Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity
325 Commits 3 Branches 69 Tags
5483368640973a4e99abbf17fa3cf41c655d7a67
Commit Graph

77 Commits

Author SHA1 Message Date
Simon Rozman
6077063599 The credentials are marked "invalid" at transition from handshake to application data phase only to prevent initial handshake problems from popping-up credential prompt when credentials have nothing to do with the connection failure. 2016-08-25 13:08:11 +02:00
Simon Rozman
d1c24efcf0 config_method_with_cred renamed to config_connection to describe it better 2016-08-24 11:39:37 +02:00
Simon Rozman
6835f5279c Certificate (TLS) credentials support custom identity now 2016-08-24 11:03:18 +02:00
Simon Rozman
5332b538aa Our own TLS merged back to master and compiles conditionally 2016-08-23 22:46:00 +02:00
Simon Rozman
9b997408a1 Switched to Schannel to do the TLS 2016-08-23 13:53:23 +02:00
Simon Rozman
df1d431bd0 - TLS revised (again) 
- TLS Session resumption issues resolved
- Credential prompt has "Remember" checkbox initially selected when credentials originate from Windows Credential Manager
- Last authentication attempt failure notice is more general and no longer insinuate user credentials are the likely cause of the failure
- Additional log messages added
 2016-08-17 11:50:34 +02:00
Simon Rozman
078636eb14 make_change_chiper_spec() removed as this message can simply be created using make_message() 2016-08-17 09:09:42 +02:00
Simon Rozman
cabae26e0b Flags describing handshake messages received assembled in a boolean table of flags 2016-08-17 09:01:11 +02:00
Simon Rozman
7376693838 Additional constants 2016-08-17 08:34:25 +02:00
Simon Rozman
a5b3914a09 Comments and some minor clean-up 2016-08-16 22:27:30 +02:00
Simon Rozman
e9839706b6 TLS clean-up 2016-08-16 16:44:19 +02:00
Simon Rozman
f5b03bc0bf Annotation update 2016-08-16 10:39:42 +02:00
Simon Rozman
85d7c3d4ec Support for TLS 1.2 added 2016-08-16 00:47:47 +02:00
Simon Rozman
d68fd6ce08 Support for TLS 1.1 finished 2016-08-15 22:49:45 +02:00
Simon Rozman
de802b7a28 Byte-enums redefined & code clean-up 2016-08-15 21:01:38 +02:00
Simon Rozman
c8cfe4da42 TLS version no longer static, thou still fixed to TLS 1.0 2016-08-15 19:04:21 +02:00
Simon Rozman
d8ccf7cbc0 Credential management revised 2016-08-15 17:33:10 +02:00
Simon Rozman
e34d2ba275 Prefast declaration update 2016-08-15 15:10:42 +02:00
Simon Rozman
3d6849a523 Peer correctly returns providers configuration instead of method configuration in method_tls::get_result() 2016-08-15 14:13:14 +02:00
Simon Rozman
e807336e7b The TLS phase can be determined from flags alone, therefore m_phase member eliminated 2016-08-15 10:40:27 +02:00
Simon Rozman
95426cde7c Clean-up 2016-08-15 10:09:01 +02:00
Simon Rozman
99aa53726d - PPP authentication EAP response packet is correctly formed now 
- MS-MPPE-Send-Key/MS-MPPE-Recv-Key sorted out
 2016-08-14 21:04:19 +02:00
Simon Rozman
95e2f7e01b Encryption/decryption revised 
- Number of memory copying reduced
- HMAC verification of server packets added
- Handshake hashing simplified
 2016-08-14 18:51:18 +02:00
Simon Rozman
940def31e6 Unused tls_conn_state member removed 2016-08-14 13:29:51 +02:00
Simon Rozman
47653492a2 Session key importing honours MSDN recommendation about exponent-one key usage 2016-08-14 12:44:49 +02:00
Simon Rozman
d1925a0704 method_tls::prf() simplified 2016-08-14 12:41:19 +02:00
Simon Rozman
ae37c9aa6c TLS and TTLS distinction 2016-08-13 18:55:33 +02:00
Simon Rozman
eb918f3141 Processing of vendor specific TLS messages introduced 2016-08-13 18:48:02 +02:00
Simon Rozman
c749753c68 State constants renamed more systematically 2016-08-13 18:45:40 +02:00
Simon Rozman
9f92a73aa1 make_handshake() renamed to make_message() and made more general 2016-08-13 18:42:52 +02:00
Simon Rozman
6d54d45512 Pre-master secret encryption moved to make_client_key_exchange() 2016-08-13 18:39:22 +02:00
Simon Rozman
534f6f6d7d tls_conn_state is class now 2016-08-13 08:09:47 +02:00
Simon Rozman
c7a41d891a TLS work continues... 2016-08-12 21:09:50 +02:00
Simon Rozman
a8c306953a TLS work continues... 2016-08-11 15:13:50 +02:00
Simon Rozman
77fe6b1bed TLS connection state moved from eap::method_tls to eap::method_tls::conn_state to make reusable later 2016-08-11 12:00:38 +02:00
Simon Rozman
659629ed93 Clean-up 2016-08-11 09:44:01 +02:00
Simon Rozman
6b4f597f27 - Microsoft's HMAC had problems with secrets longer than 16B, therefore we implemented our own 
- Key generation finished
- Additional memory sanitization
 2016-08-10 16:10:40 +02:00
Simon Rozman
fb0fa0de31 HMAC fixed to start with the correct key now 2016-08-10 11:18:20 +02:00
Simon Rozman
e92f47677d TLS implementation continues... 2016-08-09 18:37:12 +02:00
Simon Rozman
ba5bf1e533 HMAC cleanup 2016-08-09 06:39:33 +02:00
Simon Rozman
b71e30f642 EAP_ERROR replaced with C++ exceptions for increased code readability 2016-08-08 22:59:17 +02:00
Simon Rozman
788c8cdb16 TLS implementation continues... 2016-08-08 18:52:13 +02:00
Simon Rozman
ce9e636840 TLS start packet processing logic made more robust 2016-08-08 10:42:24 +02:00
Simon Rozman
8f4c177d49 eap namespace clean-up 2016-08-08 10:13:34 +02:00
Simon Rozman
d199cb68bb Work continues... 
- More event reporting added
- unsigned long and DWORD replaced with unsigned int for code readability and (possibly) portability
- Client hello message fixed
- SSL version reverted to TLS 1.0, will catch-up later if required
 2016-08-07 12:15:45 +02:00
Simon Rozman
e649a86b1f Error checking and size asserts added 2016-08-07 06:56:29 +02:00
Simon Rozman
a0efb6742d EAP-TTLS work continues... 2016-08-06 16:27:15 +02:00
Simon Rozman
b39cc927d2 Session.h/cpp >> Method.h/cpp 2016-08-06 10:36:58 +02:00
Simon Rozman
faadb712fc Sessions are actually methods now 2016-08-06 10:28:15 +02:00
Simon Rozman
97d0f75f8d eap::method introduced 2016-08-06 09:52:29 +02:00