251
268
modlen = keylen - 8;
252
269
freerdp_blob_alloc(&(certificate->cert_info.modulus), modlen);
253
270
stream_read(s, certificate->cert_info.modulus.data, modlen);
271
/* 8 bytes of zero padding */
254
272
stream_seek(s, 8);
259
static boolean certificate_process_server_public_signature(rdpCertificate* certificate, STREAM* s, uint32 length)
277
static boolean certificate_process_server_public_signature(rdpCertificate* certificate, uint8* sigdata, int sigdatalen, STREAM* s, uint32 siglen)
261
stream_seek(s, length);
279
uint8 md5hash[CRYPTO_MD5_DIGEST_LENGTH];
280
uint8 encsig[TSSK_KEY_LENGTH + 8];
281
uint8 sig[TSSK_KEY_LENGTH];
285
md5ctx = crypto_md5_init();
286
crypto_md5_update(md5ctx, sigdata, sigdatalen);
287
crypto_md5_final(md5ctx, md5hash);
289
stream_read(s, encsig, siglen);
291
/* Last 8 bytes shall be all zero. */
293
for (sum = 0, i = sizeof(encsig) - 8; i < sizeof(encsig); i++)
298
printf("certificate_process_server_public_signature: invalid signature\n");
304
crypto_rsa_public_decrypt(encsig, siglen, TSSK_KEY_LENGTH, tssk_modulus, tssk_exponent, sig);
306
/* Verify signature. */
307
if (memcmp(md5hash, sig, sizeof(md5hash)) != 0)
309
printf("certificate_process_server_public_signature: invalid signature\n");
314
* Verify rest of decrypted data:
315
* The 17th byte is 0x00.
316
* The 18th through 62nd bytes are each 0xFF.
317
* The 63rd byte is 0x01.
320
for (sum = 0, i = 17; i < 62; i++)
323
if (sig[16] != 0x00 || sum != 0xFF * (62 - 17) || sig[62] != 0x01)
325
printf("certificate_process_server_public_signature: invalid signature\n");
481
rdpKey* key_new(const char* keyfile)
487
key = (rdpKey*) xzalloc(sizeof(rdpKey));
492
fp = fopen(keyfile, "r");
496
printf("unable to load RSA key from %s: %s.", keyfile, strerror(errno));
500
rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
504
ERR_print_errors_fp(stdout);
511
switch (RSA_check_key(rsa))
515
printf("invalid RSA key in %s", keyfile);
523
ERR_print_errors_fp(stdout);
528
if (BN_num_bytes(rsa->e) > 4)
531
printf("RSA public exponent too large in %s", keyfile);
535
freerdp_blob_alloc(&key->modulus, BN_num_bytes(rsa->n));
536
BN_bn2bin(rsa->n, key->modulus.data);
537
crypto_reverse(key->modulus.data, key->modulus.length);
538
freerdp_blob_alloc(&key->private_exponent, BN_num_bytes(rsa->d));
539
BN_bn2bin(rsa->d, key->private_exponent.data);
540
crypto_reverse(key->private_exponent.data, key->private_exponent.length);
541
memset(key->exponent, 0, sizeof(key->exponent));
542
BN_bn2bin(rsa->e, key->exponent + sizeof(key->exponent) - BN_num_bytes(rsa->e));
543
crypto_reverse(key->exponent, sizeof(key->exponent));
550
void key_free(rdpKey* key)
554
freerdp_blob_free(&key->modulus);
555
freerdp_blob_free(&key->private_exponent);
560
void certificate_store_init(rdpCertificateStore* certificate_store)
563
rdpSettings* settings;
565
settings = certificate_store->settings;
567
config_path = freerdp_get_config_path(settings);
568
certificate_store->path = freerdp_construct_path(config_path, (char*) certificate_store_dir);
570
if (freerdp_check_file_exists(certificate_store->path) == false)
572
freerdp_mkdir(certificate_store->path);
573
printf("creating directory %s\n", certificate_store->path);
576
certificate_store->file = freerdp_construct_path(config_path, (char*) certificate_known_hosts_file);
578
if (freerdp_check_file_exists(certificate_store->file) == false)
580
certificate_store->fp = fopen((char*) certificate_store->file, "w+");
582
if (certificate_store->fp == NULL)
584
printf("certificate_store_open: error opening [%s] for writing\n", certificate_store->file);
588
fflush(certificate_store->fp);
592
certificate_store->fp = fopen((char*) certificate_store->file, "r+");
596
int certificate_data_match(rdpCertificateStore* certificate_store, rdpCertificateData* certificate_data)
605
fp = certificate_store->fp;
610
fseek(fp, 0, SEEK_END);
612
fseek(fp, 0, SEEK_SET);
617
data = (char*) xmalloc(size + 2);
619
if (fread(data, size, 1, fp) != 1)
626
data[size + 1] = '\0';
627
pline = strtok(data, "\n");
629
while (pline != NULL)
631
length = strlen(pline);
635
length = strcspn(pline, " \t");
636
pline[length] = '\0';
638
if (strcmp(pline, certificate_data->hostname) == 0)
640
pline = &pline[length + 1];
642
if (strcmp(pline, certificate_data->fingerprint) == 0)
650
pline = strtok(NULL, "\n");
657
void certificate_data_print(rdpCertificateStore* certificate_store, rdpCertificateData* certificate_data)
661
/* reopen in append mode */
662
fp = fopen(certificate_store->file, "a");
667
fprintf(certificate_store->fp,"%s %s\n", certificate_data->hostname, certificate_data->fingerprint);
671
rdpCertificateData* certificate_data_new(char* hostname, char* fingerprint)
673
rdpCertificateData* certdata;
675
certdata = (rdpCertificateData*) xzalloc(sizeof(rdpCertificateData));
677
if (certdata != NULL)
679
certdata->hostname = xstrdup(hostname);
680
certdata->fingerprint = xstrdup(fingerprint);
686
void certificate_data_free(rdpCertificateData* certificate_data)
688
if (certificate_data != NULL)
690
xfree(certificate_data->hostname);
691
xfree(certificate_data->fingerprint);
692
xfree(certificate_data);
696
rdpCertificateStore* certificate_store_new(rdpSettings* settings)
698
rdpCertificateStore* certificate_store;
700
certificate_store = (rdpCertificateStore*) xzalloc(sizeof(rdpCertificateStore));
702
if (certificate_store != NULL)
704
certificate_store->settings = settings;
705
certificate_store_init(certificate_store);
708
return certificate_store;
711
void certificate_store_free(rdpCertificateStore* certstore)
713
if (certstore != NULL)
715
if (certstore->fp != NULL)
716
fclose(certstore->fp);
718
xfree(certstore->path);
719
xfree(certstore->file);
404
725
* Instantiate new certificate module.\n
405
726
* @param rdp RDP module
406
727
* @return new certificate module
409
rdpCertificate* certificate_new(void)
730
rdpCertificate* certificate_new()
411
732
rdpCertificate* certificate;