/[rdesktop]/sourceforge.net/trunk/rdesktop/secure.c
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Diff of /sourceforge.net/trunk/rdesktop/secure.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 438 by jsorg71, Fri Aug 1 17:01:58 2003 UTC revision 699 by matthewc, Sun May 16 11:18:20 2004 UTC
# Line 34  Line 34 
34  #endif  #endif
35    
36  extern char hostname[16];  extern char hostname[16];
37  extern int width;  extern int g_width;
38  extern int height;  extern int g_height;
39  extern int keylayout;  extern int keylayout;
40  extern BOOL g_encryption;  extern BOOL g_encryption;
41  extern BOOL g_licence_issued;  extern BOOL g_licence_issued;
42  extern BOOL g_use_rdp5;  extern BOOL g_use_rdp5;
43    extern BOOL g_console_session;
44  extern int g_server_bpp;  extern int g_server_bpp;
45  extern uint16 mcs_userid;  extern uint16 mcs_userid;
46  extern VCHANNEL g_channels[];  extern VCHANNEL g_channels[];
# Line 60  static uint8 sec_crypted_random[SEC_MODU Line 61  static uint8 sec_crypted_random[SEC_MODU
61  uint16 g_server_rdp_version = 0;  uint16 g_server_rdp_version = 0;
62    
63  /*  /*
64   * General purpose 48-byte transformation, using two 32-byte salts (generally,   * I believe this is based on SSLv3 with the following differences:
65   * a client and server salt) and a global salt value used for padding.   *  MAC algorithm (5.2.3.1) uses only 32-bit length in place of seq_num/type/length fields
66     *  MAC algorithm uses SHA1 and MD5 for the two hash functions instead of one or other
67     *  key_block algorithm (6.2.2) uses 'X', 'YY', 'ZZZ' instead of 'A', 'BB', 'CCC'
68     *  key_block partitioning is different (16 bytes each: MAC secret, decrypt key, encrypt key)
69     *  encryption/decryption keys updated every 4096 packets
70     * See http://wp.netscape.com/eng/ssl3/draft302.txt
71     */
72    
73    /*
74     * 48-byte transformation used to generate master secret (6.1) and key material (6.2.2).
75   * Both SHA1 and MD5 algorithms are used.   * Both SHA1 and MD5 algorithms are used.
76   */   */
77  void  void
# Line 92  sec_hash_48(uint8 * out, uint8 * in, uin Line 102  sec_hash_48(uint8 * out, uint8 * in, uin
102  }  }
103    
104  /*  /*
105   * Weaker 16-byte transformation, also using two 32-byte salts, but   * 16-byte transformation used to generate export keys (6.2.2).
  * only using a single round of MD5.  
106   */   */
107  void  void
108  sec_hash_16(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2)  sec_hash_16(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2)
# Line 116  sec_make_40bit(uint8 * key) Line 125  sec_make_40bit(uint8 * key)
125          key[2] = 0x9e;          key[2] = 0x9e;
126  }  }
127    
128  /* Generate a session key and RC4 keys, given client and server randoms */  /* Generate encryption keys given client and server randoms */
129  static void  static void
130  sec_generate_keys(uint8 * client_key, uint8 * server_key, int rc4_key_size)  sec_generate_keys(uint8 * client_random, uint8 * server_random, int rc4_key_size)
131  {  {
132          uint8 session_key[48];          uint8 pre_master_secret[48];
133          uint8 temp_hash[48];          uint8 master_secret[48];
134          uint8 input[48];          uint8 key_block[48];
135    
136          /* Construct input data to hash */          /* Construct pre-master secret */
137          memcpy(input, client_key, 24);          memcpy(pre_master_secret,      client_random, 24);
138          memcpy(input + 24, server_key, 24);          memcpy(pre_master_secret + 24, server_random, 24);
139    
140          /* Generate session key - two rounds of sec_hash_48 */          /* Generate master secret and then key material */
141          sec_hash_48(temp_hash, input, client_key, server_key, 65);          sec_hash_48(master_secret, pre_master_secret, client_random, server_random, 'A');
142          sec_hash_48(session_key, temp_hash, client_key, server_key, 88);          sec_hash_48(key_block,     master_secret,     client_random, server_random, 'X');
143    
144          /* Store first 16 bytes of session key, for generating signatures */          /* First 16 bytes of key material is MAC secret */
145          memcpy(sec_sign_key, session_key, 16);          memcpy(sec_sign_key, key_block, 16);
146    
147          /* Generate RC4 keys */          /* Generate export keys from next two blocks of 16 bytes */
148          sec_hash_16(sec_decrypt_key, &session_key[16], client_key, server_key);          sec_hash_16(sec_decrypt_key, &key_block[16], client_random, server_random);
149          sec_hash_16(sec_encrypt_key, &session_key[32], client_key, server_key);          sec_hash_16(sec_encrypt_key, &key_block[32], client_random, server_random);
150    
151          if (rc4_key_size == 1)          if (rc4_key_size == 1)
152          {          {
# Line 186  buf_out_uint32(uint8 * buffer, uint32 va Line 195  buf_out_uint32(uint8 * buffer, uint32 va
195          buffer[3] = (value >> 24) & 0xff;          buffer[3] = (value >> 24) & 0xff;
196  }  }
197    
198  /* Generate a signature hash, using a combination of SHA1 and MD5 */  /* Generate a MAC hash (5.2.3.1), using a combination of SHA1 and MD5 */
199  void  void
200  sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, uint8 * data, int datalen)  sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, uint8 * data, int datalen)
201  {  {
# Line 214  sec_sign(uint8 * signature, int siglen, Line 223  sec_sign(uint8 * signature, int siglen,
223          memcpy(signature, md5sig, siglen);          memcpy(signature, md5sig, siglen);
224  }  }
225    
226  /* Update an encryption key - similar to the signing process */  /* Update an encryption key */
227  static void  static void
228  sec_update(uint8 * key, uint8 * update_key)  sec_update(uint8 * key, uint8 * update_key)
229  {  {
# Line 411  sec_out_mcs_data(STREAM s) Line 420  sec_out_mcs_data(STREAM s)
420          if (hostlen > 30)          if (hostlen > 30)
421                  hostlen = 30;                  hostlen = 30;
422    
423          out_uint16_be(s, 5);    /* unknown */          /* Generic Conference Control (T.124) ConferenceCreateRequest */
424            out_uint16_be(s, 5);
425          out_uint16_be(s, 0x14);          out_uint16_be(s, 0x14);
426          out_uint8(s, 0x7c);          out_uint8(s, 0x7c);
427          out_uint16_be(s, 1);          out_uint16_be(s, 1);
# Line 424  sec_out_mcs_data(STREAM s) Line 434  sec_out_mcs_data(STREAM s)
434          out_uint16_le(s, 0xc001);          out_uint16_le(s, 0xc001);
435          out_uint8(s, 0);          out_uint8(s, 0);
436    
437          out_uint32_le(s, 0x61637544);   /* "Duca" ?! */          out_uint32_le(s, 0x61637544);   /* OEM ID: "Duca", as in Ducati. */
438          out_uint16_be(s, ((length - 14) | 0x8000));     /* remaining length */          out_uint16_be(s, ((length - 14) | 0x8000));     /* remaining length */
439    
440          /* Client information */          /* Client information */
# Line 432  sec_out_mcs_data(STREAM s) Line 442  sec_out_mcs_data(STREAM s)
442          out_uint16_le(s, 212);  /* length */          out_uint16_le(s, 212);  /* length */
443          out_uint16_le(s, g_use_rdp5 ? 4 : 1);   /* RDP version. 1 == RDP4, 4 == RDP5. */          out_uint16_le(s, g_use_rdp5 ? 4 : 1);   /* RDP version. 1 == RDP4, 4 == RDP5. */
444          out_uint16_le(s, 8);          out_uint16_le(s, 8);
445          out_uint16_le(s, width);          out_uint16_le(s, g_width);
446          out_uint16_le(s, height);          out_uint16_le(s, g_height);
447          out_uint16_le(s, 0xca01);          out_uint16_le(s, 0xca01);
448          out_uint16_le(s, 0xaa03);          out_uint16_le(s, 0xaa03);
449          out_uint32_le(s, keylayout);          out_uint32_le(s, keylayout);
# Line 447  sec_out_mcs_data(STREAM s) Line 457  sec_out_mcs_data(STREAM s)
457          out_uint32(s, 0);          out_uint32(s, 0);
458          out_uint32_le(s, 12);          out_uint32_le(s, 12);
459          out_uint8s(s, 64);      /* reserved? 4 + 12 doublewords */          out_uint8s(s, 64);      /* reserved? 4 + 12 doublewords */
460            out_uint16_le(s, 0xca01);       /* colour depth? */
         switch (g_server_bpp)  
         {  
                 case 8:  
                         out_uint16_le(s, 0xca01);  
                         break;  
                 case 15:  
                         out_uint16_le(s, 0xca02);  
                         break;  
                 case 16:  
                         out_uint16_le(s, 0xca03);  
                         break;  
                 case 24:  
                         out_uint16_le(s, 0xca04);  
                         break;  
         }  
461          out_uint16_le(s, 1);          out_uint16_le(s, 1);
462    
463          out_uint32(s, 0);          out_uint32(s, 0);
# Line 474  sec_out_mcs_data(STREAM s) Line 469  sec_out_mcs_data(STREAM s)
469    
470          out_uint16_le(s, SEC_TAG_CLI_4);          out_uint16_le(s, SEC_TAG_CLI_4);
471          out_uint16_le(s, 12);          out_uint16_le(s, 12);
472          out_uint32_le(s, 9);          out_uint32_le(s, g_console_session ? 0xb : 9);
473          out_uint32(s, 0);          out_uint32(s, 0);
474    
475          /* Client encryption settings */          /* Client encryption settings */
# Line 624  sec_parse_crypt_info(STREAM s, uint32 * Line 619  sec_parse_crypt_info(STREAM s, uint32 *
619          }          }
620          else          else
621          {          {
622                    uint32 certcount;
623    
624                  DEBUG_RDP5(("We're going for the RDP5-style encryption\n"));                  DEBUG_RDP5(("We're going for the RDP5-style encryption\n"));
625                  in_uint8s(s, 4);        /* Number of certificates */                  in_uint32_le(s, certcount);     /* Number of certificates */
626    
627                    if (certcount < 2)
628                    {
629                            error("Server didn't send enough X509 certificates\n");
630                            return False;
631                    }
632    
633                    for (; certcount > 2; certcount--)
634                    {               /* ignore all the certificates between the root and the signing CA */
635                            uint32 ignorelen;
636                            X509 *ignorecert;
637    
638                            DEBUG_RDP5(("Ignored certs left: %d\n", certcount));
639    
640                            in_uint32_le(s, ignorelen);
641                            DEBUG_RDP5(("Ignored Certificate length is %d\n", ignorelen));
642                            ignorecert = d2i_X509(NULL, &(s->p), ignorelen);
643    
644                            if (ignorecert == NULL)
645                            {       /* XXX: error out? */
646                                    DEBUG_RDP5(("got a bad cert: this will probably screw up the rest of the communication\n"));
647                            }
648    
649    #ifdef WITH_DEBUG_RDP5
650                            DEBUG_RDP5(("cert #%d (ignored):\n", certcount));
651                            X509_print_fp(stdout, ignorecert);
652    #endif
653                    }
654    
655                  /* Do da funky X.509 stuffy                  /* Do da funky X.509 stuffy
656    
# Line 699  sec_process_crypt_info(STREAM s) Line 724  sec_process_crypt_info(STREAM s)
724    
725          DEBUG(("Generating client random\n"));          DEBUG(("Generating client random\n"));
726          /* Generate a client random, and hence determine encryption keys */          /* Generate a client random, and hence determine encryption keys */
727          // This is what the MS client do:          /* This is what the MS client do: */
728          memset(inr, 0, SEC_RANDOM_SIZE);          memset(inr, 0, SEC_RANDOM_SIZE);
729          /*  *ARIGL!* Plaintext attack, anyone?          /*  *ARIGL!* Plaintext attack, anyone?
730             I tried doing:             I tried doing:
# Line 739  sec_process_srv_info(STREAM s) Line 764  sec_process_srv_info(STREAM s)
764          in_uint16_le(s, g_server_rdp_version);          in_uint16_le(s, g_server_rdp_version);
765          DEBUG_RDP5(("Server RDP version is %d\n", g_server_rdp_version));          DEBUG_RDP5(("Server RDP version is %d\n", g_server_rdp_version));
766          if (1 == g_server_rdp_version)          if (1 == g_server_rdp_version)
767            {
768                  g_use_rdp5 = 0;                  g_use_rdp5 = 0;
769                    g_server_bpp = 8;
770            }
771  }  }
772    
773    
# Line 751  sec_process_mcs_data(STREAM s) Line 779  sec_process_mcs_data(STREAM s)
779          uint8 *next_tag;          uint8 *next_tag;
780          uint8 len;          uint8 len;
781    
782          in_uint8s(s, 21);       /* header (T.124 stuff, probably) */          in_uint8s(s, 21);       /* header (T.124 ConferenceCreateResponse) */
783          in_uint8(s, len);          in_uint8(s, len);
784          if (len & 0x80)          if (len & 0x80)
785                  in_uint8(s, len);                  in_uint8(s, len);
# Line 843  sec_connect(char *server, char *username Line 871  sec_connect(char *server, char *username
871          if (!mcs_connect(server, &mcs_data, username))          if (!mcs_connect(server, &mcs_data, username))
872                  return False;                  return False;
873    
874          //      sec_process_mcs_data(&mcs_data);          /*      sec_process_mcs_data(&mcs_data); */
875          if (g_encryption)          if (g_encryption)
876                  sec_establish_key();                  sec_establish_key();
877          xfree(mcs_data.data);          xfree(mcs_data.data);
Legend:
Removed from v.438  
changed lines
  Added in v.699
  ViewVC Help
Powered by ViewVC 1.1.26