/[rdesktop]/sourceforge.net/trunk/rdesktop/secure.c
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Diff of /sourceforge.net/trunk/rdesktop/secure.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 540 by astrand, Fri Oct 31 20:34:26 2003 UTC revision 740 by astrand, Sat Jul 31 13:07:41 2004 UTC
# Line 20  Line 20 
20    
21  #include "rdesktop.h"  #include "rdesktop.h"
22    
 #ifdef WITH_OPENSSL  
23  #include <openssl/rc4.h>  #include <openssl/rc4.h>
24  #include <openssl/md5.h>  #include <openssl/md5.h>
25  #include <openssl/sha.h>  #include <openssl/sha.h>
26  #include <openssl/bn.h>  #include <openssl/bn.h>
27  #include <openssl/x509v3.h>  #include <openssl/x509v3.h>
 #else  
 #include "crypto/rc4.h"  
 #include "crypto/md5.h"  
 #include "crypto/sha.h"  
 #include "crypto/bn.h"  
 #endif  
28    
29  extern char hostname[16];  extern char g_hostname[16];
30  extern int g_width;  extern int g_width;
31  extern int g_height;  extern int g_height;
32  extern int keylayout;  extern int g_keylayout;
33  extern BOOL g_encryption;  extern BOOL g_encryption;
34  extern BOOL g_licence_issued;  extern BOOL g_licence_issued;
35  extern BOOL g_use_rdp5;  extern BOOL g_use_rdp5;
# Line 61  static uint8 sec_crypted_random[SEC_MODU Line 54  static uint8 sec_crypted_random[SEC_MODU
54  uint16 g_server_rdp_version = 0;  uint16 g_server_rdp_version = 0;
55    
56  /*  /*
57   * General purpose 48-byte transformation, using two 32-byte salts (generally,   * I believe this is based on SSLv3 with the following differences:
58   * a client and server salt) and a global salt value used for padding.   *  MAC algorithm (5.2.3.1) uses only 32-bit length in place of seq_num/type/length fields
59     *  MAC algorithm uses SHA1 and MD5 for the two hash functions instead of one or other
60     *  key_block algorithm (6.2.2) uses 'X', 'YY', 'ZZZ' instead of 'A', 'BB', 'CCC'
61     *  key_block partitioning is different (16 bytes each: MAC secret, decrypt key, encrypt key)
62     *  encryption/decryption keys updated every 4096 packets
63     * See http://wp.netscape.com/eng/ssl3/draft302.txt
64     */
65    
66    /*
67     * 48-byte transformation used to generate master secret (6.1) and key material (6.2.2).
68   * Both SHA1 and MD5 algorithms are used.   * Both SHA1 and MD5 algorithms are used.
69   */   */
70  void  void
# Line 93  sec_hash_48(uint8 * out, uint8 * in, uin Line 95  sec_hash_48(uint8 * out, uint8 * in, uin
95  }  }
96    
97  /*  /*
98   * Weaker 16-byte transformation, also using two 32-byte salts, but   * 16-byte transformation used to generate export keys (6.2.2).
  * only using a single round of MD5.  
99   */   */
100  void  void
101  sec_hash_16(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2)  sec_hash_16(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2)
# Line 117  sec_make_40bit(uint8 * key) Line 118  sec_make_40bit(uint8 * key)
118          key[2] = 0x9e;          key[2] = 0x9e;
119  }  }
120    
121  /* Generate a session key and RC4 keys, given client and server randoms */  /* Generate encryption keys given client and server randoms */
122  static void  static void
123  sec_generate_keys(uint8 * client_key, uint8 * server_key, int rc4_key_size)  sec_generate_keys(uint8 * client_random, uint8 * server_random, int rc4_key_size)
124  {  {
125          uint8 session_key[48];          uint8 pre_master_secret[48];
126          uint8 temp_hash[48];          uint8 master_secret[48];
127          uint8 input[48];          uint8 key_block[48];
128    
129          /* Construct input data to hash */          /* Construct pre-master secret */
130          memcpy(input, client_key, 24);          memcpy(pre_master_secret, client_random, 24);
131          memcpy(input + 24, server_key, 24);          memcpy(pre_master_secret + 24, server_random, 24);
132    
133          /* Generate session key - two rounds of sec_hash_48 */          /* Generate master secret and then key material */
134          sec_hash_48(temp_hash, input, client_key, server_key, 65);          sec_hash_48(master_secret, pre_master_secret, client_random, server_random, 'A');
135          sec_hash_48(session_key, temp_hash, client_key, server_key, 88);          sec_hash_48(key_block, master_secret, client_random, server_random, 'X');
136    
137          /* Store first 16 bytes of session key, for generating signatures */          /* First 16 bytes of key material is MAC secret */
138          memcpy(sec_sign_key, session_key, 16);          memcpy(sec_sign_key, key_block, 16);
139    
140          /* Generate RC4 keys */          /* Generate export keys from next two blocks of 16 bytes */
141          sec_hash_16(sec_decrypt_key, &session_key[16], client_key, server_key);          sec_hash_16(sec_decrypt_key, &key_block[16], client_random, server_random);
142          sec_hash_16(sec_encrypt_key, &session_key[32], client_key, server_key);          sec_hash_16(sec_encrypt_key, &key_block[32], client_random, server_random);
143    
144          if (rc4_key_size == 1)          if (rc4_key_size == 1)
145          {          {
# Line 187  buf_out_uint32(uint8 * buffer, uint32 va Line 188  buf_out_uint32(uint8 * buffer, uint32 va
188          buffer[3] = (value >> 24) & 0xff;          buffer[3] = (value >> 24) & 0xff;
189  }  }
190    
191  /* Generate a signature hash, using a combination of SHA1 and MD5 */  /* Generate a MAC hash (5.2.3.1), using a combination of SHA1 and MD5 */
192  void  void
193  sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, uint8 * data, int datalen)  sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, uint8 * data, int datalen)
194  {  {
# Line 215  sec_sign(uint8 * signature, int siglen, Line 216  sec_sign(uint8 * signature, int siglen,
216          memcpy(signature, md5sig, siglen);          memcpy(signature, md5sig, siglen);
217  }  }
218    
219  /* Update an encryption key - similar to the signing process */  /* Update an encryption key */
220  static void  static void
221  sec_update(uint8 * key, uint8 * update_key)  sec_update(uint8 * key, uint8 * update_key)
222  {  {
# Line 402  sec_establish_key(void) Line 403  sec_establish_key(void)
403  static void  static void
404  sec_out_mcs_data(STREAM s)  sec_out_mcs_data(STREAM s)
405  {  {
406          int hostlen = 2 * strlen(hostname);          int hostlen = 2 * strlen(g_hostname);
407          int length = 158 + 76 + 12 + 4;          int length = 158 + 76 + 12 + 4;
408          unsigned int i;          unsigned int i;
409    
# Line 412  sec_out_mcs_data(STREAM s) Line 413  sec_out_mcs_data(STREAM s)
413          if (hostlen > 30)          if (hostlen > 30)
414                  hostlen = 30;                  hostlen = 30;
415    
416          out_uint16_be(s, 5);    /* unknown */          /* Generic Conference Control (T.124) ConferenceCreateRequest */
417            out_uint16_be(s, 5);
418          out_uint16_be(s, 0x14);          out_uint16_be(s, 0x14);
419          out_uint8(s, 0x7c);          out_uint8(s, 0x7c);
420          out_uint16_be(s, 1);          out_uint16_be(s, 1);
# Line 425  sec_out_mcs_data(STREAM s) Line 427  sec_out_mcs_data(STREAM s)
427          out_uint16_le(s, 0xc001);          out_uint16_le(s, 0xc001);
428          out_uint8(s, 0);          out_uint8(s, 0);
429    
430          out_uint32_le(s, 0x61637544);   /* "Duca" ?! */          out_uint32_le(s, 0x61637544);   /* OEM ID: "Duca", as in Ducati. */
431          out_uint16_be(s, ((length - 14) | 0x8000));     /* remaining length */          out_uint16_be(s, ((length - 14) | 0x8000));     /* remaining length */
432    
433          /* Client information */          /* Client information */
# Line 437  sec_out_mcs_data(STREAM s) Line 439  sec_out_mcs_data(STREAM s)
439          out_uint16_le(s, g_height);          out_uint16_le(s, g_height);
440          out_uint16_le(s, 0xca01);          out_uint16_le(s, 0xca01);
441          out_uint16_le(s, 0xaa03);          out_uint16_le(s, 0xaa03);
442          out_uint32_le(s, keylayout);          out_uint32_le(s, g_keylayout);
443          out_uint32_le(s, 2600); /* Client build. We are now 2600 compatible :-) */          out_uint32_le(s, 2600); /* Client build. We are now 2600 compatible :-) */
444    
445          /* Unicode name of client, padded to 32 bytes */          /* Unicode name of client, padded to 32 bytes */
446          rdp_out_unistr(s, hostname, hostlen);          rdp_out_unistr(s, g_hostname, hostlen);
447          out_uint8s(s, 30 - hostlen);          out_uint8s(s, 30 - hostlen);
448    
449          out_uint32_le(s, 4);          out_uint32_le(s, 4);
450          out_uint32(s, 0);          out_uint32(s, 0);
451          out_uint32_le(s, 12);          out_uint32_le(s, 12);
452          out_uint8s(s, 64);      /* reserved? 4 + 12 doublewords */          out_uint8s(s, 64);      /* reserved? 4 + 12 doublewords */
453            out_uint16_le(s, 0xca01);       /* colour depth? */
         switch (g_server_bpp)  
         {  
                 case 8:  
                         out_uint16_le(s, 0xca01);  
                         break;  
                 case 15:  
                         out_uint16_le(s, 0xca02);  
                         break;  
                 case 16:  
                         out_uint16_le(s, 0xca03);  
                         break;  
                 case 24:  
                         out_uint16_le(s, 0xca04);  
                         break;  
         }  
454          out_uint16_le(s, 1);          out_uint16_le(s, 1);
455    
456          out_uint32(s, 0);          out_uint32(s, 0);
# Line 625  sec_parse_crypt_info(STREAM s, uint32 * Line 612  sec_parse_crypt_info(STREAM s, uint32 *
612          }          }
613          else          else
614          {          {
615                    uint32 certcount;
616    
617                  DEBUG_RDP5(("We're going for the RDP5-style encryption\n"));                  DEBUG_RDP5(("We're going for the RDP5-style encryption\n"));
618                  in_uint8s(s, 4);        /* Number of certificates */                  in_uint32_le(s, certcount);     /* Number of certificates */
619    
620                    if (certcount < 2)
621                    {
622                            error("Server didn't send enough X509 certificates\n");
623                            return False;
624                    }
625    
626                    for (; certcount > 2; certcount--)
627                    {               /* ignore all the certificates between the root and the signing CA */
628                            uint32 ignorelen;
629                            X509 *ignorecert;
630    
631                            DEBUG_RDP5(("Ignored certs left: %d\n", certcount));
632    
633                            in_uint32_le(s, ignorelen);
634                            DEBUG_RDP5(("Ignored Certificate length is %d\n", ignorelen));
635                            ignorecert = d2i_X509(NULL, &(s->p), ignorelen);
636    
637                            if (ignorecert == NULL)
638                            {       /* XXX: error out? */
639                                    DEBUG_RDP5(("got a bad cert: this will probably screw up the rest of the communication\n"));
640                            }
641    
642    #ifdef WITH_DEBUG_RDP5
643                            DEBUG_RDP5(("cert #%d (ignored):\n", certcount));
644                            X509_print_fp(stdout, ignorecert);
645    #endif
646                    }
647    
648                  /* Do da funky X.509 stuffy                  /* Do da funky X.509 stuffy
649    
# Line 740  sec_process_srv_info(STREAM s) Line 757  sec_process_srv_info(STREAM s)
757          in_uint16_le(s, g_server_rdp_version);          in_uint16_le(s, g_server_rdp_version);
758          DEBUG_RDP5(("Server RDP version is %d\n", g_server_rdp_version));          DEBUG_RDP5(("Server RDP version is %d\n", g_server_rdp_version));
759          if (1 == g_server_rdp_version)          if (1 == g_server_rdp_version)
760            {
761                  g_use_rdp5 = 0;                  g_use_rdp5 = 0;
762                    g_server_bpp = 8;
763            }
764  }  }
765    
766    
# Line 752  sec_process_mcs_data(STREAM s) Line 772  sec_process_mcs_data(STREAM s)
772          uint8 *next_tag;          uint8 *next_tag;
773          uint8 len;          uint8 len;
774    
775          in_uint8s(s, 21);       /* header (T.124 stuff, probably) */          in_uint8s(s, 21);       /* header (T.124 ConferenceCreateResponse) */
776          in_uint8(s, len);          in_uint8(s, len);
777          if (len & 0x80)          if (len & 0x80)
778                  in_uint8(s, len);                  in_uint8(s, len);
# Line 793  sec_process_mcs_data(STREAM s) Line 813  sec_process_mcs_data(STREAM s)
813    
814  /* Receive secure transport packet */  /* Receive secure transport packet */
815  STREAM  STREAM
816  sec_recv(void)  sec_recv(uint8 * rdpver)
817  {  {
818          uint32 sec_flags;          uint32 sec_flags;
819          uint16 channel;          uint16 channel;
820          STREAM s;          STREAM s;
821    
822          while ((s = mcs_recv(&channel)) != NULL)          while ((s = mcs_recv(&channel, rdpver)) != NULL)
823          {          {
824                    if (rdpver != NULL)
825                    {
826                            if (*rdpver != 3)
827                            {
828                                    if (*rdpver & 0x80)
829                                    {
830                                            in_uint8s(s, 8);        /* signature */
831                                            sec_decrypt(s->p, s->end - s->p);
832                                    }
833                                    return s;
834                            }
835                    }
836                  if (g_encryption || !g_licence_issued)                  if (g_encryption || !g_licence_issued)
837                  {                  {
838                          in_uint32_le(s, sec_flags);                          in_uint32_le(s, sec_flags);
Legend:
Removed from v.540  
changed lines
  Added in v.740
  ViewVC Help
Powered by ViewVC 1.1.26