1
/* -*- c-basic-offset: 8 -*-
2
FreeRDP: A Remote Desktop Protocol client.
3
Protocol services - RDP encryption and licensing
4
Copyright (C) Matthew Chapman 1999-2008
6
This program is free software; you can redistribute it and/or modify
7
it under the terms of the GNU General Public License as published by
8
the Free Software Foundation; either version 2 of the License, or
9
(at your option) any later version.
11
This program is distributed in the hope that it will be useful,
12
but WITHOUT ANY WARRANTY; without even the implied warranty of
13
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
GNU General Public License for more details.
16
You should have received a copy of the GNU General Public License
17
along with this program; if not, write to the Free Software
18
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
38
/* these are read only */
39
static uint8 pad_54[40] = {
40
54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54,
42
54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54,
46
static uint8 pad_92[48] = {
47
92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92,
48
92, 92, 92, 92, 92, 92, 92,
49
92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92,
50
92, 92, 92, 92, 92, 92, 92
54
* I believe this is based on SSLv3 with the following differences:
55
* MAC algorithm (5.2.3.1) uses only 32-bit length in place of seq_num/type/length fields
56
* MAC algorithm uses SHA1 and MD5 for the two hash functions instead of one or other
57
* key_block algorithm (6.2.2) uses 'X', 'YY', 'ZZZ' instead of 'A', 'BB', 'CCC'
58
* key_block partitioning is different (16 bytes each: MAC secret, decrypt key, encrypt key)
59
* encryption/decryption keys updated every 4096 packets
60
* See http://wp.netscape.com/eng/ssl3/draft302.txt
64
* 48-byte transformation used to generate master secret (6.1) and key material (6.2.2).
65
* Both SHA1 and MD5 algorithms are used.
68
sec_hash_48(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2, uint8 salt)
76
for (i = 0; i < 3; i++)
78
memset(pad, salt + i, i + 1);
80
crypto_sha1_init(&sha1);
81
crypto_sha1_update(&sha1, pad, i + 1);
82
crypto_sha1_update(&sha1, in, 48);
83
crypto_sha1_update(&sha1, salt1, 32);
84
crypto_sha1_update(&sha1, salt2, 32);
85
crypto_sha1_final(&sha1, shasig);
87
crypto_md5_init(&md5);
88
crypto_md5_update(&md5, in, 48);
89
crypto_md5_update(&md5, shasig, 20);
90
crypto_md5_final(&md5, &out[i * 16]);
95
* 16-byte transformation used to generate export keys (6.2.2).
98
sec_hash_16(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2)
102
crypto_md5_init(&md5);
103
crypto_md5_update(&md5, in, 16);
104
crypto_md5_update(&md5, salt1, 32);
105
crypto_md5_update(&md5, salt2, 32);
106
crypto_md5_final(&md5, out);
109
/* Reduce key entropy from 64 to 40 bits */
111
sec_make_40bit(uint8 * key)
118
/* Generate encryption keys given client and server randoms */
120
sec_generate_keys(rdpSec * sec, uint8 * client_random, uint8 * server_random, int rc4_key_size)
122
uint8 pre_master_secret[48];
123
uint8 master_secret[48];
126
/* Construct pre-master secret */
127
memcpy(pre_master_secret, client_random, 24);
128
memcpy(pre_master_secret + 24, server_random, 24);
130
/* Generate master secret and then key material */
131
sec_hash_48(master_secret, pre_master_secret, client_random, server_random, 'A');
132
sec_hash_48(key_block, master_secret, client_random, server_random, 'X');
134
/* First 16 bytes of key material is MAC secret */
135
memcpy(sec->sec_sign_key, key_block, 16);
137
/* Generate export keys from next two blocks of 16 bytes */
138
sec_hash_16(sec->sec_decrypt_key, &key_block[16], client_random, server_random);
139
sec_hash_16(sec->sec_encrypt_key, &key_block[32], client_random, server_random);
141
if (rc4_key_size == 1)
143
DEBUG("40-bit encryption enabled\n");
144
sec_make_40bit(sec->sec_sign_key);
145
sec_make_40bit(sec->sec_decrypt_key);
146
sec_make_40bit(sec->sec_encrypt_key);
147
sec->rc4_key_len = 8;
151
DEBUG("rc_4_key_size == %d, 128-bit encryption enabled\n", rc4_key_size);
152
sec->rc4_key_len = 16;
155
/* Save initial RC4 keys as update keys */
156
memcpy(sec->sec_decrypt_update_key, sec->sec_decrypt_key, 16);
157
memcpy(sec->sec_encrypt_update_key, sec->sec_encrypt_key, 16);
159
/* Initialise RC4 state arrays */
160
crypto_rc4_set_key((CRYPTO_RC4*)&(sec->rc4_decrypt_key), sec->sec_decrypt_key, sec->rc4_key_len);
161
crypto_rc4_set_key((CRYPTO_RC4*)&(sec->rc4_encrypt_key), sec->sec_encrypt_key, sec->rc4_key_len);
164
/* Output a uint32 into a buffer (little-endian) */
166
buf_out_uint32(uint8 * buffer, uint32 value)
168
buffer[0] = (value) & 0xff;
169
buffer[1] = (value >> 8) & 0xff;
170
buffer[2] = (value >> 16) & 0xff;
171
buffer[3] = (value >> 24) & 0xff;
174
/* Generate a MAC hash (5.2.3.1), using a combination of SHA1 and MD5 */
176
sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, uint8 * data, int datalen)
184
buf_out_uint32(lenhdr, datalen);
186
crypto_sha1_init(&sha1);
187
crypto_sha1_update(&sha1, session_key, keylen);
188
crypto_sha1_update(&sha1, pad_54, 40);
189
crypto_sha1_update(&sha1, lenhdr, 4);
190
crypto_sha1_update(&sha1, data, datalen);
191
crypto_sha1_final(&sha1, shasig);
193
crypto_md5_init(&md5);
194
crypto_md5_update(&md5, session_key, keylen);
195
crypto_md5_update(&md5, pad_92, 48);
196
crypto_md5_update(&md5, shasig, 20);
197
crypto_md5_final(&md5, md5sig);
199
memcpy(signature, md5sig, siglen);
202
/* Update an encryption key */
204
sec_update(rdpSec * sec, uint8 * key, uint8 * update_key)
211
crypto_sha1_init(&sha1);
212
crypto_sha1_update(&sha1, update_key, sec->rc4_key_len);
213
crypto_sha1_update(&sha1, pad_54, 40);
214
crypto_sha1_update(&sha1, key, sec->rc4_key_len);
215
crypto_sha1_final(&sha1, shasig);
217
crypto_md5_init(&md5);
218
crypto_md5_update(&md5, update_key, sec->rc4_key_len);
219
crypto_md5_update(&md5, pad_92, 48);
220
crypto_md5_update(&md5, shasig, 20);
221
crypto_md5_final(&md5, key);
223
crypto_rc4_set_key(&update, key, sec->rc4_key_len);
224
crypto_rc4(&update, sec->rc4_key_len, key, key);
226
if (sec->rc4_key_len == 8)
230
/* Encrypt data using RC4 */
232
sec_encrypt(rdpSec * sec, uint8 * data, int length)
234
if (sec->sec_encrypt_use_count == 4096)
236
sec_update(sec, sec->sec_encrypt_key, sec->sec_encrypt_update_key);
237
crypto_rc4_set_key((CRYPTO_RC4*)&(sec->rc4_encrypt_key), sec->sec_encrypt_key, sec->rc4_key_len);
238
sec->sec_encrypt_use_count = 0;
241
crypto_rc4((CRYPTO_RC4*)&(sec->rc4_encrypt_key), length, data, data);
242
sec->sec_encrypt_use_count++;
245
/* Decrypt data using RC4 */
247
sec_decrypt(rdpSec * sec, uint8 * data, int length)
249
if (sec->sec_decrypt_use_count == 4096)
251
sec_update(sec, sec->sec_decrypt_key, sec->sec_decrypt_update_key);
252
crypto_rc4_set_key((CRYPTO_RC4*)&(sec->rc4_decrypt_key), sec->sec_decrypt_key, sec->rc4_key_len);
253
sec->sec_decrypt_use_count = 0;
256
crypto_rc4((CRYPTO_RC4*)&(sec->rc4_decrypt_key), length, data, data);
257
sec->sec_decrypt_use_count++;
260
/* Perform an RSA public key encryption operation */
262
sec_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus,
265
crypto_rsa_encrypt(len, in, out, modulus_size, modulus, exponent);
268
/* Initialise secure transport packet */
270
sec_init(rdpSec * sec, uint32 flags, int maxlen)
275
if (!(sec->licence->licence_issued))
276
hdrlen = (flags & SEC_ENCRYPT) ? 12 : 4;
278
hdrlen = (flags & SEC_ENCRYPT) ? 12 : 0;
280
s = mcs_init(sec->mcs, maxlen + hdrlen);
281
s_push_layer(s, sec_hdr, hdrlen);
286
/* Initialise fast path secure transport packet */
288
sec_fp_init(rdpSec * sec, uint32 flags, int maxlen)
293
hdrlen = (flags & SEC_ENCRYPT) ? 8 : 0;
294
s = mcs_fp_init(sec->mcs, maxlen + hdrlen);
295
s_push_layer(s, sec_hdr, hdrlen);
300
/* Transmit secure transport packet over specified channel */
302
sec_send_to_channel(rdpSec * sec, STREAM s, uint32 flags, uint16 channel)
306
s_pop_layer(s, sec_hdr);
308
if (!(sec->licence->licence_issued) || (flags & SEC_ENCRYPT))
309
out_uint32_le(s, flags);
311
if (flags & SEC_ENCRYPT)
313
flags &= ~SEC_ENCRYPT;
314
datalen = s->end - s->p - 8;
317
DEBUG("Sending encrypted packet:\n");
318
hexdump(s->p + 8, datalen);
321
sec_sign(s->p, 8, sec->sec_sign_key, sec->rc4_key_len, s->p + 8, datalen);
322
sec_encrypt(sec, s->p + 8, datalen);
325
mcs_send_to_channel(sec->mcs, s, channel);
328
/* Transmit secure transport packet */
331
sec_send(rdpSec * sec, STREAM s, uint32 flags)
333
sec_send_to_channel(sec, s, flags, MCS_GLOBAL_CHANNEL);
336
/* Transmit secure fast path packet */
338
sec_fp_send(rdpSec * sec, STREAM s, uint32 flags)
342
s_pop_layer(s, sec_hdr);
343
if (flags & SEC_ENCRYPT)
345
datalen = ((int) (s->end - s->p)) - 8;
346
sec_sign(s->p, 8, sec->sec_sign_key, sec->rc4_key_len, s->p + 8, datalen);
347
sec_encrypt(sec, s->p + 8, datalen);
349
mcs_fp_send(sec->mcs, s, flags);
352
/* Transfer the client random to the server */
354
sec_establish_key(rdpSec * sec)
356
uint32 length = sec->server_public_key_len + SEC_PADDING_SIZE;
357
uint32 flags = SEC_EXCHANGE_PKT;
360
s = sec_init(sec, flags, length + 4);
362
out_uint32_le(s, length);
363
out_uint8p(s, sec->sec_crypted_random, sec->server_public_key_len);
364
out_uint8s(s, SEC_PADDING_SIZE);
367
sec_send(sec, s, flags);
370
/* Prepare PER encoded T.125 ConnectData for ConferenceCreateRequest connect-initial */
372
sec_out_connectdata(rdpSec * sec, STREAM s)
375
rdpSet * settings = sec->rdp->settings;
377
int length = 158 + 76 + 12 + 4;
379
if (settings->num_channels > 0)
380
length += settings->num_channels * 12 + 8;
382
/* t124Identifier = 0.0.20.124.0.1 */
384
out_uint16_be(s, 0x14);
387
/* connectPDU octet string */
388
out_uint16_be(s, (length | 0x8000)); /* connectPDU length in two bytes*/
389
/* connectPDU content is ConnectGCCPDU PER encoded: */
390
out_uint16_be(s, 8); /* ConferenceCreateRequest ... */
391
out_uint16_be(s, 16);
393
out_uint16_le(s, 0xc001); /* userData key is h221NonStandard */
394
out_uint8(s, 0); /* 4 bytes: */
395
out_uint32_le(s, 0x61637544); /* "Duca" */
396
out_uint16_be(s, ((length - 14) | 0x8000)); /* userData value length in two bytes */
399
* Client Core Data (216 bytes plus optional connectionType, pad1octet and serverSelectedProtocol)
402
out_uint16_le(s, UDH_CS_CORE); /* User Data Header type */
403
out_uint16_le(s, 212); /* total length */
405
out_uint32_le(s, sec->rdp->settings->rdp_version >= 5 ? 0x00080004 : 0x00080001); /* client version */
406
out_uint16_le(s, sec->rdp->settings->width); // desktopWidth
407
out_uint16_le(s, sec->rdp->settings->height); // desktopHeight
408
out_uint16_le(s, RNS_UD_COLOR_8BPP); // colorDepth - ignored because of postBeta2ColorDepth
409
out_uint16_le(s, RNS_UD_SAS_DEL); // SASSequence (Secure Access Sequence)
410
out_uint32_le(s, sec->rdp->settings->keyboard_layout); // keyboardLayout
411
out_uint32_le(s, 2600); // clientBuild
413
/* Unicode name of client, truncated to 15 characters */
414
if (strlen(sec->rdp->settings->hostname) > 15)
416
sec->rdp->settings->hostname[15] = 0; /* Modified in-place! */
418
out_len = rdp_out_unistr(sec->rdp, s, sec->rdp->settings->hostname);
419
out_uint8s(s, 30 - out_len); /* pad to 32 bytes (double zero termination has already been added) */
421
out_uint32_le(s, sec->rdp->settings->keyboard_type); /* keyboardType */
422
out_uint32_le(s, sec->rdp->settings->keyboard_subtype); /* keyboardSubType */
423
out_uint32_le(s, sec->rdp->settings->keyboard_functionkeys); /* keyboardFunctionKey */
425
/* Input Method Editor (IME) file name associated with the input locale.
426
Up to 31 Unicode characters plus a NULL terminator */
427
// if (strlen(sec->rdp->settings->keyboard_ime) > 31)
428
// sec->rdp->settings->keyboard_ime[31] = 0; /* Modified in-place! */
429
// out_len = rdp_out_unistr(sec->rdp, s, sec->rdp->settings->hostname);
430
// out_uint8s(s, 62 - out_len); /* pad to 64 bytes (double zero termination has already been added) */
431
out_uint8s(s, 64); /* imeFileName */
433
out_uint16_le(s, RNS_UD_COLOR_8BPP); // postBeta2ColorDepth
434
out_uint16_le(s, 1); // clientProductID
435
out_uint32_le(s, 0); // serialNumber (should be initialized to 0)
437
i = MIN(sec->rdp->settings->server_depth, 24); /* 32 must be reported as 24 and RNS_UD_CS_WANT_32BPP_SESSION */
438
out_uint16_le(s, i); // (requested) highColorDepth
440
i = RNS_UD_32BPP_SUPPORT | RNS_UD_24BPP_SUPPORT | RNS_UD_16BPP_SUPPORT | RNS_UD_15BPP_SUPPORT;
441
out_uint16_le(s, i); // supportedColorDepths
443
i = RNS_UD_CS_SUPPORT_ERRINFO_PDU;
444
if (sec->rdp->settings->server_depth == 32)
446
i |= RNS_UD_CS_WANT_32BPP_SESSION;
448
out_uint32_le(s, i); // earlyCapabilityFlags
450
out_uint8s(s, 64); // clientDigProductId (64 bytes)
452
/* Optional fields left out:
453
connectionType (1 byte) and pad1octet (1 byte) (because no earlyCapabilityFlags RNS_UD_CS_VALID_CONNECTION_TYPE)
454
serverSelectedProtocol (4 bytes) (default 0 = PROTOCOL_RDP)
458
* Client Security Data (12 bytes)
461
out_uint16_le(s, UDH_CS_SECURITY); /* User Data Header type */
462
out_uint16_le(s, 12); /* total length */
464
out_uint32_le(s, sec->rdp->settings->encryption ? ENCRYPTION_40BIT_FLAG | ENCRYPTION_128BIT_FLAG : 0); // encryptionMethods
465
out_uint32_le(s, 0); // extEncryptionMethods
468
* Client Network Data (optional and variable-length)
471
DEBUG_RDP5("num_channels is %d\n", settings->num_channels);
472
if (settings->num_channels > 0)
474
out_uint16_le(s, UDH_CS_NET); /* User Data Header type */
475
out_uint16_le(s, settings->num_channels * 12 + 8); /* total length */
477
out_uint32_le(s, settings->num_channels); // channelCount
478
for (i = 0; i < settings->num_channels; i++)
480
DEBUG_RDP5("Requesting channel %s\n", settings->channels[i].name);
481
out_uint8a(s, settings->channels[i].name, 8); // name (8 bytes) 7 characters with null terminator
482
out_uint32_be(s, settings->channels[i].flags); // options (4 bytes)
487
* Client Cluster Data (12 bytes)
490
out_uint16_le(s, UDH_CS_CLUSTER); /* User Data Header type */
491
out_uint16_le(s, 12); /* total length */
492
out_uint32_le(s, (sec->rdp->settings->console_session || sec->rdp->redirect_session_id) ?
493
REDIRECTED_SESSIONID_FIELD_VALID | REDIRECTION_SUPPORTED | REDIRECTION_VERSION4 :
494
REDIRECTION_SUPPORTED | REDIRECTION_VERSION4); // flags
495
out_uint32_le(s, sec->rdp->redirect_session_id); // RedirectedSessionID
500
/* Parse a public key structure */
502
sec_parse_public_key(rdpSec * sec, STREAM s, uint8 * modulus, uint8 * exponent)
504
uint32 magic, modulus_len;
506
in_uint32_le(s, magic);
507
if (magic != SEC_RSA_MAGIC)
509
ui_error(sec->rdp->inst, "RSA magic 0x%x\n", magic);
513
in_uint32_le(s, modulus_len);
514
modulus_len -= SEC_PADDING_SIZE;
515
if ((modulus_len < SEC_MODULUS_SIZE) || (modulus_len > SEC_MAX_MODULUS_SIZE))
517
ui_error(sec->rdp->inst, "Bad server public key size (%u bits)\n", modulus_len * 8);
521
in_uint8s(s, 8); /* modulus_bits, unknown */
522
in_uint8a(s, exponent, SEC_EXPONENT_SIZE);
523
in_uint8a(s, modulus, modulus_len);
524
in_uint8s(s, SEC_PADDING_SIZE);
525
sec->server_public_key_len = modulus_len;
530
/* Parse a public signature structure */
532
sec_parse_public_sig(rdpSec * sec, STREAM s, uint32 len, uint8 * modulus, uint8 * exponent)
535
uint8 signature[SEC_MAX_MODULUS_SIZE];
540
memset(signature, 0, sizeof(signature));
542
in_uint8a(s, signature, sig_len);
544
return crypto_sig_ok(exponent, SEC_EXPONENT_SIZE, modulus, sec->server_public_key_len, signature, sig_len);
547
/* Parse a crypto information structure */
549
sec_parse_crypt_info(rdpSec * sec, STREAM s, uint32 * rc4_key_size, uint8 ** server_random, uint8 * modulus, uint8 * exponent)
551
uint32 crypt_level, random_len, rsa_info_len;
552
uint32 cacert_len, cert_len, flags;
553
CRYPTO_CERT *cacert, *server_cert;
554
CRYPTO_RKEY *server_public_key;
556
uint8 *next_tag, *end;
558
in_uint32_le(s, *rc4_key_size); /* 1 = 40-bit, 2 = 128-bit */
559
in_uint32_le(s, crypt_level); /* 1 = low, 2 = medium, 3 = high */
560
if (crypt_level == 0) /* no encryption */
562
in_uint32_le(s, random_len);
563
in_uint32_le(s, rsa_info_len);
565
if (random_len != SEC_RANDOM_SIZE)
567
ui_error(sec->rdp->inst, "random len %d, expected %d\n", random_len, SEC_RANDOM_SIZE);
571
in_uint8p(s, *server_random, random_len);
574
end = s->p + rsa_info_len;
578
in_uint32_le(s, flags); /* 1 = Server Proprietary Certificate, 2 = X.509, 0x80000000 = temp */
582
DEBUG_RDP5("We're going for the RDP4-style Server Proprietary Certificate\n");
583
in_uint8s(s, 4); /* dwSigAlgId = SIGNATURE_ALG_RSA */
584
in_uint8s(s, 4); /* dwKeyAlgId = KEY_EXCHANGE_ALG_RSA */
588
in_uint16_le(s, tag);
589
in_uint16_le(s, length);
591
next_tag = s->p + length;
595
case BB_RSA_KEY_BLOB:
596
if (!sec_parse_public_key(sec, s, modulus, exponent))
598
DEBUG_RDP5("Got Public key, RDP4-style\n");
602
case BB_RSA_SIGNATURE_BLOB:
603
if (!sec_parse_public_sig(sec, s, length, modulus, exponent))
608
ui_unimpl(NULL, "crypt tag 0x%x\n", tag);
618
DEBUG_RDP5("We're going for the RDP5-style encryption\n");
619
in_uint32_le(s, certcount); /* Number of certificates */
622
ui_error(sec->rdp->inst, "Server didn't send enough X509 certificates\n");
625
for (; certcount > 2; certcount--)
627
/* ignore all the certificates between the root and the signing CA */
629
CRYPTO_CERT *ignorecert;
631
DEBUG_RDP5("Ignored certs left: %d\n", certcount);
632
in_uint32_le(s, ignorelen);
633
DEBUG_RDP5("Ignored Certificate length is %d\n", ignorelen);
634
ignorecert = crypto_cert_read(s->p, ignorelen);
635
in_uint8s(s, ignorelen);
636
if (ignorecert == NULL)
637
{ /* XXX: error out? */
638
DEBUG_RDP5("got a bad cert: this will probably screw up the rest of the communication\n");
641
#ifdef WITH_DEBUG_RDP5
642
DEBUG_RDP5("cert #%d (ignored):\n", certcount);
643
crypto_cert_print_fp(stdout, ignorecert);
645
crypto_cert_free(ignorecert);
647
/* Do da funky X.509 stuffy
649
"How did I find out about this? I looked up and saw a
650
bright light and when I came to I had a scar on my forehead
651
and knew about X.500"
652
- Peter Gutman in a early version of
653
http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt
655
in_uint32_le(s, cacert_len);
656
DEBUG_RDP5("CA Certificate length is %d\n", cacert_len);
657
cacert = crypto_cert_read(s->p, cacert_len);
658
in_uint8s(s, cacert_len);
661
ui_error(sec->rdp->inst, "Couldn't load CA Certificate from server\n");
664
in_uint32_le(s, cert_len);
665
DEBUG_RDP5("Certificate length is %d\n", cert_len);
666
server_cert = crypto_cert_read(s->p, cert_len);
667
in_uint8s(s, cert_len);
668
if (NULL == server_cert)
670
crypto_cert_free(cacert);
671
ui_error(sec->rdp->inst, "Couldn't load Certificate from server\n");
674
if (!crypto_cert_verify(server_cert, cacert))
676
crypto_cert_free(server_cert);
677
crypto_cert_free(cacert);
678
ui_error(sec->rdp->inst, "Security error CA Certificate invalid\n");
681
crypto_cert_free(cacert);
682
in_uint8s(s, 16); /* Padding */
683
server_public_key = crypto_cert_to_rkey(server_cert, &(sec->server_public_key_len));
684
if (NULL == server_public_key)
686
DEBUG_RDP5("Didn't parse X509 correctly\n");
687
crypto_cert_free(server_cert);
690
crypto_cert_free(server_cert);
691
if ((sec->server_public_key_len < SEC_MODULUS_SIZE) ||
692
(sec->server_public_key_len > SEC_MAX_MODULUS_SIZE))
694
ui_error(sec->rdp->inst, "Bad server public key size (%u bits)\n",
695
sec->server_public_key_len * 8);
696
crypto_rkey_free(server_public_key);
699
if (crypto_rkey_get_exp_mod(server_public_key, exponent, SEC_EXPONENT_SIZE,
700
modulus, SEC_MAX_MODULUS_SIZE) != 0)
702
ui_error(sec->rdp->inst, "Problem extracting RSA exponent, modulus");
703
crypto_rkey_free(server_public_key);
706
crypto_rkey_free(server_public_key);
707
return True; /* There's some garbage here we don't care about */
709
return s_check_end(s);
712
/* Process crypto information blob */
714
sec_process_crypt_info(rdpSec * sec, STREAM s)
716
uint8 *server_random = NULL;
717
uint8 client_random[SEC_RANDOM_SIZE];
718
uint8 modulus[SEC_MAX_MODULUS_SIZE];
719
uint8 exponent[SEC_EXPONENT_SIZE];
722
memset(modulus, 0, sizeof(modulus));
723
memset(exponent, 0, sizeof(exponent));
724
if (!sec_parse_crypt_info(sec, s, &rc4_key_size, &server_random, modulus, exponent))
726
DEBUG("Failed to parse crypt info\n");
729
DEBUG("Generating client random\n");
730
generate_random(client_random);
731
sec_rsa_encrypt(sec->sec_crypted_random, client_random, SEC_RANDOM_SIZE,
732
sec->server_public_key_len, modulus, exponent);
733
sec_generate_keys(sec, client_random, server_random, rc4_key_size);
737
/* Process SRV_INFO, find RDP version supported by server */
739
sec_process_srv_info(rdpSec * sec, STREAM s)
741
in_uint16_le(s, sec->server_rdp_version);
742
DEBUG_RDP5("Server RDP version is %d\n", sec->server_rdp_version);
744
if(sec->server_rdp_version == 1)
746
sec->rdp->settings->rdp_version = 4;
747
sec->rdp->settings->server_depth = 8;
749
else if(sec->server_rdp_version == 4)
751
sec->rdp->settings->rdp_version = 5;
755
sec->rdp->settings->rdp_version = 5;
760
/* Process connect response data blob */
762
sec_process_mcs_data(rdpSec * sec, STREAM s)
768
in_uint8s(s, 21); /* header (T.124 ConferenceCreateResponse) */
773
while (s->p < s->end)
775
in_uint16_le(s, tag);
776
in_uint16_le(s, length);
781
next_tag = s->p + length - 4;
786
sec_process_srv_info(sec, s);
789
case UDH_SC_SECURITY:
790
sec_process_crypt_info(sec, s);
794
/* FIXME: We should parse this information and
795
use it to map RDP5 channels to MCS
800
ui_unimpl(NULL, "response tag 0x%x\n", tag);
807
/* Receive secure transport packet */
809
sec_recv(rdpSec * sec, secRecvType * type)
811
isoRecvType iso_type;
816
while ((s = mcs_recv(sec->mcs, &channel, &iso_type)) != NULL)
818
if ((iso_type == ISO_RECV_FAST_PATH) ||
819
(iso_type == ISO_RECV_FAST_PATH_ENCRYPTED))
821
*type = SEC_RECV_FAST_PATH;
822
if (iso_type == ISO_RECV_FAST_PATH_ENCRYPTED)
824
in_uint8s(s, 8); /* dataSignature */ /* TODO: Check signature! */
825
sec_decrypt(sec, s->p, s->end - s->p);
829
if (sec->rdp->settings->encryption || !(sec->licence->licence_issued))
831
/* basicSecurityHeader: */
832
in_uint32_le(s, sec_flags);
834
if ((sec_flags & SEC_ENCRYPT) || (sec_flags & SEC_REDIRECTION_PKT))
836
in_uint8s(s, 8); /* dataSignature */
837
sec_decrypt(sec, s->p, s->end - s->p);
840
if (sec_flags & SEC_LICENSE_PKT)
842
*type = SEC_RECV_LICENSE;
843
licence_process(sec->licence, s);
847
if (sec_flags & SEC_REDIRECTION_PKT)
849
*type = SEC_RECV_REDIRECT;
854
if (channel != MCS_GLOBAL_CHANNEL)
856
vchan_process(sec->mcs->chan, s, channel);
857
*type = SEC_RECV_IOCHANNEL;
860
*type = SEC_RECV_SHARE_CONTROL;
867
/* Establish a secure connection */
869
sec_connect(rdpSec * sec, char *server, char *username, int port)
871
/* Don't forget to set this *before* iso_connect(), otherwise you'll bang your head on the wall */
874
if (!iso_connect(sec->mcs->iso, server, username, port))
881
/* TLS with NLA was successfully negotiated */
883
sec->ctx = tls_create_context();
884
sec->ssl = tls_connect(sec->ctx, sec->mcs->iso->tcp->sock, server);
885
ntlm_send_negotiate_message(sec);
893
struct stream connectdata;
895
/* We exchange some RDP data during the MCS-Connect */
896
connectdata.size = 512;
897
connectdata.p = connectdata.data = (uint8 *) xmalloc(connectdata.size);
898
sec_out_connectdata(sec, &connectdata);
899
success = mcs_connect(sec->mcs, &connectdata);
900
xfree(connectdata.data);
902
if (success && sec->rdp->settings->encryption)
903
sec_establish_key(sec);
909
/* Reestablish a secure connection */
911
sec_reconnect(rdpSec * sec, char *server, int port)
914
struct stream connectdata;
916
if (!iso_reconnect(sec->mcs->iso, server, port))
919
/* We exchange some RDP data during the MCS-Connect */
920
connectdata.size = 512;
921
connectdata.p = connectdata.data = (uint8 *) xmalloc(connectdata.size);
922
sec_out_connectdata(sec, &connectdata);
923
success = mcs_reconnect(sec->mcs, &connectdata);
924
xfree(connectdata.data);
926
if (success && sec->rdp->settings->encryption)
927
sec_establish_key(sec);
932
/* Disconnect a connection */
934
sec_disconnect(rdpSec * sec)
936
mcs_disconnect(sec->mcs);
939
/* reset the state of the sec layer */
941
sec_reset_state(rdpSec * sec)
943
sec->server_rdp_version = 0;
944
sec->sec_encrypt_use_count = 0;
945
sec->sec_decrypt_use_count = 0;
946
mcs_reset_state(sec->mcs);
950
sec_new(struct rdp_rdp * rdp)
954
self = (rdpSec *) xmalloc(sizeof(rdpSec));
957
memset(self, 0, sizeof(rdpSec));
959
self->mcs = mcs_new(self);
960
self->licence = licence_new(self);
963
self->nla = nla_new(self);
971
sec_free(rdpSec * sec)
975
licence_free(sec->licence);