/[rdesktop]/sourceforge.net/trunk/rdesktop/secure.c
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Contents of /sourceforge.net/trunk/rdesktop/secure.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1389 - (show annotations)
Sat Feb 10 05:15:58 2007 UTC (17 years, 4 months ago) by jsorg71
File MIME type: text/plain
File size: 22725 byte(s) 
g_ prefix for global vars
1 /* -*- c-basic-offset: 8 -*-
2 rdesktop: A Remote Desktop Protocol client.
3 Protocol services - RDP encryption and licensing
4 Copyright (C) Matthew Chapman 1999-2007
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 */
20
21 #include "rdesktop.h"
22 #include "ssl.h"
23
24 extern char g_hostname[16];
25 extern int g_width;
26 extern int g_height;
27 extern unsigned int g_keylayout;
28 extern int g_keyboard_type;
29 extern int g_keyboard_subtype;
30 extern int g_keyboard_functionkeys;
31 extern RD_BOOL g_encryption;
32 extern RD_BOOL g_licence_issued;
33 extern RD_BOOL g_use_rdp5;
34 extern RD_BOOL g_console_session;
35 extern int g_server_depth;
36 extern VCHANNEL g_channels[];
37 extern unsigned int g_num_channels;
38
39 static int g_rc4_key_len;
40 static SSL_RC4 g_rc4_decrypt_key;
41 static SSL_RC4 g_rc4_encrypt_key;
42 static uint32 g_server_public_key_len;
43
44 static uint8 g_sec_sign_key[16];
45 static uint8 g_sec_decrypt_key[16];
46 static uint8 g_sec_encrypt_key[16];
47 static uint8 g_sec_decrypt_update_key[16];
48 static uint8 g_sec_encrypt_update_key[16];
49 static uint8 g_sec_crypted_random[SEC_MAX_MODULUS_SIZE];
50
51 uint16 g_server_rdp_version = 0;
52
53 /* These values must be available to reset state - Session Directory */
54 static int g_sec_encrypt_use_count = 0;
55 static int g_sec_decrypt_use_count = 0;
56
57 /*
58 * I believe this is based on SSLv3 with the following differences:
59 * MAC algorithm (5.2.3.1) uses only 32-bit length in place of seq_num/type/length fields
60 * MAC algorithm uses SHA1 and MD5 for the two hash functions instead of one or other
61 * key_block algorithm (6.2.2) uses 'X', 'YY', 'ZZZ' instead of 'A', 'BB', 'CCC'
62 * key_block partitioning is different (16 bytes each: MAC secret, decrypt key, encrypt key)
63 * encryption/decryption keys updated every 4096 packets
64 * See http://wp.netscape.com/eng/ssl3/draft302.txt
65 */
66
67 /*
68 * 48-byte transformation used to generate master secret (6.1) and key material (6.2.2).
69 * Both SHA1 and MD5 algorithms are used.
70 */
71 void
72 sec_hash_48(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2, uint8 salt)
73 {
74 uint8 shasig[20];
75 uint8 pad[4];
76 SSL_SHA1 sha1;
77 SSL_MD5 md5;
78 int i;
79
80 for (i = 0; i < 3; i++)
81 {
82 memset(pad, salt + i, i + 1);
83
84 ssl_sha1_init(&sha1);
85 ssl_sha1_update(&sha1, pad, i + 1);
86 ssl_sha1_update(&sha1, in, 48);
87 ssl_sha1_update(&sha1, salt1, 32);
88 ssl_sha1_update(&sha1, salt2, 32);
89 ssl_sha1_final(&sha1, shasig);
90
91 ssl_md5_init(&md5);
92 ssl_md5_update(&md5, in, 48);
93 ssl_md5_update(&md5, shasig, 20);
94 ssl_md5_final(&md5, &out[i * 16]);
95 }
96 }
97
98 /*
99 * 16-byte transformation used to generate export keys (6.2.2).
100 */
101 void
102 sec_hash_16(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2)
103 {
104 SSL_MD5 md5;
105
106 ssl_md5_init(&md5);
107 ssl_md5_update(&md5, in, 16);
108 ssl_md5_update(&md5, salt1, 32);
109 ssl_md5_update(&md5, salt2, 32);
110 ssl_md5_final(&md5, out);
111 }
112
113 /* Reduce key entropy from 64 to 40 bits */
114 static void
115 sec_make_40bit(uint8 * key)
116 {
117 key[0] = 0xd1;
118 key[1] = 0x26;
119 key[2] = 0x9e;
120 }
121
122 /* Generate encryption keys given client and server randoms */
123 static void
124 sec_generate_keys(uint8 * client_random, uint8 * server_random, int rc4_key_size)
125 {
126 uint8 pre_master_secret[48];
127 uint8 master_secret[48];
128 uint8 key_block[48];
129
130 /* Construct pre-master secret */
131 memcpy(pre_master_secret, client_random, 24);
132 memcpy(pre_master_secret + 24, server_random, 24);
133
134 /* Generate master secret and then key material */
135 sec_hash_48(master_secret, pre_master_secret, client_random, server_random, 'A');
136 sec_hash_48(key_block, master_secret, client_random, server_random, 'X');
137
138 /* First 16 bytes of key material is MAC secret */
139 memcpy(g_sec_sign_key, key_block, 16);
140
141 /* Generate export keys from next two blocks of 16 bytes */
142 sec_hash_16(g_sec_decrypt_key, &key_block[16], client_random, server_random);
143 sec_hash_16(g_sec_encrypt_key, &key_block[32], client_random, server_random);
144
145 if (rc4_key_size == 1)
146 {
147 DEBUG(("40-bit encryption enabled\n"));
148 sec_make_40bit(g_sec_sign_key);
149 sec_make_40bit(g_sec_decrypt_key);
150 sec_make_40bit(g_sec_encrypt_key);
151 g_rc4_key_len = 8;
152 }
153 else
154 {
155 DEBUG(("rc_4_key_size == %d, 128-bit encryption enabled\n", rc4_key_size));
156 g_rc4_key_len = 16;
157 }
158
159 /* Save initial RC4 keys as update keys */
160 memcpy(g_sec_decrypt_update_key, g_sec_decrypt_key, 16);
161 memcpy(g_sec_encrypt_update_key, g_sec_encrypt_key, 16);
162
163 /* Initialise RC4 state arrays */
164 ssl_rc4_set_key(&g_rc4_decrypt_key, g_sec_decrypt_key, g_rc4_key_len);
165 ssl_rc4_set_key(&g_rc4_encrypt_key, g_sec_encrypt_key, g_rc4_key_len);
166 }
167
168 static uint8 pad_54[40] = {
169 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54,
170 54, 54, 54,
171 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54,
172 54, 54, 54
173 };
174
175 static uint8 pad_92[48] = {
176 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92,
177 92, 92, 92, 92, 92, 92, 92,
178 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92,
179 92, 92, 92, 92, 92, 92, 92
180 };
181
182 /* Output a uint32 into a buffer (little-endian) */
183 void
184 buf_out_uint32(uint8 * buffer, uint32 value)
185 {
186 buffer[0] = (value) & 0xff;
187 buffer[1] = (value >> 8) & 0xff;
188 buffer[2] = (value >> 16) & 0xff;
189 buffer[3] = (value >> 24) & 0xff;
190 }
191
192 /* Generate a MAC hash (5.2.3.1), using a combination of SHA1 and MD5 */
193 void
194 sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, uint8 * data, int datalen)
195 {
196 uint8 shasig[20];
197 uint8 md5sig[16];
198 uint8 lenhdr[4];
199 SSL_SHA1 sha1;
200 SSL_MD5 md5;
201
202 buf_out_uint32(lenhdr, datalen);
203
204 ssl_sha1_init(&sha1);
205 ssl_sha1_update(&sha1, session_key, keylen);
206 ssl_sha1_update(&sha1, pad_54, 40);
207 ssl_sha1_update(&sha1, lenhdr, 4);
208 ssl_sha1_update(&sha1, data, datalen);
209 ssl_sha1_final(&sha1, shasig);
210
211 ssl_md5_init(&md5);
212 ssl_md5_update(&md5, session_key, keylen);
213 ssl_md5_update(&md5, pad_92, 48);
214 ssl_md5_update(&md5, shasig, 20);
215 ssl_md5_final(&md5, md5sig);
216
217 memcpy(signature, md5sig, siglen);
218 }
219
220 /* Update an encryption key */
221 static void
222 sec_update(uint8 * key, uint8 * update_key)
223 {
224 uint8 shasig[20];
225 SSL_SHA1 sha1;
226 SSL_MD5 md5;
227 SSL_RC4 update;
228
229 ssl_sha1_init(&sha1);
230 ssl_sha1_update(&sha1, update_key, g_rc4_key_len);
231 ssl_sha1_update(&sha1, pad_54, 40);
232 ssl_sha1_update(&sha1, key, g_rc4_key_len);
233 ssl_sha1_final(&sha1, shasig);
234
235 ssl_md5_init(&md5);
236 ssl_md5_update(&md5, update_key, g_rc4_key_len);
237 ssl_md5_update(&md5, pad_92, 48);
238 ssl_md5_update(&md5, shasig, 20);
239 ssl_md5_final(&md5, key);
240
241 ssl_rc4_set_key(&update, key, g_rc4_key_len);
242 ssl_rc4_crypt(&update, key, key, g_rc4_key_len);
243
244 if (g_rc4_key_len == 8)
245 sec_make_40bit(key);
246 }
247
248 /* Encrypt data using RC4 */
249 static void
250 sec_encrypt(uint8 * data, int length)
251 {
252 if (g_sec_encrypt_use_count == 4096)
253 {
254 sec_update(g_sec_encrypt_key, g_sec_encrypt_update_key);
255 ssl_rc4_set_key(&g_rc4_encrypt_key, g_sec_encrypt_key, g_rc4_key_len);
256 g_sec_encrypt_use_count = 0;
257 }
258
259 ssl_rc4_crypt(&g_rc4_encrypt_key, data, data, length);
260 g_sec_encrypt_use_count++;
261 }
262
263 /* Decrypt data using RC4 */
264 void
265 sec_decrypt(uint8 * data, int length)
266 {
267 if (g_sec_decrypt_use_count == 4096)
268 {
269 sec_update(g_sec_decrypt_key, g_sec_decrypt_update_key);
270 ssl_rc4_set_key(&g_rc4_decrypt_key, g_sec_decrypt_key, g_rc4_key_len);
271 g_sec_decrypt_use_count = 0;
272 }
273
274 ssl_rc4_crypt(&g_rc4_decrypt_key, data, data, length);
275 g_sec_decrypt_use_count++;
276 }
277
278 /* Perform an RSA public key encryption operation */
279 static void
280 sec_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus,
281 uint8 * exponent)
282 {
283 ssl_rsa_encrypt(out, in, len, modulus_size, modulus, exponent);
284 }
285
286 /* Initialise secure transport packet */
287 STREAM
288 sec_init(uint32 flags, int maxlen)
289 {
290 int hdrlen;
291 STREAM s;
292
293 if (!g_licence_issued)
294 hdrlen = (flags & SEC_ENCRYPT) ? 12 : 4;
295 else
296 hdrlen = (flags & SEC_ENCRYPT) ? 12 : 0;
297 s = mcs_init(maxlen + hdrlen);
298 s_push_layer(s, sec_hdr, hdrlen);
299
300 return s;
301 }
302
303 /* Transmit secure transport packet over specified channel */
304 void
305 sec_send_to_channel(STREAM s, uint32 flags, uint16 channel)
306 {
307 int datalen;
308
309 #ifdef WITH_SCARD
310 scard_lock(SCARD_LOCK_SEC);
311 #endif
312
313 s_pop_layer(s, sec_hdr);
314 if (!g_licence_issued || (flags & SEC_ENCRYPT))
315 out_uint32_le(s, flags);
316
317 if (flags & SEC_ENCRYPT)
318 {
319 flags &= ~SEC_ENCRYPT;
320 datalen = s->end - s->p - 8;
321
322 #if WITH_DEBUG
323 DEBUG(("Sending encrypted packet:\n"));
324 hexdump(s->p + 8, datalen);
325 #endif
326
327 sec_sign(s->p, 8, g_sec_sign_key, g_rc4_key_len, s->p + 8, datalen);
328 sec_encrypt(s->p + 8, datalen);
329 }
330
331 mcs_send_to_channel(s, channel);
332
333 #ifdef WITH_SCARD
334 scard_unlock(SCARD_LOCK_SEC);
335 #endif
336 }
337
338 /* Transmit secure transport packet */
339
340 void
341 sec_send(STREAM s, uint32 flags)
342 {
343 sec_send_to_channel(s, flags, MCS_GLOBAL_CHANNEL);
344 }
345
346
347 /* Transfer the client random to the server */
348 static void
349 sec_establish_key(void)
350 {
351 uint32 length = g_server_public_key_len + SEC_PADDING_SIZE;
352 uint32 flags = SEC_CLIENT_RANDOM;
353 STREAM s;
354
355 s = sec_init(flags, length + 4);
356
357 out_uint32_le(s, length);
358 out_uint8p(s, g_sec_crypted_random, g_server_public_key_len);
359 out_uint8s(s, SEC_PADDING_SIZE);
360
361 s_mark_end(s);
362 sec_send(s, flags);
363 }
364
365 /* Output connect initial data blob */
366 static void
367 sec_out_mcs_data(STREAM s)
368 {
369 int hostlen = 2 * strlen(g_hostname);
370 int length = 158 + 76 + 12 + 4;
371 unsigned int i;
372
373 if (g_num_channels > 0)
374 length += g_num_channels * 12 + 8;
375
376 if (hostlen > 30)
377 hostlen = 30;
378
379 /* Generic Conference Control (T.124) ConferenceCreateRequest */
380 out_uint16_be(s, 5);
381 out_uint16_be(s, 0x14);
382 out_uint8(s, 0x7c);
383 out_uint16_be(s, 1);
384
385 out_uint16_be(s, (length | 0x8000)); /* remaining length */
386
387 out_uint16_be(s, 8); /* length? */
388 out_uint16_be(s, 16);
389 out_uint8(s, 0);
390 out_uint16_le(s, 0xc001);
391 out_uint8(s, 0);
392
393 out_uint32_le(s, 0x61637544); /* OEM ID: "Duca", as in Ducati. */
394 out_uint16_be(s, ((length - 14) | 0x8000)); /* remaining length */
395
396 /* Client information */
397 out_uint16_le(s, SEC_TAG_CLI_INFO);
398 out_uint16_le(s, 212); /* length */
399 out_uint16_le(s, g_use_rdp5 ? 4 : 1); /* RDP version. 1 == RDP4, 4 == RDP5. */
400 out_uint16_le(s, 8);
401 out_uint16_le(s, g_width);
402 out_uint16_le(s, g_height);
403 out_uint16_le(s, 0xca01);
404 out_uint16_le(s, 0xaa03);
405 out_uint32_le(s, g_keylayout);
406 out_uint32_le(s, 2600); /* Client build. We are now 2600 compatible :-) */
407
408 /* Unicode name of client, padded to 32 bytes */
409 rdp_out_unistr(s, g_hostname, hostlen);
410 out_uint8s(s, 30 - hostlen);
411
412 /* See
413 http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wceddk40/html/cxtsksupportingremotedesktopprotocol.asp */
414 out_uint32_le(s, g_keyboard_type);
415 out_uint32_le(s, g_keyboard_subtype);
416 out_uint32_le(s, g_keyboard_functionkeys);
417 out_uint8s(s, 64); /* reserved? 4 + 12 doublewords */
418 out_uint16_le(s, 0xca01); /* colour depth? */
419 out_uint16_le(s, 1);
420
421 out_uint32(s, 0);
422 out_uint8(s, g_server_depth);
423 out_uint16_le(s, 0x0700);
424 out_uint8(s, 0);
425 out_uint32_le(s, 1);
426 out_uint8s(s, 64); /* End of client info */
427
428 out_uint16_le(s, SEC_TAG_CLI_4);
429 out_uint16_le(s, 12);
430 out_uint32_le(s, g_console_session ? 0xb : 9);
431 out_uint32(s, 0);
432
433 /* Client encryption settings */
434 out_uint16_le(s, SEC_TAG_CLI_CRYPT);
435 out_uint16_le(s, 12); /* length */
436 out_uint32_le(s, g_encryption ? 0x3 : 0); /* encryption supported, 128-bit supported */
437 out_uint32(s, 0); /* Unknown */
438
439 DEBUG_RDP5(("g_num_channels is %d\n", g_num_channels));
440 if (g_num_channels > 0)
441 {
442 out_uint16_le(s, SEC_TAG_CLI_CHANNELS);
443 out_uint16_le(s, g_num_channels * 12 + 8); /* length */
444 out_uint32_le(s, g_num_channels); /* number of virtual channels */
445 for (i = 0; i < g_num_channels; i++)
446 {
447 DEBUG_RDP5(("Requesting channel %s\n", g_channels[i].name));
448 out_uint8a(s, g_channels[i].name, 8);
449 out_uint32_be(s, g_channels[i].flags);
450 }
451 }
452
453 s_mark_end(s);
454 }
455
456 /* Parse a public key structure */
457 static RD_BOOL
458 sec_parse_public_key(STREAM s, uint8 * modulus, uint8 * exponent)
459 {
460 uint32 magic, modulus_len;
461
462 in_uint32_le(s, magic);
463 if (magic != SEC_RSA_MAGIC)
464 {
465 error("RSA magic 0x%x\n", magic);
466 return False;
467 }
468
469 in_uint32_le(s, modulus_len);
470 modulus_len -= SEC_PADDING_SIZE;
471 if ((modulus_len < SEC_MODULUS_SIZE) || (modulus_len > SEC_MAX_MODULUS_SIZE))
472 {
473 error("Bad server public key size (%u bits)\n", modulus_len * 8);
474 return False;
475 }
476
477 in_uint8s(s, 8); /* modulus_bits, unknown */
478 in_uint8a(s, exponent, SEC_EXPONENT_SIZE);
479 in_uint8a(s, modulus, modulus_len);
480 in_uint8s(s, SEC_PADDING_SIZE);
481 g_server_public_key_len = modulus_len;
482
483 return s_check(s);
484 }
485
486 /* Parse a public signature structure */
487 static RD_BOOL
488 sec_parse_public_sig(STREAM s, uint32 len, uint8 * modulus, uint8 * exponent)
489 {
490 uint8 signature[SEC_MAX_MODULUS_SIZE];
491 uint32 sig_len;
492
493 if (len != 72)
494 {
495 return True;
496 }
497 memset(signature, 0, sizeof(signature));
498 sig_len = len - 8;
499 in_uint8a(s, signature, sig_len);
500 return ssl_sig_ok(exponent, SEC_EXPONENT_SIZE, modulus, g_server_public_key_len,
501 signature, sig_len);
502 }
503
504 /* Parse a crypto information structure */
505 static RD_BOOL
506 sec_parse_crypt_info(STREAM s, uint32 * rc4_key_size,
507 uint8 ** server_random, uint8 * modulus, uint8 * exponent)
508 {
509 uint32 crypt_level, random_len, rsa_info_len;
510 uint32 cacert_len, cert_len, flags;
511 SSL_CERT *cacert, *server_cert;
512 SSL_RKEY *server_public_key;
513 uint16 tag, length;
514 uint8 *next_tag, *end;
515
516 in_uint32_le(s, *rc4_key_size); /* 1 = 40-bit, 2 = 128-bit */
517 in_uint32_le(s, crypt_level); /* 1 = low, 2 = medium, 3 = high */
518 if (crypt_level == 0) /* no encryption */
519 return False;
520 in_uint32_le(s, random_len);
521 in_uint32_le(s, rsa_info_len);
522
523 if (random_len != SEC_RANDOM_SIZE)
524 {
525 error("random len %d, expected %d\n", random_len, SEC_RANDOM_SIZE);
526 return False;
527 }
528
529 in_uint8p(s, *server_random, random_len);
530
531 /* RSA info */
532 end = s->p + rsa_info_len;
533 if (end > s->end)
534 return False;
535
536 in_uint32_le(s, flags); /* 1 = RDP4-style, 0x80000002 = X.509 */
537 if (flags & 1)
538 {
539 DEBUG_RDP5(("We're going for the RDP4-style encryption\n"));
540 in_uint8s(s, 8); /* unknown */
541
542 while (s->p < end)
543 {
544 in_uint16_le(s, tag);
545 in_uint16_le(s, length);
546
547 next_tag = s->p + length;
548
549 switch (tag)
550 {
551 case SEC_TAG_PUBKEY:
552 if (!sec_parse_public_key(s, modulus, exponent))
553 return False;
554 DEBUG_RDP5(("Got Public key, RDP4-style\n"));
555
556 break;
557
558 case SEC_TAG_KEYSIG:
559 if (!sec_parse_public_sig(s, length, modulus, exponent))
560 return False;
561 break;
562
563 default:
564 unimpl("crypt tag 0x%x\n", tag);
565 }
566
567 s->p = next_tag;
568 }
569 }
570 else
571 {
572 uint32 certcount;
573
574 DEBUG_RDP5(("We're going for the RDP5-style encryption\n"));
575 in_uint32_le(s, certcount); /* Number of certificates */
576 if (certcount < 2)
577 {
578 error("Server didn't send enough X509 certificates\n");
579 return False;
580 }
581 for (; certcount > 2; certcount--)
582 { /* ignore all the certificates between the root and the signing CA */
583 uint32 ignorelen;
584 SSL_CERT *ignorecert;
585
586 DEBUG_RDP5(("Ignored certs left: %d\n", certcount));
587 in_uint32_le(s, ignorelen);
588 DEBUG_RDP5(("Ignored Certificate length is %d\n", ignorelen));
589 ignorecert = ssl_cert_read(s->p, ignorelen);
590 in_uint8s(s, ignorelen);
591 if (ignorecert == NULL)
592 { /* XXX: error out? */
593 DEBUG_RDP5(("got a bad cert: this will probably screw up the rest of the communication\n"));
594 }
595
596 #ifdef WITH_DEBUG_RDP5
597 DEBUG_RDP5(("cert #%d (ignored):\n", certcount));
598 ssl_cert_print_fp(stdout, ignorecert);
599 #endif
600 }
601 /* Do da funky X.509 stuffy
602
603 "How did I find out about this? I looked up and saw a
604 bright light and when I came to I had a scar on my forehead
605 and knew about X.500"
606 - Peter Gutman in a early version of
607 http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt
608 */
609 in_uint32_le(s, cacert_len);
610 DEBUG_RDP5(("CA Certificate length is %d\n", cacert_len));
611 cacert = ssl_cert_read(s->p, cacert_len);
612 in_uint8s(s, cacert_len);
613 if (NULL == cacert)
614 {
615 error("Couldn't load CA Certificate from server\n");
616 return False;
617 }
618 in_uint32_le(s, cert_len);
619 DEBUG_RDP5(("Certificate length is %d\n", cert_len));
620 server_cert = ssl_cert_read(s->p, cert_len);
621 in_uint8s(s, cert_len);
622 if (NULL == server_cert)
623 {
624 ssl_cert_free(cacert);
625 error("Couldn't load Certificate from server\n");
626 return False;
627 }
628 if (!ssl_certs_ok(server_cert, cacert))
629 {
630 ssl_cert_free(server_cert);
631 ssl_cert_free(cacert);
632 error("Security error CA Certificate invalid\n");
633 return False;
634 }
635 ssl_cert_free(cacert);
636 in_uint8s(s, 16); /* Padding */
637 server_public_key = ssl_cert_to_rkey(server_cert, &g_server_public_key_len);
638 if (NULL == server_public_key)
639 {
640 DEBUG_RDP5(("Didn't parse X509 correctly\n"));
641 ssl_cert_free(server_cert);
642 return False;
643 }
644 ssl_cert_free(server_cert);
645 if ((g_server_public_key_len < SEC_MODULUS_SIZE) ||
646 (g_server_public_key_len > SEC_MAX_MODULUS_SIZE))
647 {
648 error("Bad server public key size (%u bits)\n", g_server_public_key_len * 8);
649 ssl_rkey_free(server_public_key);
650 return False;
651 }
652 if (ssl_rkey_get_exp_mod(server_public_key, exponent, SEC_EXPONENT_SIZE,
653 modulus, SEC_MAX_MODULUS_SIZE) != 0)
654 {
655 error("Problem extracting RSA exponent, modulus");
656 ssl_rkey_free(server_public_key);
657 return False;
658 }
659 ssl_rkey_free(server_public_key);
660 return True; /* There's some garbage here we don't care about */
661 }
662 return s_check_end(s);
663 }
664
665 /* Process crypto information blob */
666 static void
667 sec_process_crypt_info(STREAM s)
668 {
669 uint8 *server_random = NULL;
670 uint8 client_random[SEC_RANDOM_SIZE];
671 uint8 modulus[SEC_MAX_MODULUS_SIZE];
672 uint8 exponent[SEC_EXPONENT_SIZE];
673 uint32 rc4_key_size;
674
675 memset(modulus, 0, sizeof(modulus));
676 memset(exponent, 0, sizeof(exponent));
677 if (!sec_parse_crypt_info(s, &rc4_key_size, &server_random, modulus, exponent))
678 {
679 DEBUG(("Failed to parse crypt info\n"));
680 return;
681 }
682 DEBUG(("Generating client random\n"));
683 generate_random(client_random);
684 sec_rsa_encrypt(g_sec_crypted_random, client_random, SEC_RANDOM_SIZE,
685 g_server_public_key_len, modulus, exponent);
686 sec_generate_keys(client_random, server_random, rc4_key_size);
687 }
688
689
690 /* Process SRV_INFO, find RDP version supported by server */
691 static void
692 sec_process_srv_info(STREAM s)
693 {
694 in_uint16_le(s, g_server_rdp_version);
695 DEBUG_RDP5(("Server RDP version is %d\n", g_server_rdp_version));
696 if (1 == g_server_rdp_version)
697 {
698 g_use_rdp5 = 0;
699 g_server_depth = 8;
700 }
701 }
702
703
704 /* Process connect response data blob */
705 void
706 sec_process_mcs_data(STREAM s)
707 {
708 uint16 tag, length;
709 uint8 *next_tag;
710 uint8 len;
711
712 in_uint8s(s, 21); /* header (T.124 ConferenceCreateResponse) */
713 in_uint8(s, len);
714 if (len & 0x80)
715 in_uint8(s, len);
716
717 while (s->p < s->end)
718 {
719 in_uint16_le(s, tag);
720 in_uint16_le(s, length);
721
722 if (length <= 4)
723 return;
724
725 next_tag = s->p + length - 4;
726
727 switch (tag)
728 {
729 case SEC_TAG_SRV_INFO:
730 sec_process_srv_info(s);
731 break;
732
733 case SEC_TAG_SRV_CRYPT:
734 sec_process_crypt_info(s);
735 break;
736
737 case SEC_TAG_SRV_CHANNELS:
738 /* FIXME: We should parse this information and
739 use it to map RDP5 channels to MCS
740 channels */
741 break;
742
743 default:
744 unimpl("response tag 0x%x\n", tag);
745 }
746
747 s->p = next_tag;
748 }
749 }
750
751 /* Receive secure transport packet */
752 STREAM
753 sec_recv(uint8 * rdpver)
754 {
755 uint32 sec_flags;
756 uint16 channel;
757 STREAM s;
758
759 while ((s = mcs_recv(&channel, rdpver)) != NULL)
760 {
761 if (rdpver != NULL)
762 {
763 if (*rdpver != 3)
764 {
765 if (*rdpver & 0x80)
766 {
767 in_uint8s(s, 8); /* signature */
768 sec_decrypt(s->p, s->end - s->p);
769 }
770 return s;
771 }
772 }
773 if (g_encryption || !g_licence_issued)
774 {
775 in_uint32_le(s, sec_flags);
776
777 if (sec_flags & SEC_ENCRYPT)
778 {
779 in_uint8s(s, 8); /* signature */
780 sec_decrypt(s->p, s->end - s->p);
781 }
782
783 if (sec_flags & SEC_LICENCE_NEG)
784 {
785 licence_process(s);
786 continue;
787 }
788
789 if (sec_flags & 0x0400) /* SEC_REDIRECT_ENCRYPT */
790 {
791 uint8 swapbyte;
792
793 in_uint8s(s, 8); /* signature */
794 sec_decrypt(s->p, s->end - s->p);
795
796 /* Check for a redirect packet, starts with 00 04 */
797 if (s->p[0] == 0 && s->p[1] == 4)
798 {
799 /* for some reason the PDU and the length seem to be swapped.
800 This isn't good, but we're going to do a byte for byte
801 swap. So the first foure value appear as: 00 04 XX YY,
802 where XX YY is the little endian length. We're going to
803 use 04 00 as the PDU type, so after our swap this will look
804 like: XX YY 04 00 */
805 swapbyte = s->p[0];
806 s->p[0] = s->p[2];
807 s->p[2] = swapbyte;
808
809 swapbyte = s->p[1];
810 s->p[1] = s->p[3];
811 s->p[3] = swapbyte;
812
813 swapbyte = s->p[2];
814 s->p[2] = s->p[3];
815 s->p[3] = swapbyte;
816 }
817 #ifdef WITH_DEBUG
818 /* warning! this debug statement will show passwords in the clear! */
819 hexdump(s->p, s->end - s->p);
820 #endif
821 }
822
823 }
824
825 if (channel != MCS_GLOBAL_CHANNEL)
826 {
827 channel_process(s, channel);
828 *rdpver = 0xff;
829 return s;
830 }
831
832 return s;
833 }
834
835 return NULL;
836 }
837
838 /* Establish a secure connection */
839 RD_BOOL
840 sec_connect(char *server, char *username)
841 {
842 struct stream mcs_data;
843
844 /* We exchange some RDP data during the MCS-Connect */
845 mcs_data.size = 512;
846 mcs_data.p = mcs_data.data = (uint8 *) xmalloc(mcs_data.size);
847 sec_out_mcs_data(&mcs_data);
848
849 if (!mcs_connect(server, &mcs_data, username))
850 return False;
851
852 /* sec_process_mcs_data(&mcs_data); */
853 if (g_encryption)
854 sec_establish_key();
855 xfree(mcs_data.data);
856 return True;
857 }
858
859 /* Establish a secure connection */
860 RD_BOOL
861 sec_reconnect(char *server)
862 {
863 struct stream mcs_data;
864
865 /* We exchange some RDP data during the MCS-Connect */
866 mcs_data.size = 512;
867 mcs_data.p = mcs_data.data = (uint8 *) xmalloc(mcs_data.size);
868 sec_out_mcs_data(&mcs_data);
869
870 if (!mcs_reconnect(server, &mcs_data))
871 return False;
872
873 /* sec_process_mcs_data(&mcs_data); */
874 if (g_encryption)
875 sec_establish_key();
876 xfree(mcs_data.data);
877 return True;
878 }
879
880 /* Disconnect a connection */
881 void
882 sec_disconnect(void)
883 {
884 mcs_disconnect();
885 }
886
887 /* reset the state of the sec layer */
888 void
889 sec_reset_state(void)
890 {
891 g_server_rdp_version = 0;
892 g_sec_encrypt_use_count = 0;
893 g_sec_decrypt_use_count = 0;
894 mcs_reset_state();
895 }
  ViewVC Help
Powered by ViewVC 1.1.26