| 1 |
/* |
/* |
| 2 |
rdesktop: A Remote Desktop Protocol client. |
rdesktop: A Remote Desktop Protocol client. |
| 3 |
Protocol services - RDP encryption and licensing |
Protocol services - RDP encryption and licensing |
| 4 |
Copyright (C) Matthew Chapman 1999-2001 |
Copyright (C) Matthew Chapman 1999-2002 |
| 5 |
|
|
| 6 |
This program is free software; you can redistribute it and/or modify |
This program is free software; you can redistribute it and/or modify |
| 7 |
it under the terms of the GNU General Public License as published by |
it under the terms of the GNU General Public License as published by |
| 285 |
static void |
static void |
| 286 |
sec_rsa_encrypt(uint8 * out, uint8 * in, int len, uint8 * modulus, uint8 * exponent) |
sec_rsa_encrypt(uint8 * out, uint8 * in, int len, uint8 * modulus, uint8 * exponent) |
| 287 |
{ |
{ |
| 288 |
BN_CTX ctx; |
BN_CTX *ctx; |
| 289 |
BIGNUM mod, exp, x, y; |
BIGNUM mod, exp, x, y; |
| 290 |
uint8 inr[SEC_MODULUS_SIZE]; |
uint8 inr[SEC_MODULUS_SIZE]; |
| 291 |
int outlen; |
int outlen; |
| 295 |
memcpy(inr, in, len); |
memcpy(inr, in, len); |
| 296 |
reverse(inr, len); |
reverse(inr, len); |
| 297 |
|
|
| 298 |
BN_CTX_init(&ctx); |
ctx = BN_CTX_new(); |
| 299 |
BN_init(&mod); |
BN_init(&mod); |
| 300 |
BN_init(&exp); |
BN_init(&exp); |
| 301 |
BN_init(&x); |
BN_init(&x); |
| 304 |
BN_bin2bn(modulus, SEC_MODULUS_SIZE, &mod); |
BN_bin2bn(modulus, SEC_MODULUS_SIZE, &mod); |
| 305 |
BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp); |
BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp); |
| 306 |
BN_bin2bn(inr, len, &x); |
BN_bin2bn(inr, len, &x); |
| 307 |
BN_mod_exp(&y, &x, &exp, &mod, &ctx); |
BN_mod_exp(&y, &x, &exp, &mod, ctx); |
| 308 |
outlen = BN_bn2bin(&y, out); |
outlen = BN_bn2bin(&y, out); |
| 309 |
reverse(out, outlen); |
reverse(out, outlen); |
| 310 |
if (outlen < SEC_MODULUS_SIZE) |
if (outlen < SEC_MODULUS_SIZE) |
| 314 |
BN_clear_free(&x); |
BN_clear_free(&x); |
| 315 |
BN_free(&exp); |
BN_free(&exp); |
| 316 |
BN_free(&mod); |
BN_free(&mod); |
| 317 |
BN_CTX_free(&ctx); |
BN_CTX_free(ctx); |
| 318 |
} |
} |
| 319 |
|
|
| 320 |
/* Initialise secure transport packet */ |
/* Initialise secure transport packet */ |
| 363 |
|
|
| 364 |
/* Transfer the client random to the server */ |
/* Transfer the client random to the server */ |
| 365 |
static void |
static void |
| 366 |
sec_establish_key() |
sec_establish_key(void) |
| 367 |
{ |
{ |
| 368 |
uint32 length = SEC_MODULUS_SIZE + SEC_PADDING_SIZE; |
uint32 length = SEC_MODULUS_SIZE + SEC_PADDING_SIZE; |
| 369 |
uint32 flags = SEC_CLIENT_RANDOM; |
uint32 flags = SEC_CLIENT_RANDOM; |
| 385 |
{ |
{ |
| 386 |
int hostlen = 2 * strlen(hostname); |
int hostlen = 2 * strlen(hostname); |
| 387 |
|
|
| 388 |
|
if (hostlen > 30) |
| 389 |
|
hostlen = 30; |
| 390 |
|
|
| 391 |
out_uint16_be(s, 5); /* unknown */ |
out_uint16_be(s, 5); /* unknown */ |
| 392 |
out_uint16_be(s, 0x14); |
out_uint16_be(s, 0x14); |
| 393 |
out_uint8(s, 0x7c); |
out_uint8(s, 0x7c); |
| 425 |
out_uint32_le(s, 12); |
out_uint32_le(s, 12); |
| 426 |
out_uint8s(s, 64); /* reserved? 4 + 12 doublewords */ |
out_uint8s(s, 64); /* reserved? 4 + 12 doublewords */ |
| 427 |
|
|
| 428 |
out_uint16(s, 0xca01); |
out_uint16_le(s, 0xca01); |
| 429 |
out_uint16(s, 0); |
out_uint16(s, 0); |
| 430 |
|
|
| 431 |
/* Client encryption settings */ |
/* Client encryption settings */ |
| 432 |
out_uint16_le(s, SEC_TAG_CLI_CRYPT); |
out_uint16_le(s, SEC_TAG_CLI_CRYPT); |
| 433 |
out_uint16(s, 8); /* length */ |
out_uint16_le(s, 8); /* length */ |
| 434 |
out_uint32_le(s, encryption ? 0x3 : 0); /* encryption supported, 128-bit supported */ |
out_uint32_le(s, encryption ? 0x3 : 0); /* encryption supported, 128-bit supported */ |
| 435 |
s_mark_end(s); |
s_mark_end(s); |
| 436 |
} |
} |
| 474 |
|
|
| 475 |
in_uint32_le(s, *rc4_key_size); /* 1 = 40-bit, 2 = 128-bit */ |
in_uint32_le(s, *rc4_key_size); /* 1 = 40-bit, 2 = 128-bit */ |
| 476 |
in_uint32_le(s, crypt_level); /* 1 = low, 2 = medium, 3 = high */ |
in_uint32_le(s, crypt_level); /* 1 = low, 2 = medium, 3 = high */ |
| 477 |
|
if (crypt_level == 0) /* no encryptation */ |
| 478 |
|
return False; |
| 479 |
in_uint32_le(s, random_len); |
in_uint32_le(s, random_len); |
| 480 |
in_uint32_le(s, rsa_info_len); |
in_uint32_le(s, rsa_info_len); |
| 481 |
|
|
| 547 |
{ |
{ |
| 548 |
uint16 tag, length; |
uint16 tag, length; |
| 549 |
uint8 *next_tag; |
uint8 *next_tag; |
| 550 |
|
uint8 len; |
| 551 |
|
|
| 552 |
in_uint8s(s, 23); /* header */ |
in_uint8s(s, 21); /* header */ |
| 553 |
|
in_uint8(s, len); |
| 554 |
|
if (len & 0x80) |
| 555 |
|
in_uint8(s, len); |
| 556 |
|
|
| 557 |
while (s->p < s->end) |
while (s->p < s->end) |
| 558 |
{ |
{ |
| 584 |
|
|
| 585 |
/* Receive secure transport packet */ |
/* Receive secure transport packet */ |
| 586 |
STREAM |
STREAM |
| 587 |
sec_recv() |
sec_recv(void) |
| 588 |
{ |
{ |
| 589 |
uint32 sec_flags; |
uint32 sec_flags; |
| 590 |
STREAM s; |
STREAM s; |
| 631 |
sec_process_mcs_data(&mcs_data); |
sec_process_mcs_data(&mcs_data); |
| 632 |
if (encryption) |
if (encryption) |
| 633 |
sec_establish_key(); |
sec_establish_key(); |
| 634 |
|
xfree(mcs_data.data); |
| 635 |
return True; |
return True; |
| 636 |
} |
} |
| 637 |
|
|
| 638 |
/* Disconnect a connection */ |
/* Disconnect a connection */ |
| 639 |
void |
void |
| 640 |
sec_disconnect() |
sec_disconnect(void) |
| 641 |
{ |
{ |
| 642 |
mcs_disconnect(); |
mcs_disconnect(); |
| 643 |
} |
} |
Parent Directory
| 
Revision Log
| 
Patch