Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

- TLS revised (again)

Browse Source 
- TLS Session resumption issues resolved
- Credential prompt has "Remember" checkbox initially selected when credentials originate from Windows Credential Manager
- Last authentication attempt failure notice is more general and no longer insinuate user credentials are the likely cause of the failure
- Additional log messages added
This commit is contained in:
Simon Rozman 2016-08-17 11:50:34 +02:00
parent 16527c8124
commit df1d431bd0
19 changed files with 277 additions and 218 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/EAPBase/include/Config.h
View File

@ -342,7 +342,7 @@ namespace eap
bool m_allow_save; ///< Are credentials allowed to be saved to Windows Credential Manager? bool m_allow_save; ///< Are credentials allowed to be saved to Windows Credential Manager?
bool m_use_preshared; ///< Use pre-shared credentials bool m_use_preshared; ///< Use pre-shared credentials
std::unique_ptr<credentials> m_preshared; ///< Pre-shared credentials std::unique_ptr<credentials> m_preshared; ///< Pre-shared credentials
bool m_cred_failed; ///< Did credential fail last time? bool m_auth_failed; ///< Did credential fail last time?
}; };

32
lib/EAPBase/include/Credentials.h
View File

@ -54,6 +54,18 @@ namespace eap
{ {
class credentials : public config class credentials : public config
{ {
public:
///
/// Credential source when combined
///
enum source_t {
source_unknown = -1, ///< Unknown source
source_cache = 0, ///< Credentials were obtained from EAPHost cache
source_preshared, ///< Credentials were set by method configuration
source_storage ///< Credentials were loaded from Windows Credential Manager
};
public: public:
/// ///
/// Constructs credentials /// Constructs credentials
@ -158,26 +170,6 @@ namespace eap
/// Returns credential name (for GUI display). /// Returns credential name (for GUI display).
/// ///
virtual winstd::tstring get_name() const; virtual winstd::tstring get_name() const;
///
/// Combine credentials in the following order:
///
/// 1. Cached credentials
/// 2. Pre-configured credentials
/// 3. Stored credentials
///
/// \param[in] cred_cached Cached credentials (optional, can be \c NULL)
/// \param[in] cfg Method configuration
/// \param[in] pszTargetName The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
///
/// \returns
/// - \c true if credentials were set;
/// - \c false otherwise
///
virtual bool combine(
_In_ const credentials *cred_cached,
_In_ config_method_with_cred &cfg,
_In_opt_z_ LPCTSTR pszTargetName);
}; };

16
lib/EAPBase/src/Config.cpp
View File

@ -139,7 +139,7 @@ eap::config_method& eap::config_method::operator=(_Inout_ config_method &&other)
eap::config_method_with_cred::config_method_with_cred(_In_ module &mod) : eap::config_method_with_cred::config_method_with_cred(_In_ module &mod) :
m_allow_save(true), m_allow_save(true),
m_use_preshared(false), m_use_preshared(false),
m_cred_failed(false), m_auth_failed(false),
config_method(mod) config_method(mod)
{ {
} }
@ -149,7 +149,7 @@ eap::config_method_with_cred::config_method_with_cred(_In_ const config_method_w
m_allow_save(other.m_allow_save), m_allow_save(other.m_allow_save),
m_use_preshared(other.m_use_preshared), m_use_preshared(other.m_use_preshared),
m_preshared(other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr), m_preshared(other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr),
m_cred_failed(other.m_cred_failed), m_auth_failed(other.m_auth_failed),
config_method(other) config_method(other)
{ {
} }
@ -159,7 +159,7 @@ eap::config_method_with_cred::config_method_with_cred(_Inout_ config_method_with
m_allow_save(std::move(other.m_allow_save)), m_allow_save(std::move(other.m_allow_save)),
m_use_preshared(std::move(other.m_use_preshared)), m_use_preshared(std::move(other.m_use_preshared)),
m_preshared(std::move(other.m_preshared)), m_preshared(std::move(other.m_preshared)),
m_cred_failed(std::move(other.m_cred_failed)), m_auth_failed(std::move(other.m_auth_failed)),
config_method(std::move(other)) config_method(std::move(other))
{ {
} }
@ -172,7 +172,7 @@ eap::config_method_with_cred& eap::config_method_with_cred::operator=(_In_ const
m_allow_save = other.m_allow_save; m_allow_save = other.m_allow_save;
m_use_preshared = other.m_use_preshared; m_use_preshared = other.m_use_preshared;
m_preshared.reset(other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr); m_preshared.reset(other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr);
m_cred_failed = other.m_cred_failed; m_auth_failed = other.m_auth_failed;
} }
return *this; return *this;
@ -186,7 +186,7 @@ eap::config_method_with_cred& eap::config_method_with_cred::operator=(_Inout_ co
m_allow_save = std::move(other.m_allow_save ); m_allow_save = std::move(other.m_allow_save );
m_use_preshared = std::move(other.m_use_preshared); m_use_preshared = std::move(other.m_use_preshared);
m_preshared = std::move(other.m_preshared ); m_preshared = std::move(other.m_preshared );
m_cred_failed = std::move(other.m_cred_failed ); m_auth_failed = std::move(other.m_auth_failed );
} }
return *this; return *this;
@ -248,7 +248,7 @@ void eap::config_method_with_cred::operator<<(_Inout_ cursor_out &cursor) const
cursor << m_allow_save; cursor << m_allow_save;
cursor << m_use_preshared; cursor << m_use_preshared;
cursor << *m_preshared; cursor << *m_preshared;
cursor << m_cred_failed; cursor << m_auth_failed;
} }
@ -259,7 +259,7 @@ size_t eap::config_method_with_cred::get_pk_size() const
pksizeof(m_allow_save ) + pksizeof(m_allow_save ) +
pksizeof(m_use_preshared) + pksizeof(m_use_preshared) +
pksizeof(*m_preshared ) + pksizeof(*m_preshared ) +
pksizeof(m_cred_failed ); pksizeof(m_auth_failed );
} }
@ -269,7 +269,7 @@ void eap::config_method_with_cred::operator>>(_Inout_ cursor_in &cursor)
cursor >> m_allow_save; cursor >> m_allow_save;
cursor >> m_use_preshared; cursor >> m_use_preshared;
cursor >> *m_preshared; cursor >> *m_preshared;
cursor >> m_cred_failed; cursor >> m_auth_failed;
} }

13
lib/EAPBase/src/Credentials.cpp
View File

@ -83,19 +83,6 @@ tstring eap::credentials::get_name() const
} }
bool eap::credentials::combine(
_In_ const credentials *cred_cached,
_In_ config_method_with_cred &cfg,
_In_opt_z_ LPCTSTR pszTargetName)
{
UNREFERENCED_PARAMETER(cred_cached);
UNREFERENCED_PARAMETER(cfg);
UNREFERENCED_PARAMETER(pszTargetName);
// When there's nothing to combine...
return true;
}
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
// eap::credentials_pass // eap::credentials_pass
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////

5
lib/EAPBase_UI/include/EAP_UI.h
View File

@ -486,6 +486,11 @@ public:
this->Disconnect(wxEVT_UPDATE_UI, wxUpdateUIEventHandler(_Tthis::OnUpdateUI)); this->Disconnect(wxEVT_UPDATE_UI, wxUpdateUIEventHandler(_Tthis::OnUpdateUI));
} }
inline void SetRememberValue(bool val)
{
return m_remember->SetValue(val);
}
inline bool GetRememberValue() const inline bool GetRememberValue() const
{ {
return m_remember->GetValue(); return m_remember->GetValue();

2
lib/EAPBase_UI/src/EAP_UI.cpp
View File

@ -182,7 +182,7 @@ wxEAPCredentialWarningPanel::wxEAPCredentialWarningPanel(const eap::config_provi
if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE)) if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
wxSetIconFromResource(m_note_icon, m_icon, m_shell32, MAKEINTRESOURCE(161)); wxSetIconFromResource(m_note_icon, m_icon, m_shell32, MAKEINTRESOURCE(161));
m_note_label->SetLabel(_("Previous attempt to connect using provided credentials failed. Please, make sure your credentials are correct, or try again later.")); m_note_label->SetLabel(_("Previous attempt to connect failed. Please, make sure your credentials are correct, or try again later."));
m_note_label->Wrap(449); m_note_label->Wrap(449);
CreateContactFields(prov); CreateContactFields(prov);

BIN
lib/Events/res/EventsETW.man
View File

Binary file not shown.

2
lib/PAP/include/Credentials.h
View File

@ -113,7 +113,7 @@ namespace eap
/// - \c true if credentials were set; /// - \c true if credentials were set;
/// - \c false otherwise /// - \c false otherwise
/// ///
bool combine( source_t combine(
_In_ const credentials_pap *cred_cached, _In_ const credentials_pap *cred_cached,
_In_ const config_method_pap &cfg, _In_ const config_method_pap &cfg,
_In_opt_z_ LPCTSTR pszTargetName); _In_opt_z_ LPCTSTR pszTargetName);

10
lib/PAP/src/Credentials.cpp
View File

@ -75,7 +75,7 @@ LPCTSTR eap::credentials_pap::target_suffix() const
} }
bool eap::credentials_pap::combine( eap::credentials::source_t eap::credentials_pap::combine(
_In_ const credentials_pap *cred_cached, _In_ const credentials_pap *cred_cached,
_In_ const config_method_pap &cfg, _In_ const config_method_pap &cfg,
_In_opt_z_ LPCTSTR pszTargetName) _In_opt_z_ LPCTSTR pszTargetName)
@ -84,14 +84,14 @@ bool eap::credentials_pap::combine(
// Using EAP service cached credentials. // Using EAP service cached credentials.
*this = *cred_cached; *this = *cred_cached;
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank);
return true; return source_cache;
} }
if (cfg.m_use_preshared) { if (cfg.m_use_preshared) {
// Using preshared credentials. // Using preshared credentials.
*this = *(credentials_pap*)cfg.m_preshared.get(); *this = *(credentials_pap*)cfg.m_preshared.get();
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank);
return true; return source_preshared;
} }
if (pszTargetName) { if (pszTargetName) {
@ -102,11 +102,11 @@ bool eap::credentials_pap::combine(
// Using stored credentials. // Using stored credentials.
*this = std::move(cred_loaded); *this = std::move(cred_loaded);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank);
return true; return source_storage;
} catch (...) { } catch (...) {
// Not actually an error. // Not actually an error.
} }
} }
return false; return source_unknown;
} }

2
lib/TLS/include/Credentials.h
View File

@ -200,7 +200,7 @@ namespace eap
/// - \c true if credentials were set; /// - \c true if credentials were set;
/// - \c false otherwise /// - \c false otherwise
/// ///
bool combine( source_t combine(
_In_ const credentials_tls *cred_cached, _In_ const credentials_tls *cred_cached,
_In_ const config_method_tls &cfg, _In_ const config_method_tls &cfg,
_In_opt_z_ LPCTSTR pszTargetName); _In_opt_z_ LPCTSTR pszTargetName);

21
lib/TLS/include/Method.h
View File

@ -467,6 +467,7 @@ namespace eap
/// ///
/// \sa [How to export and import plain text session keys by using CryptoAPI](https://support.microsoft.com/en-us/kb/228786) /// \sa [How to export and import plain text session keys by using CryptoAPI](https://support.microsoft.com/en-us/kb/228786)
/// ///
/// \param[in] cp Handle of the cryptographics provider
/// \param[in] alg Key algorithm /// \param[in] alg Key algorithm
/// \param[in] key Key that decrypts \p secret /// \param[in] key Key that decrypts \p secret
/// \param[in] secret Key data /// \param[in] secret Key data
@ -475,10 +476,11 @@ namespace eap
/// \returns Key /// \returns Key
/// ///
HCRYPTKEY create_key( HCRYPTKEY create_key(
_In_ ALG_ID alg, _In_ HCRYPTPROV cp,
_In_ HCRYPTKEY key, _In_ ALG_ID alg,
_In_bytecount_(size_secret) const void *secret, _In_ HCRYPTKEY key,
_In_ size_t size_secret); _In_bytecount_(size_secret) const void *secret,
_In_ size_t size_secret);
protected: protected:
credentials_tls &m_cred; ///< EAP-TLS user credentials credentials_tls &m_cred; ///< EAP-TLS user credentials
@ -487,7 +489,8 @@ namespace eap
packet m_packet_res; ///< Response packet packet m_packet_res; ///< Response packet
winstd::crypt_prov m_cp; ///< Cryptography provider for general services winstd::crypt_prov m_cp; ///< Cryptography provider for general services
winstd::crypt_prov m_cp_enc; ///< Cryptography provider for encryption winstd::crypt_prov m_cp_enc_client; ///< Cryptography provider for encryption
winstd::crypt_prov m_cp_enc_server; ///< Cryptography provider for encryption
winstd::crypt_key m_key_exp1; ///< Key for importing derived keys winstd::crypt_key m_key_exp1; ///< Key for importing derived keys
tls_version m_tls_version; ///< TLS version in use tls_version m_tls_version; ///< TLS version in use
@ -515,6 +518,14 @@ namespace eap
bool m_handshake[tls_handshake_type_max]; ///< Handshake flags (map od handshake messages received) bool m_handshake[tls_handshake_type_max]; ///< Handshake flags (map od handshake messages received)
enum {
phase_unknown = -1, ///< Unknown phase
phase_client_hello = 0, ///< Send client hello
phase_server_hello, ///< Wait for server hello
phase_change_cipher_spec, ///< Wait for change cipher spec
phase_application_data ///< Exchange application data
} m_phase; ///< What phase is our communication at?
unsigned __int64 m_seq_num_client; ///< Sequence number for encrypting unsigned __int64 m_seq_num_client; ///< Sequence number for encrypting
unsigned __int64 m_seq_num_server; ///< Sequence number for decrypting unsigned __int64 m_seq_num_server; ///< Sequence number for decrypting

10
lib/TLS/src/Credentials.cpp
View File

@ -254,7 +254,7 @@ tstring eap::credentials_tls::get_name() const
} }
bool eap::credentials_tls::combine( eap::credentials::source_t eap::credentials_tls::combine(
_In_ const credentials_tls *cred_cached, _In_ const credentials_tls *cred_cached,
_In_ const config_method_tls &cfg, _In_ const config_method_tls &cfg,
_In_opt_z_ LPCTSTR pszTargetName) _In_opt_z_ LPCTSTR pszTargetName)
@ -263,14 +263,14 @@ bool eap::credentials_tls::combine(
// Using EAP service cached credentials. // Using EAP service cached credentials.
*this = *cred_cached; *this = *cred_cached;
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank);
return true; return source_cache;
} }
if (cfg.m_use_preshared) { if (cfg.m_use_preshared) {
// Using preshared credentials. // Using preshared credentials.
*this = *(credentials_tls*)cfg.m_preshared.get(); *this = *(credentials_tls*)cfg.m_preshared.get();
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank);
return true; return source_preshared;
} }
if (pszTargetName) { if (pszTargetName) {
@ -281,13 +281,13 @@ bool eap::credentials_tls::combine(
// Using stored credentials. // Using stored credentials.
*this = std::move(cred_loaded); *this = std::move(cred_loaded);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank); m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank);
return true; return source_storage;
} catch (...) { } catch (...) {
// Not actually an error. // Not actually an error.
} }
} }
return false; return source_unknown;
} }

282
lib/TLS/src/Method.cpp
View File

@ -95,6 +95,7 @@ void eap::method_tls::packet::clear()
eap::method_tls::method_tls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_tls &cred) : eap::method_tls::method_tls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_tls &cred) :
m_cred(cred), m_cred(cred),
m_phase(phase_unknown),
m_seq_num_client(0), m_seq_num_client(0),
m_seq_num_server(0), m_seq_num_server(0),
m_blob_cfg(NULL), m_blob_cfg(NULL),
@ -113,7 +114,8 @@ eap::method_tls::method_tls(_Inout_ method_tls &&other) :
m_packet_req (std::move(other.m_packet_req )), m_packet_req (std::move(other.m_packet_req )),
m_packet_res (std::move(other.m_packet_res )), m_packet_res (std::move(other.m_packet_res )),
m_cp (std::move(other.m_cp )), m_cp (std::move(other.m_cp )),
m_cp_enc (std::move(other.m_cp_enc )), m_cp_enc_client (std::move(other.m_cp_enc_client )),
m_cp_enc_server (std::move(other.m_cp_enc_server )),
m_key_exp1 (std::move(other.m_key_exp1 )), m_key_exp1 (std::move(other.m_key_exp1 )),
m_tls_version (std::move(other.m_tls_version )), m_tls_version (std::move(other.m_tls_version )),
m_alg_prf (std::move(other.m_alg_prf )), m_alg_prf (std::move(other.m_alg_prf )),
@ -131,6 +133,7 @@ eap::method_tls::method_tls(_Inout_ method_tls &&other) :
m_hash_handshake_msgs_md5 (std::move(other.m_hash_handshake_msgs_md5 )), m_hash_handshake_msgs_md5 (std::move(other.m_hash_handshake_msgs_md5 )),
m_hash_handshake_msgs_sha1 (std::move(other.m_hash_handshake_msgs_sha1 )), m_hash_handshake_msgs_sha1 (std::move(other.m_hash_handshake_msgs_sha1 )),
m_hash_handshake_msgs_sha256(std::move(other.m_hash_handshake_msgs_sha256)), m_hash_handshake_msgs_sha256(std::move(other.m_hash_handshake_msgs_sha256)),
m_phase (std::move(other.m_phase )),
m_seq_num_client (std::move(other.m_seq_num_client )), m_seq_num_client (std::move(other.m_seq_num_client )),
m_seq_num_server (std::move(other.m_seq_num_server )), m_seq_num_server (std::move(other.m_seq_num_server )),
method (std::move(other )) method (std::move(other ))
@ -162,7 +165,8 @@ eap::method_tls& eap::method_tls::operator=(_Inout_ method_tls &&other)
m_packet_req = std::move(other.m_packet_req ); m_packet_req = std::move(other.m_packet_req );
m_packet_res = std::move(other.m_packet_res ); m_packet_res = std::move(other.m_packet_res );
m_cp = std::move(other.m_cp ); m_cp = std::move(other.m_cp );
m_cp_enc = std::move(other.m_cp_enc ); m_cp_enc_client = std::move(other.m_cp_enc_client );
m_cp_enc_server = std::move(other.m_cp_enc_server );
m_key_exp1 = std::move(other.m_key_exp1 ); m_key_exp1 = std::move(other.m_key_exp1 );
m_tls_version = std::move(other.m_tls_version ); m_tls_version = std::move(other.m_tls_version );
m_alg_prf = std::move(other.m_alg_prf ); m_alg_prf = std::move(other.m_alg_prf );
@ -180,6 +184,7 @@ eap::method_tls& eap::method_tls::operator=(_Inout_ method_tls &&other)
m_hash_handshake_msgs_md5 = std::move(other.m_hash_handshake_msgs_md5 ); m_hash_handshake_msgs_md5 = std::move(other.m_hash_handshake_msgs_md5 );
m_hash_handshake_msgs_sha1 = std::move(other.m_hash_handshake_msgs_sha1 ); m_hash_handshake_msgs_sha1 = std::move(other.m_hash_handshake_msgs_sha1 );
m_hash_handshake_msgs_sha256 = std::move(other.m_hash_handshake_msgs_sha256); m_hash_handshake_msgs_sha256 = std::move(other.m_hash_handshake_msgs_sha256);
m_phase = std::move(other.m_phase );
m_seq_num_client = std::move(other.m_seq_num_client ); m_seq_num_client = std::move(other.m_seq_num_client );
m_seq_num_server = std::move(other.m_seq_num_server ); m_seq_num_server = std::move(other.m_seq_num_server );
@ -201,7 +206,7 @@ void eap::method_tls::begin_session(
{ {
method::begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize); method::begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize);
// Create cryptographics provider. // Create cryptographics provider for support needs (handshake hashing, client random, temporary keys...).
if (!m_cp.create(NULL, NULL, PROV_RSA_AES)) if (!m_cp.create(NULL, NULL, PROV_RSA_AES))
throw win_runtime_error(__FUNCTION__ " Error creating cryptographics provider."); throw win_runtime_error(__FUNCTION__ " Error creating cryptographics provider.");
@ -217,9 +222,9 @@ void eap::method_tls::begin_session(
const config_method_tls *cfg_method = dynamic_cast<const config_method_tls*>(cfg_prov.m_methods.front().get()); const config_method_tls *cfg_method = dynamic_cast<const config_method_tls*>(cfg_prov.m_methods.front().get());
assert(cfg_method); assert(cfg_method);
//// Restore previous session ID and master secret. We might get lucky. // Restore previous session ID and master secret. We might get lucky.
//m_session_id = cfg_method->m_session_id; m_session_id = cfg_method->m_session_id;
//m_master_secret = cfg_method->m_master_secret; m_master_secret = cfg_method->m_master_secret;
} }
@ -314,6 +319,17 @@ void eap::method_tls::process_request_packet(
if (pReceivedPacket->Code == EapCodeRequest && (m_packet_req.m_flags & flags_req_start)) { if (pReceivedPacket->Code == EapCodeRequest && (m_packet_req.m_flags & flags_req_start)) {
// This is the EAP-TLS start message: (re)initialize method. // This is the EAP-TLS start message: (re)initialize method.
m_module.log_event(&EAPMETHOD_TLS_HANDSHAKE_START2, event_data((unsigned int)eap_type_tls), event_data::blank); m_module.log_event(&EAPMETHOD_TLS_HANDSHAKE_START2, event_data((unsigned int)eap_type_tls), event_data::blank);
m_phase = phase_client_hello;
} else {
// Process the packet.
memset(m_handshake, 0, sizeof(m_handshake));
m_packet_res.m_data.clear();
process_packet(m_packet_req.m_data.data(), m_packet_req.m_data.size());
}
switch (m_phase) {
case phase_client_hello: {
m_tls_version = tls_version_1_2;
m_key_mppe_client.clear(); m_key_mppe_client.clear();
m_key_mppe_server.clear(); m_key_mppe_server.clear();
@ -328,109 +344,122 @@ void eap::method_tls::process_request_packet(
if (!m_hash_handshake_msgs_sha256.create(m_cp, CALG_SHA_256)) if (!m_hash_handshake_msgs_sha256.create(m_cp, CALG_SHA_256))
throw win_runtime_error(__FUNCTION__ " Error creating SHA-256 hashing object."); throw win_runtime_error(__FUNCTION__ " Error creating SHA-256 hashing object.");
memset(m_handshake, 0, sizeof(m_handshake));
m_seq_num_client = 0; m_seq_num_client = 0;
m_seq_num_server = 0; m_seq_num_server = 0;
// Build client hello packet. // Build client hello packet.
sanitizing_blob msg_client_hello(make_message(tls_message_type_handshake, make_client_hello())); sanitizing_blob msg_client_hello(make_message(tls_message_type_handshake, make_client_hello()));
m_packet_res.m_data.assign(msg_client_hello.begin(), msg_client_hello.end()); m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_client_hello.begin(), msg_client_hello.end());
} else {
// Process the packet.
m_packet_res.m_data.clear();
process_packet(m_packet_req.m_data.data(), m_packet_req.m_data.size());
if (m_handshake[tls_handshake_type_finished]) { m_phase = phase_server_hello;
// Server finished. break;
} else if (m_state_server.m_alg_encrypt) { }
// Cipher specified (server).
} else if (m_handshake[tls_handshake_type_server_hello_done]) {
// Server hello specified.
// Create cryptographics provider (based on server selected cipher?). case phase_server_hello: {
if (!m_cp_enc.create(NULL, NULL, PROV_RSA_AES)) if (!m_handshake[tls_handshake_type_server_hello])
throw win_runtime_error(__FUNCTION__ " Error creating cryptographics provider."); throw win_runtime_error(__FUNCTION__ " Server did not hello back. No server random! What cipher to use?");
// Create cryptographics provider (based on server selected cipher?).
if (!m_cp_enc_client.create(NULL, NULL, PROV_RSA_AES))
throw win_runtime_error(__FUNCTION__ " Error creating cryptographics provider.");
if (m_handshake[tls_handshake_type_certificate]) {
// Do we trust this server? // Do we trust this server?
if (m_server_cert_chain.empty()) if (m_server_cert_chain.empty())
throw win_runtime_error(ERROR_ENCRYPTION_FAILED, __FUNCTION__ " Can not continue without server's certificate."); throw win_runtime_error(ERROR_ENCRYPTION_FAILED, __FUNCTION__ " Server sent an empty certificate (chain).");
verify_server_trust(); verify_server_trust();
if (m_handshake[tls_handshake_type_certificate_request]) {
// Client certificate requested.
sanitizing_blob msg_client_cert(make_message(tls_message_type_handshake, make_client_cert()));
m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_client_cert.begin(), msg_client_cert.end());
}
{
// Generate pre-master secret. PMS will get sanitized in its destructor when going out-of-scope.
tls_master_secret pms(m_cp_enc, m_tls_version);
// Derive master secret.
static const unsigned char s_label[] = "master secret";
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
memcpy(&m_master_secret, prf(m_cp_enc, m_alg_prf, pms, seed, sizeof(tls_master_secret)).data(), sizeof(tls_master_secret));
// Create client key exchange message, and append to packet.
sanitizing_blob msg_client_key_exchange(make_message(tls_message_type_handshake, make_client_key_exchange(pms)));
m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_client_key_exchange.begin(), msg_client_key_exchange.end());
}
if (m_handshake[tls_handshake_type_certificate_request]) {
// TODO: Create and append certificate_verify message!
}
// Append change cipher spec to packet.
sanitizing_blob ccs(make_message(tls_message_type_change_cipher_spec, sanitizing_blob(1, 1)));
m_packet_res.m_data.insert(m_packet_res.m_data.end(), ccs.begin(), ccs.end());
{
// Adopt server provided pending state as client pending.
m_state_client_pending = m_state_server_pending;
// Derive client side keys
static const unsigned char s_label[] = "key expansion";
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
sanitizing_blob key_block(prf(m_cp_enc, m_alg_prf, m_master_secret, seed,
2*m_state_client_pending.m_size_mac_key + // client_write_MAC_secret & server_write_MAC_secret (SHA1)
2*m_state_client_pending.m_size_enc_key + // client_write_key & server_write_key
2*m_state_client_pending.m_size_enc_iv )); // client_write_IV & server_write_IV
const unsigned char *_key_block = key_block.data();
// client_write_MAC_secret
m_state_client_pending.m_padding_hmac = hmac_padding(m_cp_enc, m_state_client_pending.m_alg_mac, _key_block, m_state_client_pending.m_size_mac_key);
_key_block += m_state_client_pending.m_size_mac_key;
// server_write_MAC_secret
_key_block += m_state_client_pending.m_size_mac_key;
// client_write_key
m_state_client_pending.m_key = create_key(m_state_client_pending.m_alg_encrypt, m_key_exp1, _key_block, m_state_client_pending.m_size_enc_key);
_key_block += m_state_client_pending.m_size_enc_key;
// server_write_key
_key_block += m_state_client_pending.m_size_enc_key;
if (m_state_client_pending.m_size_enc_iv && m_tls_version < tls_version_1_1) {
// client_write_IV
if (!CryptSetKeyParam(m_state_client_pending.m_key, KP_IV, _key_block, 0))
throw win_runtime_error(__FUNCTION__ " Error setting client_write_IV.");
_key_block += m_state_client_pending.m_size_enc_iv;
}
// Accept client pending state as current client state.
m_state_client = std::move(m_state_client_pending);
}
// Create finished message, and append to packet.
sanitizing_blob msg_finished(make_message(tls_message_type_handshake, make_finished()));
m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_finished.begin(), msg_finished.end());
} }
if (m_handshake[tls_handshake_type_certificate_request]) {
// Client certificate requested.
sanitizing_blob msg_client_cert(make_message(tls_message_type_handshake, make_client_cert()));
m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_client_cert.begin(), msg_client_cert.end());
}
if (m_handshake[tls_handshake_type_server_hello_done]) {
if (m_server_cert_chain.empty())
throw win_runtime_error(ERROR_ENCRYPTION_FAILED, __FUNCTION__ " Can not do a client key exchange without a server public key (missing server certificate).");
// Generate pre-master secret. PMS will get sanitized in its destructor when going out-of-scope.
// Always use latest supported version by client (not negotiated one, to detect version rollback attacks).
tls_master_secret pms(m_cp_enc_client, tls_version_1_2);
// Derive master secret.
static const unsigned char s_label[] = "master secret";
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
memcpy(&m_master_secret, prf(m_cp_enc_client, m_alg_prf, pms, seed, sizeof(tls_master_secret)).data(), sizeof(tls_master_secret));
// Create client key exchange message, and append to packet.
sanitizing_blob msg_client_key_exchange(make_message(tls_message_type_handshake, make_client_key_exchange(pms)));
m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_client_key_exchange.begin(), msg_client_key_exchange.end());
}
if (m_handshake[tls_handshake_type_certificate_request]) {
// TODO: Create and append client certificate verify message!
}
// Append change cipher spec to packet.
sanitizing_blob ccs(make_message(tls_message_type_change_cipher_spec, sanitizing_blob(1, 1)));
m_packet_res.m_data.insert(m_packet_res.m_data.end(), ccs.begin(), ccs.end());
// Adopt server state as client pending.
// If server already send the change cipher spec, use active server state. Otherwise pending.
m_state_client_pending = m_state_server.m_alg_encrypt ? m_state_server : m_state_server_pending;
// Derive client side keys.
static const unsigned char s_label[] = "key expansion";
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
sanitizing_blob key_block(prf(m_cp_enc_client, m_alg_prf, m_master_secret, seed,
2*m_state_client_pending.m_size_mac_key + // client_write_MAC_secret & server_write_MAC_secret (SHA1)
2*m_state_client_pending.m_size_enc_key + // client_write_key & server_write_key
2*m_state_client_pending.m_size_enc_iv )); // client_write_IV & server_write_IV
const unsigned char *_key_block = key_block.data();
// client_write_MAC_secret
m_state_client_pending.m_padding_hmac = hmac_padding(m_cp_enc_client, m_state_client_pending.m_alg_mac, _key_block, m_state_client_pending.m_size_mac_key);
_key_block += m_state_client_pending.m_size_mac_key;
// server_write_MAC_secret
_key_block += m_state_client_pending.m_size_mac_key;
// client_write_key
m_state_client_pending.m_key = create_key(m_cp_enc_client, m_state_client_pending.m_alg_encrypt, m_key_exp1, _key_block, m_state_client_pending.m_size_enc_key);
_key_block += m_state_client_pending.m_size_enc_key;
// server_write_key
_key_block += m_state_client_pending.m_size_enc_key;
if (m_state_client_pending.m_size_enc_iv && m_tls_version < tls_version_1_1) {
// client_write_IV
if (!CryptSetKeyParam(m_state_client_pending.m_key, KP_IV, _key_block, 0))
throw win_runtime_error(__FUNCTION__ " Error setting client_write_IV.");
_key_block += m_state_client_pending.m_size_enc_iv;
}
// Accept client pending state as current client state.
m_state_client = std::move(m_state_client_pending);
// Create finished message, and append to packet.
sanitizing_blob msg_finished(make_message(tls_message_type_handshake, make_finished()));
m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_finished.begin(), msg_finished.end());
m_phase = m_handshake[tls_handshake_type_finished] ? phase_application_data : phase_change_cipher_spec;
break;
}
case phase_change_cipher_spec:
// Wait in this phase until server sends change cipher spec and finish.
if (m_state_server.m_alg_encrypt && m_handshake[tls_handshake_type_finished])
m_phase = phase_application_data;
break;
case phase_application_data:
if (m_handshake[tls_handshake_type_hello_request])
m_phase = phase_client_hello;
} }
// EAP-Request packet was processed. Clear its data since we use the absence of data to detect first of fragmented message packages. // EAP-Request packet was processed. Clear its data since we use the absence of data to detect first of fragmented message packages.
@ -512,6 +541,8 @@ void eap::method_tls::get_result(
if (!m_handshake[tls_handshake_type_finished]) if (!m_handshake[tls_handshake_type_finished])
throw invalid_argument(__FUNCTION__ " Premature success."); throw invalid_argument(__FUNCTION__ " Premature success.");
m_module.log_event(&EAPMETHOD_TLS_SUCCESS, event_data((unsigned int)eap_type_tls), event_data::blank);
// Derive MSK/EMSK for line encryption. // Derive MSK/EMSK for line encryption.
derive_msk(); derive_msk();
@ -530,7 +561,7 @@ void eap::method_tls::get_result(
ppResult->pAttribArray = &m_eap_attr_desc; ppResult->pAttribArray = &m_eap_attr_desc;
// Clear credentials as failed. // Clear credentials as failed.
cfg_method->m_cred_failed = false; cfg_method->m_auth_failed = false;
ppResult->fIsSuccess = TRUE; ppResult->fIsSuccess = TRUE;
ppResult->dwFailureReasonCode = ERROR_SUCCESS; ppResult->dwFailureReasonCode = ERROR_SUCCESS;
@ -543,15 +574,19 @@ void eap::method_tls::get_result(
} }
case EapPeerMethodResultFailure: case EapPeerMethodResultFailure:
m_module.log_event(&EAPMETHOD_TLS_FAILURE, event_data((unsigned int)eap_type_tls), event_data::blank);
// Clear session resumption data. // Clear session resumption data.
cfg_method->m_session_id.clear(); cfg_method->m_session_id.clear();
cfg_method->m_master_secret.clear(); cfg_method->m_master_secret.clear();
// Mark credentials as failed, so GUI can re-prompt user. // Mark credentials as failed, so GUI can re-prompt user.
cfg_method->m_cred_failed = true; cfg_method->m_auth_failed = true;
ppResult->fIsSuccess = FALSE; // Do not report failure to EAPHost, as it will not save updated configuration then. But we need it to save it, to alert user on next connection attempt.
ppResult->dwFailureReasonCode = EAP_E_AUTHENTICATION_FAILED; // EAPHost is well aware of the failed condition.
//ppResult->fIsSuccess = FALSE;
//ppResult->dwFailureReasonCode = EAP_E_AUTHENTICATION_FAILED;
break; break;
@ -674,7 +709,7 @@ eap::sanitizing_blob eap::method_tls::make_client_key_exchange(_In_ const tls_ma
// Encrypt pre-master key with server public key first. // Encrypt pre-master key with server public key first.
sanitizing_blob pms_enc((const unsigned char*)&pms, (const unsigned char*)(&pms + 1)); sanitizing_blob pms_enc((const unsigned char*)&pms, (const unsigned char*)(&pms + 1));
crypt_key key; crypt_key key;
if (!key.import_public(m_cp_enc, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(m_server_cert_chain.front()->pCertInfo->SubjectPublicKeyInfo))) if (!key.import_public(m_cp_enc_client, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(m_server_cert_chain.front()->pCertInfo->SubjectPublicKeyInfo)))
throw win_runtime_error(__FUNCTION__ " Error importing server's public key."); throw win_runtime_error(__FUNCTION__ " Error importing server's public key.");
if (!CryptEncrypt(key, NULL, TRUE, 0, pms_enc)) if (!CryptEncrypt(key, NULL, TRUE, 0, pms_enc))
throw win_runtime_error(__FUNCTION__ " Error encrypting PMS."); throw win_runtime_error(__FUNCTION__ " Error encrypting PMS.");
@ -737,7 +772,7 @@ eap::sanitizing_blob eap::method_tls::make_finished() const
throw win_runtime_error(__FUNCTION__ " Error finishing SHA-256 hash calculation."); throw win_runtime_error(__FUNCTION__ " Error finishing SHA-256 hash calculation.");
seed.insert(seed.end(), hash_data.begin(), hash_data.end()); seed.insert(seed.end(), hash_data.begin(), hash_data.end());
} }
sanitizing_blob verify(prf(m_cp_enc, m_alg_prf, m_master_secret, seed, 12)); sanitizing_blob verify(prf(m_cp_enc_client, m_alg_prf, m_master_secret, seed, 12));
msg.insert(msg.end(), verify.begin(), verify.end()); msg.insert(msg.end(), verify.begin(), verify.end());
return msg; return msg;
@ -781,7 +816,7 @@ void eap::method_tls::derive_msk()
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1); sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1)); seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1)); seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
sanitizing_blob key_block(prf(m_cp_enc, m_alg_prf, m_master_secret, seed, 2*sizeof(tls_random))); sanitizing_blob key_block(prf(m_cp_enc_client, m_alg_prf, m_master_secret, seed, 2*sizeof(tls_random)));
const unsigned char *_key_block = key_block.data(); const unsigned char *_key_block = key_block.data();
// MS-MPPE-Recv-Key // MS-MPPE-Recv-Key
@ -877,11 +912,15 @@ void eap::method_tls::process_change_cipher_spec(_In_bytecount_(msg_size) const
if (!m_state_server_pending.m_alg_encrypt) if (!m_state_server_pending.m_alg_encrypt)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Change cipher spec received without cipher being negotiated first."); throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Change cipher spec received without cipher being negotiated first.");
// Create cryptographics provider (based on server selected cipher?).
if (!m_cp_enc_server.create(NULL, NULL, PROV_RSA_AES))
throw win_runtime_error(__FUNCTION__ " Error creating cryptographics provider.");
static const unsigned char s_label[] = "key expansion"; static const unsigned char s_label[] = "key expansion";
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1); sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1)); seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1)); seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
sanitizing_blob key_block(prf(m_cp_enc, m_alg_prf, m_master_secret, seed, sanitizing_blob key_block(prf(m_cp_enc_server, m_alg_prf, m_master_secret, seed,
2*m_state_server_pending.m_size_mac_key + // client_write_MAC_secret & server_write_MAC_secret (SHA1) 2*m_state_server_pending.m_size_mac_key + // client_write_MAC_secret & server_write_MAC_secret (SHA1)
2*m_state_server_pending.m_size_enc_key + // client_write_key & server_write_key 2*m_state_server_pending.m_size_enc_key + // client_write_key & server_write_key
2*m_state_server_pending.m_size_enc_iv )); // client_write_IV & server_write_IV 2*m_state_server_pending.m_size_enc_iv )); // client_write_IV & server_write_IV
@ -891,14 +930,14 @@ void eap::method_tls::process_change_cipher_spec(_In_bytecount_(msg_size) const
_key_block += m_state_server_pending.m_size_mac_key; _key_block += m_state_server_pending.m_size_mac_key;
// server_write_MAC_secret // server_write_MAC_secret
m_state_server_pending.m_padding_hmac = hmac_padding(m_cp_enc, m_state_server_pending.m_alg_mac, _key_block, m_state_server_pending.m_size_mac_key); m_state_server_pending.m_padding_hmac = hmac_padding(m_cp_enc_server, m_state_server_pending.m_alg_mac, _key_block, m_state_server_pending.m_size_mac_key);
_key_block += m_state_server_pending.m_size_mac_key; _key_block += m_state_server_pending.m_size_mac_key;
// client_write_key // client_write_key
_key_block += m_state_server_pending.m_size_enc_key; _key_block += m_state_server_pending.m_size_enc_key;
// server_write_key // server_write_key
m_state_server_pending.m_key = create_key(m_state_server_pending.m_alg_encrypt, m_key_exp1, _key_block, m_state_server_pending.m_size_enc_key); m_state_server_pending.m_key = create_key(m_cp_enc_server, m_state_server_pending.m_alg_encrypt, m_key_exp1, _key_block, m_state_server_pending.m_size_enc_key);
_key_block += m_state_server_pending.m_size_enc_key; _key_block += m_state_server_pending.m_size_enc_key;
if (m_state_server_pending.m_size_enc_iv && m_tls_version < tls_version_1_1) { if (m_state_server_pending.m_size_enc_iv && m_tls_version < tls_version_1_1) {
@ -969,7 +1008,11 @@ void eap::method_tls::process_handshake(_In_bytecount_(msg_size) const void *_ms
if (rec + 1 > rec_end || rec + 1 + rec[0] > rec_end) if (rec + 1 > rec_end || rec + 1 + rec[0] > rec_end)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Session ID missing or incomplete."); throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Session ID missing or incomplete.");
assert(rec[0] <= 32); // According to RFC 5246 session IDs should not be longer than 32B. assert(rec[0] <= 32); // According to RFC 5246 session IDs should not be longer than 32B.
m_session_id.assign(rec + 1, rec + 1 + rec[0]); if (m_session_id.size() != rec[0] || memcmp(m_session_id.data(), rec + 1, rec[0]) != 0) {
m_module.log_event(&EAPMETHOD_TLS_SESSION_NEW, event_data((unsigned int)eap_type_tls), event_data::blank);
m_session_id.assign(rec + 1, rec + 1 + rec[0]);
} else
m_module.log_event(&EAPMETHOD_TLS_SESSION_RESUME, event_data((unsigned int)eap_type_tls), event_data::blank);
rec += rec[0] + 1; rec += rec[0] + 1;
// Cipher // Cipher
@ -1075,7 +1118,7 @@ void eap::method_tls::process_handshake(_In_bytecount_(msg_size) const void *_ms
seed.insert(seed.end(), hash_data.begin(), hash_data.end()); seed.insert(seed.end(), hash_data.begin(), hash_data.end());
} }
if (memcmp(prf(m_cp_enc, m_alg_prf, m_master_secret, seed, 12).data(), rec, 12)) if (memcmp(prf(m_cp_enc_server, m_alg_prf, m_master_secret, seed, 12).data(), rec, 12))
throw win_runtime_error(ERROR_ENCRYPTION_FAILED, __FUNCTION__ " Integrity check failed."); throw win_runtime_error(ERROR_ENCRYPTION_FAILED, __FUNCTION__ " Integrity check failed.");
m_module.log_event(&EAPMETHOD_TLS_FINISHED, event_data((unsigned int)eap_type_tls), event_data::blank); m_module.log_event(&EAPMETHOD_TLS_FINISHED, event_data((unsigned int)eap_type_tls), event_data::blank);
@ -1233,7 +1276,7 @@ void eap::method_tls::encrypt_message(_In_ tls_message_type_t type, _Inout_ sani
{ {
// Hash sequence number, TLS header, and message. // Hash sequence number, TLS header, and message.
size_t size_data = data.size(); size_t size_data = data.size();
hmac_hash hash(m_cp_enc, m_state_client.m_alg_mac, m_state_client.m_padding_hmac); hmac_hash hash(m_cp_enc_client, m_state_client.m_alg_mac, m_state_client.m_padding_hmac);
unsigned __int64 seq_num2 = htonll(m_seq_num_client); unsigned __int64 seq_num2 = htonll(m_seq_num_client);
unsigned short size_data2 = htons((unsigned short)size_data); unsigned short size_data2 = htons((unsigned short)size_data);
if (!CryptHashData(hash, (const BYTE*)&seq_num2 , sizeof(seq_num2 ), 0) || if (!CryptHashData(hash, (const BYTE*)&seq_num2 , sizeof(seq_num2 ), 0) ||
@ -1255,7 +1298,7 @@ void eap::method_tls::encrypt_message(_In_ tls_message_type_t type, _Inout_ sani
if (m_tls_version >= tls_version_1_1) { if (m_tls_version >= tls_version_1_1) {
// TLS 1.1+: Set random IV. // TLS 1.1+: Set random IV.
data.insert(data.begin(), m_state_client.m_size_enc_iv, 0); data.insert(data.begin(), m_state_client.m_size_enc_iv, 0);
if (!CryptGenRandom(m_cp_enc, (DWORD)m_state_client.m_size_enc_iv, data.data())) if (!CryptGenRandom(m_cp_enc_client, (DWORD)m_state_client.m_size_enc_iv, data.data()))
throw win_runtime_error(__FUNCTION__ " Error generating IV."); throw win_runtime_error(__FUNCTION__ " Error generating IV.");
size_data_enc += m_state_client.m_size_enc_iv; size_data_enc += m_state_client.m_size_enc_iv;
} }
@ -1320,7 +1363,7 @@ void eap::method_tls::decrypt_message(_In_ tls_message_type_t type, _Inout_ sani
size_data -= m_state_server.m_size_mac_hash; size_data -= m_state_server.m_size_mac_hash;
// Hash sequence number, TLS header (without length), original message length, and message. // Hash sequence number, TLS header (without length), original message length, and message.
hmac_hash hash(m_cp_enc, m_state_server.m_alg_mac, m_state_server.m_padding_hmac); hmac_hash hash(m_cp_enc_server, m_state_server.m_alg_mac, m_state_server.m_padding_hmac);
unsigned __int64 seq_num2 = htonll(m_seq_num_server); unsigned __int64 seq_num2 = htonll(m_seq_num_server);
unsigned short size_data2 = htons((unsigned short)size_data); unsigned short size_data2 = htons((unsigned short)size_data);
if (!CryptHashData(hash, (const BYTE*)&seq_num2 , sizeof(seq_num2 ), 0) || if (!CryptHashData(hash, (const BYTE*)&seq_num2 , sizeof(seq_num2 ), 0) ||
@ -1454,10 +1497,11 @@ eap::sanitizing_blob eap::method_tls::prf(
HCRYPTKEY eap::method_tls::create_key( HCRYPTKEY eap::method_tls::create_key(
_In_ ALG_ID alg, _In_ HCRYPTPROV cp,
_In_ HCRYPTKEY key, _In_ ALG_ID alg,
_In_bytecount_(size_secret) const void *secret, _In_ HCRYPTKEY key,
_In_ size_t size_secret) _In_bytecount_(size_secret) const void *secret,
_In_ size_t size_secret)
{ {
#if 1 #if 1
UNREFERENCED_PARAMETER(key); UNREFERENCED_PARAMETER(key);
@ -1483,7 +1527,7 @@ HCRYPTKEY eap::method_tls::create_key(
// Import the key. // Import the key.
winstd::crypt_key key_out; winstd::crypt_key key_out;
if (!key_out.import(m_cp_enc, key_blob.data(), (DWORD)key_blob.size(), NULL, 0)) if (!key_out.import(cp, key_blob.data(), (DWORD)key_blob.size(), NULL, 0))
throw winstd::win_runtime_error(__FUNCTION__ " Error importing key."); throw winstd::win_runtime_error(__FUNCTION__ " Error importing key.");
return key_out.detach(); return key_out.detach();
#else #else
@ -1529,7 +1573,7 @@ HCRYPTKEY eap::method_tls::create_key(
// Is random PS required at all? We are importing a clear-text session key with the exponent-of-one key. How low on security can we get? // Is random PS required at all? We are importing a clear-text session key with the exponent-of-one key. How low on security can we get?
key_blob.insert(key_blob.end(), size_ps, 0); key_blob.insert(key_blob.end(), size_ps, 0);
unsigned char *ps = &*(key_blob.end() - size_ps); unsigned char *ps = &*(key_blob.end() - size_ps);
CryptGenRandom(m_cp_enc, (DWORD)size_ps, ps); CryptGenRandom(cp, (DWORD)size_ps, ps);
for (size_t i = 0; i < size_ps; i++) for (size_t i = 0; i < size_ps; i++)
if (ps[i] == 0) ps[i] = 1; if (ps[i] == 0) ps[i] = 1;
#endif #endif
@ -1545,7 +1589,7 @@ HCRYPTKEY eap::method_tls::create_key(
// Import the key. // Import the key.
winstd::crypt_key key_out; winstd::crypt_key key_out;
if (!key_out.import(m_cp_enc, key_blob.data(), (DWORD)key_blob.size(), key, 0)) if (!key_out.import(cp, key_blob.data(), (DWORD)key_blob.size(), key, 0))
throw winstd::win_runtime_error(__FUNCTION__ " Error importing key."); throw winstd::win_runtime_error(__FUNCTION__ " Error importing key.");
return key_out.detach(); return key_out.detach();
#endif #endif

3
lib/TTLS/include/Credentials.h
View File

@ -32,6 +32,7 @@ namespace eap
#include "../../PAP/include/Credentials.h" #include "../../PAP/include/Credentials.h"
#include <memory> #include <memory>
#include <utility>
namespace eap namespace eap
@ -187,7 +188,7 @@ namespace eap
/// - \c true if credentials were set; /// - \c true if credentials were set;
/// - \c false otherwise /// - \c false otherwise
/// ///
bool combine( std::pair<source_t, source_t> combine(
_In_ const credentials_ttls *cred_cached, _In_ const credentials_ttls *cred_cached,
_In_ const config_method_ttls &cfg, _In_ const config_method_ttls &cfg,
_In_opt_z_ LPCTSTR pszTargetName); _In_opt_z_ LPCTSTR pszTargetName);

11
lib/TTLS/src/Credentials.cpp
View File

@ -226,15 +226,12 @@ std::wstring eap::credentials_ttls::get_identity() const
} }
bool eap::credentials_ttls::combine( pair<eap::credentials::source_t, eap::credentials::source_t> eap::credentials_ttls::combine(
_In_ const credentials_ttls *cred_cached, _In_ const credentials_ttls *cred_cached,
_In_ const config_method_ttls &cfg, _In_ const config_method_ttls &cfg,
_In_opt_z_ LPCTSTR pszTargetName) _In_opt_z_ LPCTSTR pszTargetName)
{ {
bool return pair<source_t, source_t>(
is_outer_set = credentials_tls::combine(cred_cached, cfg, pszTargetName), credentials_tls::combine(cred_cached, cfg, pszTargetName),
is_inner_set = dynamic_cast<const credentials_pap*>(m_inner.get()) ? ((credentials_pap*)m_inner.get())->combine(cred_cached ? (credentials_pap*)cred_cached->m_inner.get() : NULL, (const config_method_pap&)*cfg.m_inner, pszTargetName) : source_unknown);
dynamic_cast<const credentials_pap*>(m_inner.get()) ? ((credentials_pap*)m_inner.get())->combine(cred_cached ? (credentials_pap*)cred_cached->m_inner.get() : NULL, (const config_method_pap&)*cfg.m_inner, pszTargetName) : false;
return is_outer_set && is_inner_set;
} }

54
lib/TTLS/src/Method.cpp
View File

@ -69,27 +69,24 @@ void eap::method_ttls::process_request_packet(
m_module.log_event(&EAPMETHOD_TTLS_HANDSHAKE_START, event_data((unsigned int)eap_type_ttls), event_data((unsigned char)m_version), event_data((unsigned char)ver_remote), event_data::blank); m_module.log_event(&EAPMETHOD_TTLS_HANDSHAKE_START, event_data((unsigned int)eap_type_ttls), event_data((unsigned char)m_version), event_data((unsigned char)ver_remote), event_data::blank);
} }
if (!m_handshake[tls_handshake_type_finished]) { // Do the TLS.
// Do the TLS. method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
if (m_handshake[tls_handshake_type_finished]) { if (m_phase == phase_application_data) {
// Piggyback inner authentication. // Send inner authentication.
if (!m_state_client.m_alg_encrypt) if (!m_state_client.m_alg_encrypt)
throw runtime_error(__FUNCTION__ " Refusing to send credentials unencrypted."); throw runtime_error(__FUNCTION__ " Refusing to send credentials unencrypted.");
m_packet_res.m_code = EapCodeResponse; m_module.log_event(&EAPMETHOD_TTLS_INNER_CRED, event_data((unsigned int)eap_type_ttls), event_data(m_cred.m_inner->get_name()), event_data::blank);
m_packet_res.m_id = m_packet_req.m_id;
m_packet_res.m_flags = 0;
sanitizing_blob msg_application(make_message(tls_message_type_application_data, make_pap_client()));
m_packet_res.m_data.assign(msg_application.begin(), msg_application.end());
pEapOutput->fAllowNotifications = FALSE; m_packet_res.m_code = EapCodeResponse;
pEapOutput->action = EapPeerMethodResponseActionSend; m_packet_res.m_id = m_packet_req.m_id;
} m_packet_res.m_flags = 0;
} else { sanitizing_blob msg_application(make_message(tls_message_type_application_data, make_pap_client()));
// Do the TLS. Again. m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_application.begin(), msg_application.end());
method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
pEapOutput->fAllowNotifications = FALSE;
pEapOutput->action = EapPeerMethodResponseActionSend;
} }
} }
@ -111,7 +108,7 @@ void eap::method_ttls::get_result(
_In_ EapPeerMethodResultReason reason, _In_ EapPeerMethodResultReason reason,
_Inout_ EapPeerMethodResult *ppResult) _Inout_ EapPeerMethodResult *ppResult)
{ {
if (!m_handshake[tls_handshake_type_finished]) { if (m_phase != phase_application_data) {
// Do the TLS. // Do the TLS.
method_tls::get_result(reason, ppResult); method_tls::get_result(reason, ppResult);
} else { } else {
@ -120,12 +117,27 @@ void eap::method_ttls::get_result(
config_method_ttls *cfg_method = dynamic_cast<config_method_ttls*>(cfg_prov.m_methods.front().get()); config_method_ttls *cfg_method = dynamic_cast<config_method_ttls*>(cfg_prov.m_methods.front().get());
assert(cfg_method); assert(cfg_method);
// Mark credentials appropriately, so GUI can re-prompt user. switch (reason) {
cfg_method->m_inner->m_cred_failed = reason == EapPeerMethodResultFailure; case EapPeerMethodResultSuccess: {
m_module.log_event(&EAPMETHOD_TTLS_INNER_SUCCESS, event_data((unsigned int)eap_type_ttls), event_data::blank);
cfg_method->m_inner->m_auth_failed = false;
break;
}
case EapPeerMethodResultFailure:
m_module.log_event(&EAPMETHOD_TTLS_INNER_FAILURE, event_data((unsigned int)eap_type_ttls), event_data::blank);
cfg_method->m_inner->m_auth_failed = true;
break;
default:
throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported.");
}
// The TLS was OK. // The TLS was OK.
method_tls::get_result(EapPeerMethodResultSuccess, ppResult); method_tls::get_result(EapPeerMethodResultSuccess, ppResult);
// Do not report failure to EAPHost, as it will not save updated configuration then. But we need it to save it, to alert user on next connection attempt.
// EAPHost is well aware of the failed condition.
//if (reason == EapPeerMethodResultFailure) { //if (reason == EapPeerMethodResultFailure) {
// ppResult->fIsSuccess = FALSE; // ppResult->fIsSuccess = FALSE;
// ppResult->dwFailureReasonCode = EAP_E_AUTHENTICATION_FAILED; // ppResult->dwFailureReasonCode = EAP_E_AUTHENTICATION_FAILED;

11
lib/TTLS/src/Module.cpp
View File

@ -109,14 +109,17 @@ void eap::peer_ttls::get_identity(
{ {
// Combine credentials. // Combine credentials.
user_impersonator impersonating(hTokenImpersonateUser); user_impersonator impersonating(hTokenImpersonateUser);
*pfInvokeUI = cred_out.combine( pair<eap::credentials::source_t, eap::credentials::source_t> cred_source(cred_out.combine(
#ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
&cred_in, &cred_in,
#else #else
NULL, NULL,
#endif #endif
*cfg_method, *cfg_method,
(dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL) ? FALSE : TRUE; (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL));
// If either of credentials is unknown, request UI.
*pfInvokeUI = cred_source.first == eap::credentials::source_unknown || cred_source.second == eap::credentials::source_unknown ? TRUE : FALSE;
} }
if (*pfInvokeUI) { if (*pfInvokeUI) {
@ -132,14 +135,14 @@ void eap::peer_ttls::get_identity(
// If we got here, we have all credentials we need. But, wait! // If we got here, we have all credentials we need. But, wait!
if (cfg_method->m_cred_failed) { if (cfg_method->m_auth_failed) {
// Outer TLS: Credentials failed on last connection attempt. // Outer TLS: Credentials failed on last connection attempt.
log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)eap_type_tls), event_data::blank); log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)eap_type_tls), event_data::blank);
*pfInvokeUI = TRUE; *pfInvokeUI = TRUE;
return; return;
} }
if (cfg_method->m_inner->m_cred_failed) { if (cfg_method->m_inner->m_auth_failed) {
// Inner: Credentials failed on last connection attempt. // Inner: Credentials failed on last connection attempt.
log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)type_inner), event_data::blank); log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)type_inner), event_data::blank);
*pfInvokeUI = TRUE; *pfInvokeUI = TRUE;

15
lib/TTLS_UI/src/Module.cpp
View File

@ -163,14 +163,14 @@ void eap::peer_ttls_ui::invoke_identity_ui(
} }
// Combine credentials. // Combine credentials.
cred_out.combine( pair<eap::credentials::source_t, eap::credentials::source_t> cred_source(cred_out.combine(
#ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
&cred_in, &cred_in,
#else #else
NULL, NULL,
#endif #endif
*cfg_method, *cfg_method,
(dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL); (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL));
if (dwFlags & EAP_FLAG_GUEST_ACCESS) { if (dwFlags & EAP_FLAG_GUEST_ACCESS) {
// Disable credential saving for guests. // Disable credential saving for guests.
@ -190,10 +190,18 @@ void eap::peer_ttls_ui::invoke_identity_ui(
parent.AdoptAttributesFromHWND(); parent.AdoptAttributesFromHWND();
wxTopLevelWindows.Append(&parent); wxTopLevelWindows.Append(&parent);
// Create and launch credentials dialog. // Create credentials dialog.
wxEAPCredentialsDialog dlg(cfg_prov, &parent); wxEAPCredentialsDialog dlg(cfg_prov, &parent);
wxTTLSCredentialsPanel *panel = new wxTTLSCredentialsPanel(cfg_prov, *cfg_method, cred_out, cfg_prov.m_id.c_str(), &dlg); wxTTLSCredentialsPanel *panel = new wxTTLSCredentialsPanel(cfg_prov, *cfg_method, cred_out, cfg_prov.m_id.c_str(), &dlg);
dlg.AddContents((wxPanel**)&panel, 1); dlg.AddContents((wxPanel**)&panel, 1);
// Set "Remember" checkboxes according to credential source,
panel->m_outer_cred->SetRememberValue(cred_source.first == eap::credentials::source_storage);
wxPAPCredentialsPanel *panel_inner_cred_pap = dynamic_cast<wxPAPCredentialsPanel*>(panel->m_inner_cred);
if (panel_inner_cred_pap)
panel_inner_cred_pap->SetRememberValue(cred_source.second == eap::credentials::source_storage);
// Centre and display dialog.
dlg.Centre(wxBOTH); dlg.Centre(wxBOTH);
result = dlg.ShowModal(); result = dlg.ShowModal();
if (result == wxID_OK) { if (result == wxID_OK) {
@ -208,7 +216,6 @@ void eap::peer_ttls_ui::invoke_identity_ui(
} }
} }
wxPAPCredentialsPanel *panel_inner_cred_pap = dynamic_cast<wxPAPCredentialsPanel*>(panel->m_inner_cred);
if (panel_inner_cred_pap && panel_inner_cred_pap->GetRememberValue()) { if (panel_inner_cred_pap && panel_inner_cred_pap->GetRememberValue()) {
try { try {
cred_out.m_inner->store(cfg_prov.m_id.c_str()); cred_out.m_inner->store(cfg_prov.m_id.c_str());

4
lib/TTLS_UI/src/TTLS_UI.cpp
View File

@ -226,7 +226,7 @@ wxTTLSCredentialsPanel::wxTTLSCredentialsPanel(const eap::config_provider &prov,
assert(m_cfg.m_inner); assert(m_cfg.m_inner);
if (m_cfg.m_inner->m_cred_failed) if (m_cfg.m_inner->m_auth_failed)
sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, this), 0, wxALL|wxEXPAND, 5); sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, this), 0, wxALL|wxEXPAND, 5);
const eap::config_method_pap *cfg_inner_pap = dynamic_cast<const eap::config_method_pap*>(m_cfg.m_inner.get()); const eap::config_method_pap *cfg_inner_pap = dynamic_cast<const eap::config_method_pap*>(m_cfg.m_inner.get());
@ -245,7 +245,7 @@ wxTTLSCredentialsPanel::wxTTLSCredentialsPanel(const eap::config_provider &prov,
m_outer_title->SetForegroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_INACTIVECAPTION ) ); m_outer_title->SetForegroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_INACTIVECAPTION ) );
sb_content->Add(m_outer_title, 0, wxALL|wxALIGN_RIGHT, 5); sb_content->Add(m_outer_title, 0, wxALL|wxALIGN_RIGHT, 5);
if (m_cfg.m_cred_failed) if (m_cfg.m_auth_failed)
sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, this), 0, wxALL|wxEXPAND, 5); sb_content->Add(new wxEAPCredentialWarningPanel(m_prov, this), 0, wxALL|wxEXPAND, 5);
m_outer_cred = new wxTLSCredentialsPanel(m_prov, (const eap::config_method_tls&)m_cfg, (eap::credentials_tls&)cred, pszCredTarget, this, is_config); m_outer_cred = new wxTLSCredentialsPanel(m_prov, (const eap::config_method_tls&)m_cfg, (eap::credentials_tls&)cred, pszCredTarget, this, is_config);