1 |
/* |
/* |
2 |
rdesktop: A Remote Desktop Protocol client. |
rdesktop: A Remote Desktop Protocol client. |
3 |
Protocol services - RDP encryption and licensing |
Protocol services - RDP encryption and licensing |
4 |
Copyright (C) Matthew Chapman 1999-2000 |
Copyright (C) Matthew Chapman 1999-2001 |
5 |
|
|
6 |
This program is free software; you can redistribute it and/or modify |
This program is free software; you can redistribute it and/or modify |
7 |
it under the terms of the GNU General Public License as published by |
it under the terms of the GNU General Public License as published by |
28 |
extern int width; |
extern int width; |
29 |
extern int height; |
extern int height; |
30 |
extern int keylayout; |
extern int keylayout; |
31 |
|
extern BOOL encryption; |
32 |
|
extern BOOL licence_issued; |
33 |
|
|
34 |
static int rc4_key_len; |
static int rc4_key_len; |
35 |
static RC4_KEY rc4_decrypt_key; |
static RC4_KEY rc4_decrypt_key; |
126 |
|
|
127 |
if (rc4_key_size == 1) |
if (rc4_key_size == 1) |
128 |
{ |
{ |
129 |
DEBUG("40-bit encryption enabled\n"); |
DEBUG(("40-bit encryption enabled\n")); |
130 |
sec_make_40bit(sec_sign_key); |
sec_make_40bit(sec_sign_key); |
131 |
sec_make_40bit(sec_decrypt_key); |
sec_make_40bit(sec_decrypt_key); |
132 |
sec_make_40bit(sec_encrypt_key); |
sec_make_40bit(sec_encrypt_key); |
134 |
} |
} |
135 |
else |
else |
136 |
{ |
{ |
137 |
DEBUG("128-bit encryption enabled\n"); |
DEBUG(("128-bit encryption enabled\n")); |
138 |
rc4_key_len = 16; |
rc4_key_len = 16; |
139 |
} |
} |
140 |
|
|
314 |
int hdrlen; |
int hdrlen; |
315 |
STREAM s; |
STREAM s; |
316 |
|
|
317 |
hdrlen = (flags & SEC_ENCRYPT) ? 12 : 4; |
if (!licence_issued) |
318 |
|
hdrlen = (flags & SEC_ENCRYPT) ? 12 : 4; |
319 |
|
else |
320 |
|
hdrlen = (flags & SEC_ENCRYPT) ? 12 : 0; |
321 |
s = mcs_init(maxlen + hdrlen); |
s = mcs_init(maxlen + hdrlen); |
322 |
s_push_layer(s, sec_hdr, hdrlen); |
s_push_layer(s, sec_hdr, hdrlen); |
323 |
|
|
331 |
int datalen; |
int datalen; |
332 |
|
|
333 |
s_pop_layer(s, sec_hdr); |
s_pop_layer(s, sec_hdr); |
334 |
out_uint32_le(s, flags); |
if (!licence_issued || (flags & SEC_ENCRYPT)) |
335 |
|
out_uint32_le(s, flags); |
336 |
|
|
337 |
if (flags & SEC_ENCRYPT) |
if (flags & SEC_ENCRYPT) |
338 |
{ |
{ |
339 |
flags &= ~SEC_ENCRYPT; |
flags &= ~SEC_ENCRYPT; |
340 |
datalen = s->end - s->p - 8; |
datalen = s->end - s->p - 8; |
341 |
|
|
342 |
#if RDP_DEBUG |
#if WITH_DEBUG |
343 |
DEBUG("Sending encrypted packet:\n"); |
DEBUG(("Sending encrypted packet:\n")); |
344 |
hexdump(s->p + 8, datalen); |
hexdump(s->p + 8, datalen); |
345 |
#endif |
#endif |
346 |
|
|
418 |
/* Client encryption settings */ |
/* Client encryption settings */ |
419 |
out_uint16_le(s, SEC_TAG_CLI_CRYPT); |
out_uint16_le(s, SEC_TAG_CLI_CRYPT); |
420 |
out_uint16(s, 8); /* length */ |
out_uint16(s, 8); /* length */ |
421 |
out_uint32_le(s, 1); /* encryption enabled */ |
out_uint32_le(s, encryption ? 1 : 0); /* encryption enabled */ |
422 |
s_mark_end(s); |
s_mark_end(s); |
423 |
} |
} |
424 |
|
|
431 |
in_uint32_le(s, magic); |
in_uint32_le(s, magic); |
432 |
if (magic != SEC_RSA_MAGIC) |
if (magic != SEC_RSA_MAGIC) |
433 |
{ |
{ |
434 |
ERROR("RSA magic 0x%x\n", magic); |
error("RSA magic 0x%x\n", magic); |
435 |
return False; |
return False; |
436 |
} |
} |
437 |
|
|
438 |
in_uint32_le(s, modulus_len); |
in_uint32_le(s, modulus_len); |
439 |
if (modulus_len != SEC_MODULUS_SIZE + SEC_PADDING_SIZE) |
if (modulus_len != SEC_MODULUS_SIZE + SEC_PADDING_SIZE) |
440 |
{ |
{ |
441 |
ERROR("modulus len 0x%x\n", modulus_len); |
error("modulus len 0x%x\n", modulus_len); |
442 |
return False; |
return False; |
443 |
} |
} |
444 |
|
|
466 |
|
|
467 |
if (random_len != SEC_RANDOM_SIZE) |
if (random_len != SEC_RANDOM_SIZE) |
468 |
{ |
{ |
469 |
ERROR("random len %d\n", random_len); |
error("random len %d\n", random_len); |
470 |
return False; |
return False; |
471 |
} |
} |
472 |
|
|
501 |
break; |
break; |
502 |
|
|
503 |
default: |
default: |
504 |
NOTIMP("crypt tag 0x%x\n", tag); |
unimpl("crypt tag 0x%x\n", tag); |
505 |
} |
} |
506 |
|
|
507 |
s->p = next_tag; |
s->p = next_tag; |
559 |
break; |
break; |
560 |
|
|
561 |
default: |
default: |
562 |
NOTIMP("response tag 0x%x\n", tag); |
unimpl("response tag 0x%x\n", tag); |
563 |
} |
} |
564 |
|
|
565 |
s->p = next_tag; |
s->p = next_tag; |
575 |
|
|
576 |
while ((s = mcs_recv()) != NULL) |
while ((s = mcs_recv()) != NULL) |
577 |
{ |
{ |
578 |
in_uint32_le(s, sec_flags); |
if (encryption || !licence_issued) |
|
|
|
|
if (sec_flags & SEC_LICENCE_NEG) |
|
579 |
{ |
{ |
580 |
licence_process(s); |
in_uint32_le(s, sec_flags); |
|
continue; |
|
|
} |
|
581 |
|
|
582 |
if (sec_flags & SEC_ENCRYPT) |
if (sec_flags & SEC_LICENCE_NEG) |
583 |
{ |
{ |
584 |
in_uint8s(s, 8); /* signature */ |
licence_process(s); |
585 |
sec_decrypt(s->p, s->end - s->p); |
continue; |
586 |
|
} |
587 |
|
|
588 |
|
if (sec_flags & SEC_ENCRYPT) |
589 |
|
{ |
590 |
|
in_uint8s(s, 8); /* signature */ |
591 |
|
sec_decrypt(s->p, s->end - s->p); |
592 |
|
} |
593 |
} |
} |
594 |
|
|
595 |
return s; |
return s; |
613 |
return False; |
return False; |
614 |
|
|
615 |
sec_process_mcs_data(&mcs_data); |
sec_process_mcs_data(&mcs_data); |
616 |
sec_establish_key(); |
if (encryption) |
617 |
|
sec_establish_key(); |
618 |
return True; |
return True; |
619 |
} |
} |
620 |
|
|