1d558c939e
Rename method_tls_tunnel to method_tls and move upstream
...
CRL checking was also moved upstream as method_tls triggers it.
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-07 13:10:37 +01:00
5c0299197b
method_defrag: Move upstream to make reusable
...
Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-07 13:09:43 +01:00
c31e019cef
eap::metod thorough redesign:
...
- Support for method stacking introduced
- EAP-TLS method has been discontinued
- ownTLS has been discontinued
2016-10-31 16:58:53 +01:00
f5a40f7ca8
Doxygen update
2016-10-28 13:47:59 +02:00
654c965851
Support for various peer action request extended
2016-10-27 10:00:18 +02:00
e7e1a6735d
pEapOutput Prefast specifier for process_request_packet() methods changed
2016-10-24 14:55:31 +02:00
a1f9a7bab9
ppResult >> pResult
2016-10-24 13:33:01 +02:00
01245d15d9
ID 8. A typo in the comment from security audit resolved
2016-10-03 14:54:02 +02:00
f0af016efe
ID 4. Possibility of method_tls class initialization list optimization from security audit fixed
2016-10-03 14:54:01 +02:00
79cc1af86f
Clean-up and XML handling enhancement:
...
- XML helper functions always return objects by winstd::com_obj or winstd::bstr reference now to ensure proper release by caller
- get_element_value()/put_element_value() can optionally return reference to the XML object if required
- WinStd macros to simplify dplhandle<> and handle<> inherited classes reused by non-copyable classes
2016-09-23 14:43:31 +02:00
c765954c0f
"Last Authentication Failed" flag extended to support finer feedback, why last authentication failed
2016-09-06 14:10:02 +02:00
d83f5422d7
MSCHAPv2 almost finished...
2016-09-05 16:44:18 +02:00
c33c8b551b
Clean-up
2016-09-04 17:57:04 +02:00
621669828b
Schannel and ownTLS MSK derivation unified
2016-09-02 14:03:34 +02:00
00aee5bb78
ownTLS updated
2016-09-02 11:38:28 +02:00
198b9a576e
Maximum packet size parameter is now optional
2016-09-02 10:19:39 +02:00
566785192a
Requirement that eap::method processes EAP packets only dropped, work with non-EAP methods simplified
2016-09-02 09:50:21 +02:00
1e60d21860
On session reconnect skip inner re-authentication now
2016-09-01 12:49:20 +02:00
844b185887
EAP packet classes organized in hierarchy now
2016-09-01 10:25:33 +02:00
cafd786e19
Own TLS updated to keep it alive (now that the fuss around outer/inner methods settled)
2016-08-29 20:40:37 +02:00
a7c8052ee2
eap::method revised to support nesting, so the PAP method was made a stand-alone method
2016-08-29 20:05:58 +02:00
9daa5b52a4
Incorrect letter case referencing EapHost service fixed
2016-08-27 06:58:57 +02:00
6077063599
The credentials are marked "invalid" at transition from handshake to application data phase only to prevent initial handshake problems from popping-up credential prompt when credentials have nothing to do with the connection failure.
2016-08-25 13:08:11 +02:00
d1c24efcf0
config_method_with_cred renamed to config_connection to describe it better
2016-08-24 11:39:37 +02:00
5332b538aa
Our own TLS merged back to master and compiles conditionally
2016-08-23 22:46:00 +02:00
9b997408a1
Switched to Schannel to do the TLS
2016-08-23 13:53:23 +02:00
df1d431bd0
- TLS revised (again)
...
- TLS Session resumption issues resolved
- Credential prompt has "Remember" checkbox initially selected when credentials originate from Windows Credential Manager
- Last authentication attempt failure notice is more general and no longer insinuate user credentials are the likely cause of the failure
- Additional log messages added
2016-08-17 11:50:34 +02:00
078636eb14
make_change_chiper_spec() removed as this message can simply be created using make_message()
2016-08-17 09:09:42 +02:00
cabae26e0b
Flags describing handshake messages received assembled in a boolean table of flags
2016-08-17 09:01:11 +02:00
e9839706b6
TLS clean-up
2016-08-16 16:44:19 +02:00
f5b03bc0bf
Annotation update
2016-08-16 10:39:42 +02:00
85d7c3d4ec
Support for TLS 1.2 added
2016-08-16 00:47:47 +02:00
de802b7a28
Byte-enums redefined & code clean-up
2016-08-15 21:01:38 +02:00
c8cfe4da42
TLS version no longer static, thou still fixed to TLS 1.0
2016-08-15 19:04:21 +02:00
d8ccf7cbc0
Credential management revised
2016-08-15 17:33:10 +02:00
3d6849a523
Peer correctly returns providers configuration instead of method configuration in method_tls::get_result()
2016-08-15 14:13:14 +02:00
e807336e7b
The TLS phase can be determined from flags alone, therefore m_phase member eliminated
2016-08-15 10:40:27 +02:00
95426cde7c
Clean-up
2016-08-15 10:09:01 +02:00
99aa53726d
- PPP authentication EAP response packet is correctly formed now
...
- MS-MPPE-Send-Key/MS-MPPE-Recv-Key sorted out
2016-08-14 21:04:19 +02:00
95e2f7e01b
Encryption/decryption revised
...
- Number of memory copying reduced
- HMAC verification of server packets added
- Handshake hashing simplified
2016-08-14 18:51:18 +02:00
47653492a2
Session key importing honours MSDN recommendation about exponent-one key usage
2016-08-14 12:44:49 +02:00
d1925a0704
method_tls::prf() simplified
2016-08-14 12:41:19 +02:00
ae37c9aa6c
TLS and TTLS distinction
2016-08-13 18:55:33 +02:00
eb918f3141
Processing of vendor specific TLS messages introduced
2016-08-13 18:48:02 +02:00
c749753c68
State constants renamed more systematically
2016-08-13 18:45:40 +02:00
9f92a73aa1
make_handshake() renamed to make_message() and made more general
2016-08-13 18:42:52 +02:00
6d54d45512
Pre-master secret encryption moved to make_client_key_exchange()
2016-08-13 18:39:22 +02:00
c7a41d891a
TLS work continues...
2016-08-12 21:09:50 +02:00
a8c306953a
TLS work continues...
2016-08-11 15:13:50 +02:00
77fe6b1bed
TLS connection state moved from eap::method_tls to eap::method_tls::conn_state to make reusable later
2016-08-11 12:00:38 +02:00
