/* Copyright 2015-2016 Amebis Copyright 2016 GÉANT This file is part of GÉANTLink. GÉANTLink is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. GÉANTLink is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GÉANTLink. If not, see . */ namespace eap { /// /// EAP-TLS method /// class method_tls; } #pragma once #include "Config.h" #include "Credentials.h" #include "TLS.h" #include "../../EAPBase/include/Method.h" #include #include #include #include namespace eap { class method_tls : public method { public: #pragma warning(push) #pragma warning(disable: 4480) /// /// EAP-TLS request packet flags /// /// \sa [The EAP-TLS Authentication Protocol (Chapter: 3.1 EAP-TLS Request Packet)](https://tools.ietf.org/html/rfc5216#section-3.1) /// enum flags_req_t : unsigned char { flags_req_length_incl = 0x80, ///< Length included flags_req_more_frag = 0x40, ///< More fragments flags_req_start = 0x20, ///< Start }; /// /// EAP-TLS response packet flags /// /// \sa [The EAP-TLS Authentication Protocol (Chapter: 3.2 EAP-TLS Response Packet)](https://tools.ietf.org/html/rfc5216#section-3.2) /// enum flags_res_t : unsigned char { flags_res_length_incl = 0x80, ///< Length included flags_res_more_frag = 0x40, ///< More fragments }; #pragma warning(pop) /// /// EAP-TLS packet (data) /// class packet { public: /// /// Constructs an empty packet /// packet(); /// /// Copies a packet /// /// \param[in] other Packet to copy from /// packet(_In_ const packet &other); /// /// Moves a packet /// /// \param[in] other Packet to move from /// packet(_Inout_ packet &&other); /// /// Copies a packet /// /// \param[in] other Packet to copy from /// /// \returns Reference to this object /// packet& operator=(_In_ const packet &other); /// /// Moves a packet /// /// \param[in] other Packet to move from /// /// \returns Reference to this object /// packet& operator=(_Inout_ packet &&other); /// /// Empty the packet /// void clear(); public: EapCode m_code; ///< Packet code unsigned char m_id; ///< Packet ID unsigned char m_flags; ///< Packet flags std::vector m_data; ///< Packet data }; public: /// /// Constructs an EAP method /// /// \param[in] mod EAP module to use for global services /// \param[in] cfg Providers configuration /// \param[in] cred User credentials /// method_tls(_In_ module &module, _In_ config_provider_list &cfg, _In_ credentials_tls &cred); /// /// Moves an EAP method /// /// \param[in] other EAP method to move from /// method_tls(_Inout_ method_tls &&other); /// /// Destructor /// virtual ~method_tls(); /// /// Moves an EAP method /// /// \param[in] other EAP method to move from /// /// \returns Reference to this object /// method_tls& operator=(_Inout_ method_tls &&other); /// \name Packet processing /// @{ /// /// Starts an EAP authentication session on the peer EAPHost using the EAP method. /// /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx) /// virtual void begin_session( _In_ DWORD dwFlags, _In_ const EapAttributes *pAttributeArray, _In_ HANDLE hTokenImpersonateUser, _In_ DWORD dwMaxSendPacketSize); /// /// Processes a packet received by EAPHost from a supplicant. /// /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx) /// virtual void process_request_packet( _In_bytecount_(dwReceivedPacketSize) const EapPacket *pReceivedPacket, _In_ DWORD dwReceivedPacketSize, _Inout_ EapPeerMethodOutput *pEapOutput); /// /// Obtains a response packet from the EAP method. /// /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx) /// virtual void get_response_packet( _Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket, _Inout_ DWORD *pdwSendPacketSize); /// /// Obtains the result of an authentication session from the EAP method. /// /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx) /// virtual void get_result( _In_ EapPeerMethodResultReason reason, _Inout_ EapPeerMethodResult *ppResult); /// @} protected: /// /// Process handshake /// void process_handshake(); /// /// Process application data /// void process_application_data(); /// /// Processes an application message /// /// \param[in] msg Application message data /// \param[in] size_msg Application message data size /// virtual void process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg); #ifndef SCHANNEL_SRV_CERT_CHECK /// /// Verifies server's certificate if trusted by configuration /// void verify_server_trust() const; #endif protected: credentials_tls &m_cred; ///< EAP-TLS user credentials packet m_packet_req; ///< Request packet packet m_packet_res; ///< Response packet HANDLE m_user_ctx; ///< Handle to user context winstd::tstring m_sc_target_name; ///< Schannel target name winstd::sec_credentials m_sc_cred; ///< Schannel client credentials std::vector m_sc_queue; ///< TLS data queue winstd::sec_context m_sc_ctx; ///< Schannel context enum { phase_unknown = -1, ///< Unknown phase phase_handshake_init = 0, ///< Handshake initialize phase_handshake_cont, ///< Handshake continue phase_application_data, ///< Exchange application data phase_shutdown, ///< Connection shut down } m_phase; ///< What phase is our communication at? // The following members are required to avoid memory leakage in get_result() EAP_ATTRIBUTES m_eap_attr_desc; ///< EAP Radius attributes descriptor std::vector m_eap_attr; ///< EAP Radius attributes BYTE *m_blob_cfg; ///< Configuration BLOB #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE BYTE *m_blob_cred; ///< Credentials BLOB #endif }; }