From e92f47677dfb2ec49145665b9692cc0acb878e31 Mon Sep 17 00:00:00 2001 From: Simon Rozman Date: Tue, 9 Aug 2016 18:37:12 +0200 Subject: [PATCH] TLS implementation continues... --- include/Common.props | 2 +- lib/EAPBase/src/Method.cpp | 6 +- lib/Events/res/EventsETW.man | Bin 33056 -> 34460 bytes lib/TLS/include/Method.h | 259 ++++++++++++++-- lib/TLS/src/Method.cpp | 556 ++++++++++++++++++++++++++++++++--- lib/WinStd | 2 +- 6 files changed, 763 insertions(+), 62 deletions(-) diff --git a/include/Common.props b/include/Common.props index 702292f..adffbf5 100644 --- a/include/Common.props +++ b/include/Common.props @@ -32,7 +32,7 @@ Level4 - _WIN32_WINNT=0x0600;ISOLATION_AWARE_ENABLED=1;%(PreprocessorDefinitions) + _WIN32_WINNT=0x0600;ISOLATION_AWARE_ENABLED=1;CERT_CHAIN_PARA_HAS_EXTRA_FIELDS;%(PreprocessorDefinitions) Use StdAfx.h ProgramDatabase diff --git a/lib/EAPBase/src/Method.cpp b/lib/EAPBase/src/Method.cpp index 96c3485..5e74dea 100644 --- a/lib/EAPBase/src/Method.cpp +++ b/lib/EAPBase/src/Method.cpp @@ -67,9 +67,9 @@ eap::method& eap::method::operator=(_In_ const method &other) eap::method& eap::method::operator=(_Inout_ method &&other) { if (this != std::addressof(other)) { - assert(std::addressof(m_module) == std::addressof(other.m_module)); // Copy method within same module only! - assert(std::addressof(m_cfg ) == std::addressof(other.m_cfg )); // Copy method with same configuration only! - assert(std::addressof(m_cred ) == std::addressof(other.m_cred )); // Copy method with same credentials only! + assert(std::addressof(m_module) == std::addressof(other.m_module)); // Move method within same module only! + assert(std::addressof(m_cfg ) == std::addressof(other.m_cfg )); // Move method with same configuration only! + assert(std::addressof(m_cred ) == std::addressof(other.m_cred )); // Move method with same credentials only! } return *this; diff --git a/lib/Events/res/EventsETW.man b/lib/Events/res/EventsETW.man index 835a4a039289eb30fd018f612ff27415905c1e44..f545bb3efdc7a85dbb36f6755816729c1c4a3875 100644 GIT binary patch delta 449 zcmZ3`#5AXuX+wkdqKT%n&lU&`Fiqh{0fTqFWe_bL^OMx!S;nEoxz?cK`~Q#vO<;1OCo4AjPwN5z8)*)R diff --git a/lib/TLS/include/Method.h b/lib/TLS/include/Method.h index b348ead..dde4ad2 100644 --- a/lib/TLS/include/Method.h +++ b/lib/TLS/include/Method.h @@ -83,16 +83,59 @@ namespace eap /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter: A.4. Handshake Protocol](https://tools.ietf.org/html/rfc5246#appendix-A.4) /// enum handshake_type_t { - hello_request = 0, - client_hello = 1, - server_hello = 2, - certificate = 11, - server_key_exchange = 12, - certificate_request = 13, - server_hello_done = 14, - certificate_verify = 15, - client_key_exchange = 16, - finished = 20 + handshake_type_hello_request = 0, + handshake_type_client_hello = 1, + handshake_type_server_hello = 2, + handshake_type_certificate = 11, + handshake_type_server_key_exchange = 12, + handshake_type_certificate_request = 13, + handshake_type_server_hello_done = 14, + handshake_type_certificate_verify = 15, + handshake_type_client_key_exchange = 16, + handshake_type_finished = 20 + }; + + /// + /// TLS alert level + /// + /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter: 7.2. Alert Protocol)](https://tools.ietf.org/html/rfc5246#section-7.2) + /// + enum alert_level_t { + alert_level_warning = 1, + alert_level_fatal = 2, + }; + + /// + /// TLS alert description + /// + /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter: 7.2. Alert Protocol)](https://tools.ietf.org/html/rfc5246#section-7.2) + /// + enum alert_desc_t { + alert_desc_close_notify = 0, + alert_desc_unexpected_message = 10, + alert_desc_bad_record_mac = 20, + alert_desc_decryption_failed = 21, // reserved + alert_desc_record_overflow = 22, + alert_desc_decompression_failure = 30, + alert_desc_handshake_failure = 40, + alert_desc_no_certificate = 41, // reserved + alert_desc_bad_certificate = 42, + alert_desc_unsupported_certificate = 43, + alert_desc_certificate_revoked = 44, + alert_desc_certificate_expired = 45, + alert_desc_certificate_unknown = 46, + alert_desc_illegal_parameter = 47, + alert_desc_unknown_ca = 48, + alert_desc_access_denied = 49, + alert_desc_decode_error = 50, + alert_desc_decrypt_error = 51, + alert_desc_export_restriction = 60, // reserved + alert_desc_protocol_version = 70, + alert_desc_insufficient_security = 71, + alert_desc_internal_error = 80, + alert_desc_user_canceled = 90, + alert_desc_no_renegotiation = 100, + alert_desc_unsupported_extension = 110, }; /// @@ -210,6 +253,58 @@ namespace eap }; #pragma pack(pop) +#pragma pack(push) +#pragma pack(1) + /// + /// Master secret + /// + /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (8.1. Computing the Master Secret)](https://tools.ietf.org/html/rfc5246#section-8.1) + /// + struct master_secret { + unsigned char data[48]; + + /// + /// Constructs a all-zero master secret + /// + master_secret(); + + /// + /// Constructs a pre-master secret + /// + /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.7.1. RSA-Encrypted Premaster Secret Message)](https://tools.ietf.org/html/rfc5246#section-7.4.7.1) + /// + /// \param[in] cp Handle of the cryptographics provider + /// + master_secret(_In_ HCRYPTPROV cp); + + /// + /// Copies a master secret + /// + /// \param[in] other Random to copy from + /// + master_secret(_In_ const master_secret &other); + + /// + /// Destructor + /// + ~master_secret(); + + /// + /// Copies a master secret + /// + /// \param[in] other Random to copy from + /// + /// \returns Reference to this object + /// + master_secret& operator=(_In_ const master_secret &other); + + /// + /// Empty the master secret + /// + void clear(); + }; +#pragma pack(pop) + public: /// /// Constructs an EAP method @@ -301,21 +396,93 @@ namespace eap /// /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.1.2. Client Hello)](https://tools.ietf.org/html/rfc5246#section-7.4.1.2) /// - /// \returns Client Hello message + /// \returns Client hello message /// sanitizing_blob make_client_hello() const; + /// + /// Makes a TLS client certificate message + /// + /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.6. Client Certificate)](https://tools.ietf.org/html/rfc5246#section-7.4.6) + /// + /// \returns Client certificate message + /// + sanitizing_blob make_client_cert() const; + + /// + /// Makes a TLS client key exchange message + /// + /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.7. Client Key Exchange Message )](https://tools.ietf.org/html/rfc5246#section-7.4.7) + /// + /// \param[in] pms_enc Encoded pre master secret + /// + /// \returns Client key exchange message + /// + sanitizing_blob make_client_key_exchange(_In_ const sanitizing_blob &pms_enc) const; + + /// + /// Makes a TLS change cipher spec message + /// + /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1) + /// + /// \returns Change cipher spec + /// + static eap::sanitizing_blob make_change_chiper_spec(); + + /// + /// Makes a TLS finished message + /// + /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1) + /// + /// \returns Change cipher spec + /// + eap::sanitizing_blob make_finished(); + /// /// Makes a TLS handshake /// /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1) /// - /// \param[in] msg Handshake data contents + /// \param[in] msg Handshake data contents /// /// \returns TLS handshake message /// static eap::sanitizing_blob make_handshake(_In_ const sanitizing_blob &msg); + /// + /// Makes a TLS handshake + /// + /// \param[in] msg Handshake data contents + /// \param[in] encrypt Should the message be encrypted? + /// + /// \returns TLS handshake message + /// + inline eap::sanitizing_blob make_handshake(_In_ const sanitizing_blob &msg, _In_ bool encrypted) + { + if (encrypted) { + // Make unencrypted handshake, encrypt it, then make a new handshake message. + sanitizing_blob msg_enc(std::move(make_handshake(msg))); + encrypt_message(msg_enc); + return make_handshake(msg_enc); + } else + return make_handshake(msg); + } + + /// + /// Generates keys required by current connection state + /// + /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 6.3. Key Calculation)](https://tools.ietf.org/html/rfc5246#section-6.3) + /// + void derive_keys(); + + /// + /// Processes messages in a TLS packet + /// + /// \param[in] pck Packet data + /// \param[in] size_pck \p pck size in bytes + /// + void process_packet(_In_bytecount_(size_pck) const void *pck, _In_ size_t size_pck); + /// /// Processes a TLS handshake /// @@ -326,6 +493,21 @@ namespace eap /// void process_handshake(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size); + /// + /// Processes a TLS handshake + /// + /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.2. Alert Protocol)](https://tools.ietf.org/html/rfc5246#section-7.2) + /// + /// \param[in] msg TLS alert message data + /// \param[in] msg_size TLS alert message data size + /// + void process_alert(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size); + + /// + /// Verifies server's certificate if trusted by configuration + /// + void verify_server_trust(); + /// /// Encrypt TLS message /// @@ -343,14 +525,34 @@ namespace eap /// /// Calculates pseudo-random P_hash data defined in RFC 5246 /// - /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter: 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc5246#section-5) + /// \sa [The Transport Layer Security (TLS) Protocol Version 1.1 (Chapter 5: HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc4346#section-5) /// - /// \param[in] alg Hashing algorithm to use (CALG_MD5 or CALG_SHA1) - /// \param[in] secret Hashing secret key - /// \param[in] size_secret \p secret size - /// \param[in] seed Hashing seed - /// \param[in] size_seed \p seed size - /// \param[in] size Minimum number of bytes of pseudo-random data required + /// \param[in] secret Hashing secret key + /// \param[in] size_secret \p secret size + /// \param[in] lblseed Concatenated label and seed + /// \param[in] size_lblseed \p lblseed size + /// \param[in] size Number of bytes of pseudo-random data required + /// + /// \returns Generated pseudo-random data (\p size bytes) + /// + std::vector prf( + _In_bytecount_(size_secret ) const void *secret, + _In_ size_t size_secret, + _In_bytecount_(size_lblseed) const void *lblseed, + _In_ size_t size_lblseed, + _In_ size_t size); + + /// + /// Calculates pseudo-random P_hash data defined in RFC 5246 + /// + /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 5: HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc5246#section-5) + /// + /// \param[in] alg Hashing algorithm to use (CALG_MD5 or CALG_SHA1) + /// \param[in] secret Hashing secret key + /// \param[in] size_secret \p secret size + /// \param[in] seed Hashing seed + /// \param[in] size_seed \p seed size + /// \param[in] size Minimum number of bytes of pseudo-random data required /// /// \returns Generated pseudo-random data (\p size or longer) /// @@ -382,7 +584,8 @@ namespace eap if (!CryptHashData(hash, (const BYTE*)secret, (DWORD)size_secret, 0)) throw winstd::win_runtime_error(__FUNCTION__ " Error hashing secret."); winstd::crypt_key key; - key.derive(m_cp, CALG_RC4, hash, 0); + if (!key.derive(m_cp, CALG_RC4, hash, 0)) + throw winstd::win_runtime_error(__FUNCTION__ " Error deriving key."); return key.detach(); } @@ -407,10 +610,14 @@ namespace eap } public: + config_method_tls &m_cfg; ///< EAP-TLS method configuration + credentials_tls &m_cred; ///< EAP-TLS user credentials + enum phase_t { phase_unknown = -1, phase_client_hello = 0, - phase_server_hello = 1, + phase_server_hello, + phase_resume_session, } m_phase; ///< Session phase packet m_packet_req; ///< Request packet @@ -418,7 +625,6 @@ namespace eap winstd::crypt_prov m_cp; ///< Cryptography provider winstd::crypt_key m_key_hmac; ///< Symmetric key for HMAC calculation - winstd::crypt_key m_key_encrypt; ///< Key for encrypting messages winstd::crypt_key m_key_decrypt; ///< Key for decrypting messages @@ -429,11 +635,16 @@ namespace eap std::list m_server_cert_chain; ///< Server certificate chain - bool m_send_client_cert; ///< Did server request client certificate? - winstd::crypt_hash m_hash_handshake_msgs_md5; ///< Running MD5 hash of handshake messages sent winstd::crypt_hash m_hash_handshake_msgs_sha1; ///< Running SHA-1 hash of handshake messages sent + master_secret m_master_secret; ///< TLS master secret + + bool m_send_client_cert; ///< Did server request client certificate? + //bool m_server_hello_done; ///< Is server hello done? + bool m_server_finished; ///< Did server send a valid finish message? + bool m_cipher_spec; ///< Did server specify cipher? + protected: unsigned __int64 m_seq_num; ///< Sequence number for encryption }; diff --git a/lib/TLS/src/Method.cpp b/lib/TLS/src/Method.cpp index fb2a7d6..6bd617c 100644 --- a/lib/TLS/src/Method.cpp +++ b/lib/TLS/src/Method.cpp @@ -131,13 +131,65 @@ void eap::method_tls::random::clear() } +////////////////////////////////////////////////////////////////////// +// eap::method_tls::master_secret +////////////////////////////////////////////////////////////////////// + +eap::method_tls::master_secret::master_secret() +{ + memset(data, 0, sizeof(data)); +} + + +eap::method_tls::master_secret::master_secret(_In_ HCRYPTPROV cp) +{ + data[0] = 3; + data[1] = 1; + + if (!CryptGenRandom(cp, sizeof(data) - 2, data + 2)) + throw win_runtime_error(__FUNCTION__ " Error creating PMS randomness."); +} + + +eap::method_tls::master_secret::master_secret(_In_ const master_secret &other) +{ + memcpy(data, other.data, sizeof(data)); +} + + +eap::method_tls::master_secret::~master_secret() +{ + SecureZeroMemory(data, sizeof(data)); +} + + +eap::method_tls::master_secret& eap::method_tls::master_secret::operator=(_In_ const master_secret &other) +{ + if (this != std::addressof(other)) + memcpy(data, other.data, sizeof(data)); + + return *this; +} + + +void eap::method_tls::master_secret::clear() +{ + memset(data, 0, sizeof(data)); +} + + ////////////////////////////////////////////////////////////////////// // eap::method_tls ////////////////////////////////////////////////////////////////////// eap::method_tls::method_tls(_In_ module &module, _In_ config_method_tls &cfg, _In_ credentials_tls &cred) : + m_cfg(cfg), + m_cred(cred), m_phase(phase_unknown), m_send_client_cert(false), + //m_server_hello_done(false), + m_server_finished(false), + m_cipher_spec(false), m_seq_num(0), method(module, cfg, cred) { @@ -145,6 +197,8 @@ eap::method_tls::method_tls(_In_ module &module, _In_ config_method_tls &cfg, _I eap::method_tls::method_tls(_In_ const method_tls &other) : + m_cfg(other.m_cfg), + m_cred(other.m_cred), m_phase(other.m_phase), m_packet_req(other.m_packet_req), m_packet_res(other.m_packet_res), @@ -152,9 +206,13 @@ eap::method_tls::method_tls(_In_ const method_tls &other) : m_random_server(other.m_random_server), m_session_id(other.m_session_id), m_server_cert_chain(other.m_server_cert_chain), - m_send_client_cert(other.m_send_client_cert), m_hash_handshake_msgs_md5(other.m_hash_handshake_msgs_md5), m_hash_handshake_msgs_sha1(other.m_hash_handshake_msgs_sha1), + m_master_secret(other.m_master_secret), + m_send_client_cert(other.m_send_client_cert), + //m_server_hello_done(other.m_server_hello_done), + m_server_finished(other.m_server_finished), + m_cipher_spec(other.m_cipher_spec), m_seq_num(other.m_seq_num), method(other) { @@ -162,6 +220,8 @@ eap::method_tls::method_tls(_In_ const method_tls &other) : eap::method_tls::method_tls(_Inout_ method_tls &&other) : + m_cfg(other.m_cfg), + m_cred(other.m_cred), m_phase(std::move(other.m_phase)), m_packet_req(std::move(other.m_packet_req)), m_packet_res(std::move(other.m_packet_res)), @@ -169,9 +229,13 @@ eap::method_tls::method_tls(_Inout_ method_tls &&other) : m_random_server(std::move(other.m_random_server)), m_session_id(std::move(other.m_session_id)), m_server_cert_chain(std::move(other.m_server_cert_chain)), - m_send_client_cert(std::move(other.m_send_client_cert)), m_hash_handshake_msgs_md5(std::move(other.m_hash_handshake_msgs_md5)), m_hash_handshake_msgs_sha1(std::move(other.m_hash_handshake_msgs_sha1)), + m_master_secret(std::move(other.m_master_secret)), + m_send_client_cert(std::move(other.m_send_client_cert)), + //m_server_hello_done(std::move(other.m_server_hello_done)), + m_server_finished(std::move(other.m_server_finished)), + m_cipher_spec(std::move(other.m_cipher_spec)), m_seq_num(std::move(other.m_seq_num)), method(std::move(other)) { @@ -181,6 +245,8 @@ eap::method_tls::method_tls(_Inout_ method_tls &&other) : eap::method_tls& eap::method_tls::operator=(_In_ const method_tls &other) { if (this != std::addressof(other)) { + assert(std::addressof(m_cfg ) == std::addressof(other.m_cfg )); // Copy method with same configuration only! + assert(std::addressof(m_cred) == std::addressof(other.m_cred)); // Copy method with same credentials only! (method&)*this = other; m_phase = other.m_phase; m_packet_req = other.m_packet_req; @@ -189,9 +255,13 @@ eap::method_tls& eap::method_tls::operator=(_In_ const method_tls &other) m_random_server = other.m_random_server; m_session_id = other.m_session_id; m_server_cert_chain = other.m_server_cert_chain; - m_send_client_cert = other.m_send_client_cert; m_hash_handshake_msgs_md5 = other.m_hash_handshake_msgs_md5; m_hash_handshake_msgs_sha1 = other.m_hash_handshake_msgs_sha1; + m_master_secret = other.m_master_secret; + m_send_client_cert = other.m_send_client_cert; + //m_server_hello_done = other.m_server_hello_done; + m_server_finished = other.m_server_finished; + m_cipher_spec = other.m_cipher_spec; m_seq_num = other.m_seq_num; } @@ -202,6 +272,8 @@ eap::method_tls& eap::method_tls::operator=(_In_ const method_tls &other) eap::method_tls& eap::method_tls::operator=(_Inout_ method_tls &&other) { if (this != std::addressof(other)) { + assert(std::addressof(m_cfg ) == std::addressof(other.m_cfg )); // Move method with same configuration only! + assert(std::addressof(m_cred) == std::addressof(other.m_cred)); // Move method with same credentials only! (method&)*this = std::move(other); m_phase = std::move(other.m_phase); m_packet_req = std::move(other.m_packet_req); @@ -210,9 +282,13 @@ eap::method_tls& eap::method_tls::operator=(_Inout_ method_tls &&other) m_random_server = std::move(other.m_random_server); m_session_id = std::move(other.m_session_id); m_server_cert_chain = std::move(other.m_server_cert_chain); - m_send_client_cert = std::move(other.m_send_client_cert); m_hash_handshake_msgs_md5 = std::move(other.m_hash_handshake_msgs_md5); m_hash_handshake_msgs_sha1 = std::move(other.m_hash_handshake_msgs_sha1); + m_master_secret = std::move(other.m_master_secret); + m_send_client_cert = std::move(other.m_send_client_cert); + //m_server_hello_done = std::move(other.m_server_hello_done); + m_server_finished = std::move(other.m_server_finished); + m_cipher_spec = std::move(other.m_cipher_spec); m_seq_num = std::move(other.m_seq_num); } @@ -229,7 +305,7 @@ void eap::method_tls::begin_session( eap::method::begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize); // Create cryptographics provider. - if (!m_cp.create(NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, 0)) + if (!m_cp.create(NULL, MS_ENHANCED_PROV, PROV_RSA_FULL)) throw win_runtime_error(__FUNCTION__ " Error creating cryptographics provider."); } @@ -246,7 +322,7 @@ void eap::method_tls::process_request_packet( if (dwReceivedPacketSize < 6) throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Packet is too small. EAP-%s packets should be at least 6B."); //else if (pReceivedPacket->Data[0] != eap_type_tls) // Skip method check, to allow TTLS extension. - // throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, wstring_printf(_T(__FUNCTION__) _T(" Packet is not EAP-TLS (expected: %u, received: %u)."), eap_type_tls, pReceivedPacket->Data[0]).c_str()); + // throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, string_printf(__FUNCTION__ " Packet is not EAP-TLS (expected: %u, received: %u).", eap_type_tls, pReceivedPacket->Data[0])); // Get packet data pointer and size for more readable code later on. const unsigned char *packet_data_ptr; @@ -312,17 +388,21 @@ void eap::method_tls::process_request_packet( throw win_runtime_error(__FUNCTION__ " Error creating client randomness."); m_random_server.clear(); m_server_cert_chain.clear(); - m_send_client_cert = false; m_session_id.clear(); // Create MD5 hash object. - if (!m_hash_handshake_msgs_md5.create(m_cp, CALG_MD5, NULL, 0)) + if (!m_hash_handshake_msgs_md5.create(m_cp, CALG_MD5)) throw win_runtime_error(__FUNCTION__ " Error creating MD5 hashing object."); // Create SHA-1 hash object. - if (!m_hash_handshake_msgs_sha1.create(m_cp, CALG_SHA1, NULL, 0)) + if (!m_hash_handshake_msgs_sha1.create(m_cp, CALG_SHA1)) throw win_runtime_error(__FUNCTION__ " Error creating SHA-1 hashing object."); + m_master_secret.clear(); + m_send_client_cert = false; + //m_server_hello_done = false; + m_server_finished = false; + m_cipher_spec = false; m_seq_num = 0; } @@ -355,29 +435,89 @@ void eap::method_tls::process_request_packet( m_packet_res.m_id = m_packet_req.m_id; m_packet_res.m_flags = 0; sanitizing_blob hello(make_client_hello()); - sanitizing_blob handshake(make_handshake(hello)); + sanitizing_blob handshake(make_handshake(hello, m_cipher_spec)); m_packet_res.m_data.assign(handshake.begin(), handshake.end()); - pEapOutput->fAllowNotifications = FALSE; - pEapOutput->action = EapPeerMethodResponseActionSend; - - // Hash the client_hello message. CryptHashData(m_hash_handshake_msgs_md5 , hello.data(), (DWORD)hello.size(), 0); CryptHashData(m_hash_handshake_msgs_sha1, hello.data(), (DWORD)hello.size(), 0); + pEapOutput->fAllowNotifications = FALSE; + pEapOutput->action = EapPeerMethodResponseActionSend; m_phase = phase_server_hello; break; } case phase_server_hello: { - if (m_packet_req.m_data.size() < 5) - throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, string_printf(__FUNCTION__ " TLS message too small (expected >=5, received %uB).", m_packet_req.m_data.size())); - const message *msg = (const message*)m_packet_req.m_data.data(); - if (msg->type != message_type_handshake) - throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, string_printf(__FUNCTION__ " Wrong TLS message (expected %u, received %uB).", message_type_handshake, msg->type)); + process_packet(m_packet_req.m_data.data(), m_packet_req.m_data.size()); - process_handshake(msg->data, std::min(ntohs(*(unsigned short*)msg->length), m_packet_req.m_data.size() - 5)); + if (m_server_cert_chain.empty()) + throw win_runtime_error(ERROR_ENCRYPTION_FAILED, __FUNCTION__ " Can not continue without server's certificate."); - //break; + verify_server_trust(); + + // Build response packet. + m_packet_res.m_code = EapCodeResponse; + m_packet_res.m_id = m_packet_req.m_id; + m_packet_res.m_flags = 0; + m_packet_res.m_data.clear(); + + if (!m_server_finished || !m_cipher_spec) { + // New session. + + if (m_send_client_cert) { + // Client certificate requested, and append to packet. + sanitizing_blob client_cert(make_client_cert()); + sanitizing_blob handshake(make_handshake(client_cert, m_cipher_spec)); + m_packet_res.m_data.insert(m_packet_res.m_data.end(), handshake.begin(), handshake.end()); + CryptHashData(m_hash_handshake_msgs_md5 , client_cert.data(), (DWORD)client_cert.size(), 0); + CryptHashData(m_hash_handshake_msgs_sha1, client_cert.data(), (DWORD)client_cert.size(), 0); + } + + // Generate pre-master secret and encrypt it. PMS will get sanitized in its destructor when going out-of-scope. + master_secret pms(m_cp); + sanitizing_blob pms_enc((const unsigned char*)&pms, (const unsigned char*)(&pms + 1)); + crypt_key key; + if (!key.import_public(m_cp, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(m_server_cert_chain.front()->pCertInfo->SubjectPublicKeyInfo))) + throw win_runtime_error(__FUNCTION__ " Error importing server's public key."); + if (!CryptEncrypt(key, NULL, TRUE, 0, pms_enc)) + throw win_runtime_error(__FUNCTION__ " Error encrypting PMS."); + + // Derive master secret. + vector lblseed, hash; + const unsigned char s_label[] = "master secret"; + lblseed.assign(s_label, s_label + _countof(s_label) - 1); + lblseed.insert(lblseed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1)); + lblseed.insert(lblseed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1)); + memcpy(&m_master_secret, prf(&pms, sizeof(pms), lblseed.data(), lblseed.size(), sizeof(m_master_secret)).data(), sizeof(m_master_secret)); + + // Create client key exchange message, and append to packet. + sanitizing_blob client_key_exchange(make_client_key_exchange(pms_enc)); + sanitizing_blob handshake(make_handshake(client_key_exchange, m_cipher_spec)); + m_packet_res.m_data.insert(m_packet_res.m_data.end(), handshake.begin(), handshake.end()); + CryptHashData(m_hash_handshake_msgs_md5 , client_key_exchange.data(), (DWORD)client_key_exchange.size(), 0); + CryptHashData(m_hash_handshake_msgs_sha1, client_key_exchange.data(), (DWORD)client_key_exchange.size(), 0); + } + + // Append change cipher spec to packet. + sanitizing_blob ccs(make_change_chiper_spec()); + m_packet_res.m_data.insert(m_packet_res.m_data.end(), ccs.begin(), ccs.end()); + + if (!m_server_finished || !m_cipher_spec) { + // Setup encryption. + derive_keys(); + m_cipher_spec = true; + } + + sanitizing_blob finished(make_finished()); + sanitizing_blob handshake(make_handshake(finished, m_cipher_spec)); + m_packet_res.m_data.insert(m_packet_res.m_data.end(), handshake.begin(), handshake.end()); + CryptHashData(m_hash_handshake_msgs_md5 , finished.data(), (DWORD)finished.size(), 0); + CryptHashData(m_hash_handshake_msgs_sha1, finished.data(), (DWORD)finished.size(), 0); + + pEapOutput->fAllowNotifications = FALSE; + pEapOutput->action = EapPeerMethodResponseActionSend; + m_phase = phase_resume_session; + + //break; // Leave commented until finished. } default: @@ -474,7 +614,7 @@ eap::sanitizing_blob eap::method_tls::make_client_hello() const // SSL header assert(size_data <= 0xffffff); - unsigned int ssl_header = htonl(((unsigned int)client_hello << 24) | (unsigned int)size_data); + unsigned int ssl_header = htonl(((unsigned int)handshake_type_client_hello << 24) | (unsigned int)size_data); msg.insert(msg.end(), (unsigned char*)&ssl_header, (unsigned char*)(&ssl_header + 1)); // SSL version: TLS 1.0 @@ -503,9 +643,124 @@ eap::sanitizing_blob eap::method_tls::make_client_hello() const } +eap::sanitizing_blob eap::method_tls::make_client_cert() const +{ + // Select client certificate. + PCCERT_CONTEXT cert; + if (m_cfg.m_use_preshared) { + // Using pre-shared credentials. + const credentials_tls *preshared = dynamic_cast(m_cfg.m_preshared.get()); + cert = preshared && preshared->m_cert ? preshared->m_cert : NULL; + } else { + // Using own credentials. + cert = m_cred.m_cert ? m_cred.m_cert : NULL; + } + + size_t size_data, size_list; + sanitizing_blob msg; + msg.reserve( + 4 + // SSL header + (size_data = + 3 + // Certificate list size + (size_list = + (cert ? 3 + cert->cbCertEncoded : 0)))); // Certificate (optional) + + // SSL header + assert(size_data <= 0xffffff); + unsigned int ssl_header = htonl(((unsigned int)handshake_type_certificate << 24) | (unsigned int)size_data); + msg.insert(msg.end(), (unsigned char*)&ssl_header, (unsigned char*)(&ssl_header + 1)); + + // List size + assert(size_list <= 0xffffff); + msg.push_back((unsigned char)((size_list >> 16) & 0xff)); + msg.push_back((unsigned char)((size_list >> 8) & 0xff)); + msg.push_back((unsigned char)((size_list ) & 0xff)); + + if (cert) { + // Cert size + assert(cert->cbCertEncoded <= 0xffffff); + msg.push_back((unsigned char)((cert->cbCertEncoded >> 16) & 0xff)); + msg.push_back((unsigned char)((cert->cbCertEncoded >> 8) & 0xff)); + msg.push_back((unsigned char)((cert->cbCertEncoded ) & 0xff)); + + msg.insert(msg.end(), cert->pbCertEncoded, cert->pbCertEncoded + cert->cbCertEncoded); + } + + return msg; +} + + +eap::sanitizing_blob eap::method_tls::make_client_key_exchange(_In_ const sanitizing_blob &pms_enc) const +{ + size_t size_data, size_pms_enc = pms_enc.size(); + sanitizing_blob msg; + msg.reserve( + 4 + // SSL header + (size_data = + 2 + // Encrypted pre master secret size + size_pms_enc)); // Encrypted pre master secret + + // SSL header + assert(size_data <= 0xffffff); + unsigned int ssl_header = htonl(((unsigned int)handshake_type_client_key_exchange << 24) | (unsigned int)size_data); + msg.insert(msg.end(), (unsigned char*)&ssl_header, (unsigned char*)(&ssl_header + 1)); + + // Encrypted pre master secret size + assert(size_pms_enc <= 0xffff); + msg.push_back((unsigned char)((size_pms_enc >> 8) & 0xff)); + msg.push_back((unsigned char)((size_pms_enc ) & 0xff)); + + // Encrypted pre master secret + msg.insert(msg.end(), pms_enc.begin(), pms_enc.end()); + + return msg; +} + + +eap::sanitizing_blob eap::method_tls::make_change_chiper_spec() +{ + static const unsigned char s_msg_css[] = { + (unsigned char)message_type_change_cipher_spec, // SSL record type + 3, // SSL major version + 1, // SSL minor version + 0, // Message size (high-order byte) + 1, // Message size (low-order byte) + 1, // Message: change_cipher_spec is always "1" + }; + return eap::sanitizing_blob(s_msg_css, s_msg_css + _countof(s_msg_css)); +} + + +eap::sanitizing_blob eap::method_tls::make_finished() +{ + sanitizing_blob msg; + msg.reserve( + 4 + // SSL header + 12); // verify_data is 12B + + // SSL header + unsigned int ssl_header = htonl(((unsigned int)handshake_type_finished << 24) | 12); + msg.insert(msg.end(), (unsigned char*)&ssl_header, (unsigned char*)(&ssl_header + 1)); + + // Create label + hash MD5 + hash SHA-1 seed. + vector lblseed, hash; + const unsigned char s_label[] = "client finished"; + lblseed.assign(s_label, s_label + _countof(s_label) - 1); + if (!CryptGetHashParam(m_hash_handshake_msgs_md5, HP_HASHVAL, hash, 0)) + throw win_runtime_error(__FUNCTION__ " Error finishing MD5 hash calculation."); + lblseed.insert(lblseed.end(), hash.begin(), hash.end()); + if (!CryptGetHashParam(m_hash_handshake_msgs_sha1, HP_HASHVAL, hash, 0)) + throw win_runtime_error(__FUNCTION__ " Error finishing SHA-1 hash calculation."); + lblseed.insert(lblseed.end(), hash.begin(), hash.end()); + vector verify(prf(&m_master_secret, sizeof(m_master_secret), lblseed.data(), lblseed.size(), 12)); + msg.insert(msg.end(), verify.begin(), verify.end()); + + return msg; +} + + eap::sanitizing_blob eap::method_tls::make_handshake(_In_ const sanitizing_blob &msg) { - // Create a handshake. size_t size_msg = msg.size(); eap::sanitizing_blob msg_h; msg_h.reserve( @@ -531,6 +786,90 @@ eap::sanitizing_blob eap::method_tls::make_handshake(_In_ const sanitizing_blob } +void eap::method_tls::derive_keys() +{ + vector lblseed; + const unsigned char s_label[] = "key expansion"; + lblseed.assign(s_label, s_label + _countof(s_label) - 1); + lblseed.insert(lblseed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1)); + lblseed.insert(lblseed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1)); + + vector key_block(prf(&m_master_secret, sizeof(m_master_secret), lblseed.data(), lblseed.size(), + 2*20 + // client_write_MAC_secret & server_write_MAC_secret (SHA1) + 2*24 + // client_write_key & server_write_key (3DES) + 2* 8)); // client_write_IV & server_write_IV + + const unsigned char *data = key_block.data(); + static const BLOBHEADER s_key_struct = { + OPAQUEKEYBLOB, + CUR_BLOB_VERSION, + 0, + CALG_RC4 + }; + vector key; + key.assign((const unsigned char*)&s_key_struct, (const unsigned char*)(&s_key_struct + 1)); + key.insert(key.end(), data, data + 20); + if (!m_key_hmac.import(m_cp, key.data(), key.size(), NULL, 0)) + throw win_runtime_error(__FUNCTION__ " Error importing client_write_MAC_secret key."); + + + // TODO: Derive rest of the keys. +} + + +void eap::method_tls::process_packet(_In_bytecount_(size_pck) const void *_pck, _In_ size_t size_pck) +{ + for (const unsigned char *pck = (const unsigned char*)_pck, *pck_end = pck + size_pck; pck < pck_end; ) { + if (pck + 5 > pck_end) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete message header."); + const message *hdr = (const message*)pck; + const unsigned char + *msg = hdr->data, + *msg_end = msg + ntohs(*(unsigned short*)hdr->length); + if (msg_end > pck_end) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete message data."); + + if (hdr->version.major == 3 && hdr->version.minor == 1) { + // Process TLS 1.0 message. + switch (hdr->type) { + case message_type_handshake: + if (m_cipher_spec) { + sanitizing_blob msg_dec(msg, msg_end); + decrypt_message(msg_dec); + process_handshake(msg_dec.data(), msg_dec.size()); + } else + process_handshake(msg, msg_end - msg); + break; + + case message_type_change_cipher_spec: + if (msg + 1 > msg_end) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete change cipher spec message."); + else if (msg[0] != 1) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, string_printf(__FUNCTION__ " Invalid change cipher spec message (expected 1, received %u).", msg[0])); + + if (!m_cipher_spec) { + // Resuming previous session. + derive_keys(); + m_cipher_spec = true; + } + break; + + case message_type_alert: + if (m_cipher_spec) { + sanitizing_blob msg_dec(msg, msg_end); + decrypt_message(msg_dec); + process_alert(msg_dec.data(), msg_dec.size()); + } else + process_alert(msg, msg_end - msg); + break; + } + } + + pck = msg_end; + } +} + + void eap::method_tls::process_handshake(_In_bytecount_(msg_size) const void *_msg, _In_ size_t msg_size) { for (const unsigned char *msg = (const unsigned char*)_msg, *msg_end = msg + msg_size; msg < msg_end; ) { @@ -542,11 +881,11 @@ void eap::method_tls::process_handshake(_In_bytecount_(msg_size) const void *_ms *rec = msg + sizeof(unsigned int), *rec_end = rec + (hdr & 0xffffff); if (rec_end > msg_end) - throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete record rec."); + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete record data."); // Process record. switch (hdr >> 24) { - case server_hello: + case handshake_type_server_hello: // TLS version if (rec + 2 > rec_end) throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Server SSL/TLS version missing or incomplete."); @@ -575,7 +914,7 @@ void eap::method_tls::process_handshake(_In_bytecount_(msg_size) const void *_ms break; - case certificate: { + case handshake_type_certificate: { // Certificate list size if (rec + 3 > rec_end) throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Certificate list size missing or incomplete."); @@ -608,20 +947,35 @@ void eap::method_tls::process_handshake(_In_bytecount_(msg_size) const void *_ms break; } - case certificate_request: + case handshake_type_certificate_request: m_send_client_cert = true; break; - case finished: - if (rec_end - rec != 12) - throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, string_printf(__FUNCTION__ " \"finished\" size incorrect (expected 12B, received %u).", rec_end - rec)); + //case handshake_type_server_hello_done: + // m_server_hello_done = true; - vector hash, hash_sha1; + case handshake_type_finished: { + // According to https://tools.ietf.org/html/rfc5246#section-7.4.9 all verify_data is 12B. + if (rec_end - rec != 12) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, string_printf(__FUNCTION__ " Finished record size incorrect (expected 12B, received %uB).", rec_end - rec)); + + // Create label + hash MD5 + hash SHA-1 seed. + vector lblseed, hash; + const unsigned char s_label[] = "server finished"; + lblseed.assign(s_label, s_label + _countof(s_label) - 1); if (!CryptGetHashParam(m_hash_handshake_msgs_md5, HP_HASHVAL, hash, 0)) throw win_runtime_error(__FUNCTION__ " Error finishing MD5 hash calculation."); - if (!CryptGetHashParam(m_hash_handshake_msgs_sha1, HP_HASHVAL, hash_sha1, 0)) + lblseed.insert(lblseed.end(), hash.begin(), hash.end()); + if (!CryptGetHashParam(m_hash_handshake_msgs_sha1, HP_HASHVAL, hash, 0)) throw win_runtime_error(__FUNCTION__ " Error finishing SHA-1 hash calculation."); - hash.insert(hash.end(), hash_sha1.begin(), hash_sha1.end()); + lblseed.insert(lblseed.end(), hash.begin(), hash.end()); + + if (memcmp(prf(&m_master_secret, sizeof(m_master_secret), lblseed.data(), lblseed.size(), 12).data(), rec, 12)) + throw win_runtime_error(ERROR_ENCRYPTION_FAILED, __FUNCTION__ " Integrity check failed."); + + m_server_finished = true; + break; + } } msg = rec_end; @@ -629,6 +983,115 @@ void eap::method_tls::process_handshake(_In_bytecount_(msg_size) const void *_ms } +void eap::method_tls::process_alert(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size) +{ + UNREFERENCED_PARAMETER(msg); + + if (msg_size < 2) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete alert."); + + //if (msg[0] == alert_level_fatal) { + // // Clear session ID to avoid reconnection attempts. + // m_session_id.clear(); + //} +} + + +void eap::method_tls::verify_server_trust() +{ + assert(!m_server_cert_chain.empty()); + cert_context &cert = m_server_cert_chain.front(); + + if (!m_cfg.m_server_names.empty()) { + // Check server name. + + string subj; + if (!CertGetNameStringA(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, subj)) + throw win_runtime_error(__FUNCTION__ " Error retrieving server's certificate subject name."); + + for (list::const_iterator s = m_cfg.m_server_names.cbegin(), s_end = m_cfg.m_server_names.cend();; ++s) { + if (s != s_end) { + const char + *a = s->c_str(), + *b = subj.c_str(); + size_t + len_a = s->length(), + len_b = subj.length(); + + if (_stricmp(a, b) == 0 || // Direct match + a[0] == '*' && len_b + 1 >= len_a && _stricmp(a + 1, b + len_b - (len_a - 1)) == 0) // "*..." wildchar match + { + m_module.log_event(&EAPMETHOD_SERVER_NAME_TRUSTED, event_data(subj), event_data::blank); + break; + } + } else + throw win_runtime_error(ERROR_INVALID_DOMAINNAME, string_printf(__FUNCTION__ " Server name %s is not on the list of trusted server names.", subj.c_str()).c_str()); + } + } + + // Create temporary certificate store of our trusted root CAs. + cert_store store; + if (!store.create(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, NULL, 0, NULL)) + throw win_runtime_error(ERROR_INVALID_DOMAINNAME, __FUNCTION__ " Error creating temporary certificate store."); + for (list::const_iterator c = m_cfg.m_trusted_root_ca.cbegin(), c_end = m_cfg.m_trusted_root_ca.cend(); c != c_end; ++c) + CertAddCertificateContextToStore(store, *c, CERT_STORE_ADD_REPLACE_EXISTING, NULL); + + // Add all certificates from the server's certificate chain, except the first one. + for (list::const_iterator c = m_server_cert_chain.cbegin(), c_end = m_server_cert_chain.cend(); ++c != c_end;) + CertAddCertificateContextToStore(store, *c, CERT_STORE_ADD_REPLACE_EXISTING, NULL); + + // Prepare the certificate chain validation, and check. + CERT_CHAIN_PARA chain_params = { + sizeof(chain_params), // cbSize + { + USAGE_MATCH_TYPE_AND, // RequestedUsage.dwType + {}, // RequestedUsage.Usage + }, +#ifdef CERT_CHAIN_PARA_HAS_EXTRA_FIELDS + {}, // RequestedIssuancePolicy + 1, // dwUrlRetrievalTimeout (1ms to speed up checking) +#else +#define _S2(x) #x +#define _S(x) _S2(x) +#pragma message(__FILE__ "(" _S(__LINE__) "): warning X0000: Please define CERT_CHAIN_PARA_HAS_EXTRA_FIELDS constant when compiling this project.") +#endif + }; + cert_chain_context context; + if (!context.create(NULL, cert, NULL, store, &chain_params, 0)) + throw win_runtime_error(ERROR_INVALID_DOMAINNAME, __FUNCTION__ " Error creating certificate chain context."); + + // Check chain validation error flags. Ignore CERT_TRUST_IS_UNTRUSTED_ROOT flag when we check root CA explicitly. + if (context->TrustStatus.dwErrorStatus != CERT_TRUST_NO_ERROR && + (m_cfg.m_trusted_root_ca.empty() || (context->TrustStatus.dwErrorStatus & ~CERT_TRUST_IS_UNTRUSTED_ROOT) != CERT_TRUST_NO_ERROR)) + throw win_runtime_error(context->TrustStatus.dwErrorStatus, "Error validating certificate chain."); + + if (!m_cfg.m_trusted_root_ca.empty()) { + // Verify Root CA against our trusted root CA list + if (context->cChain != 1) + throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Multiple chain verification not supported."); + if (context->rgpChain[0]->cElement == 0) + throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Can not verify empty certificate chain."); + + PCCERT_CONTEXT cert_root = context->rgpChain[0]->rgpElement[context->rgpChain[0]->cElement-1]->pCertContext; + for (list::const_iterator c = m_cfg.m_trusted_root_ca.cbegin(), c_end = m_cfg.m_trusted_root_ca.cend();; ++c) { + if (c != c_end) { + if (cert_root->cbCertEncoded == (*c)->cbCertEncoded && + memcmp(cert_root->pbCertEncoded, (*c)->pbCertEncoded, cert_root->cbCertEncoded) == 0) + { + // Trusted root CA found. + break; + } + } else { + // Not found. + throw win_runtime_error(ERROR_FILE_NOT_FOUND, __FUNCTION__ " Server's certificate not issued by one of configured trusted root CAs."); + } + } + } + + m_module.log_event(&EAPMETHOD_SERVER_CERT_TRUSTED, event_data::blank); +} + + void eap::method_tls::encrypt_message(_Inout_ sanitizing_blob &msg) { // Create a HMAC hash. @@ -689,6 +1152,33 @@ void eap::method_tls::decrypt_message(_Inout_ sanitizing_blob &msg) } +vector eap::method_tls::prf( + _In_bytecount_(size_secret ) const void *secret, + _In_ size_t size_secret, + _In_bytecount_(size_lblseed) const void *lblseed, + _In_ size_t size_lblseed, + _In_ size_t size) +{ + size_t + L_S1 = (size_secret + 1) / 2, + L_S2 = L_S1; + + const void + *S1 = secret, + *S2 = (const unsigned char*)secret + (size_secret - L_S2); + + vector + p_md5 (p_hash(CALG_MD5 , S1, L_S1, lblseed, size_lblseed, size)), + p_sha1(p_hash(CALG_SHA1, S2, L_S2, lblseed, size_lblseed, size)), + p(size); + + for (size_t i = 0; i < size; i++) + p[i] = p_md5[i] ^ p_sha1[i]; + + return p; +} + + vector eap::method_tls::p_hash( _In_ ALG_ID alg, _In_bytecount_(size_secret) const void *secret, diff --git a/lib/WinStd b/lib/WinStd index bacf47e..dc27115 160000 --- a/lib/WinStd +++ b/lib/WinStd @@ -1 +1 @@ -Subproject commit bacf47ebbc81621c41e73d88d5563a382ce68e3e +Subproject commit dc2711590306e1c056e49a12f8b8a7c40ee337ea