1 /* -*- c-basic-offset: 8 -*-
2 rdesktop: A Remote Desktop Protocol client.
3 Protocol services - RDP encryption and licensing
4 Copyright (C) Matthew Chapman <matthewc.unsw.edu.au> 1999-2008
5 Copyright 2005-2011 Peter Astrand <astrand@cendio.se> for Cendio AB
7 This program is free software: you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation, either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 rdssl_sha1_info_create(void);
26 rdssl_sha1_info_delete(void * sha1_info
);
28 rdssl_sha1_clear(void * sha1_info
);
30 rdssl_sha1_transform(void * sha1_info
, char * data
, int len
);
32 rdssl_sha1_complete(void * sha1_info
, char * data
);
34 rdssl_md5_info_create(void);
36 rdssl_md5_info_delete(void * md5_info
);
38 rdssl_md5_info_create(void);
40 rdssl_md5_info_delete(void * md5_info
);
42 rdssl_md5_clear(void * md5_info
);
44 rdssl_md5_transform(void * md5_info
, char * data
, int len
);
46 rdssl_md5_complete(void * md5_info
, char * data
);
48 rdssl_rc4_info_create(void);
50 rdssl_rc4_info_delete(void * rc4_info
);
52 rdssl_rc4_set_key(void * rc4_info
, char * key
, int len
);
54 rdssl_rc4_crypt(void * rc4_info
, char * in_data
, char * out_data
, int len
);
56 rdssl_mod_exp(char* out
, int out_len
, char* in
, int in_len
,
57 char* mod
, int mod_len
, char* exp
, int exp_len
);
59 rdssl_sign_ok(char* e_data
, int e_len
, char* n_data
, int n_len
,
60 char* sign_data
, int sign_len
, char* sign_data2
, int sign_len2
, char* testkey
);
62 rdssl_cert_read(uint8
* data
, uint32 len
);
64 rdssl_cert_free(PCCERT_CONTEXT context
);
66 rdssl_cert_to_rkey(PCCERT_CONTEXT cert
, uint32
* key_len
);
68 rdssl_certs_ok(PCCERT_CONTEXT server_cert
, PCCERT_CONTEXT cacert
);
70 rdssl_rkey_get_exp_mod(uint8
* rkey
, uint8
* exponent
, uint32 max_exp_len
, uint8
* modulus
,
73 rdssl_rkey_free(uint8
* rkey
);
75 extern char g_hostname
[16];
78 extern unsigned int g_keylayout
;
79 extern int g_keyboard_type
;
80 extern int g_keyboard_subtype
;
81 extern int g_keyboard_functionkeys
;
82 extern RD_BOOL g_encryption
;
83 extern RD_BOOL g_licence_issued
;
84 extern RD_BOOL g_licence_error_result
;
85 extern RDP_VERSION g_rdp_version
;
86 extern RD_BOOL g_console_session
;
87 extern uint32 g_redirect_session_id
;
88 extern int g_server_depth
;
89 extern VCHANNEL g_channels
[];
90 extern unsigned int g_num_channels
;
91 extern uint8 g_client_random
[SEC_RANDOM_SIZE
];
93 static int g_rc4_key_len
;
94 static void * g_rc4_decrypt_key
;
95 static void * g_rc4_encrypt_key
;
96 static uint32 g_server_public_key_len
;
98 static uint8 g_sec_sign_key
[16];
99 static uint8 g_sec_decrypt_key
[16];
100 static uint8 g_sec_encrypt_key
[16];
101 static uint8 g_sec_decrypt_update_key
[16];
102 static uint8 g_sec_encrypt_update_key
[16];
103 static uint8 g_sec_crypted_random
[SEC_MAX_MODULUS_SIZE
];
105 uint16 g_server_rdp_version
= 0;
107 /* These values must be available to reset state - Session Directory */
108 static int g_sec_encrypt_use_count
= 0;
109 static int g_sec_decrypt_use_count
= 0;
111 #define SEC_MODULUS_SIZE 64
113 static uint8 g_testkey
[176] =
115 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
116 0x01, 0x00, 0x00, 0x00, 0x06, 0x00, 0x5c, 0x00,
117 0x52, 0x53, 0x41, 0x31, 0x48, 0x00, 0x00, 0x00,
118 0x00, 0x02, 0x00, 0x00, 0x3f, 0x00, 0x00, 0x00,
119 0x01, 0x00, 0x01, 0x00, 0x79, 0x6f, 0xb4, 0xdf,
120 0xa6, 0x95, 0xb9, 0xa9, 0x61, 0xe3, 0xc4, 0x5e,
121 0xff, 0x6b, 0xd8, 0x81, 0x8a, 0x12, 0x4a, 0x93,
122 0x42, 0x97, 0x18, 0x93, 0xac, 0xd1, 0x3a, 0x38,
123 0x3c, 0x68, 0x50, 0x19, 0x31, 0xb6, 0x84, 0x51,
124 0x79, 0xfb, 0x1c, 0xe7, 0xe3, 0x99, 0x20, 0xc7,
125 0x84, 0xdf, 0xd1, 0xaa, 0xb5, 0x15, 0xef, 0x47,
126 0x7e, 0xfc, 0x88, 0xeb, 0x29, 0xc3, 0x27, 0x5a,
127 0x35, 0xf8, 0xfd, 0xaa, 0x00, 0x00, 0x00, 0x00,
128 0x00, 0x00, 0x00, 0x00,
129 0x08, 0x00, 0x48, 0x00,
130 0x32, 0x3b, 0xde, 0x6f, 0x18, 0x97, 0x1e, 0xc3,
131 0x6b, 0x2b, 0x2d, 0xe4, 0xfc, 0x2d, 0xa2, 0x8e,
132 0x32, 0x3c, 0xf3, 0x1b, 0x24, 0x90, 0x57, 0x4d,
133 0x8e, 0xe4, 0x69, 0xfc, 0x16, 0x8d, 0x41, 0x92,
134 0x78, 0xc7, 0x9c, 0xb4, 0x26, 0xff, 0xe8, 0x3e,
135 0xa1, 0x8a, 0xf5, 0x57, 0xc0, 0x7f, 0x3e, 0x21,
136 0x17, 0x32, 0x30, 0x6f, 0x79, 0xe1, 0x36, 0xcd,
137 0xb6, 0x8e, 0xbe, 0x57, 0x57, 0xd2, 0xa9, 0x36
141 * I believe this is based on SSLv3 with the following differences:
142 * MAC algorithm (5.2.3.1) uses only 32-bit length in place of seq_num/type/length fields
143 * MAC algorithm uses SHA1 and MD5 for the two hash functions instead of one or other
144 * key_block algorithm (6.2.2) uses 'X', 'YY', 'ZZZ' instead of 'A', 'BB', 'CCC'
145 * key_block partitioning is different (16 bytes each: MAC secret, decrypt key, encrypt key)
146 * encryption/decryption keys updated every 4096 packets
147 * See http://wp.netscape.com/eng/ssl3/draft302.txt
151 * 48-byte transformation used to generate master secret (6.1) and key material (6.2.2).
152 * Both SHA1 and MD5 algorithms are used.
155 sec_hash_48(uint8
* out
, uint8
* in
, uint8
* salt1
, uint8
* salt2
, uint8 salt
)
163 for (i
= 0; i
< 3; i
++)
165 memset(pad
, salt
+ i
, i
+ 1);
166 sha
= rdssl_sha1_info_create();
167 rdssl_sha1_clear(sha
);
168 rdssl_sha1_transform(sha
, (char *)pad
, i
+ 1);
169 rdssl_sha1_transform(sha
, (char *)in
, 48);
170 rdssl_sha1_transform(sha
, (char *)salt1
, 32);
171 rdssl_sha1_transform(sha
, (char *)salt2
, 32);
172 rdssl_sha1_complete(sha
, (char *)shasig
);
173 rdssl_sha1_info_delete(sha
);
174 md5
= rdssl_md5_info_create();
175 rdssl_md5_clear(md5
);
176 rdssl_md5_transform(md5
, (char *)in
, 48);
177 rdssl_md5_transform(md5
, (char *)shasig
, 20);
178 rdssl_md5_complete(md5
, (char *)out
+ i
* 16);
179 rdssl_md5_info_delete(md5
);
184 * 16-byte transformation used to generate export keys (6.2.2).
187 sec_hash_16(uint8
* out
, uint8
* in
, uint8
* salt1
, uint8
* salt2
)
191 md5
= rdssl_md5_info_create();
192 rdssl_md5_clear(md5
);
193 rdssl_md5_transform(md5
, (char *)in
, 16);
194 rdssl_md5_transform(md5
, (char *)salt1
, 32);
195 rdssl_md5_transform(md5
, (char *)salt2
, 32);
196 rdssl_md5_complete(md5
, (char *)out
);
197 rdssl_md5_info_delete(md5
);
204 sec_hash_sha1_16(uint8
* out
, uint8
* in
, uint8
* salt1
)
207 sha
= rdssl_sha1_info_create();
208 rdssl_sha1_clear(sha
);
209 rdssl_sha1_transform(&sha
, (char *)in
, 16);
210 rdssl_sha1_transform(&sha
, (char *)salt1
, 16);
211 rdssl_sha1_complete(&sha
, (char *)out
);
212 rdssl_sha1_info_delete(sha
);
215 /* create string from hash */
217 sec_hash_to_string(char *out
, int out_size
, uint8
* in
, int in_size
)
220 memset(out
, 0, out_size
);
221 for (k
= 0; k
< in_size
; k
++, out
+= 2)
223 sprintf(out
, "%.2x", in
[k
]);
227 /* Reduce key entropy from 64 to 40 bits */
229 sec_make_40bit(uint8
* key
)
236 /* Generate encryption keys given client and server randoms */
238 sec_generate_keys(uint8
* client_random
, uint8
* server_random
, int rc4_key_size
)
240 uint8 pre_master_secret
[48];
241 uint8 master_secret
[48];
244 /* Construct pre-master secret */
245 memcpy(pre_master_secret
, client_random
, 24);
246 memcpy(pre_master_secret
+ 24, server_random
, 24);
248 /* Generate master secret and then key material */
249 sec_hash_48(master_secret
, pre_master_secret
, client_random
, server_random
, 'A');
250 sec_hash_48(key_block
, master_secret
, client_random
, server_random
, 'X');
252 /* First 16 bytes of key material is MAC secret */
253 memcpy(g_sec_sign_key
, key_block
, 16);
255 /* Generate export keys from next two blocks of 16 bytes */
256 sec_hash_16(g_sec_decrypt_key
, &key_block
[16], client_random
, server_random
);
257 sec_hash_16(g_sec_encrypt_key
, &key_block
[32], client_random
, server_random
);
259 if (rc4_key_size
== 1)
261 DEBUG(("40-bit encryption enabled\n"));
262 sec_make_40bit(g_sec_sign_key
);
263 sec_make_40bit(g_sec_decrypt_key
);
264 sec_make_40bit(g_sec_encrypt_key
);
269 DEBUG(("rc_4_key_size == %d, 128-bit encryption enabled\n", rc4_key_size
));
273 /* Save initial RC4 keys as update keys */
274 memcpy(g_sec_decrypt_update_key
, g_sec_decrypt_key
, 16);
275 memcpy(g_sec_encrypt_update_key
, g_sec_encrypt_key
, 16);
277 /* Initialise RC4 state arrays */
279 rdssl_rc4_info_delete(g_rc4_decrypt_key
);
280 g_rc4_decrypt_key
= rdssl_rc4_info_create();
281 rdssl_rc4_set_key(g_rc4_decrypt_key
, (char *)g_sec_decrypt_key
, g_rc4_key_len
);
283 rdssl_rc4_info_delete(g_rc4_encrypt_key
);
284 g_rc4_encrypt_key
= rdssl_rc4_info_create();
285 rdssl_rc4_set_key(g_rc4_encrypt_key
, (char *)g_sec_encrypt_key
, g_rc4_key_len
);
288 static uint8 pad_54
[40] = {
289 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54,
291 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54,
295 static uint8 pad_92
[48] = {
296 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92,
297 92, 92, 92, 92, 92, 92, 92,
298 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92,
299 92, 92, 92, 92, 92, 92, 92
302 /* Output a uint32 into a buffer (little-endian) */
304 buf_out_uint32(uint8
* buffer
, uint32 value
)
306 buffer
[0] = (value
) & 0xff;
307 buffer
[1] = (value
>> 8) & 0xff;
308 buffer
[2] = (value
>> 16) & 0xff;
309 buffer
[3] = (value
>> 24) & 0xff;
312 /* Generate a MAC hash (5.2.3.1), using a combination of SHA1 and MD5 */
314 sec_sign(uint8
* signature
, int siglen
, uint8
* session_key
, int keylen
, uint8
* data
, int datalen
)
322 buf_out_uint32(lenhdr
, datalen
);
324 sha
= rdssl_sha1_info_create();
325 rdssl_sha1_clear(sha
);
326 rdssl_sha1_transform(sha
, (char *)session_key
, keylen
);
327 rdssl_sha1_transform(sha
, (char *)pad_54
, 40);
328 rdssl_sha1_transform(sha
, (char *)lenhdr
, 4);
329 rdssl_sha1_transform(sha
, (char *)data
, datalen
);
330 rdssl_sha1_complete(sha
, (char *)shasig
);
331 rdssl_sha1_info_delete(sha
);
333 md5
= rdssl_md5_info_create();
334 rdssl_md5_clear(md5
);
335 rdssl_md5_transform(md5
, (char *)session_key
, keylen
);
336 rdssl_md5_transform(md5
, (char *)pad_92
, 48);
337 rdssl_md5_transform(md5
, (char *)shasig
, 20);
338 rdssl_md5_complete(md5
, (char *)md5sig
);
339 rdssl_md5_info_delete(md5
);
341 memcpy(signature
, md5sig
, siglen
);
344 /* Update an encryption key */
346 sec_update(uint8
* key
, uint8
* update_key
)
353 sha
= rdssl_sha1_info_create();
354 rdssl_sha1_clear(sha
);
355 rdssl_sha1_transform(sha
, (char *)update_key
, g_rc4_key_len
);
356 rdssl_sha1_transform(sha
, (char *)pad_54
, 40);
357 rdssl_sha1_transform(sha
, (char *)key
, g_rc4_key_len
);
358 rdssl_sha1_complete(sha
, (char *)shasig
);
359 rdssl_sha1_info_delete(sha
);
361 md5
= rdssl_md5_info_create();
362 rdssl_md5_clear(md5
);
363 rdssl_md5_transform(md5
, (char *)update_key
, g_rc4_key_len
);
364 rdssl_md5_transform(md5
, (char *)pad_92
, 48);
365 rdssl_md5_transform(md5
, (char *)shasig
, 20);
366 rdssl_md5_complete(md5
, (char *)key
);
367 rdssl_md5_info_delete(md5
);
370 update
= rdssl_rc4_info_create();
371 rdssl_rc4_set_key(update
, (char *)key
, g_rc4_key_len
);
372 rdssl_rc4_crypt(update
, (char *)key
, (char *)key
, g_rc4_key_len
);
373 rdssl_rc4_info_delete(update
);
375 if (g_rc4_key_len
== 8)
379 /* Encrypt data using RC4 */
381 sec_encrypt(uint8
* data
, int length
)
383 if (g_sec_encrypt_use_count
== 4096)
385 sec_update(g_sec_encrypt_key
, g_sec_encrypt_update_key
);
386 rdssl_rc4_set_key(g_rc4_encrypt_key
, (char *)g_sec_encrypt_key
, g_rc4_key_len
);
387 g_sec_encrypt_use_count
= 0;
390 rdssl_rc4_crypt(g_rc4_encrypt_key
, (char *)data
, (char *)data
, length
);
391 g_sec_encrypt_use_count
++;
394 /* Decrypt data using RC4 */
396 sec_decrypt(uint8
* data
, int length
)
398 if (g_sec_decrypt_use_count
== 4096)
400 sec_update(g_sec_decrypt_key
, g_sec_decrypt_update_key
);
401 rdssl_rc4_set_key(g_rc4_decrypt_key
, (char *)g_sec_decrypt_key
, g_rc4_key_len
);
402 g_sec_decrypt_use_count
= 0;
405 rdssl_rc4_crypt(g_rc4_decrypt_key
,(char *)data
, (char *)data
, length
);
406 g_sec_decrypt_use_count
++;
409 /* Perform an RSA public key encryption operation */
411 sec_rsa_encrypt(uint8
* out
, uint8
* in
, int len
, uint32 modulus_size
, uint8
* modulus
,
414 rdssl_mod_exp((char *)out
, 64, (char *)in
, 32, (char *)modulus
, 64, (char *)exponent
, 4);
417 /* Initialise secure transport packet */
419 sec_init(uint32 flags
, int maxlen
)
424 if (!g_licence_issued
&& !g_licence_error_result
)
425 hdrlen
= (flags
& SEC_ENCRYPT
) ? 12 : 4;
427 hdrlen
= (flags
& SEC_ENCRYPT
) ? 12 : 0;
428 s
= mcs_init(maxlen
+ hdrlen
);
429 s_push_layer(s
, sec_hdr
, hdrlen
);
434 /* Transmit secure transport packet over specified channel */
436 sec_send_to_channel(STREAM s
, uint32 flags
, uint16 channel
)
441 scard_lock(SCARD_LOCK_SEC
);
444 s_pop_layer(s
, sec_hdr
);
445 if ((!g_licence_issued
&& !g_licence_error_result
) || (flags
& SEC_ENCRYPT
))
446 out_uint32_le(s
, flags
);
448 if (flags
& SEC_ENCRYPT
)
450 flags
&= ~SEC_ENCRYPT
;
451 datalen
= s
->end
- s
->p
- 8;
454 DEBUG(("Sending encrypted packet:\n"));
455 hexdump(s
->p
+ 8, datalen
);
458 sec_sign(s
->p
, 8, g_sec_sign_key
, g_rc4_key_len
, s
->p
+ 8, datalen
);
459 sec_encrypt(s
->p
+ 8, datalen
);
462 mcs_send_to_channel(s
, channel
);
465 scard_unlock(SCARD_LOCK_SEC
);
469 /* Transmit secure transport packet */
472 sec_send(STREAM s
, uint32 flags
)
474 sec_send_to_channel(s
, flags
, MCS_GLOBAL_CHANNEL
);
478 /* Transfer the client random to the server */
480 sec_establish_key(void)
482 uint32 length
= g_server_public_key_len
+ SEC_PADDING_SIZE
;
483 uint32 flags
= SEC_EXCHANGE_PKT
;
486 s
= sec_init(flags
, length
+ 4);
488 out_uint32_le(s
, length
);
489 out_uint8p(s
, g_sec_crypted_random
, g_server_public_key_len
);
490 out_uint8s(s
, SEC_PADDING_SIZE
);
496 /* Output connect initial data blob */
498 sec_out_mcs_data(STREAM s
, uint32 selected_protocol
)
500 int hostlen
= 2 * strlen(g_hostname
);
501 int length
= 162 + 76 + 12 + 4;
503 uint32 cluster_flags
= 0;
505 if (g_num_channels
> 0)
506 length
+= g_num_channels
* 12 + 8;
511 /* Generic Conference Control (T.124) ConferenceCreateRequest */
513 out_uint16_be(s
, 0x14);
517 out_uint16_be(s
, (length
| 0x8000)); /* remaining length */
519 out_uint16_be(s
, 8); /* length? */
520 out_uint16_be(s
, 16);
522 out_uint16_le(s
, 0xc001);
525 out_uint32_le(s
, 0x61637544); /* OEM ID: "Duca", as in Ducati. */
526 out_uint16_be(s
, ((length
- 14) | 0x8000)); /* remaining length */
528 /* Client information */
529 out_uint16_le(s
, SEC_TAG_CLI_INFO
);
530 out_uint16_le(s
, 216); /* length */
531 out_uint16_le(s
, (g_rdp_version
>= RDP_V5
) ? 4 : 1); /* RDP version. 1 == RDP4, 4 >= RDP5 to RDP8 */
533 out_uint16_le(s
, g_width
);
534 out_uint16_le(s
, g_height
);
535 out_uint16_le(s
, 0xca01);
536 out_uint16_le(s
, 0xaa03);
537 out_uint32_le(s
, g_keylayout
);
538 out_uint32_le(s
, 2600); /* Client build. We are now 2600 compatible :-) */
540 /* Unicode name of client, padded to 32 bytes */
541 rdp_out_unistr(s
, g_hostname
, hostlen
);
542 out_uint8s(s
, 30 - hostlen
);
545 http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wceddk40/html/cxtsksupportingremotedesktopprotocol.asp */
546 out_uint32_le(s
, g_keyboard_type
);
547 out_uint32_le(s
, g_keyboard_subtype
);
548 out_uint32_le(s
, g_keyboard_functionkeys
);
549 out_uint8s(s
, 64); /* reserved? 4 + 12 doublewords */
550 out_uint16_le(s
, 0xca01); /* colour depth? */
554 out_uint8(s
, g_server_depth
);
555 out_uint16_le(s
, 0x0700);
559 out_uint32_le(s
, selected_protocol
); /* End of client info */
561 /* Write a Client Cluster Data (TS_UD_CS_CLUSTER) */
562 out_uint16_le(s
, SEC_TAG_CLI_CLUSTER
); /* header.type */
563 out_uint16_le(s
, 12); /* length */
565 cluster_flags
|= SEC_CC_REDIRECTION_SUPPORTED
;
566 cluster_flags
|= (SEC_CC_REDIRECT_VERSION_3
<< 2);
568 if (g_console_session
|| g_redirect_session_id
!= 0)
569 cluster_flags
|= SEC_CC_REDIRECT_SESSIONID_FIELD_VALID
;
571 out_uint32_le(s
, cluster_flags
);
572 out_uint32(s
, g_redirect_session_id
);
574 /* Client encryption settings */
575 out_uint16_le(s
, SEC_TAG_CLI_CRYPT
);
576 out_uint16_le(s
, 12); /* length */
577 out_uint32_le(s
, g_encryption
? 0x3 : 0); /* encryption supported, 128-bit supported */
578 out_uint32(s
, 0); /* Unknown */
580 DEBUG_RDP5(("g_num_channels is %d\n", g_num_channels
));
581 if (g_num_channels
> 0)
583 out_uint16_le(s
, SEC_TAG_CLI_CHANNELS
);
584 out_uint16_le(s
, g_num_channels
* 12 + 8); /* length */
585 out_uint32_le(s
, g_num_channels
); /* number of virtual channels */
586 for (i
= 0; i
< g_num_channels
; i
++)
588 DEBUG_RDP5(("Requesting channel %s\n", g_channels
[i
].name
));
589 out_uint8a(s
, g_channels
[i
].name
, 8);
590 out_uint32_be(s
, g_channels
[i
].flags
);
597 /* Parse a public key structure */
599 sec_parse_public_key(STREAM s
, uint8
* modulus
, uint8
* exponent
)
601 uint32 magic
, modulus_len
;
603 in_uint32_le(s
, magic
);
604 if (magic
!= SEC_RSA_MAGIC
)
606 error("RSA magic 0x%x\n", magic
);
610 in_uint32_le(s
, modulus_len
);
611 modulus_len
-= SEC_PADDING_SIZE
;
612 if ((modulus_len
< SEC_MODULUS_SIZE
) || (modulus_len
> SEC_MAX_MODULUS_SIZE
))
614 error("Bad server public key size (%u bits)\n", modulus_len
* 8);
618 in_uint8s(s
, 8); /* modulus_bits, unknown */
619 in_uint8a(s
, exponent
, SEC_EXPONENT_SIZE
);
620 in_uint8a(s
, modulus
, modulus_len
);
621 in_uint8s(s
, SEC_PADDING_SIZE
);
622 g_server_public_key_len
= modulus_len
;
627 /* Parse a public signature structure */
629 sec_parse_public_sig(STREAM s
, uint32 len
, uint8
* modulus
, uint8
* exponent
)
631 uint8 signature
[SEC_MAX_MODULUS_SIZE
];
632 uint8 signature_
[SEC_MAX_MODULUS_SIZE
];
639 memset(signature
, 0, sizeof(signature
));
641 in_uint8a(s
, signature
, sig_len
);
642 if(rdssl_sign_ok((char *)exponent
, SEC_EXPONENT_SIZE
, (char *)modulus
, g_server_public_key_len
,
643 (char *)signature_
, SEC_MODULUS_SIZE
, (char *)signature
, sig_len
, (char *)g_testkey
))
645 DEBUG_RDP5(("key signature doesn't match test key\n"));
650 /* Parse a crypto information structure */
652 sec_parse_crypt_info(STREAM s
, uint32
* rc4_key_size
,
653 uint8
** server_random
, uint8
* modulus
, uint8
* exponent
)
655 uint32 crypt_level
, random_len
, rsa_info_len
;
656 uint32 cacert_len
, cert_len
, flags
;
657 PCCERT_CONTEXT cacert
, server_cert
;
658 BYTE
*server_public_key
;
660 uint8
*next_tag
, *end
;
662 in_uint32_le(s
, *rc4_key_size
); /* 1 = 40-bit, 2 = 128-bit */
663 in_uint32_le(s
, crypt_level
); /* 1 = low, 2 = medium, 3 = high */
664 if (crypt_level
== 0)
670 in_uint32_le(s
, random_len
);
671 in_uint32_le(s
, rsa_info_len
);
673 if (random_len
!= SEC_RANDOM_SIZE
)
675 error("random len %d, expected %d\n", random_len
, SEC_RANDOM_SIZE
);
679 in_uint8p(s
, *server_random
, random_len
);
682 end
= s
->p
+ rsa_info_len
;
686 in_uint32_le(s
, flags
); /* 1 = RDP4-style, 0x80000002 = X.509 */
689 DEBUG_RDP5(("We're going for the RDP4-style encryption\n"));
690 in_uint8s(s
, 8); /* unknown */
694 in_uint16_le(s
, tag
);
695 in_uint16_le(s
, length
);
697 next_tag
= s
->p
+ length
;
702 if (!sec_parse_public_key(s
, modulus
, exponent
))
704 DEBUG_RDP5(("Got Public key, RDP4-style\n"));
709 if (!sec_parse_public_sig(s
, length
, modulus
, exponent
))
714 unimpl("crypt tag 0x%x\n", tag
);
724 DEBUG_RDP5(("We're going for the RDP5-style encryption\n"));
725 in_uint32_le(s
, certcount
); /* Number of certificates */
728 error("Server didn't send enough X509 certificates\n");
731 for (; certcount
> 2; certcount
--)
732 { /* ignore all the certificates between the root and the signing CA */
734 PCCERT_CONTEXT ignorecert
;
736 DEBUG_RDP5(("Ignored certs left: %d\n", certcount
));
737 in_uint32_le(s
, ignorelen
);
738 DEBUG_RDP5(("Ignored Certificate length is %d\n", ignorelen
));
739 ignorecert
= rdssl_cert_read(s
->p
, ignorelen
);
740 in_uint8s(s
, ignorelen
);
741 if (ignorecert
== NULL
)
742 { /* XXX: error out? */
743 DEBUG_RDP5(("got a bad cert: this will probably screw up the rest of the communication\n"));
746 #ifdef WITH_DEBUG_RDP5
747 DEBUG_RDP5(("cert #%d (ignored):\n", certcount
));
748 rdssl_cert_print_fp(stdout
, ignorecert
);
751 /* Do da funky X.509 stuffy
753 "How did I find out about this? I looked up and saw a
754 bright light and when I came to I had a scar on my forehead
755 and knew about X.500"
756 - Peter Gutman in a early version of
757 http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt
759 in_uint32_le(s
, cacert_len
);
760 DEBUG_RDP5(("CA Certificate length is %d\n", cacert_len
));
761 cacert
= rdssl_cert_read(s
->p
, cacert_len
);
762 in_uint8s(s
, cacert_len
);
765 error("Couldn't load CA Certificate from server\n");
768 in_uint32_le(s
, cert_len
);
769 DEBUG_RDP5(("Certificate length is %d\n", cert_len
));
770 server_cert
= rdssl_cert_read(s
->p
, cert_len
);
771 in_uint8s(s
, cert_len
);
772 if (NULL
== server_cert
)
774 rdssl_cert_free(cacert
);
775 error("Couldn't load Certificate from server\n");
778 if (!rdssl_certs_ok(server_cert
, cacert
))
780 rdssl_cert_free(server_cert
);
781 rdssl_cert_free(cacert
);
782 error("Security error CA Certificate invalid\n");
785 rdssl_cert_free(cacert
);
786 in_uint8s(s
, 16); /* Padding */
787 server_public_key
= rdssl_cert_to_rkey(server_cert
, &g_server_public_key_len
);
788 if (NULL
== server_public_key
)
790 DEBUG_RDP5(("Didn't parse X509 correctly\n"));
791 rdssl_cert_free(server_cert
);
794 rdssl_cert_free(server_cert
);
795 if ((g_server_public_key_len
< SEC_MODULUS_SIZE
) ||
796 (g_server_public_key_len
> SEC_MAX_MODULUS_SIZE
))
798 error("Bad server public key size (%u bits)\n",
799 g_server_public_key_len
* 8);
800 rdssl_rkey_free(server_public_key
);
803 if (rdssl_rkey_get_exp_mod(server_public_key
, exponent
, SEC_EXPONENT_SIZE
,
804 modulus
, SEC_MAX_MODULUS_SIZE
) != 0)
806 error("Problem extracting RSA exponent, modulus");
807 rdssl_rkey_free(server_public_key
);
810 rdssl_rkey_free(server_public_key
);
811 return True
; /* There's some garbage here we don't care about */
813 return s_check_end(s
);
816 /* Process crypto information blob */
818 sec_process_crypt_info(STREAM s
)
820 uint8
*server_random
= NULL
;
821 uint8 modulus
[SEC_MAX_MODULUS_SIZE
];
822 uint8 exponent
[SEC_EXPONENT_SIZE
];
825 memset(modulus
, 0, sizeof(modulus
));
826 memset(exponent
, 0, sizeof(exponent
));
827 if (!sec_parse_crypt_info(s
, &rc4_key_size
, &server_random
, modulus
, exponent
))
829 DEBUG(("Failed to parse crypt info\n"));
832 DEBUG(("Generating client random\n"));
833 generate_random(g_client_random
);
834 sec_rsa_encrypt(g_sec_crypted_random
, g_client_random
, SEC_RANDOM_SIZE
,
835 g_server_public_key_len
, modulus
, exponent
);
836 sec_generate_keys(g_client_random
, server_random
, rc4_key_size
);
840 /* Process SRV_INFO, find RDP version supported by server */
842 sec_process_srv_info(STREAM s
)
844 in_uint16_le(s
, g_server_rdp_version
);
845 DEBUG_RDP5(("Server RDP version is %d\n", g_server_rdp_version
));
846 if (1 == g_server_rdp_version
)
848 g_rdp_version
= RDP_V4
;
854 /* Process connect response data blob */
856 sec_process_mcs_data(STREAM s
)
862 in_uint8s(s
, 21); /* header (T.124 ConferenceCreateResponse) */
867 while (s
->p
< s
->end
)
869 in_uint16_le(s
, tag
);
870 in_uint16_le(s
, length
);
875 next_tag
= s
->p
+ length
- 4;
879 case SEC_TAG_SRV_INFO
:
880 sec_process_srv_info(s
);
883 case SEC_TAG_SRV_CRYPT
:
884 sec_process_crypt_info(s
);
887 case SEC_TAG_SRV_CHANNELS
:
888 /* FIXME: We should parse this information and
889 use it to map RDP5 channels to MCS
894 unimpl("response tag 0x%x\n", tag
);
901 /* Receive secure transport packet */
903 sec_recv(uint8
* rdpver
)
906 /* uint16 sec_flags_hi; */
910 while ((s
= mcs_recv(&channel
, rdpver
)) != NULL
)
918 in_uint8s(s
, 8); /* signature */
919 sec_decrypt(s
->p
, s
->end
- s
->p
);
924 if (g_encryption
|| (!g_licence_issued
&& !g_licence_error_result
))
926 /* TS_SECURITY_HEADER */
927 in_uint16_le(s
, sec_flags
);
928 in_uint8s(s
, 2); /* sec_flags_hi */
932 if (sec_flags
& SEC_ENCRYPT
)
934 in_uint8s(s
, 8); /* signature */
935 sec_decrypt(s
->p
, s
->end
- s
->p
);
938 if (sec_flags
& SEC_LICENSE_PKT
)
944 if (sec_flags
& SEC_REDIRECTION_PKT
) /* SEC_REDIRECT_ENCRYPT */
948 in_uint8s(s
, 8); /* signature */
949 sec_decrypt(s
->p
, s
->end
- s
->p
);
951 /* Check for a redirect packet, starts with 00 04 */
952 if (s
->p
[0] == 0 && s
->p
[1] == 4)
954 /* for some reason the PDU and the length seem to be swapped.
955 This isn't good, but we're going to do a byte for byte
956 swap. So the first four values appear as: 00 04 XX YY,
957 where XX YY is the little endian length. We're going to
958 use 04 00 as the PDU type, so after our swap this will look
973 /* warning! this debug statement will show passwords in the clear! */
974 hexdump(s
->p
, s
->end
- s
->p
);
980 if (sec_flags
& SEC_LICENSE_PKT
)
989 if (channel
!= MCS_GLOBAL_CHANNEL
)
991 channel_process(s
, channel
);
1003 /* Establish a secure connection */
1005 sec_connect(char *server
, char *username
, char *domain
, char *password
, RD_BOOL reconnect
)
1007 uint32 selected_proto
;
1008 struct stream mcs_data
;
1010 /* Start a MCS connect sequence */
1011 if (!mcs_connect_start(server
, username
, domain
, password
, reconnect
, &selected_proto
))
1014 /* We exchange some RDP data during the MCS-Connect */
1015 mcs_data
.size
= 512;
1016 mcs_data
.p
= mcs_data
.data
= (uint8
*) xmalloc(mcs_data
.size
);
1017 sec_out_mcs_data(&mcs_data
, selected_proto
);
1019 /* finalize the MCS connect sequence */
1020 if (!mcs_connect_finalize(&mcs_data
))
1023 /* sec_process_mcs_data(&mcs_data); */
1025 sec_establish_key();
1026 xfree(mcs_data
.data
);
1030 /* Disconnect a connection */
1032 sec_disconnect(void)
1037 /* reset the state of the sec layer */
1039 sec_reset_state(void)
1041 g_server_rdp_version
= 0;
1042 g_sec_encrypt_use_count
= 0;
1043 g_sec_decrypt_use_count
= 0;
1044 g_licence_issued
= 0;
1045 g_licence_error_result
= 0;