Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Compare commits

base: Amebis:1.0-alpha10-owntls
Branches Tags
Amebis:master Amebis:ver1.0 Amebis:ver1.1
Amebis:1.3g Amebis:1.3f Amebis:1.3e Amebis:1.3d Amebis:1.3c Amebis:1.3b Amebis:1.3a Amebis:1.3 Amebis:1.2g Amebis:1.2f Amebis:1.1h Amebis:1.0i Amebis:1.2e Amebis:1.1g Amebis:1.0h Amebis:1.2d Amebis:1.1f Amebis:1.0g Amebis:1.2c Amebis:1.1e Amebis:1.0f Amebis:1.2b Amebis:1.1d Amebis:1.0e Amebis:1.2a Amebis:1.1c Amebis:1.0d Amebis:1.2 Amebis:1.1b Amebis:1.0c Amebis:1.2-beta2 Amebis:1.2-beta1 Amebis:1.2-beta Amebis:1.1a Amebis:1.0b Amebis:1.1 Amebis:1.1-beta2 Amebis:1.1-beta1 Amebis:1.0a Amebis:1.1-beta Amebis:1.0 Amebis:1.0-beta8 Amebis:1.0-beta7 Amebis:1.0-beta6 Amebis:1.0-beta5 Amebis:1.0-beta4 Amebis:1.0-beta3 Amebis:1.0-beta2 Amebis:1.0-beta1 Amebis:1.0-beta Amebis:1.0-alpha17 Amebis:1.0-alpha16 Amebis:1.0-alpha15 Amebis:1.0-alpha14 Amebis:1.0-alpha13 Amebis:1.0-alpha12 Amebis:1.0-alpha11 Amebis:1.0-alpha10 Amebis:1.0-alpha10-owntls Amebis:1.0-alpha9 Amebis:1.0-alpha8 Amebis:1.0-alpha7 Amebis:1.0-alpha6 Amebis:1.0-alpha5 Amebis:1.0-alpha4 Amebis:1.0-alpha3 Amebis:1.0-alpha2 Amebis:1.0-alpha1 Amebis:1.0-alpha0
..
compare: Amebis:1.0-alpha11
Branches Tags
Amebis:master Amebis:ver1.0 Amebis:ver1.1
Amebis:1.3g Amebis:1.3f Amebis:1.3e Amebis:1.3d Amebis:1.3c Amebis:1.3b Amebis:1.3a Amebis:1.3 Amebis:1.2g Amebis:1.2f Amebis:1.1h Amebis:1.0i Amebis:1.2e Amebis:1.1g Amebis:1.0h Amebis:1.2d Amebis:1.1f Amebis:1.0g Amebis:1.2c Amebis:1.1e Amebis:1.0f Amebis:1.2b Amebis:1.1d Amebis:1.0e Amebis:1.2a Amebis:1.1c Amebis:1.0d Amebis:1.2 Amebis:1.1b Amebis:1.0c Amebis:1.2-beta2 Amebis:1.2-beta1 Amebis:1.2-beta Amebis:1.1a Amebis:1.0b Amebis:1.1 Amebis:1.1-beta2 Amebis:1.1-beta1 Amebis:1.0a Amebis:1.1-beta Amebis:1.0 Amebis:1.0-beta8 Amebis:1.0-beta7 Amebis:1.0-beta6 Amebis:1.0-beta5 Amebis:1.0-beta4 Amebis:1.0-beta3 Amebis:1.0-beta2 Amebis:1.0-beta1 Amebis:1.0-beta Amebis:1.0-alpha17 Amebis:1.0-alpha16 Amebis:1.0-alpha15 Amebis:1.0-alpha14 Amebis:1.0-alpha13 Amebis:1.0-alpha12 Amebis:1.0-alpha11 Amebis:1.0-alpha10 Amebis:1.0-alpha10-owntls Amebis:1.0-alpha9 Amebis:1.0-alpha8 Amebis:1.0-alpha7 Amebis:1.0-alpha6 Amebis:1.0-alpha5 Amebis:1.0-alpha4 Amebis:1.0-alpha3 Amebis:1.0-alpha2 Amebis:1.0-alpha1 Amebis:1.0-alpha0

19 Commits
1.0-alpha1 ... 1.0-alpha1

Author SHA1 Message Date
Simon Rozman
352d546da1 Version set to 1.0-alpha11 2016-08-24 18:48:10 +02:00
Simon Rozman
d2ff78a613 Credential prompt sometimes displayed in background issue fixed now 2016-08-24 18:39:15 +02:00
Simon Rozman
10807fad18 Variable renamed from Slovenian to English 2016-08-24 18:36:51 +02:00
Simon Rozman
c6d53cd13c eap::monitor_ui class to prevent multiple launches introduced 2016-08-24 17:45:31 +02:00
Simon Rozman
6f25e4c0ad wxEAPGeneralDialog constructor parameters extended 2016-08-24 17:43:02 +02:00
Simon Rozman
edac93e115 Custom TLS identity is correctly enabled/disabled now. 2016-08-24 15:30:27 +02:00
Simon Rozman
d1c24efcf0 config_method_with_cred renamed to config_connection to describe it better 2016-08-24 11:39:37 +02:00
Simon Rozman
1cb6ca5adb Connection configuration is equipped with GUID now for multiple credential prompt disambiguation later 2016-08-24 11:34:30 +02:00
Simon Rozman
38e1443276 Logging of handshake progress introduced 2016-08-24 11:04:04 +02:00
Simon Rozman
6835f5279c Certificate (TLS) credentials support custom identity now 2016-08-24 11:03:18 +02:00
Simon Rozman
eb9c8a5f7c If configured trusted root CA certificate list is empty, that really means "Trust no one!" now 2016-08-23 23:40:07 +02:00
Simon Rozman
5332b538aa Our own TLS merged back to master and compiles conditionally 2016-08-23 22:46:00 +02:00
Simon Rozman
a9baa07227 Error type detection fixed 2016-08-23 22:41:12 +02:00
Simon Rozman
387a12ab5e Additional cases of invalid certificate caught 2016-08-23 17:41:20 +02:00
Simon Rozman
7b3251a758 Error throwing clean-up 2016-08-23 17:20:04 +02:00
Simon Rozman
894f19a81e Binary publishing updated 2016-08-23 16:45:16 +02:00
Simon Rozman
318ad7f355 Version set to 1.0-alpha10 2016-08-23 14:53:27 +02:00
Simon Rozman
ef2042253c When server certificate has no subjectAltName(2), compare host name against Common Name 2016-08-23 14:29:47 +02:00
Simon Rozman
9b997408a1 Switched to Schannel to do the TLS 2016-08-23 13:53:23 +02:00
41 changed files with 6368 additions and 5032 deletions
Expand all files Collapse all files

12
EventMonitor/App.cpp
View File

@@ -66,12 +66,12 @@ bool wxEventMonitorApp::OnInit()
#ifdef __WXMSW__ #ifdef __WXMSW__
// Find EventMonitor window if already running. // Find EventMonitor window if already running.
HWND okno = ::FindWindow(_T("wxWindowNR"), _("Event Monitor")); HWND hWnd = ::FindWindow(_T("wxWindowNR"), _("Event Monitor"));
if (okno) { if (hWnd) {
if (::IsIconic(okno)) if (::IsIconic(hWnd))
::SendMessage(okno, WM_SYSCOMMAND, SC_RESTORE, 0); ::SendMessage(hWnd, WM_SYSCOMMAND, SC_RESTORE, 0);
::SetActiveWindow(okno); ::SetActiveWindow(hWnd);
::SetForegroundWindow(okno); ::SetForegroundWindow(hWnd);
// Not an error condition actually; Just nothing else to do... // Not an error condition actually; Just nothing else to do...
return false; return false;

BIN
Makefile
View File

Binary file not shown.

2
include/Common.props
View File

@@ -32,7 +32,7 @@
<ItemDefinitionGroup> <ItemDefinitionGroup>
<ClCompile> <ClCompile>
<WarningLevel>Level4</WarningLevel> <WarningLevel>Level4</WarningLevel>
<PreprocessorDefinitions>_WIN32_WINNT=0x0600;ISOLATION_AWARE_ENABLED=1;CERT_CHAIN_PARA_HAS_EXTRA_FIELDS;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions>_WIN32_WINNT=0x0600;ISOLATION_AWARE_ENABLED=1;SECURITY_WIN32;CERT_CHAIN_PARA_HAS_EXTRA_FIELDS;EAP_TLS=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PrecompiledHeader>Use</PrecompiledHeader> <PrecompiledHeader>Use</PrecompiledHeader>
<PrecompiledHeaderFile>StdAfx.h</PrecompiledHeaderFile> <PrecompiledHeaderFile>StdAfx.h</PrecompiledHeaderFile>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat> <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>

10
include/Version.h
View File

@@ -29,7 +29,7 @@
// Product version as a single DWORD // Product version as a single DWORD
// Note: Used for version comparison within C/C++ code. // Note: Used for version comparison within C/C++ code.
// //
#define PRODUCT_VERSION 0x00ff0a00 #define PRODUCT_VERSION 0x00ff0b00
// //
// Product version by components // Product version by components
@@ -39,26 +39,26 @@
// //
#define PRODUCT_VERSION_MAJ 0 #define PRODUCT_VERSION_MAJ 0
#define PRODUCT_VERSION_MIN 255 #define PRODUCT_VERSION_MIN 255
#define PRODUCT_VERSION_REV 10 #define PRODUCT_VERSION_REV 11
#define PRODUCT_VERSION_BUILD 0 #define PRODUCT_VERSION_BUILD 0
// //
// Human readable product version and build year for UI // Human readable product version and build year for UI
// //
#define PRODUCT_VERSION_STR "1.0-alpha10-owntls" #define PRODUCT_VERSION_STR "1.0-alpha11"
#define PRODUCT_BUILD_YEAR_STR "2016" #define PRODUCT_BUILD_YEAR_STR "2016"
// //
// Numerical version presentation for ProductVersion propery in // Numerical version presentation for ProductVersion propery in
// MSI packages (syntax: N.N[.N[.N]]) // MSI packages (syntax: N.N[.N[.N]])
// //
#define PRODUCT_VERSION_INST "0.255.10" #define PRODUCT_VERSION_INST "0.255.11"
// //
// The product code for ProductCode property in MSI packages // The product code for ProductCode property in MSI packages
// Replace with new on every version change, regardless how minor it is. // Replace with new on every version change, regardless how minor it is.
// //
#define PRODUCT_VERSION_GUID "{C3675615-0D70-47C7-9BCB-B683A77C6ED6}" #define PRODUCT_VERSION_GUID "{C6CA6AA8-33A4-4867-BB0A-B5F82655D611}"
// //
// Since the product name is not finally confirmed at the time of // Since the product name is not finally confirmed at the time of

19
lib/EAPBase/include/Config.h
View File

@@ -40,14 +40,14 @@ namespace eap
class config_method_with_cred; class config_method_with_cred;
/// ///
/// Base class for single provider configuration storage /// Provider configuration storage
/// ///
class config_provider; class config_provider;
/// ///
/// Base class for the list of providers configuration storage /// Connection configuration storage
/// ///
class config_provider_list; class config_connection;
} }
/// ///
@@ -454,7 +454,7 @@ namespace eap
}; };
class config_provider_list : public config class config_connection : public config
{ {
public: public:
/// ///
@@ -462,21 +462,21 @@ namespace eap
/// ///
/// \param[in] mod EAP module to use for global services /// \param[in] mod EAP module to use for global services
/// ///
config_provider_list(_In_ module &mod); config_connection(_In_ module &mod);
/// ///
/// Copies configuration /// Copies configuration
/// ///
/// \param[in] other Configuration to copy from /// \param[in] other Configuration to copy from
/// ///
config_provider_list(_In_ const config_provider_list &other); config_connection(_In_ const config_connection &other);
/// ///
/// Moves configuration /// Moves configuration
/// ///
/// \param[in] other Configuration to move from /// \param[in] other Configuration to move from
/// ///
config_provider_list(_Inout_ config_provider_list &&other); config_connection(_Inout_ config_connection &&other);
/// ///
/// Copies configuration /// Copies configuration
@@ -485,7 +485,7 @@ namespace eap
/// ///
/// \returns Reference to this object /// \returns Reference to this object
/// ///
config_provider_list& operator=(_In_ const config_provider_list &other); config_connection& operator=(_In_ const config_connection &other);
/// ///
/// Moves configuration /// Moves configuration
@@ -494,7 +494,7 @@ namespace eap
/// ///
/// \returns Reference to this object /// \returns Reference to this object
/// ///
config_provider_list& operator=(_Inout_ config_provider_list &&other); config_connection& operator=(_Inout_ config_connection &&other);
/// ///
/// Clones configuration /// Clones configuration
@@ -550,6 +550,7 @@ namespace eap
/// @} /// @}
public: public:
GUID m_connection_id; ///< Unique connection ID
std::vector<eap::config_provider> m_providers; ///< Array of provider configurations std::vector<eap::config_provider> m_providers; ///< Array of provider configurations
}; };
} }

57
lib/EAPBase/include/Credentials.h
View File

@@ -120,6 +120,52 @@ namespace eap
/// ///
virtual bool empty() const; virtual bool empty() const;
/// \name XML configuration management
/// @{
///
/// Save to XML document
///
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving
///
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
///
/// Load from XML document
///
/// \param[in] pConfigRoot Root element for loading
///
virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @}
/// \name BLOB management
/// @{
///
/// Packs a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator<<(_Inout_ cursor_out &cursor) const;
///
/// Returns packed size of a configuration
///
/// \returns Size of data when packed (in bytes)
///
virtual size_t get_pk_size() const;
///
/// Unpacks a configuration
///
/// \param[inout] cursor Memory cursor
///
virtual void operator>>(_Inout_ cursor_in &cursor);
/// @}
/// \name Storage /// \name Storage
/// @{ /// @{
@@ -164,12 +210,15 @@ namespace eap
/// ///
/// Returns credential identity. /// Returns credential identity.
/// ///
virtual std::wstring get_identity() const = 0; virtual std::wstring get_identity() const;
/// ///
/// Returns credential name (for GUI display). /// Returns credential name (for GUI display).
/// ///
virtual winstd::tstring get_name() const; virtual winstd::tstring get_name() const;
public:
std::wstring m_identity; ///< Identity (username\@domain, certificate name etc.)
}; };
@@ -294,13 +343,7 @@ namespace eap
/// @} /// @}
///
/// Returns credential identity.
///
virtual std::wstring get_identity() const;
public: public:
std::wstring m_identity; ///< Identity (username\@domain, certificate name etc.)
winstd::sanitizing_wstring m_password; ///< Password winstd::sanitizing_wstring m_password; ///< Password
private: private:

50
lib/EAPBase/include/EAP.h
View File

@@ -391,6 +391,31 @@ template<size_t N> inline size_t pksizeof(_In_ const eap::sanitizing_blob_f<N> &
/// ///
template<size_t N> inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::sanitizing_blob_f<N> &val); template<size_t N> inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::sanitizing_blob_f<N> &val);
///
/// Packs a GUID
///
/// \param[inout] cursor Memory cursor
/// \param[in] val Variable with data to pack
///
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const GUID &val);
///
/// Returns packed size of a GUID
///
/// \param[in] val Data to pack
///
/// \returns Size of data when packed (in bytes)
///
inline size_t pksizeof(_In_ const GUID &val);
///
/// Unpacks a GUID
///
/// \param[inout] cursor Memory cursor
/// \param[out] val Variable to receive unpacked value
///
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ GUID &val);
#ifndef htonll #ifndef htonll
/// ///
/// Convert host converts an unsigned __int64 from host to TCP/IP network byte order. /// Convert host converts an unsigned __int64 from host to TCP/IP network byte order.
@@ -975,6 +1000,31 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::sanitizing_blo
} }
inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const GUID &val)
{
eap::cursor_out::ptr_type ptr_end = cursor.ptr + sizeof(GUID);
assert(ptr_end <= cursor.ptr_end);
memcpy(cursor.ptr, &val, sizeof(GUID));
cursor.ptr = ptr_end;
}
inline size_t pksizeof(_In_ const GUID &val)
{
UNREFERENCED_PARAMETER(val);
return sizeof(GUID);
}
inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ GUID &val)
{
eap::cursor_in::ptr_type ptr_end = cursor.ptr + sizeof(GUID);
assert(ptr_end <= cursor.ptr_end);
memcpy(&val, cursor.ptr, sizeof(GUID));
cursor.ptr = ptr_end;
}
#ifndef htonll #ifndef htonll
inline unsigned __int64 htonll(unsigned __int64 val) inline unsigned __int64 htonll(unsigned __int64 val)

10
lib/EAPBase/include/Method.h
View File

@@ -51,10 +51,10 @@ namespace eap
/// Constructs an EAP method /// Constructs an EAP method
/// ///
/// \param[in] mod EAP module to use for global services /// \param[in] mod EAP module to use for global services
/// \param[in] cfg Providers configuration /// \param[in] cfg Connection configuration
/// \param[in] cred User credentials /// \param[in] cred User credentials
/// ///
method(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials &cred); method(_In_ module &module, _In_ config_connection &cfg, _In_ credentials &cred);
/// ///
@@ -130,8 +130,8 @@ namespace eap
method& operator=(_In_ const method &other); method& operator=(_In_ const method &other);
public: public:
module &m_module; ///< EAP module module &m_module; ///< EAP module
config_provider_list &m_cfg; ///< Providers configuration config_connection &m_cfg; ///< Connection configuration
credentials &m_cred; ///< User credentials credentials &m_cred; ///< User credentials
}; };
} }

44
lib/EAPBase/src/Config.cpp
View File

@@ -609,43 +609,48 @@ void eap::config_provider::operator>>(_Inout_ cursor_in &cursor)
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
// eap::config_provider_list // eap::config_connection
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
eap::config_provider_list::config_provider_list(_In_ module &mod) : config(mod) eap::config_connection::config_connection(_In_ module &mod) : config(mod)
{ {
memset(&m_connection_id, 0, sizeof(m_connection_id));
} }
eap::config_provider_list::config_provider_list(_In_ const config_provider_list &other) : eap::config_connection::config_connection(_In_ const config_connection &other) :
m_connection_id(other.m_connection_id),
m_providers(other.m_providers), m_providers(other.m_providers),
config(other) config(other)
{ {
} }
eap::config_provider_list::config_provider_list(_Inout_ config_provider_list &&other) : eap::config_connection::config_connection(_Inout_ config_connection &&other) :
m_connection_id(std::move(other.m_connection_id)),
m_providers(std::move(other.m_providers)), m_providers(std::move(other.m_providers)),
config(std::move(other)) config(std::move(other))
{ {
} }
eap::config_provider_list& eap::config_provider_list::operator=(_In_ const config_provider_list &other) eap::config_connection& eap::config_connection::operator=(_In_ const config_connection &other)
{ {
if (this != &other) { if (this != &other) {
(config&)*this = other; (config&)*this = other;
m_providers = other.m_providers; m_connection_id = other.m_connection_id;
m_providers = other.m_providers;
} }
return *this; return *this;
} }
eap::config_provider_list& eap::config_provider_list::operator=(_Inout_ config_provider_list &&other) eap::config_connection& eap::config_connection::operator=(_Inout_ config_connection &&other)
{ {
if (this != &other) { if (this != &other) {
(config&&)*this = std::move(other); (config&&)*this = std::move(other);
m_connection_id = std::move(other.m_connection_id);
m_providers = std::move(other.m_providers); m_providers = std::move(other.m_providers);
} }
@@ -653,13 +658,13 @@ eap::config_provider_list& eap::config_provider_list::operator=(_Inout_ config_p
} }
eap::config* eap::config_provider_list::clone() const eap::config* eap::config_connection::clone() const
{ {
return new config_provider_list(*this); return new config_connection(*this);
} }
void eap::config_provider_list::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const void eap::config_connection::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
{ {
config::save(pDoc, pConfigRoot); config::save(pDoc, pConfigRoot);
@@ -686,13 +691,16 @@ void eap::config_provider_list::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNod
} }
void eap::config_provider_list::load(_In_ IXMLDOMNode *pConfigRoot) void eap::config_connection::load(_In_ IXMLDOMNode *pConfigRoot)
{ {
assert(pConfigRoot); assert(pConfigRoot);
HRESULT hr; HRESULT hr;
config::load(pConfigRoot); config::load(pConfigRoot);
// On each configuration import reset ID.
CoCreateGuid(&m_connection_id);
// Iterate authentication providers (<EAPIdentityProvider>). // Iterate authentication providers (<EAPIdentityProvider>).
com_obj<IXMLDOMNodeList> pXmlListProviders; com_obj<IXMLDOMNodeList> pXmlListProviders;
if (FAILED(hr = eapxml::select_nodes(pConfigRoot, bstr(L"eap-metadata:EAPIdentityProviderList/eap-metadata:EAPIdentityProvider"), &pXmlListProviders))) if (FAILED(hr = eapxml::select_nodes(pConfigRoot, bstr(L"eap-metadata:EAPIdentityProviderList/eap-metadata:EAPIdentityProvider"), &pXmlListProviders)))
@@ -714,25 +722,29 @@ void eap::config_provider_list::load(_In_ IXMLDOMNode *pConfigRoot)
} }
void eap::config_provider_list::operator<<(_Inout_ cursor_out &cursor) const void eap::config_connection::operator<<(_Inout_ cursor_out &cursor) const
{ {
config::operator<<(cursor); config::operator<<(cursor);
cursor << m_connection_id;
cursor << m_providers; cursor << m_providers;
} }
size_t eap::config_provider_list::get_pk_size() const size_t eap::config_connection::get_pk_size() const
{ {
return return
config::get_pk_size() + config::get_pk_size() +
pksizeof(m_providers); pksizeof(m_connection_id) +
pksizeof(m_providers );
} }
void eap::config_provider_list::operator>>(_Inout_ cursor_in &cursor) void eap::config_connection::operator>>(_Inout_ cursor_in &cursor)
{ {
config::operator>>(cursor); config::operator>>(cursor);
cursor >> m_connection_id;
list<config_provider>::size_type count; list<config_provider>::size_type count;
cursor >> count; cursor >> count;
m_providers.clear(); m_providers.clear();

101
lib/EAPBase/src/Credentials.cpp
View File

@@ -36,12 +36,14 @@ eap::credentials::credentials(_In_ module &mod) : config(mod)
eap::credentials::credentials(_In_ const credentials &other) : eap::credentials::credentials(_In_ const credentials &other) :
m_identity(other.m_identity),
config(other) config(other)
{ {
} }
eap::credentials::credentials(_Inout_ credentials &&other) : eap::credentials::credentials(_Inout_ credentials &&other) :
m_identity(std::move(other.m_identity)),
config(std::move(other)) config(std::move(other))
{ {
} }
@@ -49,8 +51,10 @@ eap::credentials::credentials(_Inout_ credentials &&other) :
eap::credentials& eap::credentials::operator=(_In_ const credentials &other) eap::credentials& eap::credentials::operator=(_In_ const credentials &other)
{ {
if (this != &other) if (this != &other) {
(config&)*this = other; (config&)*this = other;
m_identity = other.m_identity;
}
return *this; return *this;
} }
@@ -58,8 +62,10 @@ eap::credentials& eap::credentials::operator=(_In_ const credentials &other)
eap::credentials& eap::credentials::operator=(_Inout_ credentials &&other) eap::credentials& eap::credentials::operator=(_Inout_ credentials &&other)
{ {
if (this != &other) if (this != &other) {
(config&)*this = std::move(other); (config&)*this = std::move(other);
m_identity = std::move(other.m_identity);
}
return *this; return *this;
} }
@@ -67,13 +73,73 @@ eap::credentials& eap::credentials::operator=(_Inout_ credentials &&other)
void eap::credentials::clear() void eap::credentials::clear()
{ {
m_identity.clear();
} }
bool eap::credentials::empty() const bool eap::credentials::empty() const
{ {
// Base class always report empty credentials. return m_identity.empty();
return true; }
void eap::credentials::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
{
assert(pDoc);
assert(pConfigRoot);
config::save(pDoc, pConfigRoot);
const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
HRESULT hr;
// <UserName>
if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <UserName> element.");
}
void eap::credentials::load(_In_ IXMLDOMNode *pConfigRoot)
{
assert(pConfigRoot);
HRESULT hr;
config::load(pConfigRoot);
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)))
throw com_runtime_error(hr, __FUNCTION__ " Error reading <UserName> element.");
m_module.log_config((xpath + L"/UserName").c_str(), m_identity.c_str());
}
void eap::credentials::operator<<(_Inout_ cursor_out &cursor) const
{
config::operator<<(cursor);
cursor << m_identity;
}
size_t eap::credentials::get_pk_size() const
{
return
config::get_pk_size() +
pksizeof(m_identity);
}
void eap::credentials::operator>>(_Inout_ cursor_in &cursor)
{
config::operator>>(cursor);
cursor >> m_identity;
}
wstring eap::credentials::get_identity() const
{
return m_identity;
} }
@@ -93,7 +159,6 @@ eap::credentials_pass::credentials_pass(_In_ module &mod) : credentials(mod)
eap::credentials_pass::credentials_pass(_In_ const credentials_pass &other) : eap::credentials_pass::credentials_pass(_In_ const credentials_pass &other) :
m_identity(other.m_identity),
m_password(other.m_password), m_password(other.m_password),
credentials(other) credentials(other)
{ {
@@ -101,7 +166,6 @@ eap::credentials_pass::credentials_pass(_In_ const credentials_pass &other) :
eap::credentials_pass::credentials_pass(_Inout_ credentials_pass &&other) : eap::credentials_pass::credentials_pass(_Inout_ credentials_pass &&other) :
m_identity(std::move(other.m_identity)),
m_password(std::move(other.m_password)), m_password(std::move(other.m_password)),
credentials(std::move(other)) credentials(std::move(other))
{ {
@@ -112,7 +176,6 @@ eap::credentials_pass& eap::credentials_pass::operator=(_In_ const credentials_p
{ {
if (this != &other) { if (this != &other) {
(credentials&)*this = other; (credentials&)*this = other;
m_identity = other.m_identity;
m_password = other.m_password; m_password = other.m_password;
} }
@@ -124,7 +187,6 @@ eap::credentials_pass& eap::credentials_pass::operator=(_Inout_ credentials_pass
{ {
if (this != &other) { if (this != &other) {
(credentials&)*this = std::move(other); (credentials&)*this = std::move(other);
m_identity = std::move(other.m_identity);
m_password = std::move(other.m_password); m_password = std::move(other.m_password);
} }
@@ -135,14 +197,13 @@ eap::credentials_pass& eap::credentials_pass::operator=(_Inout_ credentials_pass
void eap::credentials_pass::clear() void eap::credentials_pass::clear()
{ {
credentials::clear(); credentials::clear();
m_identity.clear();
m_password.clear(); m_password.clear();
} }
bool eap::credentials_pass::empty() const bool eap::credentials_pass::empty() const
{ {
return credentials::empty() && m_identity.empty() && m_password.empty(); return credentials::empty() && m_password.empty();
} }
@@ -156,10 +217,6 @@ void eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *p
const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata"); const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
HRESULT hr; HRESULT hr;
// <UserName>
if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <UserName> element.");
// <Password> // <Password>
bstr pass(m_password); bstr pass(m_password);
hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"Password"), bstrNamespace, pass); hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"Password"), bstrNamespace, pass);
@@ -178,11 +235,6 @@ void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot)
std::wstring xpath(eapxml::get_xpath(pConfigRoot)); std::wstring xpath(eapxml::get_xpath(pConfigRoot));
if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)))
throw com_runtime_error(hr, __FUNCTION__ " Error reading <UserName> element.");
m_module.log_config((xpath + L"/UserName").c_str(), m_identity.c_str());
bstr pass; bstr pass;
if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:Password"), &pass))) if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:Password"), &pass)))
throw com_runtime_error(hr, __FUNCTION__ " Error reading <Password> element."); throw com_runtime_error(hr, __FUNCTION__ " Error reading <Password> element.");
@@ -202,7 +254,6 @@ void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot)
void eap::credentials_pass::operator<<(_Inout_ cursor_out &cursor) const void eap::credentials_pass::operator<<(_Inout_ cursor_out &cursor) const
{ {
credentials::operator<<(cursor); credentials::operator<<(cursor);
cursor << m_identity;
cursor << m_password; cursor << m_password;
} }
@@ -211,7 +262,6 @@ size_t eap::credentials_pass::get_pk_size() const
{ {
return return
credentials::get_pk_size() + credentials::get_pk_size() +
pksizeof(m_identity) +
pksizeof(m_password); pksizeof(m_password);
} }
@@ -219,7 +269,6 @@ size_t eap::credentials_pass::get_pk_size() const
void eap::credentials_pass::operator>>(_Inout_ cursor_in &cursor) void eap::credentials_pass::operator>>(_Inout_ cursor_in &cursor)
{ {
credentials::operator>>(cursor); credentials::operator>>(cursor);
cursor >> m_identity;
cursor >> m_password; cursor >> m_password;
} }
@@ -289,7 +338,7 @@ void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName)
m_identity.clear(); m_identity.clear();
wstring xpath(pszTargetName); wstring xpath(pszTargetName);
m_module.log_config((xpath + L"/Username").c_str(), m_identity.c_str()); m_module.log_config((xpath + L"/Identity").c_str(), m_identity.c_str());
m_module.log_config((xpath + L"/Password").c_str(), m_module.log_config((xpath + L"/Password").c_str(),
#ifdef _DEBUG #ifdef _DEBUG
m_password.c_str() m_password.c_str()
@@ -300,12 +349,6 @@ void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName)
} }
std::wstring eap::credentials_pass::get_identity() const
{
return m_identity;
}
const unsigned char eap::credentials_pass::s_entropy[1024] = { const unsigned char eap::credentials_pass::s_entropy[1024] = {
0x40, 0x88, 0xd3, 0x13, 0x81, 0x8a, 0xf6, 0x74, 0x55, 0x8e, 0xcc, 0x73, 0x2c, 0xf8, 0x93, 0x37, 0x40, 0x88, 0xd3, 0x13, 0x81, 0x8a, 0xf6, 0x74, 0x55, 0x8e, 0xcc, 0x73, 0x2c, 0xf8, 0x93, 0x37,
0x4f, 0xeb, 0x1d, 0x66, 0xb7, 0xfb, 0x47, 0x75, 0xb4, 0xfd, 0x07, 0xbb, 0xf6, 0xb3, 0x05, 0x30, 0x4f, 0xeb, 0x1d, 0x66, 0xb7, 0xfb, 0x47, 0x75, 0xb4, 0xfd, 0x07, 0xbb, 0xf6, 0xb3, 0x05, 0x30,

2
lib/EAPBase/src/Method.cpp
View File

@@ -28,7 +28,7 @@ using namespace winstd;
// eap::method // eap::method
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
eap::method::method(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials &cred) : eap::method::method(_In_ module &module, _In_ config_connection &cfg, _In_ credentials &cred) :
m_module(module), m_module(module),
m_cfg(cfg), m_cfg(cfg),
m_cred(cred) m_cred(cred)

22
lib/EAPBase/src/Module.cpp
View File

@@ -91,20 +91,26 @@ EAP_ERROR* eap::module::make_error(_In_ std::exception &err) const
MultiByteToWideChar(CP_ACP, 0, err.what(), -1, what); MultiByteToWideChar(CP_ACP, 0, err.what(), -1, what);
{ {
win_runtime_error &e(dynamic_cast<win_runtime_error&>(err)); win_runtime_error *e = dynamic_cast<win_runtime_error*>(&err);
if (&e) if (e)
return make_error(e.number(), what.c_str()); return make_error(e->number(), what.c_str());
} }
{ {
com_runtime_error &e(dynamic_cast<com_runtime_error&>(err)); com_runtime_error *e = dynamic_cast<com_runtime_error*>(&err);
if (&e) if (e)
return make_error(HRESULT_CODE(e.number()), what.c_str()); return make_error(HRESULT_CODE(e->number()), what.c_str());
} }
{ {
invalid_argument &e(dynamic_cast<invalid_argument&>(err)); sec_runtime_error *e = dynamic_cast<sec_runtime_error*>(&err);
if (&e) if (e)
return make_error(SCODE_CODE(e->number()), what.c_str());
}
{
invalid_argument *e = dynamic_cast<invalid_argument*>(&err);
if (e)
return make_error(ERROR_INVALID_PARAMETER, what.c_str()); return make_error(ERROR_INVALID_PARAMETER, what.c_str());
} }

1
lib/EAPBase/src/StdAfx.h
View File

@@ -30,5 +30,6 @@
#include <WinStd/Cred.h> #include <WinStd/Cred.h>
#include <WinStd/ETW.h> #include <WinStd/ETW.h>
#include <WinStd/Sec.h>
#include <EventsETW.h> #include <EventsETW.h>

72
lib/EAPBase_UI/include/EAP_UI.h
View File

@@ -100,6 +100,14 @@ inline bool wxSetIconFromResource(wxStaticBitmap *bmp, wxIcon &icon, HINSTANCE h
/// ///
inline wxString wxEAPGetProviderName(const std::wstring &id); inline wxString wxEAPGetProviderName(const std::wstring &id);
namespace eap
{
///
/// Base class to prevent multiple instances of the same dialog
///
class monitor_ui;
}
#pragma once #pragma once
#include <wx/msw/winundef.h> // Fixes `CreateDialog` name collision #include <wx/msw/winundef.h> // Fixes `CreateDialog` name collision
@@ -142,10 +150,10 @@ public:
/// ///
/// Constructs a configuration dialog /// Constructs a configuration dialog
/// ///
/// \param[inout] cfg Providers configuration data /// \param[inout] cfg Connection configuration
/// \param[in] parent Parent window /// \param[in] parent Parent window
/// ///
wxEAPConfigDialog(eap::config_provider_list &cfg, wxWindow* parent) : wxEAPConfigDialog(eap::config_connection &cfg, wxWindow* parent) :
m_cfg(cfg), m_cfg(cfg),
wxEAPConfigDialogBase(parent) wxEAPConfigDialogBase(parent)
{ {
@@ -207,7 +215,7 @@ protected:
protected: protected:
eap::config_provider_list &m_cfg; ///< EAP providers configuration eap::config_connection &m_cfg; ///< Connection configuration
}; };
@@ -217,7 +225,7 @@ public:
/// ///
/// Constructs a dialog /// Constructs a dialog
/// ///
wxEAPGeneralDialog(wxWindow* parent, const wxString& title = wxEmptyString); wxEAPGeneralDialog(wxWindow *parent, wxWindowID id = wxID_ANY, const wxString &title = wxEmptyString, const wxPoint &pos = wxDefaultPosition, const wxSize &size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE);
/// ///
/// Adds panels to the dialog /// Adds panels to the dialog
@@ -242,7 +250,7 @@ public:
/// ///
/// Constructs a credential dialog /// Constructs a credential dialog
/// ///
wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow* parent); wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow *parent, wxWindowID id = wxID_ANY, const wxString &title = _("EAP Credentials"), const wxPoint &pos = wxDefaultPosition, const wxSize &size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE);
}; };
@@ -411,7 +419,7 @@ public:
/// \param[inout] prov Provider configuration data /// \param[inout] prov Provider configuration data
/// \param[in] parent Parent window /// \param[in] parent Parent window
/// ///
wxEAPConfigProvider(eap::config_provider &prov, wxWindow* parent); wxEAPConfigProvider(eap::config_provider &prov, wxWindow *parent, wxWindowID id = wxID_ANY, const wxString &title = _("Provider Settings"), const wxPoint &pos = wxDefaultPosition, const wxSize &size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE);
protected: protected:
eap::config_provider &m_prov; ///< EAP method configuration eap::config_provider &m_prov; ///< EAP method configuration
@@ -808,3 +816,55 @@ inline wxString wxEAPGetProviderName(const std::wstring &id)
return return
!id.empty() ? id : _("<Your Organization>"); !id.empty() ? id : _("<Your Organization>");
} }
namespace eap
{
class monitor_ui
{
public:
monitor_ui(_In_ HINSTANCE module, _In_ const GUID &guid);
virtual ~monitor_ui();
void set_popup(_In_ HWND hwnd);
void release_slaves(_In_bytecount_(size) const void *data, _In_ size_t size) const;
inline bool is_master() const
{
return m_is_master;
}
inline bool is_slave() const
{
return !is_master();
}
inline const std::vector<unsigned char>& master_data() const
{
return m_data;
}
protected:
virtual LRESULT winproc(
_In_ UINT msg,
_In_ WPARAM wparam,
_In_ LPARAM lparam);
static LRESULT CALLBACK winproc(
_In_ HWND hwnd,
_In_ UINT msg,
_In_ WPARAM wparam,
_In_ LPARAM lparam);
protected:
bool m_is_master; ///< Is this monitor master?
HWND m_hwnd; ///< Message window handle
std::list<HWND> m_slaves; ///< List of slaves to notify on finish
HWND m_hwnd_popup; ///< Pop-up window handle
std::vector<unsigned char> m_data; ///< Data master sent
// Custom window messages
static const UINT s_msg_attach; ///< Slave sends this message to attach to master
static const UINT s_msg_finish; ///< Master sends this message to slaves to notify them it has finished (wparam has size, lparam has data)
};
}

205
lib/EAPBase_UI/src/EAP_UI.cpp
View File

@@ -41,7 +41,8 @@ bool wxEAPBannerPanel::AcceptsFocusFromKeyboard() const
// wxEAPGeneralDialog // wxEAPGeneralDialog
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
wxEAPGeneralDialog::wxEAPGeneralDialog(wxWindow* parent, const wxString& title) : wxEAPGeneralDialogBase(parent, wxID_ANY, title) wxEAPGeneralDialog::wxEAPGeneralDialog(wxWindow *parent, wxWindowID id, const wxString &title, const wxPoint &pos, const wxSize &size, long style) :
wxEAPGeneralDialogBase(parent, id, title, pos, size, style)
{ {
// Set extra style here, as wxFormBuilder overrides all default flags. // Set extra style here, as wxFormBuilder overrides all default flags.
this->SetExtraStyle(this->GetExtraStyle() | wxWS_EX_VALIDATE_RECURSIVELY); this->SetExtraStyle(this->GetExtraStyle() | wxWS_EX_VALIDATE_RECURSIVELY);
@@ -80,7 +81,8 @@ void wxEAPGeneralDialog::OnInitDialog(wxInitDialogEvent& event)
// wxEAPCredentialsDialog // wxEAPCredentialsDialog
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
wxEAPCredentialsDialog::wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow* parent) : wxEAPGeneralDialog(parent, _("EAP Credentials")) wxEAPCredentialsDialog::wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow *parent, wxWindowID id, const wxString &title, const wxPoint &pos, const wxSize &size, long style) :
wxEAPGeneralDialog(parent, id, title, pos, size, style)
{ {
// Set banner title. // Set banner title.
m_banner->m_title->SetLabel(wxString::Format(_("%s Credentials"), wxEAPGetProviderName(prov.m_id).c_str())); m_banner->m_title->SetLabel(wxString::Format(_("%s Credentials"), wxEAPGetProviderName(prov.m_id).c_str()));
@@ -328,12 +330,12 @@ bool wxEAPProviderLockPanel::TransferDataFromWindow()
// wxEAPConfigProvider // wxEAPConfigProvider
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
wxEAPConfigProvider::wxEAPConfigProvider(eap::config_provider &prov, wxWindow* parent) : wxEAPConfigProvider::wxEAPConfigProvider(eap::config_provider &prov, wxWindow *parent, wxWindowID id, const wxString &title, const wxPoint &pos, const wxSize &size, long style) :
m_prov(prov), m_prov(prov),
wxEAPGeneralDialog(parent, _("Provider Settings")) wxEAPGeneralDialog(parent, id, title, pos, size, style)
{ {
// Set banner title. // Set banner title.
m_banner->m_title->SetLabel(_("Provider Settings")); m_banner->m_title->SetLabel(title);
m_identity = new wxEAPProviderIdentityPanel(prov, this); m_identity = new wxEAPProviderIdentityPanel(prov, this);
AddContent(m_identity); AddContent(m_identity);
@@ -343,3 +345,196 @@ wxEAPConfigProvider::wxEAPConfigProvider(eap::config_provider &prov, wxWindow* p
m_identity->m_provider_name->SetFocusFromKbd(); m_identity->m_provider_name->SetFocusFromKbd();
} }
using namespace std;
using namespace winstd;
//////////////////////////////////////////////////////////////////////
// eap::monitor_ui
//////////////////////////////////////////////////////////////////////
eap::monitor_ui::monitor_ui(_In_ HINSTANCE module, _In_ const GUID &guid) :
m_hwnd_popup(NULL)
{
// Verify if the monitor is already running.
const WNDCLASSEX wnd_class_desc = {
sizeof(WNDCLASSEX), // cbSize
0, // style
winproc, // lpfnWndProc
0, // cbClsExtra
0, // cbWndExtra
module, // hInstance
NULL, // hIcon
NULL, // hCursor
NULL, // hbrBackground
NULL, // lpszMenuName
_T(__FUNCTION__), // lpszClassName
NULL // hIconSm
};
ATOM wnd_class = RegisterClassEx(&wnd_class_desc);
if (!wnd_class)
throw win_runtime_error(__FUNCTION__ " Error registering master monitor window class.");
tstring_guid guid_str(guid);
HWND hwnd_master = FindWindowEx(HWND_MESSAGE, NULL, (LPCTSTR)wnd_class, guid_str.c_str());
if (hwnd_master) {
// Another monitor is already running.
m_is_master = false;
// Register slave windows class slightly different, not to include slaves in FindWindowEx().
const WNDCLASSEX wnd_class_desc = {
sizeof(WNDCLASSEX), // cbSize
0, // style
winproc, // lpfnWndProc
0, // cbClsExtra
0, // cbWndExtra
module, // hInstance
NULL, // hIcon
NULL, // hCursor
NULL, // hbrBackground
NULL, // lpszMenuName
_T(__FUNCTION__) _T("-Slave"), // lpszClassName
NULL // hIconSm
};
wnd_class = RegisterClassEx(&wnd_class_desc);
if (!wnd_class)
throw win_runtime_error(__FUNCTION__ " Error registering slave monitor window class.");
} else {
// This is a fresh monitor.
m_is_master = true;
}
m_hwnd = CreateWindowEx(
0, // dwExStyle
(LPCTSTR)wnd_class, // lpClassName
guid_str.c_str(), // lpWindowName
0, // dwStyle
0, // x
0, // y
0, // nWidth
0, // nHeight
HWND_MESSAGE, // hWndParent
NULL, // hMenu
module, // hInstance
this); // lpParam
if (!m_is_master) {
// Notify master we are waiting him.
SendMessage(hwnd_master, s_msg_attach, 0, (LPARAM)m_hwnd);
// Slaves must pump message queue until finished.
MSG msg;
while (GetMessage(&msg, NULL, 0, 0) > 0) {
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}
}
eap::monitor_ui::~monitor_ui()
{
if (m_hwnd)
DestroyWindow(m_hwnd);
}
void eap::monitor_ui::set_popup(_In_ HWND hwnd)
{
m_hwnd_popup = hwnd;
}
void eap::monitor_ui::release_slaves(_In_bytecount_(size) const void *data, _In_ size_t size) const
{
assert(!size || data);
for (list<HWND>::const_iterator slave = m_slaves.begin(), slave_end = m_slaves.end(); slave != slave_end; ++slave) {
// Get slave's PID.
DWORD pid_slave;
GetWindowThreadProcessId(*slave, &pid_slave);
// Get slave's process handle.
process proc_slave;
if (!proc_slave.open(PROCESS_VM_OPERATION | PROCESS_VM_WRITE, 0, pid_slave))
continue;
// Allocate memory in slave's virtual memory space and save data to it.
vmemory mem_slave;
if (!mem_slave.alloc(proc_slave, NULL, size, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE))
continue;
if (!WriteProcessMemory(proc_slave, mem_slave, data, size, NULL))
continue;
// Notify slave. Use SendMessage(), not PostMessage(), as memory will get cleaned up.
SendMessage(*slave, s_msg_finish, (WPARAM)size, (LPARAM)(LPVOID)mem_slave);
}
}
LRESULT eap::monitor_ui::winproc(
_In_ UINT msg,
_In_ WPARAM wparam,
_In_ LPARAM lparam)
{
UNREFERENCED_PARAMETER(wparam);
if (msg == s_msg_attach) {
// Attach a new slave.
assert(m_is_master);
m_slaves.push_back((HWND)lparam);
if (m_hwnd_popup) {
// Bring pop-up window up.
if (::IsIconic(m_hwnd_popup))
::SendMessage(m_hwnd_popup, WM_SYSCOMMAND, SC_RESTORE, 0);
::SetActiveWindow(m_hwnd_popup);
::SetForegroundWindow(m_hwnd_popup);
}
return TRUE;
} else if (msg == s_msg_finish) {
// Master finished.
assert(!m_is_master);
m_data.assign((const unsigned char*)lparam, (const unsigned char*)lparam + wparam);
// Finish slave too.
DestroyWindow(m_hwnd);
return TRUE;
} else if (msg == WM_DESTROY) {
// Stop the message pump.
PostQuitMessage(0);
return 0;
}
return DefWindowProc(m_hwnd, msg, wparam, lparam);
}
LRESULT CALLBACK eap::monitor_ui::winproc(
_In_ HWND hwnd,
_In_ UINT msg,
_In_ WPARAM wparam,
_In_ LPARAM lparam)
{
if (msg == WM_CREATE) {
// Set window's user data to "this" pointer.
const CREATESTRUCT *cs = (CREATESTRUCT*)lparam;
SetWindowLongPtr(hwnd, GWLP_USERDATA, (LONG_PTR)cs->lpCreateParams);
// Forward to our handler.
return ((eap::monitor_ui*)cs->lpCreateParams)->winproc(msg, wparam, lparam);
} else {
// Get "this" pointer from window's user data.
eap::monitor_ui *_this = (eap::monitor_ui*)GetWindowLongPtr(hwnd, GWLP_USERDATA);
if (_this) {
// Forward to our handler.
return _this->winproc(msg, wparam, lparam);
} else
return DefWindowProc(hwnd, msg, wparam, lparam);
}
}
const UINT eap::monitor_ui::s_msg_attach = RegisterWindowMessage(_T(PRODUCT_NAME_STR) _T("-Attach"));
const UINT eap::monitor_ui::s_msg_finish = RegisterWindowMessage(_T(PRODUCT_NAME_STR) _T("-Finish"));

BIN
lib/Events/res/EventsETW.man
View File

Binary file not shown.

358
lib/TLS/include/Config.h
View File

@@ -1,176 +1,182 @@
/* /*
Copyright 2015-2016 Amebis Copyright 2015-2016 Amebis
Copyright 2016 GÉANT Copyright 2016 GÉANT
This file is part of GÉANTLink. This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or the Free Software Foundation, either version 3 of the License, or
(at your option) any later version. (at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details. GNU General Public License for more details.
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>. along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/ */
#include <WinStd/Common.h> #include <WinStd/Common.h>
#include <Windows.h> #include <Windows.h>
#include <WinCrypt.h> // Must include after <Windows.h> #include <WinCrypt.h> // Must include after <Windows.h>
#include <sal.h> #include <sal.h>
namespace eap #define EAP_TLS_OWN 0 ///< We do the TLS ourself
{ #define EAP_TLS_SCHANNEL 1 ///< TLS is done by Schannel, but server certificate check is done ourself
/// #define EAP_TLS_SCHANNEL_FULL 2 ///< TLS is fully done by Schannel
/// TLS configuration
/// namespace eap
class config_method_tls; {
///
/// /// TLS configuration
/// Helper function to compile human-readable certificate name for UI display ///
/// class config_method_tls;
winstd::tstring get_cert_title(PCCERT_CONTEXT cert);
} ///
/// Helper function to compile human-readable certificate name for UI display
#pragma once ///
winstd::tstring get_cert_title(PCCERT_CONTEXT cert);
#include "Credentials.h" }
#include "Method.h"
#include "TLS.h" #pragma once
#include "../../EAPBase/include/Config.h" #include "Credentials.h"
#include "Method.h"
#include <WinStd/Crypt.h> #include "TLS.h"
#include <Windows.h> #include "../../EAPBase/include/Config.h"
#include <list> #include <WinStd/Crypt.h>
#include <string>
#include <Windows.h>
namespace eap #include <list>
{ #include <string>
class config_method_tls : public config_method_with_cred
{
public: namespace eap
/// {
/// Constructs configuration class config_method_tls : public config_method_with_cred
/// {
/// \param[in] mod EAP module to use for global services public:
/// ///
config_method_tls(_In_ module &mod); /// Constructs configuration
///
/// /// \param[in] mod EAP module to use for global services
/// Copies configuration ///
/// config_method_tls(_In_ module &mod);
/// \param[in] other Configuration to copy from
/// ///
config_method_tls(_In_ const config_method_tls &other); /// Copies configuration
///
/// /// \param[in] other Configuration to copy from
/// Moves configuration ///
/// config_method_tls(_In_ const config_method_tls &other);
/// \param[in] other Configuration to move from
/// ///
config_method_tls(_Inout_ config_method_tls &&other); /// Moves configuration
///
/// /// \param[in] other Configuration to move from
/// Copies configuration ///
/// config_method_tls(_Inout_ config_method_tls &&other);
/// \param[in] other Configuration to copy from
/// ///
/// \returns Reference to this object /// Copies configuration
/// ///
config_method_tls& operator=(_In_ const config_method_tls &other); /// \param[in] other Configuration to copy from
///
/// /// \returns Reference to this object
/// Moves configuration ///
/// config_method_tls& operator=(_In_ const config_method_tls &other);
/// \param[in] other Configuration to move from
/// ///
/// \returns Reference to this object /// Moves configuration
/// ///
config_method_tls& operator=(_Inout_ config_method_tls &&other); /// \param[in] other Configuration to move from
///
/// /// \returns Reference to this object
/// Clones configuration ///
/// config_method_tls& operator=(_Inout_ config_method_tls &&other);
/// \returns Pointer to cloned configuration
/// ///
virtual config* clone() const; /// Clones configuration
///
/// \name XML configuration management /// \returns Pointer to cloned configuration
/// @{ ///
virtual config* clone() const;
///
/// Save to XML document /// \name XML configuration management
/// /// @{
/// \param[in] pDoc XML document
/// \param[in] pConfigRoot Suggested root element for saving ///
/// /// Save to XML document
virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const; ///
/// \param[in] pDoc XML document
/// /// \param[in] pConfigRoot Suggested root element for saving
/// Load from XML document ///
/// virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
/// \param[in] pConfigRoot Root element for loading
/// ///
virtual void load(_In_ IXMLDOMNode *pConfigRoot); /// Load from XML document
///
/// @} /// \param[in] pConfigRoot Root element for loading
///
/// \name BLOB management virtual void load(_In_ IXMLDOMNode *pConfigRoot);
/// @{
/// @}
///
/// Packs a configuration /// \name BLOB management
/// /// @{
/// \param[inout] cursor Memory cursor
/// ///
virtual void operator<<(_Inout_ cursor_out &cursor) const; /// Packs a configuration
///
/// /// \param[inout] cursor Memory cursor
/// Returns packed size of a configuration ///
/// virtual void operator<<(_Inout_ cursor_out &cursor) const;
/// \returns Size of data when packed (in bytes)
/// ///
virtual size_t get_pk_size() const; /// Returns packed size of a configuration
///
/// /// \returns Size of data when packed (in bytes)
/// Unpacks a configuration ///
/// virtual size_t get_pk_size() const;
/// \param[inout] cursor Memory cursor
/// ///
virtual void operator>>(_Inout_ cursor_in &cursor); /// Unpacks a configuration
///
/// @} /// \param[inout] cursor Memory cursor
///
/// virtual void operator>>(_Inout_ cursor_in &cursor);
/// Returns EAP method type of this configuration
/// /// @}
/// \returns `eap::type_tls`
/// ///
virtual winstd::eap_type_t get_method_id() const; /// Returns EAP method type of this configuration
///
/// /// \returns `eap::type_tls`
/// Adds CA to the list of trusted root CA's ///
/// virtual winstd::eap_type_t get_method_id() const;
/// \sa [CertCreateCertificateContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa376033.aspx)
/// ///
bool add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded); /// Adds CA to the list of trusted root CA's
///
public: /// \sa [CertCreateCertificateContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa376033.aspx)
std::list<winstd::cert_context> m_trusted_root_ca; ///< Trusted root CAs ///
std::list<std::wstring> m_server_names; ///< Acceptable authenticating server names bool add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded);
// Following members are used for session resumptions. They are not exported/imported to XML. public:
sanitizing_blob m_session_id; ///< TLS session ID std::list<winstd::cert_context> m_trusted_root_ca; ///< Trusted root CAs
tls_master_secret m_master_secret; ///< TLS master secret std::list<std::wstring> m_server_names; ///< Acceptable authenticating server names
};
} #if EAP_TLS < EAP_TLS_SCHANNEL
// Following members are used for session resumptions. They are not exported/imported to XML.
sanitizing_blob m_session_id; ///< TLS session ID
tls_master_secret m_master_secret; ///< TLS master secret
#endif
};
}

5
lib/TLS/include/Credentials.h
View File

@@ -180,11 +180,6 @@ namespace eap
/// ///
virtual std::wstring get_identity() const; virtual std::wstring get_identity() const;
///
/// Returns credential name (for GUI display).
///
virtual winstd::tstring get_name() const;
/// ///
/// Combine credentials in the following order: /// Combine credentials in the following order:
/// ///

49
lib/TLS/include/Method.h
View File

@@ -36,6 +36,7 @@ namespace eap
#include "../../EAPBase/include/Method.h" #include "../../EAPBase/include/Method.h"
#include <WinStd/Crypt.h> #include <WinStd/Crypt.h>
#include <WinStd/Sec.h>
#include <list> #include <list>
#include <vector> #include <vector>
@@ -145,10 +146,10 @@ namespace eap
/// Constructs an EAP method /// Constructs an EAP method
/// ///
/// \param[in] mod EAP module to use for global services /// \param[in] mod EAP module to use for global services
/// \param[in] cfg Providers configuration /// \param[in] cfg Connection configuration
/// \param[in] cred User credentials /// \param[in] cred User credentials
/// ///
method_tls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_tls &cred); method_tls(_In_ module &module, _In_ config_connection &cfg, _In_ credentials_tls &cred);
/// ///
/// Moves an EAP method /// Moves an EAP method
@@ -216,6 +217,7 @@ namespace eap
/// @} /// @}
protected: protected:
#if EAP_TLS < EAP_TLS_SCHANNEL
/// \name Client handshake message generation /// \name Client handshake message generation
/// @{ /// @{
@@ -360,6 +362,18 @@ namespace eap
/// ///
virtual void process_handshake(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size); virtual void process_handshake(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
#else
///
/// Process handshake
///
void process_handshake();
///
/// Process application data
///
void process_application_data();
#endif
/// ///
/// Processes a TLS application_data message /// Processes a TLS application_data message
/// ///
@@ -370,24 +384,16 @@ namespace eap
/// ///
virtual void process_application_data(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size); virtual void process_application_data(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
/////
///// Processes a vendor-specific TLS message
/////
///// \note Please see `m_cipher_spec` member if the message data came encrypted.
/////
///// \param[in] type TLS message type
///// \param[in] msg TLS message data
///// \param[in] msg_size TLS message data size
/////
//virtual void process_vendor_data(_In_ tls_message_type_t type, _In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
/// @} /// @}
#if EAP_TLS < EAP_TLS_SCHANNEL_FULL
/// ///
/// Verifies server's certificate if trusted by configuration /// Verifies server's certificate if trusted by configuration
/// ///
void verify_server_trust() const; void verify_server_trust() const;
#endif
#if EAP_TLS < EAP_TLS_SCHANNEL
/// \name Encryption /// \name Encryption
/// @{ /// @{
@@ -481,13 +487,16 @@ namespace eap
_In_ HCRYPTKEY key, _In_ HCRYPTKEY key,
_In_bytecount_(size_secret) const void *secret, _In_bytecount_(size_secret) const void *secret,
_In_ size_t size_secret); _In_ size_t size_secret);
#endif
protected: protected:
credentials_tls &m_cred; ///< EAP-TLS user credentials credentials_tls &m_cred; ///< EAP-TLS user credentials
HANDLE m_user_ctx; ///< Handle to user context
packet m_packet_req; ///< Request packet packet m_packet_req; ///< Request packet
packet m_packet_res; ///< Response packet packet m_packet_res; ///< Response packet
#if EAP_TLS < EAP_TLS_SCHANNEL
winstd::crypt_prov m_cp; ///< Cryptography provider for general services winstd::crypt_prov m_cp; ///< Cryptography provider for general services
winstd::crypt_prov m_cp_enc_client; ///< Cryptography provider for encryption winstd::crypt_prov m_cp_enc_client; ///< Cryptography provider for encryption
winstd::crypt_prov m_cp_enc_server; ///< Cryptography provider for encryption winstd::crypt_prov m_cp_enc_server; ///< Cryptography provider for encryption
@@ -528,6 +537,20 @@ namespace eap
unsigned __int64 m_seq_num_client; ///< Sequence number for encrypting unsigned __int64 m_seq_num_client; ///< Sequence number for encrypting
unsigned __int64 m_seq_num_server; ///< Sequence number for decrypting unsigned __int64 m_seq_num_server; ///< Sequence number for decrypting
#else
winstd::tstring m_sc_target_name; ///< Schannel target name
winstd::sec_credentials m_sc_cred; ///< Schannel client credentials
std::vector<unsigned char> m_sc_queue; ///< TLS data queue
winstd::sec_context m_sc_ctx; ///< Schannel context
enum {
phase_unknown = -1, ///< Unknown phase
phase_handshake_init = 0, ///< Handshake initialize
phase_handshake_cont, ///< Handshake continue
phase_application_data, ///< Exchange application data
phase_shutdown, ///< Connection shut down
} m_phase; ///< What phase is our communication at?
#endif
// The following members are required to avoid memory leakage in get_result() // The following members are required to avoid memory leakage in get_result()
EAP_ATTRIBUTES m_eap_attr_desc; ///< EAP Radius attributes descriptor EAP_ATTRIBUTES m_eap_attr_desc; ///< EAP Radius attributes descriptor

9
lib/TLS/include/TLS.h
View File

@@ -503,7 +503,16 @@ namespace eap
/// ///
tls_conn_state& operator=(_Inout_ tls_conn_state &&other); tls_conn_state& operator=(_Inout_ tls_conn_state &&other);
///
/// Configures state according to given cipher
///
/// \param[in] cipher Cipher ID
///
void set_cipher(_In_ const unsigned char cipher[2]);
public: public:
LPCTSTR m_prov_name; ///< Cryptography provider name
DWORD m_prov_type; ///< Cryptography provider type
ALG_ID m_alg_encrypt; ///< Bulk encryption algorithm ALG_ID m_alg_encrypt; ///< Bulk encryption algorithm
size_t m_size_enc_key; ///< Encryption key size in bytes (has to comply with `m_alg_encrypt`) size_t m_size_enc_key; ///< Encryption key size in bytes (has to comply with `m_alg_encrypt`)
size_t m_size_enc_iv; ///< Encryption initialization vector size in bytes (has to comply with `m_alg_encrypt`) size_t m_size_enc_iv; ///< Encryption initialization vector size in bytes (has to comply with `m_alg_encrypt`)

613
lib/TLS/src/Config.cpp
View File

@@ -1,298 +1,315 @@
/* /*
Copyright 2015-2016 Amebis Copyright 2015-2016 Amebis
Copyright 2016 GÉANT Copyright 2016 GÉANT
This file is part of GÉANTLink. This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or the Free Software Foundation, either version 3 of the License, or
(at your option) any later version. (at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details. GNU General Public License for more details.
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>. along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/ */
#include "StdAfx.h" #include "StdAfx.h"
#pragma comment(lib, "Cryptui.lib") #pragma comment(lib, "Cryptui.lib")
using namespace std; using namespace std;
using namespace winstd; using namespace winstd;
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
// eap::get_cert_title // eap::get_cert_title
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
tstring eap::get_cert_title(PCCERT_CONTEXT cert) tstring eap::get_cert_title(PCCERT_CONTEXT cert)
{ {
tstring name, str, issuer, title; tstring name, str, issuer, title;
FILETIME ft; FILETIME ft;
SYSTEMTIME st; SYSTEMTIME st;
// Prepare certificate information // Prepare certificate information
CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, name); CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, name);
title += name; title += name;
FileTimeToLocalFileTime(&(cert->pCertInfo->NotBefore), &ft); FileTimeToLocalFileTime(&(cert->pCertInfo->NotBefore), &ft);
FileTimeToSystemTime(&ft, &st); FileTimeToSystemTime(&ft, &st);
GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str); GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str);
title += _T(", "); title += _T(", ");
title += str; title += str;
FileTimeToLocalFileTime(&(cert->pCertInfo->NotAfter ), &ft); FileTimeToLocalFileTime(&(cert->pCertInfo->NotAfter ), &ft);
FileTimeToSystemTime(&ft, &st); FileTimeToSystemTime(&ft, &st);
GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str); GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str);
title += _T('-'); title += _T('-');
title += str; title += str;
CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, CERT_NAME_ISSUER_FLAG, NULL, issuer); CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, CERT_NAME_ISSUER_FLAG, NULL, issuer);
if (name != issuer) { if (name != issuer) {
title += _T(", "); title += _T(", ");
title += issuer; title += issuer;
} }
return title; return title;
} }
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
// eap::config_method_tls // eap::config_method_tls
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
eap::config_method_tls::config_method_tls(_In_ module &mod) : config_method_with_cred(mod) eap::config_method_tls::config_method_tls(_In_ module &mod) : config_method_with_cred(mod)
{ {
m_preshared.reset(new credentials_tls(mod)); m_preshared.reset(new credentials_tls(mod));
} }
eap::config_method_tls::config_method_tls(_In_ const config_method_tls &other) : eap::config_method_tls::config_method_tls(_In_ const config_method_tls &other) :
m_trusted_root_ca(other.m_trusted_root_ca), m_trusted_root_ca(other.m_trusted_root_ca),
m_server_names(other.m_server_names), m_server_names(other.m_server_names),
m_session_id(other.m_session_id), #if EAP_TLS < EAP_TLS_SCHANNEL
m_master_secret(other.m_master_secret), m_session_id(other.m_session_id),
config_method_with_cred(other) m_master_secret(other.m_master_secret),
{ #endif
} config_method_with_cred(other)
{
}
eap::config_method_tls::config_method_tls(_Inout_ config_method_tls &&other) :
m_trusted_root_ca(std::move(other.m_trusted_root_ca)),
m_server_names(std::move(other.m_server_names)), eap::config_method_tls::config_method_tls(_Inout_ config_method_tls &&other) :
m_session_id(std::move(other.m_session_id)), m_trusted_root_ca(std::move(other.m_trusted_root_ca)),
m_master_secret(std::move(other.m_master_secret)), m_server_names(std::move(other.m_server_names)),
config_method_with_cred(std::move(other)) #if EAP_TLS < EAP_TLS_SCHANNEL
{ m_session_id(std::move(other.m_session_id)),
} m_master_secret(std::move(other.m_master_secret)),
#endif
config_method_with_cred(std::move(other))
eap::config_method_tls& eap::config_method_tls::operator=(_In_ const config_method_tls &other) {
{ }
if (this != &other) {
(config_method_with_cred&)*this = other;
m_trusted_root_ca = other.m_trusted_root_ca; eap::config_method_tls& eap::config_method_tls::operator=(_In_ const config_method_tls &other)
m_server_names = other.m_server_names; {
m_session_id = other.m_session_id; if (this != &other) {
m_master_secret = other.m_master_secret; (config_method_with_cred&)*this = other;
} m_trusted_root_ca = other.m_trusted_root_ca;
m_server_names = other.m_server_names;
return *this; #if EAP_TLS < EAP_TLS_SCHANNEL
} m_session_id = other.m_session_id;
m_master_secret = other.m_master_secret;
#endif
eap::config_method_tls& eap::config_method_tls::operator=(_Inout_ config_method_tls &&other) }
{
if (this != &other) { return *this;
(config_method_with_cred&&)*this = std::move(other); }
m_trusted_root_ca = std::move(other.m_trusted_root_ca);
m_server_names = std::move(other.m_server_names);
m_session_id = std::move(other.m_session_id); eap::config_method_tls& eap::config_method_tls::operator=(_Inout_ config_method_tls &&other)
m_master_secret = std::move(other.m_master_secret); {
} if (this != &other) {
(config_method_with_cred&&)*this = std::move(other);
return *this; m_trusted_root_ca = std::move(other.m_trusted_root_ca);
} m_server_names = std::move(other.m_server_names);
#if EAP_TLS < EAP_TLS_SCHANNEL
m_session_id = std::move(other.m_session_id);
eap::config* eap::config_method_tls::clone() const m_master_secret = std::move(other.m_master_secret);
{ #endif
return new config_method_tls(*this); }
}
return *this;
}
void eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
{
assert(pDoc); eap::config* eap::config_method_tls::clone() const
assert(pConfigRoot); {
return new config_method_tls(*this);
config_method_with_cred::save(pDoc, pConfigRoot); }
const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
HRESULT hr; void eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
{
// <ServerSideCredential> assert(pDoc);
com_obj<IXMLDOMElement> pXmlElServerSideCredential; assert(pConfigRoot);
if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), bstr(L"ServerSideCredential"), bstrNamespace, &pXmlElServerSideCredential)))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerSideCredential> element."); config_method_with_cred::save(pDoc, pConfigRoot);
for (list<cert_context>::const_iterator i = m_trusted_root_ca.begin(), i_end = m_trusted_root_ca.end(); i != i_end; ++i) { const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
// <CA> HRESULT hr;
com_obj<IXMLDOMElement> pXmlElCA;
if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"CA"), bstrNamespace, &pXmlElCA))) // <ServerSideCredential>
throw com_runtime_error(hr, __FUNCTION__ " Error creating <CA> element."); com_obj<IXMLDOMElement> pXmlElServerSideCredential;
if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), bstr(L"ServerSideCredential"), bstrNamespace, &pXmlElServerSideCredential)))
// <CA>/<format> throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerSideCredential> element.");
if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElCA, bstr(L"format"), bstrNamespace, bstr(L"PEM"))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <format> element."); for (list<cert_context>::const_iterator i = m_trusted_root_ca.begin(), i_end = m_trusted_root_ca.end(); i != i_end; ++i) {
// <CA>
// <CA>/<cert-data> com_obj<IXMLDOMElement> pXmlElCA;
const cert_context &cc = *i; if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"CA"), bstrNamespace, &pXmlElCA)))
if (FAILED(hr = eapxml::put_element_base64(pDoc, pXmlElCA, bstr(L"cert-data"), bstrNamespace, cc->pbCertEncoded, cc->cbCertEncoded))) throw com_runtime_error(hr, __FUNCTION__ " Error creating <CA> element.");
throw com_runtime_error(hr, __FUNCTION__ " Error creating <cert-data> element.");
// <CA>/<format>
if (FAILED(hr = pXmlElServerSideCredential->appendChild(pXmlElCA, NULL))) if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElCA, bstr(L"format"), bstrNamespace, bstr(L"PEM"))))
throw com_runtime_error(hr, __FUNCTION__ " Error appending <CA> element."); throw com_runtime_error(hr, __FUNCTION__ " Error creating <format> element.");
}
// <CA>/<cert-data>
// <ServerName> const cert_context &cc = *i;
for (list<wstring>::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) { if (FAILED(hr = eapxml::put_element_base64(pDoc, pXmlElCA, bstr(L"cert-data"), bstrNamespace, cc->pbCertEncoded, cc->cbCertEncoded)))
if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(*i)))) throw com_runtime_error(hr, __FUNCTION__ " Error creating <cert-data> element.");
throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerName> element.");
} if (FAILED(hr = pXmlElServerSideCredential->appendChild(pXmlElCA, NULL)))
} throw com_runtime_error(hr, __FUNCTION__ " Error appending <CA> element.");
}
void eap::config_method_tls::load(_In_ IXMLDOMNode *pConfigRoot) // <ServerName>
{ for (list<wstring>::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) {
assert(pConfigRoot); if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(*i))))
throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerName> element.");
config_method_with_cred::load(pConfigRoot); }
}
std::wstring xpath(eapxml::get_xpath(pConfigRoot));
m_trusted_root_ca.clear(); void eap::config_method_tls::load(_In_ IXMLDOMNode *pConfigRoot)
m_server_names.clear(); {
assert(pConfigRoot);
// <ServerSideCredential>
com_obj<IXMLDOMElement> pXmlElServerSideCredential; config_method_with_cred::load(pConfigRoot);
if (SUCCEEDED(eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), &pXmlElServerSideCredential))) {
std::wstring xpathServerSideCredential(xpath + L"/ServerSideCredential"); std::wstring xpath(eapxml::get_xpath(pConfigRoot));
// <CA> m_trusted_root_ca.clear();
com_obj<IXMLDOMNodeList> pXmlListCAs; m_server_names.clear();
long lCACount = 0;
if (SUCCEEDED(eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:CA"), &pXmlListCAs)) && SUCCEEDED(pXmlListCAs->get_length(&lCACount))) { // <ServerSideCredential>
for (long j = 0; j < lCACount; j++) { com_obj<IXMLDOMElement> pXmlElServerSideCredential;
// Load CA certificate. if (SUCCEEDED(eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), &pXmlElServerSideCredential))) {
com_obj<IXMLDOMNode> pXmlElCA; std::wstring xpathServerSideCredential(xpath + L"/ServerSideCredential");
pXmlListCAs->get_item(j, &pXmlElCA);
bstr bstrFormat; // <CA>
if (FAILED(eapxml::get_element_value(pXmlElCA, bstr(L"eap-metadata:format"), &bstrFormat))) { com_obj<IXMLDOMNodeList> pXmlListCAs;
// <format> not specified. long lCACount = 0;
continue; if (SUCCEEDED(eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:CA"), &pXmlListCAs)) && SUCCEEDED(pXmlListCAs->get_length(&lCACount))) {
} for (long j = 0; j < lCACount; j++) {
// Load CA certificate.
if (CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, bstrFormat, bstrFormat.length(), L"PEM", -1, NULL, NULL, 0) != CSTR_EQUAL) { com_obj<IXMLDOMNode> pXmlElCA;
// Certificate must be PEM encoded. pXmlListCAs->get_item(j, &pXmlElCA);
continue; bstr bstrFormat;
} if (FAILED(eapxml::get_element_value(pXmlElCA, bstr(L"eap-metadata:format"), &bstrFormat))) {
// <format> not specified.
vector<unsigned char> aData; continue;
if (FAILED(eapxml::get_element_base64(pXmlElCA, bstr(L"eap-metadata:cert-data"), aData))) { }
// Error reading <cert-data> element.
continue; if (CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, bstrFormat, bstrFormat.length(), L"PEM", -1, NULL, NULL, 0) != CSTR_EQUAL) {
} // Certificate must be PEM encoded.
continue;
add_trusted_ca(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, aData.data(), (DWORD)aData.size()); }
}
vector<unsigned char> aData;
// Log loaded CA certificates. if (FAILED(eapxml::get_element_base64(pXmlElCA, bstr(L"eap-metadata:cert-data"), aData))) {
list<tstring> cert_names; // Error reading <cert-data> element.
for (std::list<winstd::cert_context>::const_iterator cert = m_trusted_root_ca.cbegin(), cert_end = m_trusted_root_ca.cend(); cert != cert_end; ++cert) continue;
cert_names.push_back(std::move(get_cert_title(*cert))); }
m_module.log_config((xpathServerSideCredential + L"/CA").c_str(), cert_names);
} add_trusted_ca(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, aData.data(), (DWORD)aData.size());
}
// <ServerName>
com_obj<IXMLDOMNodeList> pXmlListServerIDs; // Log loaded CA certificates.
long lServerIDCount = 0; list<tstring> cert_names;
if (SUCCEEDED(eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:ServerName"), &pXmlListServerIDs)) && SUCCEEDED(pXmlListServerIDs->get_length(&lServerIDCount))) { for (std::list<winstd::cert_context>::const_iterator cert = m_trusted_root_ca.cbegin(), cert_end = m_trusted_root_ca.cend(); cert != cert_end; ++cert)
for (long j = 0; j < lServerIDCount; j++) { cert_names.push_back(std::move(get_cert_title(*cert)));
// Load server name (<ServerName>). m_module.log_config((xpathServerSideCredential + L"/CA").c_str(), cert_names);
com_obj<IXMLDOMNode> pXmlElServerID; }
pXmlListServerIDs->get_item(j, &pXmlElServerID);
bstr bstrServerID; // <ServerName>
pXmlElServerID->get_text(&bstrServerID); com_obj<IXMLDOMNodeList> pXmlListServerIDs;
m_server_names.push_back(wstring(bstrServerID)); long lServerIDCount = 0;
} if (SUCCEEDED(eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:ServerName"), &pXmlListServerIDs)) && SUCCEEDED(pXmlListServerIDs->get_length(&lServerIDCount))) {
for (long j = 0; j < lServerIDCount; j++) {
m_module.log_config((xpathServerSideCredential + L"/ServerName").c_str(), m_server_names); // Load server name (<ServerName>).
} com_obj<IXMLDOMNode> pXmlElServerID;
} pXmlListServerIDs->get_item(j, &pXmlElServerID);
} bstr bstrServerID;
pXmlElServerID->get_text(&bstrServerID);
m_server_names.push_back(wstring(bstrServerID));
void eap::config_method_tls::operator<<(_Inout_ cursor_out &cursor) const }
{
config_method_with_cred::operator<<(cursor); m_module.log_config((xpathServerSideCredential + L"/ServerName").c_str(), m_server_names);
cursor << m_trusted_root_ca; }
cursor << m_server_names ; }
cursor << m_session_id ; }
cursor << m_master_secret ;
}
void eap::config_method_tls::operator<<(_Inout_ cursor_out &cursor) const
{
size_t eap::config_method_tls::get_pk_size() const config_method_with_cred::operator<<(cursor);
{ cursor << m_trusted_root_ca;
return cursor << m_server_names ;
config_method_with_cred::get_pk_size() + #if EAP_TLS < EAP_TLS_SCHANNEL
pksizeof(m_trusted_root_ca) + cursor << m_session_id ;
pksizeof(m_server_names ) + cursor << m_master_secret ;
pksizeof(m_session_id ) + #endif
pksizeof(m_master_secret ); }
}
size_t eap::config_method_tls::get_pk_size() const
void eap::config_method_tls::operator>>(_Inout_ cursor_in &cursor) {
{ return
config_method_with_cred::operator>>(cursor); config_method_with_cred::get_pk_size() +
cursor >> m_trusted_root_ca; pksizeof(m_trusted_root_ca) +
cursor >> m_server_names ; pksizeof(m_server_names )
cursor >> m_session_id ; #if EAP_TLS < EAP_TLS_SCHANNEL
cursor >> m_master_secret ; +
} pksizeof(m_session_id ) +
pksizeof(m_master_secret );
#else
eap_type_t eap::config_method_tls::get_method_id() const ;
{ #endif
return eap_type_tls; }
}
void eap::config_method_tls::operator>>(_Inout_ cursor_in &cursor)
bool eap::config_method_tls::add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded) {
{ config_method_with_cred::operator>>(cursor);
cert_context cert; cursor >> m_trusted_root_ca;
if (!cert.create(dwCertEncodingType, pbCertEncoded, cbCertEncoded)) { cursor >> m_server_names ;
// Invalid or unsupported certificate. #if EAP_TLS < EAP_TLS_SCHANNEL
return false; cursor >> m_session_id ;
} cursor >> m_master_secret ;
#endif
for (list<cert_context>::const_iterator i = m_trusted_root_ca.cbegin(), i_end = m_trusted_root_ca.cend();; ++i) { }
if (i != i_end) {
if (*i == cert) {
// This certificate is already on the list. eap_type_t eap::config_method_tls::get_method_id() const
return false; {
} return eap_type_tls;
} else { }
// End of list reached. Append certificate.
m_trusted_root_ca.push_back(std::move(cert));
return true; bool eap::config_method_tls::add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ const BYTE *pbCertEncoded, _In_ DWORD cbCertEncoded)
} {
} cert_context cert;
} if (!cert.create(dwCertEncodingType, pbCertEncoded, cbCertEncoded)) {
// Invalid or unsupported certificate.
return false;
}
for (list<cert_context>::const_iterator i = m_trusted_root_ca.cbegin(), i_end = m_trusted_root_ca.cend();; ++i) {
if (i != i_end) {
if (*i == cert) {
// This certificate is already on the list.
return false;
}
} else {
// End of list reached. Append certificate.
m_trusted_root_ca.push_back(std::move(cert));
return true;
}
}
}

26
lib/TLS/src/Credentials.cpp
View File

@@ -182,11 +182,10 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName) const
throw win_runtime_error(__FUNCTION__ " CryptProtectData failed."); throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
tstring target(target_name(pszTargetName)); tstring target(target_name(pszTargetName));
wstring name(std::move(get_name()));
// Write credentials. // Write credentials.
assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE); assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE);
assert(name.length() < CRED_MAX_USERNAME_LENGTH ); assert(m_identity.length() < CRED_MAX_USERNAME_LENGTH );
CREDENTIAL cred = { CREDENTIAL cred = {
0, // Flags 0, // Flags
CRED_TYPE_GENERIC, // Type CRED_TYPE_GENERIC, // Type
@@ -199,7 +198,7 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName) const
0, // AttributeCount 0, // AttributeCount
NULL, // Attributes NULL, // Attributes
NULL, // TargetAlias NULL, // TargetAlias
(LPTSTR)name.c_str() // UserName (LPTSTR)m_identity.c_str() // UserName
}; };
if (!CredWrite(&cred, 0)) if (!CredWrite(&cred, 0))
throw win_runtime_error(__FUNCTION__ " CredWrite failed."); throw win_runtime_error(__FUNCTION__ " CredWrite failed.");
@@ -227,7 +226,14 @@ void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName)
if (!bResult) if (!bResult)
throw win_runtime_error(__FUNCTION__ " Error loading certificate."); throw win_runtime_error(__FUNCTION__ " Error loading certificate.");
m_module.log_config((wstring(pszTargetName) + L"/Certificate").c_str(), get_name().c_str()); if (cred->UserName)
m_identity = cred->UserName;
else
m_identity.clear();
wstring xpath(pszTargetName);
m_module.log_config((xpath + L"/Identity").c_str(), m_identity.c_str());
m_module.log_config((xpath + L"/Certificate").c_str(), get_name().c_str());
} }
@@ -239,7 +245,9 @@ LPCTSTR eap::credentials_tls::target_suffix() const
std::wstring eap::credentials_tls::get_identity() const std::wstring eap::credentials_tls::get_identity() const
{ {
if (m_cert) { if (!m_identity.empty()) {
return m_identity;
} else if (m_cert) {
wstring identity; wstring identity;
CertGetNameString(m_cert, CERT_NAME_EMAIL_TYPE, 0, NULL, identity); CertGetNameString(m_cert, CERT_NAME_EMAIL_TYPE, 0, NULL, identity);
return identity; return identity;
@@ -248,12 +256,6 @@ std::wstring eap::credentials_tls::get_identity() const
} }
tstring eap::credentials_tls::get_name() const
{
return m_cert ? std::move(get_cert_title(m_cert)) : _T("<blank>");
}
eap::credentials::source_t eap::credentials_tls::combine( eap::credentials::source_t eap::credentials_tls::combine(
_In_ const credentials_tls *cred_cached, _In_ const credentials_tls *cred_cached,
_In_ const config_method_tls &cfg, _In_ const config_method_tls &cfg,

3614
lib/TLS/src/Method.cpp
View File

File diff suppressed because it is too large Load Diff

1
lib/TLS/src/StdAfx.h
View File

@@ -31,6 +31,7 @@
#include <WinStd/EAP.h> #include <WinStd/EAP.h>
#include <EapHostError.h> #include <EapHostError.h>
#include <schnlsp.h>
#include <time.h> #include <time.h>
#include <algorithm> #include <algorithm>

153
lib/TLS/src/TLS.cpp
View File

@@ -182,6 +182,8 @@ eap::tls_conn_state::tls_conn_state()
#ifdef _DEBUG #ifdef _DEBUG
// Initialize state primitive members for diagnostic purposes. // Initialize state primitive members for diagnostic purposes.
: :
m_prov_name (NULL),
m_prov_type (0),
m_alg_encrypt (0), m_alg_encrypt (0),
m_size_enc_key (0), m_size_enc_key (0),
m_size_enc_iv (0), m_size_enc_iv (0),
@@ -195,6 +197,8 @@ eap::tls_conn_state::tls_conn_state()
eap::tls_conn_state::tls_conn_state(_In_ const tls_conn_state &other) : eap::tls_conn_state::tls_conn_state(_In_ const tls_conn_state &other) :
m_prov_name (other.m_prov_name ),
m_prov_type (other.m_prov_type ),
m_alg_encrypt (other.m_alg_encrypt ), m_alg_encrypt (other.m_alg_encrypt ),
m_size_enc_key (other.m_size_enc_key ), m_size_enc_key (other.m_size_enc_key ),
m_size_enc_iv (other.m_size_enc_iv ), m_size_enc_iv (other.m_size_enc_iv ),
@@ -209,6 +213,8 @@ eap::tls_conn_state::tls_conn_state(_In_ const tls_conn_state &other) :
eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) : eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) :
m_prov_name (std::move(other.m_prov_name )),
m_prov_type (std::move(other.m_prov_type )),
m_alg_encrypt (std::move(other.m_alg_encrypt )), m_alg_encrypt (std::move(other.m_alg_encrypt )),
m_size_enc_key (std::move(other.m_size_enc_key )), m_size_enc_key (std::move(other.m_size_enc_key )),
m_size_enc_iv (std::move(other.m_size_enc_iv )), m_size_enc_iv (std::move(other.m_size_enc_iv )),
@@ -221,6 +227,8 @@ eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) :
{ {
#ifdef _DEBUG #ifdef _DEBUG
// Reinitialize other state primitive members for diagnostic purposes. // Reinitialize other state primitive members for diagnostic purposes.
other.m_prov_name = NULL;
other.m_prov_type = 0;
other.m_alg_encrypt = 0; other.m_alg_encrypt = 0;
other.m_size_enc_key = 0; other.m_size_enc_key = 0;
other.m_size_enc_iv = 0; other.m_size_enc_iv = 0;
@@ -235,6 +243,8 @@ eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) :
eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &other) eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &other)
{ {
if (this != std::addressof(other)) { if (this != std::addressof(other)) {
m_prov_name = other.m_prov_name ;
m_prov_type = other.m_prov_type ;
m_alg_encrypt = other.m_alg_encrypt ; m_alg_encrypt = other.m_alg_encrypt ;
m_size_enc_key = other.m_size_enc_key ; m_size_enc_key = other.m_size_enc_key ;
m_size_enc_iv = other.m_size_enc_iv ; m_size_enc_iv = other.m_size_enc_iv ;
@@ -253,6 +263,8 @@ eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &o
eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&other) eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&other)
{ {
if (this != std::addressof(other)) { if (this != std::addressof(other)) {
m_prov_name = std::move(other.m_prov_name );
m_prov_type = std::move(other.m_prov_type );
m_alg_encrypt = std::move(other.m_alg_encrypt ); m_alg_encrypt = std::move(other.m_alg_encrypt );
m_size_enc_key = std::move(other.m_size_enc_key ); m_size_enc_key = std::move(other.m_size_enc_key );
m_size_enc_iv = std::move(other.m_size_enc_iv ); m_size_enc_iv = std::move(other.m_size_enc_iv );
@@ -265,6 +277,8 @@ eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&oth
#ifdef _DEBUG #ifdef _DEBUG
// Reinitialize other state primitive members for diagnostic purposes. // Reinitialize other state primitive members for diagnostic purposes.
other.m_prov_name = NULL;
other.m_prov_type = 0;
other.m_alg_encrypt = 0; other.m_alg_encrypt = 0;
other.m_size_enc_key = 0; other.m_size_enc_key = 0;
other.m_size_enc_iv = 0; other.m_size_enc_iv = 0;
@@ -277,3 +291,142 @@ eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&oth
return *this; return *this;
} }
void eap::tls_conn_state::set_cipher(_In_ const unsigned char cipher[2])
{
if (cipher[0] == 0x00 && cipher[1] == 0x0a) {
// TLS_RSA_WITH_3DES_EDE_CBC_SHA
m_prov_name = NULL;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_3DES;
m_size_enc_key = 192/8; // 3DES 192bits
m_size_enc_iv = 64/8; // 3DES 64bits
m_size_enc_block = 64/8; // 3DES 64bits
m_alg_mac = CALG_SHA1;
m_size_mac_key = 160/8; // SHA-1
m_size_mac_hash = 160/8; // SHA-1
} else if (cipher[0] == 0x00 && cipher[1] == 0x2f) {
// TLS_RSA_WITH_AES_128_CBC_SHA
m_prov_name = NULL;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA1;
m_size_mac_key = 160/8; // SHA-1
m_size_mac_hash = 160/8; // SHA-1
} else if (cipher[0] == 0x00 && cipher[1] == 0x3c) {
// AES128-SHA256
m_prov_name = NULL;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x3d) {
// AES256-SHA256
m_prov_name = MS_ENH_RSA_AES_PROV;
m_prov_type = PROV_RSA_AES;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x40) {
// DHE-DSS-AES128-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x67) {
// DHE-RSA-AES128-SHA256
m_prov_name = MS_DEF_DH_SCHANNEL_PROV;
m_prov_type = PROV_DH_SCHANNEL;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x6a) {
// DHE-DSS-AES256-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0x00 && cipher[1] == 0x6b) {
// DHE-RSA-AES256-SHA256
m_prov_name = MS_DEF_DH_SCHANNEL_PROV;
m_prov_type = PROV_DH_SCHANNEL;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0xc0 && cipher[1] == 0x23) {
// ECDHE-ECDSA-AES128-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0xc0 && cipher[1] == 0x24) {
// ECDHE-ECDSA-AES256-SHA384
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_384;
m_size_mac_key = 384/8; // SHA-384
m_size_mac_hash = 384/8; // SHA-384
} else if (cipher[0] == 0xc0 && cipher[1] == 0x27) {
// ECDHE-RSA-AES128-SHA256
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_128;
m_size_enc_key = 128/8; // AES-128
m_size_enc_iv = 128/8; // AES-128
m_size_enc_block = 128/8; // AES-128
m_alg_mac = CALG_SHA_256;
m_size_mac_key = 256/8; // SHA-256
m_size_mac_hash = 256/8; // SHA-256
} else if (cipher[0] == 0xc0 && cipher[1] == 0x28) {
// ECDHE-RSA-AES256-SHA384
m_prov_name = MS_ENH_DSS_DH_PROV;
m_prov_type = PROV_DSS_DH;
m_alg_encrypt = CALG_AES_256;
m_size_enc_key = 256/8; // AES-256
m_size_enc_iv = 128/8; // AES-256
m_size_enc_block = 128/8; // AES-256
m_alg_mac = CALG_SHA_384;
m_size_mac_key = 384/8; // SHA-384
m_size_mac_hash = 384/8; // SHA-384
} else
throw win_runtime_error(ERROR_NOT_SUPPORTED, string_printf(__FUNCTION__ " Unknown cipher (received 0x%02x%02x).", cipher[0], cipher[1]));
}

686
lib/TLS_UI/include/TLS_UI.h
View File

@@ -1,342 +1,344 @@
/* /*
Copyright 2015-2016 Amebis Copyright 2015-2016 Amebis
Copyright 2016 GÉANT Copyright 2016 GÉANT
This file is part of GÉANTLink. This file is part of GÉANTLink.
GÉANTLink is free software: you can redistribute it and/or modify it GÉANTLink is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or the Free Software Foundation, either version 3 of the License, or
(at your option) any later version. (at your option) any later version.
GÉANTLink is distributed in the hope that it will be useful, but GÉANTLink is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details. GNU General Public License for more details.
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>. along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
*/ */
#include "../../EAPBase_UI/include/EAP_UI.h" #include "../../EAPBase_UI/include/EAP_UI.h"
#include "../../TLS/include/Config.h" #include "../../TLS/include/Config.h"
#include "../../TLS/include/Credentials.h" #include "../../TLS/include/Credentials.h"
#include <WinStd/Common.h> #include <WinStd/Common.h>
#include <wx/filedlg.h> #include <wx/filedlg.h>
#include <wx/msgdlg.h> #include <wx/msgdlg.h>
#include <Windows.h> #include <Windows.h>
#include <cryptuiapi.h> #include <cryptuiapi.h>
#include <WinCrypt.h> // Must include after <Windows.h> #include <WinCrypt.h> // Must include after <Windows.h>
#include <list> #include <list>
#include <string> #include <string>
/// ///
/// Helper class for auto-destroyable certificates used in wxWidget's item containers /// Helper class for auto-destroyable certificates used in wxWidget's item containers
/// ///
class wxCertificateClientData; class wxCertificateClientData;
/// ///
/// Validator for host name /// Validator for host name
/// ///
class wxHostNameValidator; class wxHostNameValidator;
/// ///
/// Validator for FQDN /// Validator for FQDN
/// ///
class wxFQDNValidator; class wxFQDNValidator;
/// ///
/// Validator for FQDN lists /// Validator for FQDN lists
/// ///
class wxFQDNListValidator; class wxFQDNListValidator;
/// ///
/// TLS credential panel /// TLS credential panel
/// ///
class wxTLSCredentialsPanel; class wxTLSCredentialsPanel;
/// ///
/// TLS server trust configuration panel /// TLS server trust configuration panel
/// ///
class wxTLSServerTrustPanel; class wxTLSServerTrustPanel;
/// ///
/// TLS credentials configuration panel /// TLS credentials configuration panel
/// ///
typedef wxEAPCredentialsConfigPanel<eap::credentials_tls, wxTLSCredentialsPanel> wxTLSCredentialsConfigPanel; typedef wxEAPCredentialsConfigPanel<eap::credentials_tls, wxTLSCredentialsPanel> wxTLSCredentialsConfigPanel;
/// ///
/// TLS configuration panel /// TLS configuration panel
/// ///
class wxTLSConfigPanel; class wxTLSConfigPanel;
#pragma once #pragma once
#include "../res/wxTLS_UI.h" #include "../res/wxTLS_UI.h"
#include <WinStd/Win.h> #include <WinStd/Win.h>
#include <wx/clntdata.h> #include <wx/clntdata.h>
#include <wx/icon.h> #include <wx/icon.h>
#include <wx/panel.h> #include <wx/panel.h>
#include <wx/textctrl.h> #include <wx/textctrl.h>
#include <wx/validate.h> #include <wx/validate.h>
#include <list> #include <list>
#include <string> #include <string>
#include <vector> #include <vector>
class wxCertificateClientData : public wxClientData class wxCertificateClientData : public wxClientData
{ {
public: public:
/// ///
/// Constructs client data object with existing handle /// Constructs client data object with existing handle
/// ///
wxCertificateClientData(PCCERT_CONTEXT cert); wxCertificateClientData(PCCERT_CONTEXT cert);
/// ///
/// Releases certificate handle and destructs the object /// Releases certificate handle and destructs the object
/// ///
virtual ~wxCertificateClientData(); virtual ~wxCertificateClientData();
public: public:
PCCERT_CONTEXT m_cert; ///< Certificate PCCERT_CONTEXT m_cert; ///< Certificate
}; };
class wxHostNameValidator : public wxValidator class wxHostNameValidator : public wxValidator
{ {
wxDECLARE_DYNAMIC_CLASS(wxHostNameValidator); wxDECLARE_DYNAMIC_CLASS(wxHostNameValidator);
wxDECLARE_NO_ASSIGN_CLASS(wxHostNameValidator); wxDECLARE_NO_ASSIGN_CLASS(wxHostNameValidator);
public: public:
/// ///
/// Construct the validator with a value to store data /// Construct the validator with a value to store data
/// ///
wxHostNameValidator(std::wstring *val = NULL); wxHostNameValidator(std::wstring *val = NULL);
/// ///
/// Copy constructor /// Copy constructor
/// ///
wxHostNameValidator(const wxHostNameValidator &other); wxHostNameValidator(const wxHostNameValidator &other);
/// ///
/// Copies this validator /// Copies this validator
/// ///
virtual wxObject* Clone() const; virtual wxObject* Clone() const;
/// ///
/// Validates the value /// Validates the value
/// ///
virtual bool Validate(wxWindow *parent); virtual bool Validate(wxWindow *parent);
/// ///
/// Transfers the value to the window /// Transfers the value to the window
/// ///
virtual bool TransferToWindow(); virtual bool TransferToWindow();
/// ///
/// Transfers the value from the window /// Transfers the value from the window
/// ///
virtual bool TransferFromWindow(); virtual bool TransferFromWindow();
/// ///
/// Parses FQDN value /// Parses FQDN value
/// ///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL); static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL);
protected: protected:
std::wstring *m_val; ///< Pointer to variable to receive control's parsed value std::wstring *m_val; ///< Pointer to variable to receive control's parsed value
}; };
class wxFQDNValidator : public wxValidator class wxFQDNValidator : public wxValidator
{ {
wxDECLARE_DYNAMIC_CLASS(wxFQDNValidator); wxDECLARE_DYNAMIC_CLASS(wxFQDNValidator);
wxDECLARE_NO_ASSIGN_CLASS(wxFQDNValidator); wxDECLARE_NO_ASSIGN_CLASS(wxFQDNValidator);
public: public:
/// ///
/// Construct the validator with a value to store data /// Construct the validator with a value to store data
/// ///
wxFQDNValidator(std::wstring *val = NULL); wxFQDNValidator(std::wstring *val = NULL);
/// ///
/// Copy constructor /// Copy constructor
/// ///
wxFQDNValidator(const wxFQDNValidator &other); wxFQDNValidator(const wxFQDNValidator &other);
/// ///
/// Copies this validator /// Copies this validator
/// ///
virtual wxObject* Clone() const; virtual wxObject* Clone() const;
/// ///
/// Validates the value /// Validates the value
/// ///
virtual bool Validate(wxWindow *parent); virtual bool Validate(wxWindow *parent);
/// ///
/// Transfers the value to the window /// Transfers the value to the window
/// ///
virtual bool TransferToWindow(); virtual bool TransferToWindow();
/// ///
/// Transfers the value from the window /// Transfers the value from the window
/// ///
virtual bool TransferFromWindow(); virtual bool TransferFromWindow();
/// ///
/// Parses FQDN value /// Parses FQDN value
/// ///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL); static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL);
protected: protected:
std::wstring *m_val; ///< Pointer to variable to receive control's parsed value std::wstring *m_val; ///< Pointer to variable to receive control's parsed value
}; };
class wxFQDNListValidator : public wxValidator class wxFQDNListValidator : public wxValidator
{ {
wxDECLARE_DYNAMIC_CLASS(wxFQDNListValidator); wxDECLARE_DYNAMIC_CLASS(wxFQDNListValidator);
wxDECLARE_NO_ASSIGN_CLASS(wxFQDNListValidator); wxDECLARE_NO_ASSIGN_CLASS(wxFQDNListValidator);
public: public:
/// ///
/// Construct the validator with a value to store data /// Construct the validator with a value to store data
/// ///
wxFQDNListValidator(std::list<std::wstring> *val = NULL); wxFQDNListValidator(std::list<std::wstring> *val = NULL);
/// ///
/// Copy constructor /// Copy constructor
/// ///
wxFQDNListValidator(const wxFQDNListValidator &other); wxFQDNListValidator(const wxFQDNListValidator &other);
/// ///
/// Copies this validator /// Copies this validator
/// ///
virtual wxObject* Clone() const; virtual wxObject* Clone() const;
/// ///
/// Validates the value /// Validates the value
/// ///
virtual bool Validate(wxWindow *parent); virtual bool Validate(wxWindow *parent);
/// ///
/// Transfers the value to the window /// Transfers the value to the window
/// ///
virtual bool TransferToWindow(); virtual bool TransferToWindow();
/// ///
/// Transfers the value from the window /// Transfers the value from the window
/// ///
virtual bool TransferFromWindow(); virtual bool TransferFromWindow();
/// ///
/// Parses FQDN list value /// Parses FQDN list value
/// ///
static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::wstring> *val_out = NULL); static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::wstring> *val_out = NULL);
protected: protected:
std::list<std::wstring> *m_val; ///< Pointer to variable to receive control's parsed value std::list<std::wstring> *m_val; ///< Pointer to variable to receive control's parsed value
}; };
class wxTLSCredentialsPanel : public wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase> class wxTLSCredentialsPanel : public wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase>
{ {
public: public:
/// ///
/// Constructs a configuration panel /// Constructs a configuration panel
/// ///
/// \param[in] prov Provider configuration data /// \param[in] prov Provider configuration data
/// \param[in] cfg Configuration data /// \param[in] cfg Configuration data
/// \param[inout] cred Credentials data /// \param[inout] cred Credentials data
/// \param[in] pszCredTarget Target name of credentials in Windows Credential Manager. Can be further decorated to create final target name. /// \param[in] pszCredTarget Target name of credentials in Windows Credential Manager. Can be further decorated to create final target name.
/// \param[in] parent Parent window /// \param[in] parent Parent window
/// \param[in] is_config Is this panel used to pre-enter credentials? When \c true, the "Remember" checkbox is always selected and disabled. /// \param[in] is_config Is this panel used to pre-enter credentials? When \c true, the "Remember" checkbox is always selected and disabled.
/// ///
wxTLSCredentialsPanel(const eap::config_provider &prov, const eap::config_method_with_cred &cfg, eap::credentials_tls &cred, LPCTSTR pszCredTarget, wxWindow* parent, bool is_config = false); wxTLSCredentialsPanel(const eap::config_provider &prov, const eap::config_method_with_cred &cfg, eap::credentials_tls &cred, LPCTSTR pszCredTarget, wxWindow* parent, bool is_config = false);
protected: protected:
/// \cond internal /// \cond internal
virtual bool TransferDataToWindow(); virtual bool TransferDataToWindow();
virtual bool TransferDataFromWindow(); virtual bool TransferDataFromWindow();
virtual void OnUpdateUI(wxUpdateUIEvent& event); virtual void OnUpdateUI(wxUpdateUIEvent& event);
/// \endcond /// \endcond
protected: protected:
winstd::library m_shell32; ///< shell32.dll resource library reference winstd::library m_shell32; ///< shell32.dll resource library reference
wxIcon m_icon; ///< Panel icon wxIcon m_icon; ///< Panel icon
}; };
class wxTLSServerTrustPanel : public wxEAPTLSServerTrustConfigPanelBase class wxTLSServerTrustPanel : public wxEAPTLSServerTrustConfigPanelBase
{ {
public: public:
/// ///
/// Constructs a configuration panel /// Constructs a configuration panel
/// ///
wxTLSServerTrustPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, wxWindow* parent); wxTLSServerTrustPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, wxWindow* parent);
protected: protected:
/// \cond internal /// \cond internal
virtual bool TransferDataToWindow(); virtual bool TransferDataToWindow();
virtual bool TransferDataFromWindow(); virtual bool TransferDataFromWindow();
virtual void OnUpdateUI(wxUpdateUIEvent& event); virtual void OnUpdateUI(wxUpdateUIEvent& event);
virtual void OnRootCADClick(wxCommandEvent& event); virtual void OnRootCADClick(wxCommandEvent& event);
virtual void OnRootCAAddStore(wxCommandEvent& event); virtual void OnRootCAAddStore(wxCommandEvent& event);
virtual void OnRootCAAddFile(wxCommandEvent& event); virtual void OnRootCAAddFile(wxCommandEvent& event);
virtual void OnRootCARemove(wxCommandEvent& event); virtual void OnRootCARemove(wxCommandEvent& event);
/// \endcond /// \endcond
/// ///
/// Adds a certificate to the list of trusted root CA list /// Adds a certificate to the list of trusted root CA list
/// ///
/// \param[in] cert Certificate /// \param[in] cert Certificate
/// ///
/// \returns /// \returns
/// - \c true if certificate was added; /// - \c true if certificate was added;
/// - \c false if duplicate found or an error occured. /// - \c false if duplicate found or an error occured.
/// ///
bool AddRootCA(PCCERT_CONTEXT cert); bool AddRootCA(PCCERT_CONTEXT cert);
protected: protected:
const eap::config_provider &m_prov; ///< EAP provider const eap::config_provider &m_prov; ///< EAP provider
eap::config_method_tls &m_cfg; ///< TLS configuration eap::config_method_tls &m_cfg; ///< TLS configuration
winstd::library m_certmgr; ///< certmgr.dll resource library reference winstd::library m_certmgr; ///< certmgr.dll resource library reference
wxIcon m_icon; ///< Panel icon wxIcon m_icon; ///< Panel icon
std::list<std::wstring> m_server_names_val; ///< Acceptable authenticating server names std::list<std::wstring> m_server_names_val; ///< Acceptable authenticating server names
}; };
class wxTLSConfigPanel : public wxPanel class wxTLSConfigPanel : public wxPanel
{ {
public: public:
/// ///
/// Constructs a configuration panel /// Constructs a configuration panel
/// ///
wxTLSConfigPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, LPCTSTR pszCredTarget, wxWindow* parent); wxTLSConfigPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, LPCTSTR pszCredTarget, wxWindow* parent);
/// ///
/// Destructs the configuration panel /// Destructs the configuration panel
/// ///
virtual ~wxTLSConfigPanel(); virtual ~wxTLSConfigPanel();
protected: protected:
/// \cond internal /// \cond internal
virtual void OnInitDialog(wxInitDialogEvent& event); virtual void OnInitDialog(wxInitDialogEvent& event);
virtual bool TransferDataFromWindow(); #if EAP_TLS < EAP_TLS_SCHANNEL
/// \endcond virtual bool TransferDataFromWindow();
#endif
protected: /// \endcond
const eap::config_provider &m_prov; ///< EAP provider
eap::config_method_tls &m_cfg; ///< TLS configuration protected:
wxTLSServerTrustPanel *m_server_trust; ///< Server trust configuration panel const eap::config_provider &m_prov; ///< EAP provider
wxTLSCredentialsConfigPanel *m_credentials; ///< Credentials configuration panel eap::config_method_tls &m_cfg; ///< TLS configuration
}; wxTLSServerTrustPanel *m_server_trust; ///< Server trust configuration panel
wxTLSCredentialsConfigPanel *m_credentials; ///< Credentials configuration panel
};

383
lib/TLS_UI/res/wxTLS_UI.cpp
View File

@@ -1,182 +1,201 @@
/////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////
// C++ code generated with wxFormBuilder (version Jun 17 2015) // C++ code generated with wxFormBuilder (version Jun 17 2015)
// http://www.wxformbuilder.org/ // http://www.wxformbuilder.org/
// //
// PLEASE DO "NOT" EDIT THIS FILE! // PLEASE DO "NOT" EDIT THIS FILE!
/////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////
#include <StdAfx.h> #include <StdAfx.h>
#include "wxTLS_UI.h" #include "wxTLS_UI.h"
/////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////
wxEAPTLSServerTrustConfigPanelBase::wxEAPTLSServerTrustConfigPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style ) wxEAPTLSServerTrustConfigPanelBase::wxEAPTLSServerTrustConfigPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
{ {
wxStaticBoxSizer* sb_server_trust; wxStaticBoxSizer* sb_server_trust;
sb_server_trust = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Server Trust") ), wxVERTICAL ); sb_server_trust = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Server Trust") ), wxVERTICAL );
wxBoxSizer* sb_server_trust_horiz; wxBoxSizer* sb_server_trust_horiz;
sb_server_trust_horiz = new wxBoxSizer( wxHORIZONTAL ); sb_server_trust_horiz = new wxBoxSizer( wxHORIZONTAL );
m_server_trust_icon = new wxStaticBitmap( sb_server_trust->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 ); m_server_trust_icon = new wxStaticBitmap( sb_server_trust->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
sb_server_trust_horiz->Add( m_server_trust_icon, 0, wxALL, 5 ); sb_server_trust_horiz->Add( m_server_trust_icon, 0, wxALL, 5 );
wxBoxSizer* sb_server_trust_vert; wxBoxSizer* sb_server_trust_vert;
sb_server_trust_vert = new wxBoxSizer( wxVERTICAL ); sb_server_trust_vert = new wxBoxSizer( wxVERTICAL );
m_server_trust_label = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Describe the servers you trust to prevent credential interception in case of man-in-the-middle attacks."), wxDefaultPosition, wxDefaultSize, 0 ); m_server_trust_label = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Describe the servers you trust to prevent credential interception in case of man-in-the-middle attacks."), wxDefaultPosition, wxDefaultSize, 0 );
m_server_trust_label->Wrap( 446 ); m_server_trust_label->Wrap( 446 );
sb_server_trust_vert->Add( m_server_trust_label, 0, wxALL|wxEXPAND, 5 ); sb_server_trust_vert->Add( m_server_trust_label, 0, wxALL|wxEXPAND, 5 );
wxBoxSizer* sb_root_ca; wxBoxSizer* sb_root_ca;
sb_root_ca = new wxBoxSizer( wxVERTICAL ); sb_root_ca = new wxBoxSizer( wxVERTICAL );
m_root_ca_lbl = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Acceptable Certificate Authorities:"), wxDefaultPosition, wxDefaultSize, 0 ); m_root_ca_lbl = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Acceptable Certificate Authorities:"), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_lbl->Wrap( -1 ); m_root_ca_lbl->Wrap( -1 );
sb_root_ca->Add( m_root_ca_lbl, 0, wxEXPAND|wxBOTTOM, 5 ); sb_root_ca->Add( m_root_ca_lbl, 0, wxEXPAND|wxBOTTOM, 5 );
m_root_ca = new wxListBox( sb_server_trust->GetStaticBox(), wxID_ANY, wxDefaultPosition, wxDefaultSize, 0, NULL, wxLB_SORT ); m_root_ca = new wxListBox( sb_server_trust->GetStaticBox(), wxID_ANY, wxDefaultPosition, wxDefaultSize, 0, NULL, wxLB_SORT );
m_root_ca->SetToolTip( _("List of certificate authorities server's certificate must be issued by") ); m_root_ca->SetToolTip( _("List of certificate authorities server's certificate must be issued by") );
sb_root_ca->Add( m_root_ca, 1, wxEXPAND|wxBOTTOM, 5 ); sb_root_ca->Add( m_root_ca, 1, wxEXPAND|wxBOTTOM, 5 );
wxBoxSizer* sb_root_ca_btn; wxBoxSizer* sb_root_ca_btn;
sb_root_ca_btn = new wxBoxSizer( wxHORIZONTAL ); sb_root_ca_btn = new wxBoxSizer( wxHORIZONTAL );
m_root_ca_add_store = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("Add CA from Store..."), wxDefaultPosition, wxDefaultSize, 0 ); m_root_ca_add_store = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("Add CA from Store..."), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_add_store->SetToolTip( _("Adds a new certificate authority from the certificate store to the list") ); m_root_ca_add_store->SetToolTip( _("Adds a new certificate authority from the certificate store to the list") );
sb_root_ca_btn->Add( m_root_ca_add_store, 0, wxRIGHT, 5 ); sb_root_ca_btn->Add( m_root_ca_add_store, 0, wxRIGHT, 5 );
m_root_ca_add_file = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("Add CA from File..."), wxDefaultPosition, wxDefaultSize, 0 ); m_root_ca_add_file = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("Add CA from File..."), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_add_file->SetToolTip( _("Adds a new certificate authority from the file to the list") ); m_root_ca_add_file->SetToolTip( _("Adds a new certificate authority from the file to the list") );
sb_root_ca_btn->Add( m_root_ca_add_file, 0, wxRIGHT|wxLEFT, 5 ); sb_root_ca_btn->Add( m_root_ca_add_file, 0, wxRIGHT|wxLEFT, 5 );
m_root_ca_remove = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("&Remove CA"), wxDefaultPosition, wxDefaultSize, 0 ); m_root_ca_remove = new wxButton( sb_server_trust->GetStaticBox(), wxID_ANY, _("&Remove CA"), wxDefaultPosition, wxDefaultSize, 0 );
m_root_ca_remove->Enable( false ); m_root_ca_remove->Enable( false );
m_root_ca_remove->SetToolTip( _("Removes selected certificate authorities from the list") ); m_root_ca_remove->SetToolTip( _("Removes selected certificate authorities from the list") );
sb_root_ca_btn->Add( m_root_ca_remove, 0, wxLEFT, 5 ); sb_root_ca_btn->Add( m_root_ca_remove, 0, wxLEFT, 5 );
sb_root_ca->Add( sb_root_ca_btn, 0, wxALIGN_RIGHT, 5 ); sb_root_ca->Add( sb_root_ca_btn, 0, wxALIGN_RIGHT, 5 );
sb_server_trust_vert->Add( sb_root_ca, 1, wxEXPAND|wxALL, 5 ); sb_server_trust_vert->Add( sb_root_ca, 1, wxEXPAND|wxALL, 5 );
wxBoxSizer* sb_server_names; wxBoxSizer* sb_server_names;
sb_server_names = new wxBoxSizer( wxVERTICAL ); sb_server_names = new wxBoxSizer( wxVERTICAL );
m_server_names_label = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Acceptable server &names:"), wxDefaultPosition, wxDefaultSize, 0 ); m_server_names_label = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Acceptable server &names:"), wxDefaultPosition, wxDefaultSize, 0 );
m_server_names_label->Wrap( -1 ); m_server_names_label->Wrap( -1 );
sb_server_names->Add( m_server_names_label, 0, wxBOTTOM, 5 ); sb_server_names->Add( m_server_names_label, 0, wxBOTTOM, 5 );
m_server_names = new wxTextCtrl( sb_server_trust->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 ); m_server_names = new wxTextCtrl( sb_server_trust->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_server_names->SetToolTip( _("A semicolon delimited list of acceptable server FQDN names; blank to skip name check; Unicode characters allowed") ); m_server_names->SetToolTip( _("A semicolon delimited list of acceptable server FQDN names; blank to skip name check; Unicode characters allowed") );
sb_server_names->Add( m_server_names, 0, wxEXPAND|wxBOTTOM, 5 ); sb_server_names->Add( m_server_names, 0, wxEXPAND|wxBOTTOM, 5 );
m_server_names_note = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("(Example: foo.bar.com;server2.bar.com)"), wxDefaultPosition, wxDefaultSize, 0 ); m_server_names_note = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("(Example: foo.bar.com;server2.bar.com)"), wxDefaultPosition, wxDefaultSize, 0 );
m_server_names_note->Wrap( -1 ); m_server_names_note->Wrap( -1 );
sb_server_names->Add( m_server_names_note, 0, wxALIGN_RIGHT, 5 ); sb_server_names->Add( m_server_names_note, 0, wxALIGN_RIGHT, 5 );
sb_server_trust_vert->Add( sb_server_names, 0, wxEXPAND|wxALL, 5 ); sb_server_trust_vert->Add( sb_server_names, 0, wxEXPAND|wxALL, 5 );
sb_server_trust_horiz->Add( sb_server_trust_vert, 1, wxEXPAND, 5 ); sb_server_trust_horiz->Add( sb_server_trust_vert, 1, wxEXPAND, 5 );
sb_server_trust->Add( sb_server_trust_horiz, 1, wxEXPAND, 5 ); sb_server_trust->Add( sb_server_trust_horiz, 1, wxEXPAND, 5 );
this->SetSizer( sb_server_trust ); this->SetSizer( sb_server_trust );
this->Layout(); this->Layout();
// Connect Events // Connect Events
this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnUpdateUI ) ); this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnUpdateUI ) );
m_root_ca->Connect( wxEVT_COMMAND_LISTBOX_DOUBLECLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCADClick ), NULL, this ); m_root_ca->Connect( wxEVT_COMMAND_LISTBOX_DOUBLECLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCADClick ), NULL, this );
m_root_ca_add_store->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddStore ), NULL, this ); m_root_ca_add_store->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddStore ), NULL, this );
m_root_ca_add_file->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddFile ), NULL, this ); m_root_ca_add_file->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddFile ), NULL, this );
m_root_ca_remove->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCARemove ), NULL, this ); m_root_ca_remove->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCARemove ), NULL, this );
} }
wxEAPTLSServerTrustConfigPanelBase::~wxEAPTLSServerTrustConfigPanelBase() wxEAPTLSServerTrustConfigPanelBase::~wxEAPTLSServerTrustConfigPanelBase()
{ {
// Disconnect Events // Disconnect Events
this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnUpdateUI ) ); this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnUpdateUI ) );
m_root_ca->Disconnect( wxEVT_COMMAND_LISTBOX_DOUBLECLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCADClick ), NULL, this ); m_root_ca->Disconnect( wxEVT_COMMAND_LISTBOX_DOUBLECLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCADClick ), NULL, this );
m_root_ca_add_store->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddStore ), NULL, this ); m_root_ca_add_store->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddStore ), NULL, this );
m_root_ca_add_file->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddFile ), NULL, this ); m_root_ca_add_file->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCAAddFile ), NULL, this );
m_root_ca_remove->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCARemove ), NULL, this ); m_root_ca_remove->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPTLSServerTrustConfigPanelBase::OnRootCARemove ), NULL, this );
} }
wxTLSCredentialsPanelBase::wxTLSCredentialsPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style ) wxTLSCredentialsPanelBase::wxTLSCredentialsPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
{ {
wxStaticBoxSizer* sb_credentials; wxStaticBoxSizer* sb_credentials;
sb_credentials = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("TLS Client Certificate") ), wxVERTICAL ); sb_credentials = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("TLS Client Certificate") ), wxVERTICAL );
wxBoxSizer* sb_credentials_horiz; wxBoxSizer* sb_credentials_horiz;
sb_credentials_horiz = new wxBoxSizer( wxHORIZONTAL ); sb_credentials_horiz = new wxBoxSizer( wxHORIZONTAL );
m_credentials_icon = new wxStaticBitmap( sb_credentials->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 ); m_credentials_icon = new wxStaticBitmap( sb_credentials->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
sb_credentials_horiz->Add( m_credentials_icon, 0, wxALL, 5 ); sb_credentials_horiz->Add( m_credentials_icon, 0, wxALL, 5 );
wxBoxSizer* sb_credentials_vert; wxBoxSizer* sb_credentials_vert;
sb_credentials_vert = new wxBoxSizer( wxVERTICAL ); sb_credentials_vert = new wxBoxSizer( wxVERTICAL );
m_credentials_label = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("Please select your client certificate to use for authentication."), wxDefaultPosition, wxDefaultSize, 0 ); m_credentials_label = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("Please select your client certificate to use for authentication."), wxDefaultPosition, wxDefaultSize, 0 );
m_credentials_label->Wrap( 446 ); m_credentials_label->Wrap( 446 );
sb_credentials_vert->Add( m_credentials_label, 0, wxALL|wxEXPAND, 5 ); sb_credentials_vert->Add( m_credentials_label, 0, wxALL|wxEXPAND, 5 );
wxBoxSizer* sb_cert_radio; wxBoxSizer* sb_cert_radio;
sb_cert_radio = new wxBoxSizer( wxVERTICAL ); sb_cert_radio = new wxBoxSizer( wxVERTICAL );
m_cert_none = new wxRadioButton( sb_credentials->GetStaticBox(), wxID_ANY, _("Co&nnect without providing a client certificate"), wxDefaultPosition, wxDefaultSize, wxRB_GROUP ); m_cert_none = new wxRadioButton( sb_credentials->GetStaticBox(), wxID_ANY, _("Co&nnect without providing a client certificate"), wxDefaultPosition, wxDefaultSize, wxRB_GROUP );
m_cert_none->SetToolTip( _("Select if your server does not require you to provide a client certificate") ); m_cert_none->SetToolTip( _("Select if your server does not require you to provide a client certificate") );
sb_cert_radio->Add( m_cert_none, 1, wxEXPAND, 5 ); sb_cert_radio->Add( m_cert_none, 1, wxEXPAND, 5 );
wxBoxSizer* sb_cert_select; wxBoxSizer* sb_cert_select;
sb_cert_select = new wxBoxSizer( wxHORIZONTAL ); sb_cert_select = new wxBoxSizer( wxHORIZONTAL );
m_cert_select = new wxRadioButton( sb_credentials->GetStaticBox(), wxID_ANY, _("Use the following &certificate:"), wxDefaultPosition, wxDefaultSize, 0 ); m_cert_select = new wxRadioButton( sb_credentials->GetStaticBox(), wxID_ANY, _("Use the following &certificate:"), wxDefaultPosition, wxDefaultSize, 0 );
m_cert_select->SetToolTip( _("Select if you need to provide a client certificate when connecting") ); m_cert_select->SetToolTip( _("Select if you need to provide a client certificate when connecting") );
sb_cert_select->Add( m_cert_select, 0, wxEXPAND, 5 ); sb_cert_select->Add( m_cert_select, 0, wxEXPAND, 5 );
wxArrayString m_cert_select_valChoices; wxArrayString m_cert_select_valChoices;
m_cert_select_val = new wxChoice( sb_credentials->GetStaticBox(), wxID_ANY, wxDefaultPosition, wxDefaultSize, m_cert_select_valChoices, wxCB_SORT ); m_cert_select_val = new wxChoice( sb_credentials->GetStaticBox(), wxID_ANY, wxDefaultPosition, wxDefaultSize, m_cert_select_valChoices, wxCB_SORT );
m_cert_select_val->SetSelection( 0 ); m_cert_select_val->SetSelection( 0 );
m_cert_select_val->SetToolTip( _("Client certificate to use for authentication") ); m_cert_select_val->SetToolTip( _("Client certificate to use for authentication") );
sb_cert_select->Add( m_cert_select_val, 1, wxEXPAND, 5 ); sb_cert_select->Add( m_cert_select_val, 1, wxEXPAND, 5 );
sb_cert_radio->Add( sb_cert_select, 1, wxEXPAND, 5 ); sb_cert_radio->Add( sb_cert_select, 1, wxEXPAND, 5 );
sb_credentials_vert->Add( sb_cert_radio, 0, wxEXPAND|wxALL, 5 ); sb_credentials_vert->Add( sb_cert_radio, 0, wxEXPAND|wxALL, 5 );
m_remember = new wxCheckBox( sb_credentials->GetStaticBox(), wxID_ANY, _("&Remember"), wxDefaultPosition, wxDefaultSize, 0 ); wxBoxSizer* sb_identity;
m_remember->SetHelpText( _("Check if you would like to save certificate selection") ); sb_identity = new wxBoxSizer( wxVERTICAL );
sb_credentials_vert->Add( m_remember, 0, wxALL|wxEXPAND, 5 ); m_identity_label = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("Custom &identity:"), wxDefaultPosition, wxDefaultSize, 0 );
m_identity_label->Wrap( -1 );
sb_identity->Add( m_identity_label, 0, wxBOTTOM, 5 );
sb_credentials_horiz->Add( sb_credentials_vert, 1, wxEXPAND, 5 );
m_identity = new wxTextCtrl( sb_credentials->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
m_identity->SetToolTip( _("Your identity (username@domain) to override one from certificate; or blank to use one provided in certificate") );
sb_credentials->Add( sb_credentials_horiz, 0, wxEXPAND, 5 );
sb_identity->Add( m_identity, 0, wxEXPAND|wxBOTTOM, 5 );
this->SetSizer( sb_credentials ); m_identity_note = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("(Example: user@contoso.com)"), wxDefaultPosition, wxDefaultSize, 0 );
this->Layout(); m_identity_note->Wrap( -1 );
} sb_identity->Add( m_identity_note, 0, wxALIGN_RIGHT, 5 );
wxTLSCredentialsPanelBase::~wxTLSCredentialsPanelBase()
{ sb_credentials_vert->Add( sb_identity, 1, wxEXPAND|wxALL, 5 );
}
m_remember = new wxCheckBox( sb_credentials->GetStaticBox(), wxID_ANY, _("&Remember"), wxDefaultPosition, wxDefaultSize, 0 );
m_remember->SetHelpText( _("Check if you would like to save certificate selection") );
sb_credentials_vert->Add( m_remember, 0, wxALL|wxEXPAND, 5 );
sb_credentials_horiz->Add( sb_credentials_vert, 1, wxEXPAND, 5 );
sb_credentials->Add( sb_credentials_horiz, 0, wxEXPAND, 5 );
this->SetSizer( sb_credentials );
this->Layout();
}
wxTLSCredentialsPanelBase::~wxTLSCredentialsPanelBase()
{
}

3518
lib/TLS_UI/res/wxTLS_UI.fbp
View File

File diff suppressed because it is too large Load Diff

3
lib/TLS_UI/res/wxTLS_UI.h
View File

@@ -80,6 +80,9 @@ class wxTLSCredentialsPanelBase : public wxPanel
wxRadioButton* m_cert_none; wxRadioButton* m_cert_none;
wxRadioButton* m_cert_select; wxRadioButton* m_cert_select;
wxChoice* m_cert_select_val; wxChoice* m_cert_select_val;
wxStaticText* m_identity_label;
wxTextCtrl* m_identity;
wxStaticText* m_identity_note;
wxCheckBox* m_remember; wxCheckBox* m_remember;
public: public:

1254
lib/TLS_UI/src/TLS_UI.cpp
View File

File diff suppressed because it is too large Load Diff

22
lib/TTLS/include/Method.h
View File

@@ -57,11 +57,11 @@ namespace eap
/// ///
/// Constructs an EAP method /// Constructs an EAP method
/// ///
/// \param[in] mod EAP module to use for global services /// \param[in] mod EAP module to use for global services
/// \param[in] cfg Providers configuration /// \param[in] cfg Connection configuration
/// \param[in] cred User credentials /// \param[in] cred User credentials
/// ///
method_ttls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_ttls &cred); method_ttls(_In_ module &module, _In_ config_connection &cfg, _In_ credentials_ttls &cred);
/// ///
/// Moves an EAP method /// Moves an EAP method
@@ -112,6 +112,9 @@ namespace eap
/// @} /// @}
protected:
#if EAP_TLS < EAP_TLS_SCHANNEL
/// ///
/// Generates master session key /// Generates master session key
/// ///
@@ -119,7 +122,18 @@ namespace eap
/// ///
virtual void derive_msk(); virtual void derive_msk();
protected: #else
///
/// Processes an application message
///
/// \param[in] msg Application message data
/// \param[in] size_msg Application message data size
///
virtual void process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg);
#endif
/// ///
/// Makes a PAP client message /// Makes a PAP client message
/// ///

2
lib/TTLS/include/Module.h
View File

@@ -221,7 +221,7 @@ namespace eap
{} {}
public: public:
config_provider_list m_cfg; ///< Providers configuration config_connection m_cfg; ///< Connection configuration
credentials_ttls m_cred; ///< User credentials credentials_ttls m_cred; ///< User credentials
method_ttls m_method; ///< EAP-TTLS method method_ttls m_method; ///< EAP-TTLS method
}; };

4
lib/TTLS/src/Credentials.cpp
View File

@@ -189,6 +189,8 @@ void eap::credentials_ttls::operator>>(_Inout_ cursor_in &cursor)
void eap::credentials_ttls::store(_In_z_ LPCTSTR pszTargetName) const void eap::credentials_ttls::store(_In_z_ LPCTSTR pszTargetName) const
{ {
assert(0); // Not that we would ever store inner&outer credentials to Windows Credential Manager joined, but for completness sake... Here we go:
credentials_tls::store(pszTargetName); credentials_tls::store(pszTargetName);
if (m_inner) if (m_inner)
@@ -198,6 +200,8 @@ void eap::credentials_ttls::store(_In_z_ LPCTSTR pszTargetName) const
void eap::credentials_ttls::retrieve(_In_z_ LPCTSTR pszTargetName) void eap::credentials_ttls::retrieve(_In_z_ LPCTSTR pszTargetName)
{ {
assert(0); // Not that we would ever retrieve inner&outer credentials to Windows Credential Manager joined, but for completness sake... Here we go:
credentials_tls::retrieve(pszTargetName); credentials_tls::retrieve(pszTargetName);
if (m_inner) if (m_inner)

69
lib/TTLS/src/Method.cpp
View File

@@ -28,7 +28,7 @@ using namespace winstd;
// eap::method_ttls // eap::method_ttls
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
eap::method_ttls::method_ttls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_ttls &cred) : eap::method_ttls::method_ttls(_In_ module &module, _In_ config_connection &cfg, _In_ credentials_ttls &cred) :
m_cred(cred), m_cred(cred),
m_version(version_0), m_version(version_0),
method_tls(module, cfg, cred) method_tls(module, cfg, cred)
@@ -72,6 +72,7 @@ void eap::method_ttls::process_request_packet(
// Do the TLS. // Do the TLS.
method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput); method_tls::process_request_packet(pReceivedPacket, dwReceivedPacketSize, pEapOutput);
#if EAP_TLS < EAP_TLS_SCHANNEL
if (m_phase == phase_application_data) { if (m_phase == phase_application_data) {
// Send inner authentication. // Send inner authentication.
if (!m_state_client.m_alg_encrypt) if (!m_state_client.m_alg_encrypt)
@@ -84,10 +85,8 @@ void eap::method_ttls::process_request_packet(
m_packet_res.m_flags = 0; m_packet_res.m_flags = 0;
sanitizing_blob msg_application(make_message(tls_message_type_application_data, make_pap_client())); sanitizing_blob msg_application(make_message(tls_message_type_application_data, make_pap_client()));
m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_application.begin(), msg_application.end()); m_packet_res.m_data.insert(m_packet_res.m_data.end(), msg_application.begin(), msg_application.end());
pEapOutput->fAllowNotifications = FALSE;
pEapOutput->action = EapPeerMethodResponseActionSend;
} }
#endif
} }
@@ -133,6 +132,15 @@ void eap::method_ttls::get_result(
throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported."); throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported.");
} }
#if EAP_TLS >= EAP_TLS_SCHANNEL
// EAP-TTLS uses different label in PRF for MSK derivation than EAP-TLS.
static const DWORD s_key_id = 0x01; // EAP-TTLSv0 Keying Material
static const SecPkgContext_EapPrfInfo s_prf_info = { 0, sizeof(s_key_id), (PBYTE)&s_key_id };
SECURITY_STATUS status = SetContextAttributes(m_sc_ctx, SECPKG_ATTR_EAP_PRF_INFO, (void*)&s_prf_info, sizeof(s_prf_info));
if (FAILED(status))
throw sec_runtime_error(status, __FUNCTION__ "Error setting EAP-TTLS PRF in Schannel.");
#endif
// The TLS was OK. // The TLS was OK.
method_tls::get_result(EapPeerMethodResultSuccess, ppResult); method_tls::get_result(EapPeerMethodResultSuccess, ppResult);
@@ -146,6 +154,8 @@ void eap::method_ttls::get_result(
} }
#if EAP_TLS < EAP_TLS_SCHANNEL
void eap::method_ttls::derive_msk() void eap::method_ttls::derive_msk()
{ {
// //
@@ -179,6 +189,57 @@ void eap::method_ttls::derive_msk()
_key_block += sizeof(tls_random); _key_block += sizeof(tls_random);
} }
#else
void eap::method_ttls::process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg)
{
UNREFERENCED_PARAMETER(msg);
UNREFERENCED_PARAMETER(size_msg);
// Prepare inner authentication.
if (!(m_sc_ctx.m_attrib & ISC_RET_CONFIDENTIALITY))
throw runtime_error(__FUNCTION__ " Refusing to send credentials unencrypted.");
m_module.log_event(&EAPMETHOD_TTLS_INNER_CRED, event_data((unsigned int)eap_type_ttls), event_data(m_cred.m_inner->get_name()), event_data::blank);
SECURITY_STATUS status;
// Get maximum message sizes.
SecPkgContext_StreamSizes sizes;
status = QueryContextAttributes(m_sc_ctx, SECPKG_ATTR_STREAM_SIZES, &sizes);
if (FAILED(status))
throw sec_runtime_error(status, __FUNCTION__ " Error getting Schannel required encryption sizes.");
// Make PAP message.
sanitizing_blob msg_pap(make_pap_client());
assert(msg_pap.size() < sizes.cbMaximumMessage);
unsigned long size_data = std::min<unsigned long>(sizes.cbMaximumMessage, (unsigned long)msg_pap.size()); // Truncate
sanitizing_blob data(sizes.cbHeader + size_data + sizes.cbTrailer, 0);
memcpy(data.data() + sizes.cbHeader, msg_pap.data(), size_data);
// Prepare input/output buffer(s).
SecBuffer buf[] = {
{ sizes.cbHeader, SECBUFFER_STREAM_HEADER , data.data() },
{ size_data, SECBUFFER_DATA , data.data() + sizes.cbHeader },
{ sizes.cbTrailer, SECBUFFER_STREAM_TRAILER, data.data() + sizes.cbHeader + size_data },
{ 0, SECBUFFER_EMPTY , NULL },
};
SecBufferDesc buf_desc = {
SECBUFFER_VERSION,
_countof(buf),
buf
};
// Encrypt the message.
status = EncryptMessage(m_sc_ctx, 0, &buf_desc, 0);
if (FAILED(status))
throw sec_runtime_error(status, __FUNCTION__ " Error encrypting message.");
m_packet_res.m_data.insert(m_packet_res.m_data.end(), (const unsigned char*)buf[0].pvBuffer, (const unsigned char*)buf[0].pvBuffer + buf[0].cbBuffer + buf[1].cbBuffer + buf[2].cbBuffer);
}
#endif
eap::sanitizing_blob eap::method_ttls::make_pap_client() const eap::sanitizing_blob eap::method_ttls::make_pap_client() const
{ {

2
lib/TTLS/src/Module.cpp
View File

@@ -74,7 +74,7 @@ void eap::peer_ttls::get_identity(
assert(ppwszIdentity); assert(ppwszIdentity);
// Unpack configuration. // Unpack configuration.
config_provider_list cfg(*this); config_connection cfg(*this);
unpack(cfg, pConnectionData, dwConnectionDataSize); unpack(cfg, pConnectionData, dwConnectionDataSize);
if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty()) if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty())
throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods."); throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods.");

1
lib/TTLS/src/StdAfx.h
View File

@@ -30,3 +30,4 @@
#include <WinStd/EAP.h> #include <WinStd/EAP.h>
#include <EapHostError.h> #include <EapHostError.h>
#include <schannel.h>

2
lib/TTLS_UI/res/wxTTLS_UI.cpp
View File

@@ -32,7 +32,7 @@ wxTTLSConfigPanelBase::wxTTLSConfigPanelBase( wxWindow* parent, wxWindowID id, c
wxBoxSizer* sb_outer_identity_radio; wxBoxSizer* sb_outer_identity_radio;
sb_outer_identity_radio = new wxBoxSizer( wxVERTICAL ); sb_outer_identity_radio = new wxBoxSizer( wxVERTICAL );
m_outer_identity_same = new wxRadioButton( sb_outer_identity->GetStaticBox(), wxID_ANY, _("&Same as inner identity"), wxDefaultPosition, wxDefaultSize, wxRB_GROUP ); m_outer_identity_same = new wxRadioButton( sb_outer_identity->GetStaticBox(), wxID_ANY, _("&True identity"), wxDefaultPosition, wxDefaultSize, wxRB_GROUP );
m_outer_identity_same->SetToolTip( _("Use my true user name") ); m_outer_identity_same->SetToolTip( _("Use my true user name") );
sb_outer_identity_radio->Add( m_outer_identity_same, 1, wxEXPAND, 5 ); sb_outer_identity_radio->Add( m_outer_identity_same, 1, wxEXPAND, 5 );

2
lib/TTLS_UI/res/wxTTLS_UI.fbp
View File

@@ -309,7 +309,7 @@
<property name="gripper">0</property> <property name="gripper">0</property>
<property name="hidden">0</property> <property name="hidden">0</property>
<property name="id">wxID_ANY</property> <property name="id">wxID_ANY</property>
<property name="label">&amp;Same as inner identity</property> <property name="label">&amp;True identity</property>
<property name="max_size"></property> <property name="max_size"></property>
<property name="maximize_button">0</property> <property name="maximize_button">0</property>
<property name="maximum_size"></property> <property name="maximum_size"></property>

13
lib/TTLS_UI/src/Module.cpp
View File

@@ -48,7 +48,7 @@ void eap::peer_ttls_ui::config_xml2blob(
UNREFERENCED_PARAMETER(dwFlags); UNREFERENCED_PARAMETER(dwFlags);
// Load configuration from XML. // Load configuration from XML.
config_provider_list cfg(*this); config_connection cfg(*this);
cfg.load(pConfigRoot); cfg.load(pConfigRoot);
// Pack configuration. // Pack configuration.
@@ -66,7 +66,7 @@ void eap::peer_ttls_ui::config_blob2xml(
UNREFERENCED_PARAMETER(dwFlags); UNREFERENCED_PARAMETER(dwFlags);
// Unpack configuration. // Unpack configuration.
config_provider_list cfg(*this); config_connection cfg(*this);
unpack(cfg, pConnectionData, dwConnectionDataSize); unpack(cfg, pConnectionData, dwConnectionDataSize);
// Save configuration to XML. // Save configuration to XML.
@@ -82,12 +82,13 @@ void eap::peer_ttls_ui::invoke_config_ui(
_Inout_ DWORD *pdwConnectionDataOutSize) _Inout_ DWORD *pdwConnectionDataOutSize)
{ {
// Unpack configuration. // Unpack configuration.
config_provider_list cfg(*this); config_connection cfg(*this);
if (dwConnectionDataInSize) { if (dwConnectionDataInSize) {
// Load existing configuration. // Load existing configuration.
unpack(cfg, pConnectionDataIn, dwConnectionDataInSize); unpack(cfg, pConnectionDataIn, dwConnectionDataInSize);
} else { } else {
// This is a blank network profile. Create default configuraton. // This is a blank network profile. Create default configuraton.
CoCreateGuid(&(cfg.m_connection_id));
// Start with PAP inner configuration. // Start with PAP inner configuration.
unique_ptr<config_method_ttls> cfg_method(new config_method_ttls(*this)); unique_ptr<config_method_ttls> cfg_method(new config_method_ttls(*this));
@@ -112,7 +113,7 @@ void eap::peer_ttls_ui::invoke_config_ui(
{ {
// Create wxWidget-approved parent window. // Create wxWidget-approved parent window.
wxWindow parent; wxWindow parent;
parent.SetHWND((WXHWND)hwndParent); parent.SetHWND((WXHWND)(hwndParent ? hwndParent : GetForegroundWindow()));
parent.AdoptAttributesFromHWND(); parent.AdoptAttributesFromHWND();
wxTopLevelWindows.Append(&parent); wxTopLevelWindows.Append(&parent);
@@ -148,7 +149,7 @@ void eap::peer_ttls_ui::invoke_identity_ui(
assert(ppwszIdentity); assert(ppwszIdentity);
// Unpack configuration. // Unpack configuration.
config_provider_list cfg(*this); config_connection cfg(*this);
unpack(cfg, pConnectionData, dwConnectionDataSize); unpack(cfg, pConnectionData, dwConnectionDataSize);
if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty()) if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty())
throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods."); throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods.");
@@ -204,7 +205,7 @@ void eap::peer_ttls_ui::invoke_identity_ui(
{ {
// Create wxWidget-approved parent window. // Create wxWidget-approved parent window.
wxWindow parent; wxWindow parent;
parent.SetHWND((WXHWND)hwndParent); parent.SetHWND((WXHWND)(hwndParent ? hwndParent : GetForegroundWindow()));
parent.AdoptAttributesFromHWND(); parent.AdoptAttributesFromHWND();
wxTopLevelWindows.Append(&parent); wxTopLevelWindows.Append(&parent);

2
lib/WinStd

Submodule lib/WinStd updated: f94b72379e...54ab70b263

2
output/Setup/.gitignore vendored
View File

@@ -1 +1,3 @@
/GEANTLink*.msi /GEANTLink*.msi
/CredWrite.exe
/MsiUseFeature.exe