.m_size_mac_key; + + // server_write_MAC_secret + _key_block += m_state_client_pending.m_size_mac_key; + + // client_write_key + m_state_client_pending.m_key = create_key(m_cp_enc_client, m_state_client_pending.m_alg_encrypt, m_key_exp1, _key_block, m_state_client_pending.m_size_enc_key); + _key_block += m_state_client_pending.m_size_enc_key; + + // server_write_key + _key_block += m_state_client_pending.m_size_enc_key; + + if (m_state_client_pending.m_size_enc_iv && m_tls_version < tls_version_1_1) { + // client_write_IV + if (!CryptSetKeyParam(m_state_client_pending.m_key, KP_IV, _key_block, 0)) + throw win_runtime_error(__FUNCTION__ " Error setting client_write_IV."); + _key_block += m_state_client_pending.m_size_enc_iv; + } + + // Accept client pending state as current client state. + m_state_client = std::move(m_state_client_pending); + + // Create finished message, and append to packet. + sanitizing_blob msg_finished(make_message(tls_message_type_handshake, make_finished())); + m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_finished.begin(), msg_finished.end()); + + m_phase = m_handshake[tls_handshake_type_finished] ? phase_application_data : phase_change_cipher_spec; + break; + } + + case phase_change_cipher_spec: + // Wait in this phase until server sends change cipher spec and finish. + if (m_state_server.m_alg_encrypt && m_handshake[tls_handshake_type_finished]) + m_phase = phase_application_data; + break; + + case phase_application_data: + if (m_handshake[tls_handshake_type_hello_request]) + m_phase = phase_client_hello; } // EAP-Request packet was processed. Clear its data since we use the absence of data to detect first of fragmented message packages. @@ -512,6 +541,8 @@ void eap::method_tls::get_result( if (!m_handshake[tls_handshake_type_finished]) throw invalid_argument(__FUNCTION__ " Premature success."); + m_module.log_event(&EAPMETHOD_TLS_SUCCESS, event_data((unsigned int)eap_type_tls), event_data::blank); + // Derive MSK/EMSK for line encryption. derive_msk(); @@ -530,7 +561,7 @@ void eap::method_tls::get_result( ppResult->pAttribArray = &m_eap_attr_desc; // Clear credentials as failed. - cfg_method->m_cred_failed = false; + cfg_method->m_auth_failed = false; ppResult->fIsSuccess = TRUE; ppResult->dwFailureReasonCode = ERROR_SUCCESS; @@ -543,15 +574,19 @@ void eap::method_tls::get_result( } case EapPeerMethodResultFailure: + m_module.log_event(&EAPMETHOD_TLS_FAILURE, event_data((unsigned int)eap_type_tls), event_data::blank); + // Clear session resumption data. cfg_method->m_session_id.clear(); cfg_method->m_master_secret.clear(); // Mark credentials as failed, so GUI can re-prompt user. - cfg_method->m_cred_failed = true; + cfg_method->m_auth_failed = true; - ppResult->fIsSuccess = FALSE; - ppResult->dwFailureReasonCode = EAP_E_AUTHENTICATION_FAILED; + // Do not report failure to EAPHost, as it will not save updated configuration then. But we need it to save it, to alert user on next connection attempt. + // EAPHost is well aware of the failed condition. + //ppResult->fIsSuccess = FALSE; + //ppResult->dwFailureReasonCode = EAP_E_AUTHENTICATION_FAILED; break; @@ -674,7 +709,7 @@ eap::sanitizing_blob eap::method_tls::make_client_key_exchange(_In_ const tls_ma // Encrypt pre-master key with server public key first. sanitizing_blob pms_enc((const unsigned char*)&pms, (const unsigned char*)(&pms + 1)); crypt_key key; - if (!key.import_public(m_cp_enc, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(m_server_cert_chain.front()->pCertInfo->SubjectPublicKeyInfo))) + if (!key.import_public(m_cp_enc_client, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(m_server_cert_chain.front()->pCertInfo->SubjectPublicKeyInfo))) throw win_runtime_error(__FUNCTION__ " Error importing server's public key."); if (!CryptEncrypt(key, NULL, TRUE, 0, pms_enc)) throw win_runtime_error(__FUNCTION__ " Error encrypting PMS."); @@ -737,7 +772,7 @@ eap::sanitizing_blob eap::method_tls::make_finished() const throw win_runtime_error(__FUNCTION__ " Error finishing SHA-256 hash calculation."); seed.insert(seed.end(), hash_data.begin(), hash_data.end()); } - sanitizing_blob verify(prf(m_cp_enc, m_alg_prf, m_master_secret, seed, 12)); + sanitizing_blob verify(prf(m_cp_enc_client, m_alg_prf, m_master_secret, seed, 12)); msg.insert(msg.end(), verify.begin(), verify.end()); return msg; @@ -781,7 +816,7 @@ void eap::method_tls::derive_msk() sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1); seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1)); seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1)); - sanitizing_blob key_block(prf(m_cp_enc, m_alg_prf, m_master_secret, seed, 2*sizeof(tls_random))); + sanitizing_blob key_block(prf(m_cp_enc_client, m_alg_prf, m_master_secret, seed, 2*sizeof(tls_random))); const unsigned char *_key_block = key_block.data(); // MS-MPPE-Recv-Key @@ -877,11 +912,15 @@ void eap::method_tls::process_change_cipher_spec(_In_bytecount_(msg_size) const if (!m_state_server_pending.m_alg_encrypt) throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Change cipher spec received without cipher being negotiated first."); + // Create cryptographics provider (based on server selected cipher?). + if (!m_cp_enc_server.create(NULL, NULL, PROV_RSA_AES)) + throw win_runtime_error(__FUNCTION__ " Error creating cryptographics provider."); + static const unsigned char s_label[] = "key expansion"; sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1); seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1)); seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1)); - sanitizing_blob key_block(prf(m_cp_enc, m_alg_prf, m_master_secret, seed, + sanitizing_blob key_block(prf(m_cp_enc_server, m_alg_prf, m_master_secret, seed, 2*m_state_server_pending.m_size_mac_key + // client_write_MAC_secret & server_write_MAC_secret (SHA1) 2*m_state_server_pending.m_size_enc_key + // client_write_key & server_write_key 2*m_state_server_pending.m_size_enc_iv )); // client_write_IV & server_write_IV @@ -891,14 +930,14 @@ void eap::method_tls::process_change_cipher_spec(_In_bytecount_(msg_size) const _key_block += m_state_server_pending.m_size_mac_key; // server_write_MAC_secret - m_state_server_pending.m_padding_hmac = hmac_padding(m_cp_enc, m_state_server_pending.m_alg_mac, _key_block, m_state_server_pending.m_size_mac_key); + m_state_server_pending.m_padding_hmac = hmac_padding(m_cp_enc_server, m_state_server_pending.m_alg_mac, _key_block, m_state_server_pending.m_size_mac_key); _key_block += m_state_server_pending.m_size_mac_key; // client_write_key _key_block += m_state_server_pending.m_size_enc_key; // server_write_key - m_state_server_pending.m_key = create_key(m_state_server_pending.m_alg_encrypt, m_key_exp1, _key_block, m_state_server_pending.m_size_enc_key); + m_state_server_pending.m_key = create_key(m_cp_enc_server, m_state_server_pending.m_alg_encrypt, m_key_exp1, _key_block, m_state_server_pending.m_size_enc_key); _key_block += m_state_server_pending.m_size_enc_key; if (m_state_server_pending.m_size_enc_iv && m_tls_version < tls_version_1_1) { @@ -969,7 +1008,11 @@ void eap::method_tls::process_handshake(_In_bytecount_(msg_size) const void *_ms if (rec + 1 > rec_end || rec + 1 + rec[0] > rec_end) throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Session ID missing or incomplete."); assert(rec[0] <= 32); // According to RFC 5246 session IDs should not be longer than 32B. - m_session_id.assign(rec + 1, rec + 1 + rec[0]); + if (m_session_id.size() != rec[0] || memcmp(m_session_id.data(), rec + 1, rec[0]) != 0) { + m_module.log_event(&EAPMETHOD_TLS_SESSION_NEW, event_data((unsigned int)eap_type_tls), event_data::blank); + m_session_id.assign(rec + 1, rec + 1 + rec[0]); + } else + m_module.log_event(&EAPMETHOD_TLS_SESSION_RESUME, event_data((unsigned int)eap_type_tls), event_data::blank); rec += rec[0] + 1; // Cipher @@ -1075,7 +1118,7 @@ void eap::method_tls::process_handshake(_In_bytecount_(msg_size) const void *_ms seed.insert(seed.end(), hash_data.begin(), hash_data.end()); } - if (memcmp(prf(m_cp_enc, m_alg_prf, m_master_secret, seed, 12).data(), rec, 12)) + if (memcmp(prf(m_cp_enc_server, m_alg_prf, m_master_secret, seed, 12).data(), rec, 12)) throw win_runtime_error(ERROR_ENCRYPTION_FAILED, __FUNCTION__ " Integrity check failed."); m_module.log_event(&EAPMETHOD_TLS_FINISHED, event_data((unsigned int)eap_type_tls), event_data::blank); @@ -1233,7 +1276,7 @@ void eap::method_tls::encrypt_message(_In_ tls_message_type_t type, _Inout_ sani { // Hash sequence number, TLS header, and message. size_t size_data = data.size(); - hmac_hash hash(m_cp_enc, m_state_client.m_alg_mac, m_state_client.m_padding_hmac); + hmac_hash hash(m_cp_enc_client, m_state_client.m_alg_mac, m_state_client.m_padding_hmac); unsigned __int64 seq_num2 = htonll(m_seq_num_client); unsigned short size_data2 = htons((unsigned short)size_data); if (!CryptHashData(hash, (const BYTE*)&seq_num2 , sizeof(seq_num2 ), 0) || @@ -1255,7 +1298,7 @@ void eap::method_tls::encrypt_message(_In_ tls_message_type_t type, _Inout_ sani if (m_tls_version >= tls_version_1_1) { // TLS 1.1+: Set random IV. data.insert(data.begin(), m_state_client.m_size_enc_iv, 0); - if (!CryptGenRandom(m_cp_enc, (DWORD)m_state_client.m_size_enc_iv, data.data())) + if (!CryptGenRandom(m_cp_enc_client, (DWORD)m_state_client.m_size_enc_iv, data.data())) throw win_runtime_error(__FUNCTION__ " Error generating IV."); size_data_enc += m_state_client.m_size_enc_iv; } @@ -1320,7 +1363,7 @@ void eap::method_tls::decrypt_message(_In_ tls_message_type_t type, _Inout_ sani size_data -= m_state_server.m_size_mac_hash; // Hash sequence number, TLS header (without length), original message length, and message. - hmac_hash hash(m_cp_enc, m_state_server.m_alg_mac, m_state_server.m_padding_hmac); + hmac_hash hash(m_cp_enc_server, m_state_server.m_alg_mac, m_state_server.m_padding_hmac); unsigned __int64 seq_num2 = htonll(m_seq_num_server); unsigned short size_data2 = htons((unsigned short)size_data); if (!CryptHashData(hash, (const BYTE*)&seq_num2 , sizeof(seq_num2 ), 0) || @@ -1454,10 +1497,11 @@ eap::sanitizing_blob eap::method_tls::prf( HCRYPTKEY eap::method_tls::create_key( - _In_ ALG_ID alg, - _In_ HCRYPTKEY key, - _In_bytecount_(size_secret) const void *secret, - _In_ size_t size_secret) + _In_ HCRYPTPROV cp, + _In_ ALG_ID alg, + _In_ HCRYPTKEY key, + _In_bytecount_(size_secret) const void *secret, + _In_ size_t size_secret) { #if 1 UNREFERENCED_PARAMETER(key); @@ -1483,7 +1527,7 @@ HCRYPTKEY eap::method_tls::create_key( // Import the key. winstd::crypt_key key_out; - if (!key_out.import(m_cp_enc, key_blob.data(), (DWORD)key_blob.size(), NULL, 0)) + if (!key_out.import(cp, key_blob.data(), (DWORD)key_blob.size(), NULL, 0)) throw winstd::win_runtime_error(__FUNCTION__ " Error importing key."); return key_out.detach(); #else @@ -1529,7 +1573,7 @@ HCRYPTKEY eap::method_tls::create_key( // Is random PS required at all? We are importing a clear-text session key with the exponent-of-one key. How low on security can we get? key_blob.insert(key_blob.end(), size_ps, 0); unsigned char *ps = &*(key_blob.end() - size_ps); - CryptGenRandom(m_cp_enc, (DWORD)size_ps, ps); + CryptGenRandom(cp, (DWORD)size_ps, ps); for (size_t i = 0; i < size_ps; i++) if (ps[i] == 0) ps[i] = 1; #endif @@ -1545,7 +1589,7 @@ HCRYPTKEY eap::method_tls::create_key( // Import the key. winstd::crypt_key key_out; - if (!key_out.import(m_cp_enc, key_blob.data(), (DWORD)key_blob.size(), key, 0)) + if (!key_out.import(cp, key_blob.data(), (DWORD)key_blob.size(), key, 0)) throw winstd::win_runtime_error(__FUNCTION__ " Error importing key."); return key_out.detach(); #endif diff --git a/lib/TTLS/include/Credentials.h b/lib/TTLS/include/Credentials.h index 5e408a3..b3e11dc 100644 --- a/lib/TTLS/include/Credentials.h +++ b/lib/TTLS/include/Credentials.h @@ -32,6 +32,7 @@ namespace eap #include "../../PAP/include/Credentials.h" #include +#include namespace eap @@ -187,7 +188,7 @@ namespace eap /// - \c true if credentials were set; /// - \c false otherwise /// - bool combine( + std::pair combine( _In_ const credentials_ttls *cred_cached, _In_ const config_method_ttls &cfg, _In_opt_z_ LPCTSTR pszTargetName); diff --git a/lib/TTLS/src/Credentials.cpp b/lib/TTLS/src/Credentials.cpp index 65ab442..d626f62 100644 --- a/lib/TTLS/src/Credentials.cpp +++ b/lib/TTLS/src/Credentials.cpp @@ -226,15 +226,12 @@ std::wstring eap::credentials_ttls::get_identity() const } -bool eap::credentials_ttls::combine( +pair eap::credentials_ttls::combine( _In_ const credentials_ttls *cred_cached, _In_ const config_method_ttls &cfg, _In_opt_z_ LPCTSTR pszTargetName) { - bool - is_outer_set = credentials_tls::combine(cred_cached, cfg, pszTargetName), - is_inner_set = - dynamic_cast(m_inner.get()) ? ((credentials_pap*)m_inner.get())->combine(cred_cached ? (credentials_pap*)cred_cached->m_inner.get() : NULL, (const config_method_pap&)*cfg.m_inner, pszTargetName) : false; - - return is_outer_set && is_inner_set; + return pair( + credentials_tls::combine(cred_cached, cfg, pszTargetName), + dynamic_cast(m_inner.get()) ? ((credentials_pap*)m_inner.get())->combine(cred_cached ? (credentials_pap*)cred_cached->m_inner.get() : NULL, (const config_method_pap&)*cfg.m_inner, pszTargetName) : source_unknown); } diff --git a/lib/TTLS/src/Method.cpp b/lib/TTLS/src/Method.cpp index b8e9e9e..838a461 100644 --- a/lib/TTLS/src/Method.cpp +++ b/lib/TTLS/src/Method.cpp @@ -69,27 +69,24 @@ void eap::method_ttls::process_request_packet( m_module.log_event(&EAPMETHOD_TTLS_HANDSHAKE_START, event_data((unsigned int)eap_type_ttls), event_data((unsigned char)m_version), event_data((unsigned char)ver_remote), event_data::blank); } - if (!m_handshake[tls_handshake_type_finished]) { - // Do the TLS. - method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput); + // Do the TLS. + method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput); - if (m_handshake[tls_handshake_type_finished]) { - // Piggyback inner authentication. - if (!m_state_client.m_alg_encrypt) - throw runtime_error(__FUNCTION__ " Refusing to send credentials unencrypted."); + if (m_phase == phase_application_data) { + // Send inner authentication. + if (!m_state_client.m_alg_encrypt) + throw runtime_error(__FUNCTION__ " Refusing to send credentials unencrypted."); - m_packet_res.m_code = EapCodeResponse; - m_packet_res.m_id = m_packet_req.m_id; - m_packet_res.m_flags = 0; - sanitizing_blob msg_application(make_message(tls_message_type_application_data, make_pap_client())); - m_packet_res.m_data.assign(msg_application.begin(), msg_application.end()); + m_module.log_event(&EAPMETHOD_TTLS_INNER_CRED, event_data((unsigned int)eap_type_ttls), event_data(m_cred.m_inner->get_name()), event_data::blank); - pEapOutput->fAllowNotifications = FALSE; - pEapOutput->action = EapPeerMethodResponseActionSend; - } - } else { - // Do the TLS. Again. - method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput); + m_packet_res.m_code = EapCodeResponse; + m_packet_res.m_id = m_packet_req.m_id; + m_packet_res.m_flags = 0; + sanitizing_blob msg_application(make_message(tls_message_type_application_data, make_pap_client())); + m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_application.begin(), msg_application.end()); + + pEapOutput->fAllowNotifications = FALSE; + pEapOutput->action = EapPeerMethodResponseActionSend; } } @@ -111,7 +108,7 @@ void eap::method_ttls::get_result( _In_ EapPeerMethodResultReason reason, _Inout_ EapPeerMethodResult *ppResult) { - if (!m_handshake[tls_handshake_type_finished]) { + if (m_phase != phase_application_data) { // Do the TLS. method_tls::get_result(reason, ppResult); } else { @@ -120,12 +117,27 @@ void eap::method_ttls::get_result( config_method_ttls *cfg_method = dynamic_cast(cfg_prov.m_methods.front().get()); assert(cfg_method); - // Mark credentials appropriately, so GUI can re-prompt user. - cfg_method->m_inner->m_cred_failed = reason == EapPeerMethodResultFailure; + switch (reason) { + case EapPeerMethodResultSuccess: { + m_module.log_event(&EAPMETHOD_TTLS_INNER_SUCCESS, event_data((unsigned int)eap_type_ttls), event_data::blank); + cfg_method->m_inner->m_auth_failed = false; + break; + } + + case EapPeerMethodResultFailure: + m_module.log_event(&EAPMETHOD_TTLS_INNER_FAILURE, event_data((unsigned int)eap_type_ttls), event_data::blank); + cfg_method->m_inner->m_auth_failed = true; + break; + + default: + throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported."); + } // The TLS was OK. method_tls::get_result(EapPeerMethodResultSuccess, ppResult); + // Do not report failure to EAPHost, as it will not save updated configuration then. But we need it to save it, to alert user on next connection attempt. + // EAPHost is well aware of the failed condition. //if (reason == EapPeerMethodResultFailure) { // ppResult->fIsSuccess = FALSE; // ppResult->dwFailureReasonCode = EAP_E_AUTHENTICATION_FAILED; diff --git a/lib/TTLS/src/Module.cpp b/lib/TTLS/src/Module.cpp index 9912334..9c6ca30 100644 --- a/lib/TTLS/src/Module.cpp +++ b/lib/TTLS/src/Module.cpp @@ -109,14 +109,17 @@ void eap::peer_ttls::get_identity( { // Combine credentials. user_impersonator impersonating(hTokenImpersonateUser); - *pfInvokeUI = cred_out.combine( + pair cred_source(cred_out.combine( #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE &cred_in, #else NULL, #endif *cfg_method, - (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL) ? FALSE : TRUE; + (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL)); + + // If either of credentials is unknown, request UI. + *pfInvokeUI = cred_source.first == eap::credentials::source_unknown || cred_source.second == eap::credentials::source_unknown ? TRUE : FALSE; } if (*pfInvokeUI) { @@ -132,14 +135,14 @@ void eap::peer_ttls::get_identity( // If we got here, we have all credentials we need. But, wait! - if (cfg_method->m_cred_failed) { + if (cfg_method->m_auth_failed) { // Outer TLS: Credentials failed on last connection attempt. log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)eap_type_tls), event_data::blank); *pfInvokeUI = TRUE; return; } - if (cfg_method->m_inner->m_cred_failed) { + if (cfg_method->m_inner->m_auth_failed) { // Inner: Credentials failed on last connection attempt. log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)type_inner), event_data::blank); *pfInvokeUI = TRUE; diff --git a/lib/TTLS_UI/src/Module.cpp b/lib/TTLS_UI/src/Module.cpp index 2f4efbf..993b27e 100644 --- a/lib/TTLS_UI/src/Module.cpp +++ b/lib/TTLS_UI/src/Module.cpp @@ -163,14 +163,14 @@ void eap::peer_ttls_ui::invoke_identity_ui( } // Combine credentials. - cred_out.combine( + pair cred_source(cred_out.combine( #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE &cred_in, #else NULL, #endif *cfg_method, - (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL); + (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL)); if (dwFlags & EAP_FLAG_GUEST_ACCESS) { // Disable credential saving for guests. @@ -190,10 +190,18 @@ void eap::peer_ttls_ui::invoke_identity_ui( parent.AdoptAttributesFromHWND(); wxTopLevelWindows.Append(&parent); - // Create and launch credentials dialog. + // Create credentials dialog. wxEAPCredentialsDialog dlg(cfg_prov, &parent); wxTTLSCredentialsPanel *panel = new wxTTLSCredentialsPanel(cfg_prov, *cfg_method, cred_out, cfg_prov.m_id.c_str(), &dlg); dlg.AddContents((wxPanel**)&panel, 1); + + // Set "Remember" checkboxes according to credential source, + panel->m_outer_cred->SetRememberValue(cred_source.first == eap::credentials::source_storage); + wxPAPCredentialsPanel *panel_inner_cred_pap = dynamic_cast(panel->m_inner_cred); + if (panel_inner_cred_pap) + panel_inner_cred_pap->SetRememberValue(cred_source.second == eap::credentials::source_storage); + + // Centre and display dialog. dlg.Centre(wxBOTH); result = dlg.ShowModal(); if (result == wxID_OK) { @@ -208,7 +216,6 @@ void eap::peer_ttls_ui::invoke_identity_ui( } } - wxPAPCredentialsPanel *panel_inner_cred_pap = dynamic_cast(panel->m_inner_cred); if (panel_inner_cred_pap && panel_inner_cred_pap->GetRememberValue()) { try { cred_out.m_inner->store(cfg_prov.m_id.c_str()); diff --git a/lib/TTLS_UI/src/TTLS_UI.cpp b/lib/TTLS_UI/src/TTLS_UI.cpp index 81320dd..20eb554 100644 --- a/lib/TTLS_UI/src/TTLS_UI.cpp +++ b/lib/TTLS_UI/src/TTLS_UI.cpp @@ -226,7 +226,7 @@ wxTTLSCredentialsPanel::wxTTLSCredentialsPanel(const eap::config_provider &prov, assert(m_cfg.m_inner); - if (m_cfg.m_inner->m_cred_failed) + if (m_cfg.m_inner->m_auth_failed) sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, this), 0, wxALL|wxEXPAND, 5); const eap::config_method_pap *cfg_inner_pap = dynamic_cast(m_cfg.m_inner.get()); @@ -245,7 +245,7 @@ wxTTLSCredentialsPanel::wxTTLSCredentialsPanel(const eap::config_provider &prov, m_outer_title->SetForegroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_INACTIVECAPTION ) ); sb_content->Add(m_outer_title, 0, wxALL|wxALIGN_RIGHT, 5); - if (m_cfg.m_cred_failed) + if (m_cfg.m_auth_failed) sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, this), 0, wxALL|wxEXPAND, 5); m_outer_cred = new wxTLSCredentialsPanel(m_prov, (const eap::config_method_tls&)m_cfg, (eap::credentials_tls&)cred, pszCredTarget, this, is_config);