/* Copyright 2015-2016 Amebis Copyright 2016 GÉANT This file is part of GÉANTLink. GÉANTLink is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. GÉANTLink is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GÉANTLink. If not, see . */ namespace eap { /// /// EAP-TLS method /// class method_tls; } #pragma once #include "Config.h" #include "Credentials.h" #include "TLS.h" #include "../../EAPBase/include/Method.h" #include #include #include #include namespace eap { class method_tls : public method { public: #pragma pack(push) #pragma pack(1) /// /// TLS message /// struct message_header { tls_message_type_t type; ///< Message type (one of `message_type_t` constants) tls_version version; ///< SSL/TLS version unsigned char length[2]; ///< Message length (in network byte order) }; #pragma pack(pop) public: /// /// Constructs an EAP method /// /// \param[in] mod EAP module to use for global services /// \param[in] cfg Method configuration /// \param[in] cred User credentials /// method_tls(_In_ module &module, _In_ config_method_tls &cfg, _In_ credentials_tls &cred); /// /// Moves an EAP method /// /// \param[in] other EAP method to move from /// method_tls(_Inout_ method_tls &&other); /// /// Moves an EAP method /// /// \param[in] other EAP method to move from /// /// \returns Reference to this object /// method_tls& operator=(_Inout_ method_tls &&other); /// \name Packet processing /// @{ /// /// Starts an EAP authentication session on the peer EapHost using the EAP method. /// /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx) /// virtual void begin_session( _In_ DWORD dwFlags, _In_ const EapAttributes *pAttributeArray, _In_ HANDLE hTokenImpersonateUser, _In_opt_ DWORD dwMaxSendPacketSize = MAXDWORD); /// /// Processes a packet received by EapHost from a supplicant. /// /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx) /// virtual void process_request_packet( _In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket, _In_ DWORD dwReceivedPacketSize, _Inout_ EapPeerMethodOutput *pEapOutput); /// /// Obtains a response packet from the EAP method. /// /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx) /// virtual void get_response_packet( _Inout_bytecap_(*dwSendPacketSize) void *pSendPacket, _Inout_ DWORD *pdwSendPacketSize); /// /// Obtains the result of an authentication session from the EAP method. /// /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx) /// virtual void get_result( _In_ EapPeerMethodResultReason reason, _Inout_ EapPeerMethodResult *ppResult); /// @} protected: #if EAP_TLS < EAP_TLS_SCHANNEL /// \name Client handshake message generation /// @{ /// /// Makes a TLS client hello message /// /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.1.2. Client Hello)](https://tools.ietf.org/html/rfc5246#section-7.4.1.2) /// /// \returns Client hello message /// sanitizing_blob make_client_hello(); /// /// Makes a TLS client certificate message /// /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.6. Client Certificate)](https://tools.ietf.org/html/rfc5246#section-7.4.6) /// /// \returns Client certificate message /// sanitizing_blob make_client_cert() const; /// /// Makes a TLS client key exchange message /// /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.7. Client Key Exchange Message )](https://tools.ietf.org/html/rfc5246#section-7.4.7) /// /// \param[in] pms Pre-master secret /// /// \returns Client key exchange message /// sanitizing_blob make_client_key_exchange(_In_ const tls_master_secret &pms) const; /// /// Makes a TLS finished message /// /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1) /// /// \returns Change cipher spec /// eap::sanitizing_blob make_finished() const; /// @} /// \name Client/Server handshake hashing /// @{ /// /// Hashes handshake message for "finished" message validation. /// /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.9. Finished)](https://tools.ietf.org/html/rfc5246#section-7.4.9) /// /// \param[in] data Data to hash /// \param[in] size \p data size in bytes /// inline void hash_handshake(_In_count_(size) const void *data, _In_ size_t size) { CryptHashData(m_hash_handshake_msgs_md5 , (const BYTE*)data, (DWORD)size, 0); CryptHashData(m_hash_handshake_msgs_sha1 , (const BYTE*)data, (DWORD)size, 0); CryptHashData(m_hash_handshake_msgs_sha256, (const BYTE*)data, (DWORD)size, 0); } /// /// Hashes handshake message for "finished" message validation. /// /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.9. Finished)](https://tools.ietf.org/html/rfc5246#section-7.4.9) /// /// \param[in] data Data to hash /// \param[in] size \p data size in bytes /// template inline void hash_handshake(_In_ const std::vector<_Ty, _Ax> &data) { hash_handshake(data.data(), data.size() * sizeof(_Ty)); } /// @} /// /// Makes a TLS message /// /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1) /// /// \param[in] type Message type /// \param[inout] data Message data contents /// /// \returns TLS message message /// eap::sanitizing_blob make_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &&data); /// @} #endif /// \name Key derivation /// @{ /// /// Generates master session key /// /// \sa [The EAP-TLS Authentication Protocol (Chapter 2.3. Key Hierarchy)](https://tools.ietf.org/html/rfc5216#section-2.3) /// virtual void derive_msk(); /// /// Generates keying material for inner authentication /// virtual void derive_challenge(); /// @} #if EAP_TLS < EAP_TLS_SCHANNEL /// \name Server message processing /// @{ /// /// Processes messages in a TLS packet /// /// \param[in] pck Packet data /// \param[in] size_pck \p pck size in bytes /// void process_packet(_In_bytecount_(size_pck) const void *pck, _In_ size_t size_pck); /// /// Processes a TLS change_cipher_spec message /// /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.1. Change Cipher Spec Protocol)](https://tools.ietf.org/html/rfc5246#section-7.1) /// /// \param[in] msg TLS change_cipher_spec message data /// \param[in] size_msg TLS change_cipher_spec message data size /// virtual void process_change_cipher_spec(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg); /// /// Processes a TLS alert message /// /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.2. Alert Protocol)](https://tools.ietf.org/html/rfc5246#section-7.2) /// /// \param[in] msg TLS alert message data /// \param[in] size_msg TLS alert message data size /// virtual void process_alert(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg); /// /// Processes a TLS handshake message /// /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4. Handshake Protocol)](https://tools.ietf.org/html/rfc5246#section-7.4) /// /// \param[in] msg TLS handshake message data /// \param[in] size_msg TLS handshake message data size /// virtual void process_handshake(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg); #else /// /// Process handshake /// void process_handshake(); #endif /// /// Process application data /// void process_application_data(); /// /// Processes a TLS application_data message /// /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 10. Application Data Protocol)](https://tools.ietf.org/html/rfc5246#section-10) /// /// \param[in] msg TLS application_data message data /// \param[in] size_msg TLS application_data message data size /// virtual void process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg); /// @} #if EAP_TLS < EAP_TLS_SCHANNEL_FULL /// /// Verifies server's certificate if trusted by configuration /// void verify_server_trust() const; #endif #if EAP_TLS < EAP_TLS_SCHANNEL /// \name Encryption /// @{ /// /// Encrypt TLS message /// /// \param[in] type Message type /// \param[inout] data TLS message to encrypt /// void encrypt_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &data); /// /// Decrypt TLS message /// /// \param[in] type Original message type for HMAC verification /// \param[inout] data TLS message to decrypt /// void decrypt_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &data); /// /// Returns maximum netto size of a message for a given TLS message size /// /// \param[in] size_message Size of the final TLS message /// /// \returns Netto size of message data /// size_t get_max_message(_In_ size_t size_message) const; /// @} /// \name Pseudo-random generation /// @{ /// /// Calculates pseudo-random P_hash data defined in RFC 5246 /// /// \sa [The Transport Layer Security (TLS) Protocol Version 1.1 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc4346#section-5) /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc5246#section-5) /// /// \param[in] cp Handle of the cryptographics provider /// \param[in] alg Hashing Algorithm to use (CALG_TLS1PRF = combination of MD5 and SHA-1, CALG_SHA_256...) /// \param[in] secret Hashing secret key /// \param[in] seed Random seed /// \param[in] size_seed \p seed size /// \param[in] size Number of bytes of pseudo-random data required /// /// \returns Generated pseudo-random data (\p size bytes) /// static sanitizing_blob prf( _In_ HCRYPTPROV cp, _In_ ALG_ID alg, _In_ const tls_master_secret &secret, _In_bytecount_(size_seed) const void *seed, _In_ size_t size_seed, _In_ size_t size); /// /// Calculates pseudo-random P_hash data defined in RFC 5246 /// /// \sa [The Transport Layer Security (TLS) Protocol Version 1.1 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc4346#section-5) /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc5246#section-5) /// /// \param[in] cp Handle of the cryptographics provider /// \param[in] alg Hashing Algorithm to use (CALG_TLS1PRF = combination of MD5 and SHA-1, CALG_SHA_256...) /// \param[in] secret Hashing secret key /// \param[in] seed Random seed /// \param[in] size Number of bytes of pseudo-random data required /// /// \returns Generated pseudo-random data (\p size bytes) /// template inline static sanitizing_blob prf( _In_ HCRYPTPROV cp, _In_ ALG_ID alg, _In_ const tls_master_secret &secret, _In_ const std::vector<_Ty, _Ax> &seed, _In_ size_t size) { return prf(cp, alg, secret, seed.data(), seed.size() * sizeof(_Ty), size); } /// @} /// /// Creates a key /// /// \sa [How to export and import plain text session keys by using CryptoAPI](https://support.microsoft.com/en-us/kb/228786) /// /// \param[in] cp Handle of the cryptographics provider /// \param[in] alg Key algorithm /// \param[in] key Key that decrypts \p secret /// \param[in] secret Key data /// \param[in] size_secret \p secret size /// /// \returns Key /// HCRYPTKEY create_key( _In_ HCRYPTPROV cp, _In_ ALG_ID alg, _In_ HCRYPTKEY key, _In_bytecount_(size_secret) const void *secret, _In_ size_t size_secret); #endif protected: config_method_tls &m_cfg; ///< EAP-TLS method configuration credentials_tls &m_cred; ///< EAP-TLS user credentials HANDLE m_user_ctx; ///< Handle to user context packet_tls m_packet_req; ///< Request packet packet_tls m_packet_res; ///< Response packet tls_random m_key_mppe_client; ///< MS-MPPE-Recv-Key tls_random m_key_mppe_server; ///< MS-MPPE-Send-Key #if EAP_TLS < EAP_TLS_SCHANNEL winstd::crypt_prov m_cp; ///< Cryptography provider for general services winstd::crypt_prov m_cp_enc_client; ///< Cryptography provider for encryption winstd::crypt_prov m_cp_enc_server; ///< Cryptography provider for encryption winstd::crypt_key m_key_exp1; ///< Key for importing derived keys tls_version m_tls_version; ///< TLS version in use ALG_ID m_alg_prf; ///< Pseudo-random function algorithm in use tls_conn_state m_state_client; ///< Client TLS connection state tls_conn_state m_state_client_pending; ///< Client TLS connection state (pending) tls_conn_state m_state_server; ///< Server TLS connection state tls_conn_state m_state_server_pending; ///< Server TLS connection state (pending) tls_master_secret m_master_secret; ///< TLS master secret tls_random m_random_client; ///< Client random tls_random m_random_server; ///< Server random sanitizing_blob m_session_id; ///< TLS session ID bool m_session_resumed; ///< Did TLS session resume? std::list m_server_cert_chain; ///< Server certificate chain winstd::crypt_hash m_hash_handshake_msgs_md5; ///< Running MD5 hash of handshake messages winstd::crypt_hash m_hash_handshake_msgs_sha1; ///< Running SHA-1 hash of handshake messages winstd::crypt_hash m_hash_handshake_msgs_sha256; ///< Running SHA-256 hash of handshake messages bool m_handshake[tls_handshake_type_max]; ///< Handshake flags (map od handshake messages received) enum { phase_unknown = -1, ///< Unknown phase phase_client_hello = 0, ///< Send client hello phase_server_hello, ///< Wait for server hello phase_change_cipher_spec, ///< Wait for change cipher spec phase_application_data ///< Exchange application data } m_phase; ///< What phase is our communication at? unsigned __int64 m_seq_num_client; ///< Sequence number for encrypting unsigned __int64 m_seq_num_server; ///< Sequence number for decrypting #else winstd::tstring m_sc_target_name; ///< Schannel target name winstd::sec_credentials m_sc_cred; ///< Schannel client credentials std::vector m_sc_queue; ///< TLS data queue winstd::sec_context m_sc_ctx; ///< Schannel context enum { phase_unknown = -1, ///< Unknown phase phase_handshake_init = 0, ///< Handshake initialize phase_handshake_cont, ///< Handshake continue phase_application_data, ///< Exchange application data phase_shutdown, ///< Connection shut down } m_phase, m_phase_prev; ///< What phase is our communication at? #endif }; }