/[rdesktop]/sourceforge.net/trunk/rdesktop/secure.c
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Diff of /sourceforge.net/trunk/rdesktop/secure.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 24 by matty, Sat Jan 6 03:12:10 2001 UTC revision 28 by matty, Wed Jun 20 13:54:48 2001 UTC
# Line 28  extern char hostname[16]; Line 28  extern char hostname[16];
28  extern int width;  extern int width;
29  extern int height;  extern int height;
30  extern int keylayout;  extern int keylayout;
31    extern BOOL use_encryption;
32    extern BOOL licence_issued;
33    
34  static int rc4_key_len;  static int rc4_key_len;
35  static RC4_KEY rc4_decrypt_key;  static RC4_KEY rc4_decrypt_key;
# Line 45  static uint8 sec_crypted_random[64]; Line 47  static uint8 sec_crypted_random[64];
47   * a client and server salt) and a global salt value used for padding.   * a client and server salt) and a global salt value used for padding.
48   * Both SHA1 and MD5 algorithms are used.   * Both SHA1 and MD5 algorithms are used.
49   */   */
50  void sec_hash_48(uint8 *out, uint8 *in, uint8 *salt1, uint8 *salt2,  void
51                   uint8 salt)  sec_hash_48(uint8 *out, uint8 *in, uint8 *salt1, uint8 *salt2, uint8 salt)
52  {  {
53          uint8 shasig[20];          uint8 shasig[20];
54          uint8 pad[4];          uint8 pad[4];
# Line 76  void sec_hash_48(uint8 *out, uint8 *in, Line 78  void sec_hash_48(uint8 *out, uint8 *in,
78   * Weaker 16-byte transformation, also using two 32-byte salts, but   * Weaker 16-byte transformation, also using two 32-byte salts, but
79   * only using a single round of MD5.   * only using a single round of MD5.
80   */   */
81  void sec_hash_16(uint8 *out, uint8 *in, uint8 *salt1, uint8 *salt2)  void
82    sec_hash_16(uint8 *out, uint8 *in, uint8 *salt1, uint8 *salt2)
83  {  {
84          MD5_CTX md5;          MD5_CTX md5;
85    
# Line 88  void sec_hash_16(uint8 *out, uint8 *in, Line 91  void sec_hash_16(uint8 *out, uint8 *in,
91  }  }
92    
93  /* Reduce key entropy from 64 to 40 bits */  /* Reduce key entropy from 64 to 40 bits */
94  static void sec_make_40bit(uint8 *key)  static void
95    sec_make_40bit(uint8 *key)
96  {  {
97          key[0] = 0xd1;          key[0] = 0xd1;
98          key[1] = 0x26;          key[1] = 0x26;
# Line 96  static void sec_make_40bit(uint8 *key) Line 100  static void sec_make_40bit(uint8 *key)
100  }  }
101    
102  /* Generate a session key and RC4 keys, given client and server randoms */  /* Generate a session key and RC4 keys, given client and server randoms */
103  static void sec_generate_keys(uint8 *client_key, uint8 *server_key,  static void
104                                int rc4_key_size)  sec_generate_keys(uint8 *client_key, uint8 *server_key, int rc4_key_size)
105  {  {
106          uint8 session_key[48];          uint8 session_key[48];
107          uint8 temp_hash[48];          uint8 temp_hash[48];
# Line 145  static void sec_generate_keys(uint8 *cli Line 149  static void sec_generate_keys(uint8 *cli
149    
150  static uint8 pad_54[40] = {  static uint8 pad_54[40] = {
151          54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54,          54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54,
152                  54, 54, 54,          54, 54, 54,
153          54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54,          54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54,
154                  54, 54, 54          54, 54, 54
155  };  };
156    
157  static uint8 pad_92[48] = {  static uint8 pad_92[48] = {
158          92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92,          92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92,
159                  92, 92, 92, 92, 92, 92, 92,          92, 92, 92, 92, 92, 92, 92,
160          92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92,          92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92,
161                  92, 92, 92, 92, 92, 92, 92          92, 92, 92, 92, 92, 92, 92
162  };  };
163    
164  /* Output a uint32 into a buffer (little-endian) */  /* Output a uint32 into a buffer (little-endian) */
165  void buf_out_uint32(uint8 *buffer, uint32 value)  void
166    buf_out_uint32(uint8 *buffer, uint32 value)
167  {  {
168          buffer[0] = (value) & 0xff;          buffer[0] = (value) & 0xff;
169          buffer[1] = (value >> 8) & 0xff;          buffer[1] = (value >> 8) & 0xff;
# Line 167  void buf_out_uint32(uint8 *buffer, uint3 Line 172  void buf_out_uint32(uint8 *buffer, uint3
172  }  }
173    
174  /* Generate a signature hash, using a combination of SHA1 and MD5 */  /* Generate a signature hash, using a combination of SHA1 and MD5 */
175  void sec_sign(uint8 *signature, uint8 *session_key, int length,  void
176                uint8 *data, int datalen)  sec_sign(uint8 *signature, uint8 *session_key, int length,
177             uint8 *data, int datalen)
178  {  {
179          uint8 shasig[20];          uint8 shasig[20];
180          uint8 md5sig[16];          uint8 md5sig[16];
# Line 195  void sec_sign(uint8 *signature, uint8 *s Line 201  void sec_sign(uint8 *signature, uint8 *s
201  }  }
202    
203  /* Update an encryption key - similar to the signing process */  /* Update an encryption key - similar to the signing process */
204  static void sec_update(uint8 *key, uint8 *update_key)  static void
205    sec_update(uint8 *key, uint8 *update_key)
206  {  {
207          uint8 shasig[20];          uint8 shasig[20];
208          SHA_CTX sha;          SHA_CTX sha;
# Line 222  static void sec_update(uint8 *key, uint8 Line 229  static void sec_update(uint8 *key, uint8
229  }  }
230    
231  /* Encrypt data using RC4 */  /* Encrypt data using RC4 */
232  static void sec_encrypt(uint8 *data, int length)  static void
233    sec_encrypt(uint8 *data, int length)
234  {  {
235          static int use_count;          static int use_count;
236    
# Line 238  static void sec_encrypt(uint8 *data, int Line 246  static void sec_encrypt(uint8 *data, int
246  }  }
247    
248  /* Decrypt data using RC4 */  /* Decrypt data using RC4 */
249  static void sec_decrypt(uint8 *data, int length)  static void
250    sec_decrypt(uint8 *data, int length)
251  {  {
252          static int use_count;          static int use_count;
253    
# Line 254  static void sec_decrypt(uint8 *data, int Line 263  static void sec_decrypt(uint8 *data, int
263  }  }
264    
265  /* Read in a NUMBER from a buffer */  /* Read in a NUMBER from a buffer */
266  static void sec_read_number(NUMBER * num, uint8 *buffer, int len)  static void
267    sec_read_number(NUMBER * num, uint8 *buffer, int len)
268  {  {
269          INT *data = num->n_part;          INT *data = num->n_part;
270          int i, j;          int i, j;
# Line 266  static void sec_read_number(NUMBER * num Line 276  static void sec_read_number(NUMBER * num
276  }  }
277    
278  /* Write a NUMBER to a buffer */  /* Write a NUMBER to a buffer */
279  static void sec_write_number(NUMBER * num, uint8 *buffer, int len)  static void
280    sec_write_number(NUMBER * num, uint8 *buffer, int len)
281  {  {
282          INT *data = num->n_part;          INT *data = num->n_part;
283          int i, j;          int i, j;
# Line 279  static void sec_write_number(NUMBER * nu Line 290  static void sec_write_number(NUMBER * nu
290  }  }
291    
292  /* Perform an RSA public key encryption operation */  /* Perform an RSA public key encryption operation */
293  static void sec_rsa_encrypt(uint8 *out, uint8 *in, int len,  static void
294                              uint8 *modulus, uint8 *exponent)  sec_rsa_encrypt(uint8 *out, uint8 *in, int len,
295                    uint8 *modulus, uint8 *exponent)
296  {  {
297          NUMBER data, key;          NUMBER data, key;
298    
# Line 296  static void sec_rsa_encrypt(uint8 *out, Line 308  static void sec_rsa_encrypt(uint8 *out,
308  }  }
309    
310  /* Initialise secure transport packet */  /* Initialise secure transport packet */
311  STREAM sec_init(uint32 flags, int maxlen)  STREAM
312    sec_init(uint32 flags, int maxlen)
313  {  {
314          int hdrlen;          int hdrlen;
315          STREAM s;          STREAM s;
316    
317          hdrlen = (flags & SEC_ENCRYPT) ? 12 : 4;          if (!licence_issued)
318                    hdrlen = (flags & SEC_ENCRYPT) ? 12 : 4;
319            else
320                    hdrlen = (flags & SEC_ENCRYPT) ? 12 : 0;
321          s = mcs_init(maxlen + hdrlen);          s = mcs_init(maxlen + hdrlen);
322          s_push_layer(s, sec_hdr, hdrlen);          s_push_layer(s, sec_hdr, hdrlen);
323    
# Line 309  STREAM sec_init(uint32 flags, int maxlen Line 325  STREAM sec_init(uint32 flags, int maxlen
325  }  }
326    
327  /* Transmit secure transport packet */  /* Transmit secure transport packet */
328  void sec_send(STREAM s, uint32 flags)  void
329    sec_send(STREAM s, uint32 flags)
330  {  {
331          int datalen;          int datalen;
332    
333          s_pop_layer(s, sec_hdr);          s_pop_layer(s, sec_hdr);
334          out_uint32_le(s, flags);          if (!licence_issued || (flags & SEC_ENCRYPT))
335                    out_uint32_le(s, flags);
336    
337          if (flags & SEC_ENCRYPT)          if (flags & SEC_ENCRYPT)
338          {          {
# Line 334  void sec_send(STREAM s, uint32 flags) Line 352  void sec_send(STREAM s, uint32 flags)
352  }  }
353    
354  /* Transfer the client random to the server */  /* Transfer the client random to the server */
355  static void sec_establish_key()  static void
356    sec_establish_key()
357  {  {
358          uint32 length = SEC_MODULUS_SIZE + SEC_PADDING_SIZE;          uint32 length = SEC_MODULUS_SIZE + SEC_PADDING_SIZE;
359          uint32 flags = SEC_CLIENT_RANDOM;          uint32 flags = SEC_CLIENT_RANDOM;
# Line 351  static void sec_establish_key() Line 370  static void sec_establish_key()
370  }  }
371    
372  /* Output connect initial data blob */  /* Output connect initial data blob */
373  static void sec_out_mcs_data(STREAM s)  static void
374    sec_out_mcs_data(STREAM s)
375  {  {
376          int hostlen = 2 * strlen(hostname);          int hostlen = 2 * strlen(hostname);
377    
# Line 398  static void sec_out_mcs_data(STREAM s) Line 418  static void sec_out_mcs_data(STREAM s)
418          /* Client encryption settings */          /* Client encryption settings */
419          out_uint16_le(s, SEC_TAG_CLI_CRYPT);          out_uint16_le(s, SEC_TAG_CLI_CRYPT);
420          out_uint16(s, 8);       /* length */          out_uint16(s, 8);       /* length */
421          out_uint32_le(s, 1);    /* encryption enabled */          out_uint32_le(s, use_encryption ? 1 : 0);       /* encryption enabled */
422          s_mark_end(s);          s_mark_end(s);
423  }  }
424    
425  /* Parse a public key structure */  /* Parse a public key structure */
426  static BOOL sec_parse_public_key(STREAM s, uint8 **modulus, uint8 **exponent)  static BOOL
427    sec_parse_public_key(STREAM s, uint8 **modulus, uint8 **exponent)
428  {  {
429          uint32 magic, modulus_len;          uint32 magic, modulus_len;
430    
# Line 430  static BOOL sec_parse_public_key(STREAM Line 451  static BOOL sec_parse_public_key(STREAM
451  }  }
452    
453  /* Parse a crypto information structure */  /* Parse a crypto information structure */
454  static BOOL sec_parse_crypt_info(STREAM s, uint32 *rc4_key_size,  static BOOL
455                                   uint8 **server_random, uint8 **modulus,  sec_parse_crypt_info(STREAM s, uint32 *rc4_key_size,
456                                   uint8 **exponent)                       uint8 **server_random, uint8 **modulus, uint8 **exponent)
457  {  {
458          uint32 crypt_level, random_len, rsa_info_len;          uint32 crypt_level, random_len, rsa_info_len;
459          uint16 tag, length;          uint16 tag, length;
# Line 490  static BOOL sec_parse_crypt_info(STREAM Line 511  static BOOL sec_parse_crypt_info(STREAM
511  }  }
512    
513  /* Process crypto information blob */  /* Process crypto information blob */
514  static void sec_process_crypt_info(STREAM s)  static void
515    sec_process_crypt_info(STREAM s)
516  {  {
517          uint8 *server_random, *modulus, *exponent;          uint8 *server_random, *modulus, *exponent;
518          uint8 client_random[SEC_RANDOM_SIZE];          uint8 client_random[SEC_RANDOM_SIZE];
# Line 508  static void sec_process_crypt_info(STREA Line 530  static void sec_process_crypt_info(STREA
530  }  }
531    
532  /* Process connect response data blob */  /* Process connect response data blob */
533  static void sec_process_mcs_data(STREAM s)  static void
534    sec_process_mcs_data(STREAM s)
535  {  {
536          uint16 tag, length;          uint16 tag, length;
537          uint8 *next_tag;          uint8 *next_tag;
# Line 544  static void sec_process_mcs_data(STREAM Line 567  static void sec_process_mcs_data(STREAM
567  }  }
568    
569  /* Receive secure transport packet */  /* Receive secure transport packet */
570  STREAM sec_recv()  STREAM
571    sec_recv()
572  {  {
573          uint32 sec_flags;          uint32 sec_flags;
574          STREAM s;          STREAM s;
575    
576          while ((s = mcs_recv()) != NULL)          while ((s = mcs_recv()) != NULL)
577          {          {
578                  in_uint32_le(s, sec_flags);                  if (use_encryption || !licence_issued)
   
                 if (sec_flags & SEC_LICENCE_NEG)  
579                  {                  {
580                          licence_process(s);                          in_uint32_le(s, sec_flags);
                         continue;  
                 }  
581    
582                  if (sec_flags & SEC_ENCRYPT)                          if (sec_flags & SEC_LICENCE_NEG)
583                  {                          {
584                          in_uint8s(s, 8);        /* signature */                                  licence_process(s);
585                          sec_decrypt(s->p, s->end - s->p);                                  continue;
586                            }
587    
588                            if (sec_flags & SEC_ENCRYPT)
589                            {
590                                    in_uint8s(s, 8);        /* signature */
591                                    sec_decrypt(s->p, s->end - s->p);
592                            }
593                  }                  }
594    
595                  return s;                  return s;
# Line 572  STREAM sec_recv() Line 599  STREAM sec_recv()
599  }  }
600    
601  /* Establish a secure connection */  /* Establish a secure connection */
602  BOOL sec_connect(char *server)  BOOL
603    sec_connect(char *server)
604  {  {
605          struct stream mcs_data;          struct stream mcs_data;
606    
# Line 585  BOOL sec_connect(char *server) Line 613  BOOL sec_connect(char *server)
613                  return False;                  return False;
614    
615          sec_process_mcs_data(&mcs_data);          sec_process_mcs_data(&mcs_data);
616          sec_establish_key();          if (use_encryption)
617                    sec_establish_key();
618          return True;          return True;
619  }  }
620    
621  /* Disconnect a connection */  /* Disconnect a connection */
622  void sec_disconnect()  void
623    sec_disconnect()
624  {  {
625          mcs_disconnect();          mcs_disconnect();
626  }  }
Legend:
Removed from v.24  
changed lines
  Added in v.28
  ViewVC Help
Powered by ViewVC 1.1.26