--- sourceforge.net/trunk/rdesktop/secure.c 2002/07/18 16:38:31 64 +++ sourceforge.net/trunk/rdesktop/secure.c 2002/09/24 07:59:14 192 @@ -127,10 +127,8 @@ memcpy(sec_sign_key, session_key, 16); /* Generate RC4 keys */ - sec_hash_16(sec_decrypt_key, &session_key[16], client_key, - server_key); - sec_hash_16(sec_encrypt_key, &session_key[32], client_key, - server_key); + sec_hash_16(sec_decrypt_key, &session_key[16], client_key, server_key); + sec_hash_16(sec_encrypt_key, &session_key[32], client_key, server_key); if (rc4_key_size == 1) { @@ -181,8 +179,7 @@ /* Generate a signature hash, using a combination of SHA1 and MD5 */ void -sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, - uint8 * data, int datalen) +sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, uint8 * data, int datalen) { uint8 shasig[20]; uint8 md5sig[16]; @@ -286,8 +283,7 @@ /* Perform an RSA public key encryption operation */ static void -sec_rsa_encrypt(uint8 * out, uint8 * in, int len, - uint8 * modulus, uint8 * exponent) +sec_rsa_encrypt(uint8 * out, uint8 * in, int len, uint8 * modulus, uint8 * exponent) { BN_CTX ctx; BIGNUM mod, exp, x, y; @@ -358,8 +354,7 @@ hexdump(s->p + 8, datalen); #endif - sec_sign(s->p, 8, sec_sign_key, rc4_key_len, s->p + 8, - datalen); + sec_sign(s->p, 8, sec_sign_key, rc4_key_len, s->p + 8, datalen); sec_encrypt(s->p + 8, datalen); } @@ -368,7 +363,7 @@ /* Transfer the client random to the server */ static void -sec_establish_key() +sec_establish_key(void) { uint32 length = SEC_MODULUS_SIZE + SEC_PADDING_SIZE; uint32 flags = SEC_CLIENT_RANDOM; @@ -390,6 +385,9 @@ { int hostlen = 2 * strlen(hostname); + if (hostlen > 30) + hostlen = 30; + out_uint16_be(s, 5); /* unknown */ out_uint16_be(s, 0x14); out_uint8(s, 0x7c); @@ -427,12 +425,12 @@ out_uint32_le(s, 12); out_uint8s(s, 64); /* reserved? 4 + 12 doublewords */ - out_uint16(s, 0xca01); + out_uint16_le(s, 0xca01); out_uint16(s, 0); /* Client encryption settings */ out_uint16_le(s, SEC_TAG_CLI_CRYPT); - out_uint16(s, 8); /* length */ + out_uint16_le(s, 8); /* length */ out_uint32_le(s, encryption ? 0x3 : 0); /* encryption supported, 128-bit supported */ s_mark_end(s); } @@ -468,8 +466,7 @@ /* Parse a crypto information structure */ static BOOL sec_parse_crypt_info(STREAM s, uint32 * rc4_key_size, - uint8 ** server_random, uint8 ** modulus, - uint8 ** exponent) + uint8 ** server_random, uint8 ** modulus, uint8 ** exponent) { uint32 crypt_level, random_len, rsa_info_len; uint16 tag, length; @@ -477,6 +474,8 @@ in_uint32_le(s, *rc4_key_size); /* 1 = 40-bit, 2 = 128-bit */ in_uint32_le(s, crypt_level); /* 1 = low, 2 = medium, 3 = high */ + if (crypt_level == 0) /* no encryptation */ + return False; in_uint32_le(s, random_len); in_uint32_le(s, rsa_info_len); @@ -505,8 +504,7 @@ switch (tag) { case SEC_TAG_PUBKEY: - if (!sec_parse_public_key - (s, modulus, exponent)) + if (!sec_parse_public_key(s, modulus, exponent)) return False; break; @@ -534,14 +532,12 @@ uint8 client_random[SEC_RANDOM_SIZE]; uint32 rc4_key_size; - if (!sec_parse_crypt_info(s, &rc4_key_size, &server_random, - &modulus, &exponent)) + if (!sec_parse_crypt_info(s, &rc4_key_size, &server_random, &modulus, &exponent)) return; /* Generate a client random, and hence determine encryption keys */ generate_random(client_random); - sec_rsa_encrypt(sec_crypted_random, client_random, - SEC_RANDOM_SIZE, modulus, exponent); + sec_rsa_encrypt(sec_crypted_random, client_random, SEC_RANDOM_SIZE, modulus, exponent); sec_generate_keys(client_random, server_random, rc4_key_size); } @@ -551,8 +547,12 @@ { uint16 tag, length; uint8 *next_tag; + uint8 len; - in_uint8s(s, 23); /* header */ + in_uint8s(s, 21); /* header */ + in_uint8(s, len); + if (len & 0x80) + in_uint8(s, len); while (s->p < s->end) { @@ -584,7 +584,7 @@ /* Receive secure transport packet */ STREAM -sec_recv() +sec_recv(void) { uint32 sec_flags; STREAM s; @@ -636,7 +636,7 @@ /* Disconnect a connection */ void -sec_disconnect() +sec_disconnect(void) { mcs_disconnect(); }