298 |
|
|
299 |
/* Perform an RSA public key encryption operation */ |
/* Perform an RSA public key encryption operation */ |
300 |
static void |
static void |
301 |
sec_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus, uint8 * exponent) |
sec_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus, |
302 |
|
uint8 * exponent) |
303 |
{ |
{ |
304 |
BN_CTX *ctx; |
BN_CTX *ctx; |
305 |
BIGNUM mod, exp, x, y; |
BIGNUM mod, exp, x, y; |
394 |
uint32 flags = SEC_CLIENT_RANDOM; |
uint32 flags = SEC_CLIENT_RANDOM; |
395 |
STREAM s; |
STREAM s; |
396 |
|
|
397 |
s = sec_init(flags, length+4); |
s = sec_init(flags, length + 4); |
398 |
|
|
399 |
out_uint32_le(s, length); |
out_uint32_le(s, length); |
400 |
out_uint8p(s, sec_crypted_random, server_public_key_len); |
out_uint8p(s, sec_crypted_random, server_public_key_len); |
512 |
modulus_len -= SEC_PADDING_SIZE; |
modulus_len -= SEC_PADDING_SIZE; |
513 |
if ((modulus_len < 64) || (modulus_len > SEC_MAX_MODULUS_SIZE)) |
if ((modulus_len < 64) || (modulus_len > SEC_MAX_MODULUS_SIZE)) |
514 |
{ |
{ |
515 |
error("Bad server public key size (%u bits)\n", modulus_len*8); |
error("Bad server public key size (%u bits)\n", modulus_len * 8); |
516 |
return False; |
return False; |
517 |
} |
} |
518 |
|
|
553 |
server_public_key_len = RSA_size(server_public_key); |
server_public_key_len = RSA_size(server_public_key); |
554 |
if ((server_public_key_len < 64) || (server_public_key_len > SEC_MAX_MODULUS_SIZE)) |
if ((server_public_key_len < 64) || (server_public_key_len > SEC_MAX_MODULUS_SIZE)) |
555 |
{ |
{ |
556 |
error("Bad server public key size (%u bits)\n", server_public_key_len*8); |
error("Bad server public key size (%u bits)\n", server_public_key_len * 8); |
557 |
return False; |
return False; |
558 |
} |
} |
559 |
|
|
749 |
memset(inr, 0, padding_len); |
memset(inr, 0, padding_len); |
750 |
/* *ARIGL!* Plaintext attack, anyone? |
/* *ARIGL!* Plaintext attack, anyone? |
751 |
I tried doing: |
I tried doing: |
752 |
generate_random(inr); |
generate_random(inr); |
753 |
..but that generates connection errors now and then (yes, |
..but that generates connection errors now and then (yes, |
754 |
"now and then". Something like 0 to 3 attempts needed before a |
"now and then". Something like 0 to 3 attempts needed before a |
755 |
successful connection. Nice. Not! |
successful connection. Nice. Not! |
756 |
*/ |
*/ |
757 |
memcpy(inr + padding_len, client_random, SEC_RANDOM_SIZE); |
memcpy(inr + padding_len, client_random, SEC_RANDOM_SIZE); |
758 |
reverse(inr + padding_len, SEC_RANDOM_SIZE); |
reverse(inr + padding_len, SEC_RANDOM_SIZE); |
768 |
else |
else |
769 |
{ /* RDP4-style encryption */ |
{ /* RDP4-style encryption */ |
770 |
sec_rsa_encrypt(sec_crypted_random, |
sec_rsa_encrypt(sec_crypted_random, |
771 |
client_random, SEC_RANDOM_SIZE, server_public_key_len, modulus, exponent); |
client_random, SEC_RANDOM_SIZE, server_public_key_len, modulus, |
772 |
|
exponent); |
773 |
} |
} |
774 |
sec_generate_keys(client_random, server_random, rc4_key_size); |
sec_generate_keys(client_random, server_random, rc4_key_size); |
775 |
} |
} |