1
/* -*- c-basic-offset: 8 -*-
2
FreeRDP: A Remote Desktop Protocol client.
3
Protocol services - RDP encryption and licensing
4
Copyright (C) Matthew Chapman 1999-2008
6
This program is free software; you can redistribute it and/or modify
7
it under the terms of the GNU General Public License as published by
8
the Free Software Foundation; either version 2 of the License, or
9
(at your option) any later version.
11
This program is distributed in the hope that it will be useful,
12
but WITHOUT ANY WARRANTY; without even the implied warranty of
13
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
GNU General Public License for more details.
16
You should have received a copy of the GNU General Public License
17
along with this program; if not, write to the Free Software
18
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
41
return crypto_global_init();
45
sec_global_finish(void)
47
crypto_global_finish();
50
/* these are read only */
51
static uint8 pad_54[40] = {
52
54, 54, 54, 54, 54, 54, 54, 54,
53
54, 54, 54, 54, 54, 54, 54, 54,
54
54, 54, 54, 54, 54, 54, 54, 54,
55
54, 54, 54, 54, 54, 54, 54, 54,
56
54, 54, 54, 54, 54, 54, 54, 54
59
static uint8 pad_92[48] = {
60
92, 92, 92, 92, 92, 92, 92, 92,
61
92, 92, 92, 92, 92, 92, 92, 92,
62
92, 92, 92, 92, 92, 92, 92, 92,
63
92, 92, 92, 92, 92, 92, 92, 92,
64
92, 92, 92, 92, 92, 92, 92, 92,
65
92, 92, 92, 92, 92, 92, 92, 92
69
* 48-byte transformation used to generate master secret (6.1) and key material (6.2.2).
70
* Both SHA1 and MD5 algorithms are used.
73
sec_hash_48(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2, uint8 salt)
81
for (i = 0; i < 3; i++)
83
memset(pad, salt + i, i + 1);
85
sha1 = crypto_sha1_init();
86
crypto_sha1_update(sha1, pad, i + 1);
87
crypto_sha1_update(sha1, in, 48);
88
crypto_sha1_update(sha1, salt1, 32);
89
crypto_sha1_update(sha1, salt2, 32);
90
crypto_sha1_final(sha1, shasig);
92
md5 = crypto_md5_init();
93
crypto_md5_update(md5, in, 48);
94
crypto_md5_update(md5, shasig, 20);
95
crypto_md5_final(md5, &out[i * 16]);
100
* 16-byte transformation used to generate export keys (6.2.2).
103
sec_hash_16(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2)
105
CryptoMd5 md5 = crypto_md5_init();
106
crypto_md5_update(md5, in, 16);
107
crypto_md5_update(md5, salt1, 32);
108
crypto_md5_update(md5, salt2, 32);
109
crypto_md5_final(md5, out);
112
/* Reduce key entropy from 64 to 40 bits */
114
sec_make_40bit(uint8 * key)
121
/* Generate encryption keys given client and server randoms */
123
sec_generate_keys(rdpSec * sec, uint8 * client_random, uint8 * server_random, int rc4_key_size)
125
uint8 pre_master_secret[48];
126
uint8 master_secret[48];
129
/* Construct pre-master secret */
130
memcpy(pre_master_secret, client_random, 24);
131
memcpy(pre_master_secret + 24, server_random, 24);
133
/* Generate master secret and then key material */
134
sec_hash_48(master_secret, pre_master_secret, client_random, server_random, 'A');
135
sec_hash_48(key_block, master_secret, client_random, server_random, 'X');
137
/* First 16 bytes of key material is MAC secret */
138
memcpy(sec->sec_sign_key, key_block, 16);
140
/* Generate export keys from next two blocks of 16 bytes */
141
sec_hash_16(sec->sec_decrypt_key, &key_block[16], client_random, server_random);
142
sec_hash_16(sec->sec_encrypt_key, &key_block[32], client_random, server_random);
144
if (rc4_key_size == 1)
146
DEBUG("40-bit encryption enabled\n");
147
sec_make_40bit(sec->sec_sign_key);
148
sec_make_40bit(sec->sec_decrypt_key);
149
sec_make_40bit(sec->sec_encrypt_key);
150
sec->rc4_key_len = 8;
154
DEBUG("rc_4_key_size == %d, 128-bit encryption enabled\n", rc4_key_size);
155
sec->rc4_key_len = 16;
158
/* Save initial RC4 keys as update keys */
159
memcpy(sec->sec_decrypt_update_key, sec->sec_decrypt_key, 16);
160
memcpy(sec->sec_encrypt_update_key, sec->sec_encrypt_key, 16);
162
/* Initialise RC4 state arrays */
163
sec->rc4_decrypt_key = crypto_rc4_init(sec->sec_decrypt_key, sec->rc4_key_len);
164
sec->rc4_encrypt_key = crypto_rc4_init(sec->sec_encrypt_key, sec->rc4_key_len);
167
/* Output a uint32 into a buffer (little-endian) */
169
buf_out_uint32(uint8 * buffer, uint32 value)
171
buffer[0] = (value) & 0xff;
172
buffer[1] = (value >> 8) & 0xff;
173
buffer[2] = (value >> 16) & 0xff;
174
buffer[3] = (value >> 24) & 0xff;
177
/* Generate a MAC hash (5.2.3.1), using a combination of SHA1 and MD5 */
179
sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, uint8 * data, int datalen)
187
buf_out_uint32(lenhdr, datalen);
189
sha1 = crypto_sha1_init();
190
crypto_sha1_update(sha1, session_key, keylen);
191
crypto_sha1_update(sha1, pad_54, 40);
192
crypto_sha1_update(sha1, lenhdr, 4);
193
crypto_sha1_update(sha1, data, datalen);
194
crypto_sha1_final(sha1, shasig);
196
md5 = crypto_md5_init();
197
crypto_md5_update(md5, session_key, keylen);
198
crypto_md5_update(md5, pad_92, 48);
199
crypto_md5_update(md5, shasig, 20);
200
crypto_md5_final(md5, md5sig);
202
memcpy(signature, md5sig, siglen);
205
/* Update an encryption key */
207
sec_update(rdpSec * sec, uint8 * key, uint8 * update_key)
214
sha1 = crypto_sha1_init();
215
crypto_sha1_update(sha1, update_key, sec->rc4_key_len);
216
crypto_sha1_update(sha1, pad_54, 40);
217
crypto_sha1_update(sha1, key, sec->rc4_key_len);
218
crypto_sha1_final(sha1, shasig);
220
md5 = crypto_md5_init();
221
crypto_md5_update(md5, update_key, sec->rc4_key_len);
222
crypto_md5_update(md5, pad_92, 48);
223
crypto_md5_update(md5, shasig, 20);
224
crypto_md5_final(md5, key);
226
update = crypto_rc4_init(key, sec->rc4_key_len);
227
crypto_rc4(update, sec->rc4_key_len, key, key);
228
crypto_rc4_free(update);
230
if (sec->rc4_key_len == 8)
234
/* Encrypt data using RC4 */
236
sec_encrypt(rdpSec * sec, uint8 * data, int length)
238
if (sec->sec_encrypt_use_count == 4096)
240
sec_update(sec, sec->sec_encrypt_key, sec->sec_encrypt_update_key);
241
crypto_rc4_free(sec->rc4_encrypt_key);
242
sec->rc4_encrypt_key = crypto_rc4_init(sec->sec_encrypt_key, sec->rc4_key_len);
243
sec->sec_encrypt_use_count = 0;
246
crypto_rc4(sec->rc4_encrypt_key, length, data, data);
247
sec->sec_encrypt_use_count++;
250
/* Decrypt data using RC4 */
252
sec_decrypt(rdpSec * sec, uint8 * data, int length)
255
if (sec->tls_connected)
259
if (sec->sec_decrypt_use_count == 4096)
261
sec_update(sec, sec->sec_decrypt_key, sec->sec_decrypt_update_key);
262
crypto_rc4_free(sec->rc4_decrypt_key);
263
sec->rc4_decrypt_key = crypto_rc4_init(sec->sec_decrypt_key, sec->rc4_key_len);
264
sec->sec_decrypt_use_count = 0;
267
crypto_rc4(sec->rc4_decrypt_key, length, data, data);
268
sec->sec_decrypt_use_count++;
271
/* Initialise secure transport packet */
273
sec_init(rdpSec * sec, uint32 flags, int maxlen)
280
if (!(sec->licence->licence_issued))
281
hdrlen = (flags & SEC_ENCRYPT) ? 12 : 4;
283
hdrlen = (flags & SEC_ENCRYPT) ? 12 : 0;
288
s = mcs_init(sec->mcs, maxlen + hdrlen);
289
s_push_layer(s, sec_hdr, hdrlen);
294
/* Initialise fast path secure transport packet */
296
sec_fp_init(rdpSec * sec, uint32 flags, int maxlen)
301
hdrlen = (flags & SEC_ENCRYPT) ? 8 : 0;
302
s = mcs_fp_init(sec->mcs, maxlen + hdrlen);
303
s_push_layer(s, sec_hdr, hdrlen);
308
/* Transmit secure transport packet over specified channel */
310
sec_send_to_channel(rdpSec * sec, STREAM s, uint32 flags, uint16 channel)
313
s_pop_layer(s, sec_hdr);
317
/* Basic Security Header */
318
if (!(sec->licence->licence_issued) || (flags & SEC_ENCRYPT))
319
out_uint32_le(s, flags); /* flags */
321
if (flags & SEC_ENCRYPT)
323
flags &= ~SEC_ENCRYPT;
324
datalen = s->end - s->p - 8;
327
DEBUG("Sending encrypted packet:\n");
328
hexdump(s->p + 8, datalen);
331
sec_sign(s->p, 8, sec->sec_sign_key, sec->rc4_key_len, s->p + 8, datalen);
332
sec_encrypt(sec, s->p + 8, datalen);
336
mcs_send_to_channel(sec->mcs, s, channel);
339
/* Transmit secure transport packet */
342
sec_send(rdpSec * sec, STREAM s, uint32 flags)
344
sec_send_to_channel(sec, s, flags, MCS_GLOBAL_CHANNEL);
347
/* Transmit secure fast path packet */
349
sec_fp_send(rdpSec * sec, STREAM s, uint32 flags)
352
s_pop_layer(s, sec_hdr);
353
if (flags & SEC_ENCRYPT)
355
datalen = ((int) (s->end - s->p)) - 8;
356
sec_sign(s->p, 8, sec->sec_sign_key, sec->rc4_key_len, s->p + 8, datalen);
357
sec_encrypt(sec, s->p + 8, datalen);
359
mcs_fp_send(sec->mcs, s, flags);
362
/* Transfer the client random to the server */
364
sec_establish_key(rdpSec * sec)
366
uint32 length = sec->server_public_key_len + SEC_PADDING_SIZE;
367
uint32 flags = SEC_EXCHANGE_PKT;
370
s = sec_init(sec, flags, length + 4);
372
out_uint32_le(s, length);
373
out_uint8p(s, sec->sec_crypted_random, sec->server_public_key_len);
374
out_uint8s(s, SEC_PADDING_SIZE);
377
sec_send(sec, s, flags);
381
sec_out_client_core_data(rdpSec * sec, rdpSet * settings, STREAM s)
385
uint16 highColorDepth;
386
uint16 supportedColorDepths;
387
uint16 earlyCapabilityFlags;
389
out_uint16_le(s, UDH_CS_CORE); /* User Data Header type */
390
out_uint16_le(s, 216); /* total length */
392
out_uint32_le(s, settings->rdp_version >= 5 ? 0x00080004 : 0x00080001); /* client version */
393
out_uint16_le(s, settings->width); /* desktopWidth */
394
out_uint16_le(s, settings->height); /* desktopHeight */
395
out_uint16_le(s, RNS_UD_COLOR_8BPP); /* colorDepth, ignored because of postBeta2ColorDepth */
396
out_uint16_le(s, RNS_UD_SAS_DEL); /* SASSequence (Secure Access Sequence) */
397
out_uint32_le(s, settings->keyboard_layout); /* keyboardLayout */
398
out_uint32_le(s, 2600); /* clientBuild */
400
/* Unicode name of client, truncated to 15 characters */
401
p = xstrdup_out_unistr(sec->rdp, settings->hostname, &len);
408
out_uint8a(s, p, len + 2);
409
out_uint8s(s, 32 - len - 2);
412
out_uint32_le(s, settings->keyboard_type); /* keyboardType */
413
out_uint32_le(s, settings->keyboard_subtype); /* keyboardSubType */
414
out_uint32_le(s, settings->keyboard_functionkeys); /* keyboardFunctionKey */
416
/* Input Method Editor (IME) file name associated with the input locale.
417
Up to 31 Unicode characters plus a NULL terminator */
418
/* FIXME: populate this field with real data */
419
out_uint8s(s, 64); /* imeFileName */
421
out_uint16_le(s, RNS_UD_COLOR_8BPP); /* postBeta2ColorDepth */
422
out_uint16_le(s, 1); /* clientProductID */
423
out_uint32_le(s, 0); /* serialNumber (should be initialized to 0) */
425
highColorDepth = MIN(settings->server_depth, 24); /* 32 must be reported as 24 and RNS_UD_CS_WANT_32BPP_SESSION */
426
out_uint16_le(s, highColorDepth); /* (requested) highColorDepth */
428
supportedColorDepths = RNS_UD_32BPP_SUPPORT | RNS_UD_24BPP_SUPPORT | RNS_UD_16BPP_SUPPORT | RNS_UD_15BPP_SUPPORT;
429
out_uint16_le(s, supportedColorDepths); /* supportedColorDepths */
431
earlyCapabilityFlags = RNS_UD_CS_SUPPORT_ERRINFO_PDU;
433
if (settings->server_depth == 32)
434
earlyCapabilityFlags |= RNS_UD_CS_WANT_32BPP_SESSION;
436
out_uint16_le(s, earlyCapabilityFlags); /* earlyCapabilityFlags */
437
out_uint8s(s, 64); /* clientDigProductId (64 bytes) */
438
out_uint8(s, 0); /* connectionType, only valid when RNS_UD_CS_VALID_CONNECTION_TYPE is set in earlyCapabilityFlags */
439
out_uint8(s, 0); /* pad1octet */
440
out_uint32_le(s, sec->negotiated_protocol); /* serverSelectedProtocol */
444
sec_out_client_security_data(rdpSec * sec, rdpSet * settings, STREAM s)
446
uint16 encryptionMethods = 0;
448
out_uint16_le(s, UDH_CS_SECURITY); /* User Data Header type */
449
out_uint16_le(s, 12); /* total length */
451
if (settings->encryption || sec->tls_connected)
452
encryptionMethods = ENCRYPTION_40BIT_FLAG | ENCRYPTION_128BIT_FLAG;
454
out_uint32_le(s, encryptionMethods); /* encryptionMethods */
455
out_uint32_le(s, 0); /* extEncryptionMethods */
459
sec_out_client_network_data(rdpSec * sec, rdpSet * settings, STREAM s)
463
DEBUG_RDP5("num_channels is %d\n", settings->num_channels);
464
if (settings->num_channels > 0)
466
out_uint16_le(s, UDH_CS_NET); /* User Data Header type */
467
out_uint16_le(s, settings->num_channels * 12 + 8); /* total length */
469
out_uint32_le(s, settings->num_channels); /* channelCount */
470
for (i = 0; i < settings->num_channels; i++)
472
DEBUG_RDP5("Requesting channel %s\n", settings->channels[i].name);
473
out_uint8a(s, settings->channels[i].name, 8); /* name (8 bytes) 7 characters with null terminator */
474
out_uint32_le(s, settings->channels[i].flags); /* options (4 bytes) */
480
sec_out_client_cluster_data(rdpSec * sec, rdpSet * settings, STREAM s)
482
out_uint16_le(s, UDH_CS_CLUSTER); /* User Data Header type */
483
out_uint16_le(s, 12); /* total length */
485
out_uint32_le(s, (settings->console_session || sec->rdp->redirect_session_id) ?
486
REDIRECTED_SESSIONID_FIELD_VALID | REDIRECTION_SUPPORTED | REDIRECTION_VERSION4 :
487
REDIRECTION_SUPPORTED | REDIRECTION_VERSION4); /* flags */
489
out_uint32_le(s, sec->rdp->redirect_session_id); /* RedirectedSessionID */
493
sec_out_gcc_conference_create_request(rdpSec * sec, STREAM s)
496
rdpSet * settings = sec->rdp->settings;
498
/* See ITU-T Rec. T.124 (02/98) Generic Conference Control */
500
/* the part before userData is of a fixed size, making things convenient */
502
sec_out_client_core_data(sec, settings, s);
503
sec_out_client_cluster_data(sec, settings, s);
504
sec_out_client_security_data(sec, settings, s);
505
sec_out_client_network_data(sec, settings, s);
506
length = (s->p - s->data) - 23;
509
/* t124Identifier = 0.0.20.124.0.1 */
511
out_uint16_be(s, 0x14);
515
/* connectPDU octet string */
516
out_uint16_be(s, ((length + 14) | 0x8000)); /* connectPDU length in two bytes*/
518
/* connectPDU content is ConnectGCCPDU PER encoded: */
519
out_uint16_be(s, 8); /* ConferenceCreateRequest ... */
520
out_uint16_be(s, 16);
522
out_uint16_le(s, 0xC001); /* userData key is h221NonStandard */
523
out_uint8(s, 0); /* 4 bytes: */
524
out_uint32_le(s, 0x61637544); /* "Duca" */
525
out_uint16_be(s, (length | 0x8000)); /* userData value length in two bytes */
526
s->p = s->data + length + 23; /* userData (outputted earlier) */
532
revcpy(uint8 * out, uint8 * in, int len)
536
for (i = 0; i < len; i++)
542
/* Parse a Server Proprietary Certificate RSA Public Key */
544
sec_parse_public_key(rdpSec * sec, STREAM s, uint32 len, uint8 * modulus, uint8 * exponent)
549
in_uint32_le(s, magic);
550
if (magic != SEC_RSA_MAGIC)
552
ui_error(sec->rdp->inst, "RSA magic 0x%x\n", magic);
556
in_uint32_le(s, modulus_len);
557
if (4 + 4 + 4 + 4 + SEC_EXPONENT_SIZE + modulus_len != len)
559
ui_error(sec->rdp->inst, "Inconsistent Server Proprietary Certificate public key size\n");
562
modulus_len -= SEC_PADDING_SIZE;
563
if ((modulus_len < SEC_MODULUS_SIZE) || (modulus_len > SEC_MAX_MODULUS_SIZE))
565
ui_error(sec->rdp->inst, "Bad Server Proprietary Certificate public key size (%u bits)\n", modulus_len * 8);
569
in_uint8s(s, 4); /* modulus_bits - must match modulus_len */
570
in_uint8s(s, 4); /* datalen - how much data can be encoded */
571
revcpy(exponent, s->p, SEC_EXPONENT_SIZE);
572
in_uint8s(s, SEC_EXPONENT_SIZE);
573
revcpy(modulus, s->p, modulus_len);
574
in_uint8s(s, modulus_len);
575
in_uint8s(s, SEC_PADDING_SIZE); /* zero padding - included in modulus_len but not in modulus_bits */
576
sec->server_public_key_len = modulus_len;
581
/* Parse a Proprietary Certificate signature */
583
sec_parse_public_sig(STREAM s, uint32 len)
585
/* The Proprietary Certificate signature uses a static published private key.
586
* That is completely nonsense, so we won't bother checking it. */
592
/* Parse Server Security Data */
594
sec_parse_server_security_data(rdpSec * sec, STREAM s, uint32 * encryptionMethod, uint8 server_random[SEC_RANDOM_SIZE], uint8 * modulus, uint8 * exponent)
596
uint32 encryptionLevel;
597
uint32 serverRandomLen;
598
uint32 serverCertLen;
599
uint32 certChainVersion;
602
in_uint32_le(s, *encryptionMethod); /* 1 = 40-bit, 2 = 128-bit, 0 for TLS/CredSSP */
603
in_uint32_le(s, encryptionLevel); /* 1 = low, 2 = client compatible, 3 = high */
604
if (encryptionLevel == 0) /* no encryption */
606
in_uint32_le(s, serverRandomLen);
607
in_uint32_le(s, serverCertLen);
609
if (serverRandomLen != SEC_RANDOM_SIZE)
611
ui_error(sec->rdp->inst, "random len %d, expected %d\n", serverRandomLen, SEC_RANDOM_SIZE);
615
in_uint8a(s, server_random, SEC_RANDOM_SIZE);
617
/* Server Certificate: */
618
in_uint32_le(s, dwVersion); /* bit 0x80000000 = temporary certificate */
619
certChainVersion = dwVersion & 0x7FFFFFFF;
621
if (certChainVersion == 1) /* Server Proprietary Certificate */
623
uint16 wPublicKeyBlobType, wPublicKeyBlobLen;
624
uint16 wSignatureBlobType, wSignatureBlobLen;
626
DEBUG_RDP5("We're going for a Server Proprietary Certificate (no TS license)\n");
627
in_uint8s(s, 4); /* dwSigAlgId must be 1 (SIGNATURE_ALG_RSA) */
628
in_uint8s(s, 4); /* dwKeyAlgId must be 1 (KEY_EXCHANGE_ALG_RSA ) */
630
in_uint16_le(s, wPublicKeyBlobType);
631
if (wPublicKeyBlobType != BB_RSA_KEY_BLOB)
634
in_uint16_le(s, wPublicKeyBlobLen);
636
if (!sec_parse_public_key(sec, s, wPublicKeyBlobLen, modulus, exponent))
639
in_uint16_le(s, wSignatureBlobType);
640
if (wSignatureBlobType != BB_RSA_SIGNATURE_BLOB)
643
in_uint16_le(s, wSignatureBlobLen);
644
if (!sec_parse_public_sig(s, wSignatureBlobLen))
647
else if (certChainVersion == 2) /* X.509 */
649
uint32 cert_total_count, cert_counter;
650
uint32 license_cert_len, ts_cert_len;
651
CryptoCert license_cert, ts_cert;
653
DEBUG_RDP5("We're going for a X.509 Certificate (TS license)\n");
654
in_uint32_le(s, cert_total_count); /* Number of certificates */
655
DEBUG_RDP5("Cert chain length: %d\n", cert_total_count);
656
if (cert_total_count < 2)
658
ui_error(sec->rdp->inst, "Server didn't send enough X509 certificates\n");
661
/* X.509 Certificate Chain: */
662
/* Only the 2 last certificates in chain are _really_ interesting */
663
for (cert_counter=0; cert_counter < cert_total_count - 2; cert_counter++)
666
CryptoCert ignorecert;
668
DEBUG_RDP5("Ignoring cert: %d\n", cert_counter);
669
in_uint32_le(s, ignorelen);
670
DEBUG_RDP5("Ignored Certificate length is %d\n", ignorelen);
671
ignorecert = crypto_cert_read(s->p, ignorelen);
672
in_uint8s(s, ignorelen);
673
if (ignorecert == NULL)
675
ui_error(sec->rdp->inst, "Couldn't read certificate %d from server certificate chain\n", cert_counter);
679
#ifdef WITH_DEBUG_RDP5
680
DEBUG_RDP5("cert #%d (ignored):\n", cert_counter);
681
crypto_cert_print_fp(stdout, ignorecert);
683
/* TODO: Verify the certificate chain all the way from CA root to prevent MITM attacks */
684
crypto_cert_free(ignorecert);
686
/* The second to last certificate is the license server */
687
in_uint32_le(s, license_cert_len);
688
DEBUG_RDP5("License Server Certificate length is %d\n", license_cert_len);
689
license_cert = crypto_cert_read(s->p, license_cert_len);
690
in_uint8s(s, license_cert_len);
691
if (NULL == license_cert)
693
ui_error(sec->rdp->inst, "Couldn't load License Server Certificate from server\n");
696
#ifdef WITH_DEBUG_RDP5
697
crypto_cert_print_fp(stdout, license_cert);
699
/* The last certificate is the Terminal Server */
700
in_uint32_le(s, ts_cert_len);
701
DEBUG_RDP5("TS Certificate length is %d\n", ts_cert_len);
702
ts_cert = crypto_cert_read(s->p, ts_cert_len);
703
in_uint8s(s, ts_cert_len);
706
crypto_cert_free(license_cert);
707
ui_error(sec->rdp->inst, "Couldn't load TS Certificate from server\n");
710
#ifdef WITH_DEBUG_RDP5
711
crypto_cert_print_fp(stdout, ts_cert);
713
if (!crypto_cert_verify(ts_cert, license_cert))
715
crypto_cert_free(ts_cert);
716
crypto_cert_free(license_cert);
717
ui_error(sec->rdp->inst, "TS Certificate not signed with License Certificate\n");
720
crypto_cert_free(license_cert);
722
if (crypto_cert_get_pub_exp_mod(ts_cert, &(sec->server_public_key_len),
723
exponent, SEC_EXPONENT_SIZE, modulus, SEC_MAX_MODULUS_SIZE) != 0)
725
ui_error(sec->rdp->inst, "Problem extracting RSA key from TS Certificate\n");
726
crypto_cert_free(ts_cert);
729
crypto_cert_free(ts_cert);
730
if ((sec->server_public_key_len < SEC_MODULUS_SIZE) ||
731
(sec->server_public_key_len > SEC_MAX_MODULUS_SIZE))
733
ui_error(sec->rdp->inst, "Bad TS Certificate public key size (%u bits)\n",
734
sec->server_public_key_len * 8);
737
in_uint8s(s, 8 + 4 * cert_total_count); /* Padding */
741
ui_error(sec->rdp->inst, "Invalid cert chain version\n");
745
return s_check_end(s);
748
/* Process Server Security Data */
750
sec_process_server_security_data(rdpSec * sec, STREAM s)
753
uint8 server_random[SEC_RANDOM_SIZE];
754
uint8 client_random[SEC_RANDOM_SIZE];
755
uint8 modulus[SEC_MAX_MODULUS_SIZE];
756
uint8 exponent[SEC_EXPONENT_SIZE];
757
uint8 client_random_rev[SEC_RANDOM_SIZE];
758
uint8 crypted_random_rev[SEC_MAX_MODULUS_SIZE];
760
memset(modulus, 0, sizeof(modulus));
761
memset(exponent, 0, sizeof(exponent));
762
if (!sec_parse_server_security_data(sec, s, &rc4_key_size, server_random, modulus, exponent))
764
/* encryptionMethod (rc4_key_size) = 0 means TLS */
765
if (rc4_key_size > 0)
767
DEBUG("Failed to parse crypt info\n");
772
DEBUG("Generating client random\n");
773
generate_random(client_random);
774
revcpy(client_random_rev, client_random, SEC_RANDOM_SIZE);
775
crypto_rsa_encrypt(SEC_RANDOM_SIZE, client_random_rev, crypted_random_rev,
776
sec->server_public_key_len, modulus, exponent);
777
revcpy(sec->sec_crypted_random, crypted_random_rev, sec->server_public_key_len);
778
sec_generate_keys(sec, client_random, server_random, rc4_key_size);
781
/* Process Server Core Data */
783
sec_process_server_core_data(rdpSec * sec, STREAM s, uint16 length)
785
uint32 server_rdp_version, clientRequestedProtocols;
786
in_uint32_le(s, server_rdp_version);
788
if(server_rdp_version == 0x00080001)
790
sec->rdp->settings->rdp_version = 4;
791
sec->rdp->settings->server_depth = 8;
793
else if(server_rdp_version == 0x00080004)
795
sec->rdp->settings->rdp_version = 5; /* FIXME: We can't just upgrade the RDP version! */
799
ui_error(sec->rdp->inst, "Invalid server rdp version %ul\n", server_rdp_version);
802
DEBUG_RDP5("Server RDP version is %d\n", sec->rdp->settings->rdp_version);
805
in_uint32_le(s, clientRequestedProtocols);
809
/* Process Server Network Data */
811
sec_process_server_network_data(rdpSec * sec, STREAM s)
817
in_uint16_le(s, MCSChannelId); /* MCSChannelId */
818
in_uint16_le(s, channelCount); /* channelCount */
820
/* TODO: Check that it matches rdp->settings->num_channels */
821
if (channelCount != sec->rdp->settings->num_channels)
823
ui_error(sec->rdp->inst, "client requested %d channels, server replied with %d channels",
824
sec->rdp->settings->num_channels, channelCount);
828
for (i = 0; i < channelCount; i++)
831
in_uint16_le(s, channelId); /* Channel ID allocated to requested channel number i */
833
/* TODO: Assign channel ids here instead of in freerdp.c l_rdp_connect */
834
if (channelId != sec->rdp->settings->channels[i].chan_id)
836
ui_error(sec->rdp->inst, "channel %d is %d but should have been %d\n",
837
i, channelId, sec->rdp->settings->channels[i].chan_id);
841
if (channelCount % 2 == 1)
842
in_uint8s(s, 2); /* Padding */
845
/* Process connect response data blob */
847
sec_process_mcs_data(rdpSec * sec, STREAM s)
855
in_uint8s(s, 21); /* TODO: T.124 ConferenceCreateResponse userData with key h221NonStandard McDn */
858
totalLength = (uint16) byte;
862
totalLength &= ~0x80;
865
totalLength += (uint16) byte;
868
while (s->p < s->end)
870
in_uint16_le(s, type);
871
in_uint16_le(s, length);
876
next_tag = s->p + length - 4;
880
case UDH_SC_CORE: /* Server Core Data */
881
sec_process_server_core_data(sec, s, length);
884
case UDH_SC_NET: /* Server Network Data */
885
sec_process_server_network_data(sec, s);
888
case UDH_SC_SECURITY: /* Server Security Data */
889
sec_process_server_security_data(sec, s);
897
/* Receive secure transport packet */
899
sec_recv(rdpSec * sec, secRecvType * type)
904
isoRecvType iso_type;
906
while ((s = mcs_recv(sec->mcs, &channel, &iso_type)) != NULL)
908
if ((iso_type == ISO_RECV_FAST_PATH) ||
909
(iso_type == ISO_RECV_FAST_PATH_ENCRYPTED))
911
*type = SEC_RECV_FAST_PATH;
912
if (iso_type == ISO_RECV_FAST_PATH_ENCRYPTED)
914
in_uint8s(s, 8); /* dataSignature */ /* TODO: Check signature! */
915
sec_decrypt(sec, s->p, s->end - s->p);
919
if (sec->rdp->settings->encryption || !sec->licence->licence_issued)
921
/* basicSecurityHeader: */
922
in_uint32_le(s, sec_flags);
924
if ((sec_flags & SEC_ENCRYPT) || (sec_flags & SEC_REDIRECTION_PKT))
926
in_uint8s(s, 8); /* dataSignature */ /* TODO: Check signature! */
927
sec_decrypt(sec, s->p, s->end - s->p);
930
if (sec_flags & SEC_LICENSE_PKT)
932
*type = SEC_RECV_LICENSE;
933
licence_process(sec->licence, s);
937
if (sec_flags & SEC_REDIRECTION_PKT)
939
*type = SEC_RECV_REDIRECT;
944
if (channel != MCS_GLOBAL_CHANNEL)
946
vchan_process(sec->mcs->chan, s, channel);
947
*type = SEC_RECV_IOCHANNEL;
950
*type = SEC_RECV_SHARE_CONTROL;
957
/* Establish a secure connection */
959
sec_connect(rdpSec * sec, char *server, char *username, int port)
961
/* Don't forget to set this *before* iso_connect(), otherwise you'll bang your head on the wall */
963
if (sec->rdp->settings->tls)
964
sec->requested_protocol = PROTOCOL_TLS;
966
sec->requested_protocol = PROTOCOL_RDP;
968
if (!iso_connect(sec->mcs->iso, server, username, port))
972
if(sec->negotiated_protocol == PROTOCOL_NLA)
974
/* TLS with NLA was successfully negotiated */
975
printf("TLS encryption with NLA negotiated\n");
976
sec->ctx = tls_create_context();
977
sec->ssl = tls_connect(sec->ctx, sec->mcs->iso->tcp->sock, server);
978
sec->tls_connected = 1;
979
ntlm_send_negotiate_message(sec);
981
exit(0); /* not implemented from this point */
983
else if(sec->negotiated_protocol == PROTOCOL_TLS)
985
/* TLS without NLA was successfully negotiated */
987
printf("TLS Encryption negotiated\n");
988
sec->ctx = tls_create_context();
989
sec->ssl = tls_connect(sec->ctx, sec->mcs->iso->tcp->sock, server);
990
sec->tls_connected = 1;
991
sec->rdp->settings->encryption = 0;
992
success = mcs_connect(sec->mcs);
1000
if (sec->requested_protocol > PROTOCOL_RDP)
1002
/* only tell about the legacy RDP negotiation success when it wasn't the requested encryption */
1003
printf("Legacy RDP encryption negotiated\n");
1006
success = mcs_connect(sec->mcs);
1008
if (success && sec->rdp->settings->encryption)
1009
sec_establish_key(sec);
1017
/* Disconnect a connection */
1019
sec_disconnect(rdpSec * sec)
1021
mcs_disconnect(sec->mcs);
1025
tls_destroy_context(sec->ctx);
1029
if (sec->rc4_decrypt_key)
1030
crypto_rc4_free(sec->rc4_decrypt_key);
1031
sec->rc4_decrypt_key = NULL;
1032
if (sec->rc4_encrypt_key)
1033
crypto_rc4_free(sec->rc4_encrypt_key);
1034
sec->rc4_encrypt_key = NULL;
1038
sec_new(struct rdp_rdp * rdp)
1042
self = (rdpSec *) xmalloc(sizeof(rdpSec));
1045
memset(self, 0, sizeof(rdpSec));
1047
self->mcs = mcs_new(self);
1048
self->licence = licence_new(self);
1051
self->nla = nla_new(self);
1054
self->rc4_decrypt_key = NULL;
1055
self->rc4_encrypt_key = NULL;
1061
sec_free(rdpSec * sec)
1065
licence_free(sec->licence);