secure.c@ 55121

最後變更在這個檔案從55121是 55121,由 vboxsync 提交於 10 年前
rdesktop 1.8.3 unmodified
屬性 svn:eol-style 設為 `native` 屬性 svn:keywords 設為 `Author Date Id Revision`
檔案大小: 23.5 KB

行
1	/* -- c-basic-offset: 8 --
2	rdesktop: A Remote Desktop Protocol client.
3	Protocol services - RDP encryption and licensing
4	Copyright (C) Matthew Chapman <matthewc.unsw.edu.au> 1999-2008
5	Copyright 2005-2011 Peter Astrand <[email protected]> for Cendio AB
6
7	This program is free software: you can redistribute it and/or modify
8	it under the terms of the GNU General Public License as published by
9	the Free Software Foundation, either version 3 of the License, or
10	(at your option) any later version.
11
12	This program is distributed in the hope that it will be useful,
13	but WITHOUT ANY WARRANTY; without even the implied warranty of
14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15	GNU General Public License for more details.
16
17	You should have received a copy of the GNU General Public License
18	along with this program. If not, see <http://www.gnu.org/licenses/>.
19	*/
20
21	#include "rdesktop.h"
22	#include "ssl.h"
23
24	extern char g_hostname[16];
25	extern int g_width;
26	extern int g_height;
27	extern unsigned int g_keylayout;
28	extern int g_keyboard_type;
29	extern int g_keyboard_subtype;
30	extern int g_keyboard_functionkeys;
31	extern RD_BOOL g_encryption;
32	extern RD_BOOL g_licence_issued;
33	extern RD_BOOL g_licence_error_result;
34	extern RDP_VERSION g_rdp_version;
35	extern RD_BOOL g_console_session;
36	extern uint32 g_redirect_session_id;
37	extern int g_server_depth;
38	extern VCHANNEL g_channels[];
39	extern unsigned int g_num_channels;
40	extern uint8 g_client_random[SEC_RANDOM_SIZE];
41
42	static int g_rc4_key_len;
43	static RDSSL_RC4 g_rc4_decrypt_key;
44	static RDSSL_RC4 g_rc4_encrypt_key;
45	static uint32 g_server_public_key_len;
46
47	static uint8 g_sec_sign_key[16];
48	static uint8 g_sec_decrypt_key[16];
49	static uint8 g_sec_encrypt_key[16];
50	static uint8 g_sec_decrypt_update_key[16];
51	static uint8 g_sec_encrypt_update_key[16];
52	static uint8 g_sec_crypted_random[SEC_MAX_MODULUS_SIZE];
53
54	uint16 g_server_rdp_version = 0;
55
56	/* These values must be available to reset state - Session Directory */
57	static int g_sec_encrypt_use_count = 0;
58	static int g_sec_decrypt_use_count = 0;
59
60	/*
61	* I believe this is based on SSLv3 with the following differences:
62	* MAC algorithm (5.2.3.1) uses only 32-bit length in place of seq_num/type/length fields
63	* MAC algorithm uses SHA1 and MD5 for the two hash functions instead of one or other
64	* key_block algorithm (6.2.2) uses 'X', 'YY', 'ZZZ' instead of 'A', 'BB', 'CCC'
65	* key_block partitioning is different (16 bytes each: MAC secret, decrypt key, encrypt key)
66	* encryption/decryption keys updated every 4096 packets
67	* See http://wp.netscape.com/eng/ssl3/draft302.txt
68	*/
69
70	/*
71	* 48-byte transformation used to generate master secret (6.1) and key material (6.2.2).
72	* Both SHA1 and MD5 algorithms are used.
73	*/
74	void
75	sec_hash_48(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2, uint8 salt)
76	{
77	uint8 shasig[20];
78	uint8 pad[4];
79	RDSSL_SHA1 sha1;
80	RDSSL_MD5 md5;
81	int i;
82
83	for (i = 0; i < 3; i++)
84	{
85	memset(pad, salt + i, i + 1);
86
87	rdssl_sha1_init(&sha1);
88	rdssl_sha1_update(&sha1, pad, i + 1);
89	rdssl_sha1_update(&sha1, in, 48);
90	rdssl_sha1_update(&sha1, salt1, 32);
91	rdssl_sha1_update(&sha1, salt2, 32);
92	rdssl_sha1_final(&sha1, shasig);
93
94	rdssl_md5_init(&md5);
95	rdssl_md5_update(&md5, in, 48);
96	rdssl_md5_update(&md5, shasig, 20);
97	rdssl_md5_final(&md5, &out[i * 16]);
98	}
99	}
100
101	/*
102	* 16-byte transformation used to generate export keys (6.2.2).
103	*/
104	void
105	sec_hash_16(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2)
106	{
107	RDSSL_MD5 md5;
108
109	rdssl_md5_init(&md5);
110	rdssl_md5_update(&md5, in, 16);
111	rdssl_md5_update(&md5, salt1, 32);
112	rdssl_md5_update(&md5, salt2, 32);
113	rdssl_md5_final(&md5, out);
114	}
115
116	/*
117	* 16-byte sha1 hash
118	*/
119	void
120	sec_hash_sha1_16(uint8 * out, uint8 * in, uint8 * salt1)
121	{
122	RDSSL_SHA1 sha1;
123	rdssl_sha1_init(&sha1);
124	rdssl_sha1_update(&sha1, in, 16);
125	rdssl_sha1_update(&sha1, salt1, 16);
126	rdssl_sha1_final(&sha1, out);
127	}
128
129	/* create string from hash */
130	void
131	sec_hash_to_string(char out, int out_size, uint8 in, int in_size)
132	{
133	int k;
134	memset(out, 0, out_size);
135	for (k = 0; k < in_size; k++, out += 2)
136	{
137	sprintf(out, "%.2x", in[k]);
138	}
139	}
140
141	/* Reduce key entropy from 64 to 40 bits */
142	static void
143	sec_make_40bit(uint8 * key)
144	{
145	key[0] = 0xd1;
146	key[1] = 0x26;
147	key[2] = 0x9e;
148	}
149
150	/* Generate encryption keys given client and server randoms */
151	static void
152	sec_generate_keys(uint8 * client_random, uint8 * server_random, int rc4_key_size)
153	{
154	uint8 pre_master_secret[48];
155	uint8 master_secret[48];
156	uint8 key_block[48];
157
158	/* Construct pre-master secret */
159	memcpy(pre_master_secret, client_random, 24);
160	memcpy(pre_master_secret + 24, server_random, 24);
161
162	/* Generate master secret and then key material */
163	sec_hash_48(master_secret, pre_master_secret, client_random, server_random, 'A');
164	sec_hash_48(key_block, master_secret, client_random, server_random, 'X');
165
166	/* First 16 bytes of key material is MAC secret */
167	memcpy(g_sec_sign_key, key_block, 16);
168
169	/* Generate export keys from next two blocks of 16 bytes */
170	sec_hash_16(g_sec_decrypt_key, &key_block[16], client_random, server_random);
171	sec_hash_16(g_sec_encrypt_key, &key_block[32], client_random, server_random);
172
173	if (rc4_key_size == 1)
174	{
175	DEBUG(("40-bit encryption enabled\n"));
176	sec_make_40bit(g_sec_sign_key);
177	sec_make_40bit(g_sec_decrypt_key);
178	sec_make_40bit(g_sec_encrypt_key);
179	g_rc4_key_len = 8;
180	}
181	else
182	{
183	DEBUG(("rc_4_key_size == %d, 128-bit encryption enabled\n", rc4_key_size));
184	g_rc4_key_len = 16;
185	}
186
187	/* Save initial RC4 keys as update keys */
188	memcpy(g_sec_decrypt_update_key, g_sec_decrypt_key, 16);
189	memcpy(g_sec_encrypt_update_key, g_sec_encrypt_key, 16);
190
191	/* Initialise RC4 state arrays */
192	rdssl_rc4_set_key(&g_rc4_decrypt_key, g_sec_decrypt_key, g_rc4_key_len);
193	rdssl_rc4_set_key(&g_rc4_encrypt_key, g_sec_encrypt_key, g_rc4_key_len);
194	}
195
196	static uint8 pad_54[40] = {
197	54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54,
198	54, 54, 54,
199	54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54,
200	54, 54, 54
201	};
202
203	static uint8 pad_92[48] = {
204	92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92,
205	92, 92, 92, 92, 92, 92, 92,
206	92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92,
207	92, 92, 92, 92, 92, 92, 92
208	};
209
210	/* Output a uint32 into a buffer (little-endian) */
211	void
212	buf_out_uint32(uint8 * buffer, uint32 value)
213	{
214	buffer[0] = (value) & 0xff;
215	buffer[1] = (value >> 8) & 0xff;
216	buffer[2] = (value >> 16) & 0xff;
217	buffer[3] = (value >> 24) & 0xff;
218	}
219
220	/* Generate a MAC hash (5.2.3.1), using a combination of SHA1 and MD5 */
221	void
222	sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, uint8 * data, int datalen)
223	{
224	uint8 shasig[20];
225	uint8 md5sig[16];
226	uint8 lenhdr[4];
227	RDSSL_SHA1 sha1;
228	RDSSL_MD5 md5;
229
230	buf_out_uint32(lenhdr, datalen);
231
232	rdssl_sha1_init(&sha1);
233	rdssl_sha1_update(&sha1, session_key, keylen);
234	rdssl_sha1_update(&sha1, pad_54, 40);
235	rdssl_sha1_update(&sha1, lenhdr, 4);
236	rdssl_sha1_update(&sha1, data, datalen);
237	rdssl_sha1_final(&sha1, shasig);
238
239	rdssl_md5_init(&md5);
240	rdssl_md5_update(&md5, session_key, keylen);
241	rdssl_md5_update(&md5, pad_92, 48);
242	rdssl_md5_update(&md5, shasig, 20);
243	rdssl_md5_final(&md5, md5sig);
244
245	memcpy(signature, md5sig, siglen);
246	}
247
248	/* Update an encryption key */
249	static void
250	sec_update(uint8 * key, uint8 * update_key)
251	{
252	uint8 shasig[20];
253	RDSSL_SHA1 sha1;
254	RDSSL_MD5 md5;
255	RDSSL_RC4 update;
256
257	rdssl_sha1_init(&sha1);
258	rdssl_sha1_update(&sha1, update_key, g_rc4_key_len);
259	rdssl_sha1_update(&sha1, pad_54, 40);
260	rdssl_sha1_update(&sha1, key, g_rc4_key_len);
261	rdssl_sha1_final(&sha1, shasig);
262
263	rdssl_md5_init(&md5);
264	rdssl_md5_update(&md5, update_key, g_rc4_key_len);
265	rdssl_md5_update(&md5, pad_92, 48);
266	rdssl_md5_update(&md5, shasig, 20);
267	rdssl_md5_final(&md5, key);
268
269	rdssl_rc4_set_key(&update, key, g_rc4_key_len);
270	rdssl_rc4_crypt(&update, key, key, g_rc4_key_len);
271
272	if (g_rc4_key_len == 8)
273	sec_make_40bit(key);
274	}
275
276	/* Encrypt data using RC4 */
277	static void
278	sec_encrypt(uint8 * data, int length)
279	{
280	if (g_sec_encrypt_use_count == 4096)
281	{
282	sec_update(g_sec_encrypt_key, g_sec_encrypt_update_key);
283	rdssl_rc4_set_key(&g_rc4_encrypt_key, g_sec_encrypt_key, g_rc4_key_len);
284	g_sec_encrypt_use_count = 0;
285	}
286
287	rdssl_rc4_crypt(&g_rc4_encrypt_key, data, data, length);
288	g_sec_encrypt_use_count++;
289	}
290
291	/* Decrypt data using RC4 */
292	void
293	sec_decrypt(uint8 * data, int length)
294	{
295	if (g_sec_decrypt_use_count == 4096)
296	{
297	sec_update(g_sec_decrypt_key, g_sec_decrypt_update_key);
298	rdssl_rc4_set_key(&g_rc4_decrypt_key, g_sec_decrypt_key, g_rc4_key_len);
299	g_sec_decrypt_use_count = 0;
300	}
301
302	rdssl_rc4_crypt(&g_rc4_decrypt_key, data, data, length);
303	g_sec_decrypt_use_count++;
304	}
305
306	/* Perform an RSA public key encryption operation */
307	static void
308	sec_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus,
309	uint8 * exponent)
310	{
311	rdssl_rsa_encrypt(out, in, len, modulus_size, modulus, exponent);
312	}
313
314	/* Initialise secure transport packet */
315	STREAM
316	sec_init(uint32 flags, int maxlen)
317	{
318	int hdrlen;
319	STREAM s;
320
321	if (!g_licence_issued && !g_licence_error_result)
322	hdrlen = (flags & SEC_ENCRYPT) ? 12 : 4;
323	else
324	hdrlen = (flags & SEC_ENCRYPT) ? 12 : 0;
325	s = mcs_init(maxlen + hdrlen);
326	s_push_layer(s, sec_hdr, hdrlen);
327
328	return s;
329	}
330
331	/* Transmit secure transport packet over specified channel */
332	void
333	sec_send_to_channel(STREAM s, uint32 flags, uint16 channel)
334	{
335	int datalen;
336
337	#ifdef WITH_SCARD
338	scard_lock(SCARD_LOCK_SEC);
339	#endif
340
341	s_pop_layer(s, sec_hdr);
342	if ((!g_licence_issued && !g_licence_error_result) \|\| (flags & SEC_ENCRYPT))
343	out_uint32_le(s, flags);
344
345	if (flags & SEC_ENCRYPT)
346	{
347	flags &= ~SEC_ENCRYPT;
348	datalen = s->end - s->p - 8;
349
350	#if WITH_DEBUG
351	DEBUG(("Sending encrypted packet:\n"));
352	hexdump(s->p + 8, datalen);
353	#endif
354
355	sec_sign(s->p, 8, g_sec_sign_key, g_rc4_key_len, s->p + 8, datalen);
356	sec_encrypt(s->p + 8, datalen);
357	}
358
359	mcs_send_to_channel(s, channel);
360
361	#ifdef WITH_SCARD
362	scard_unlock(SCARD_LOCK_SEC);
363	#endif
364	}
365
366	/* Transmit secure transport packet */
367
368	void
369	sec_send(STREAM s, uint32 flags)
370	{
371	sec_send_to_channel(s, flags, MCS_GLOBAL_CHANNEL);
372	}
373
374
375	/* Transfer the client random to the server */
376	static void
377	sec_establish_key(void)
378	{
379	uint32 length = g_server_public_key_len + SEC_PADDING_SIZE;
380	uint32 flags = SEC_CLIENT_RANDOM;
381	STREAM s;
382
383	s = sec_init(flags, length + 4);
384
385	out_uint32_le(s, length);
386	out_uint8p(s, g_sec_crypted_random, g_server_public_key_len);
387	out_uint8s(s, SEC_PADDING_SIZE);
388
389	s_mark_end(s);
390	sec_send(s, flags);
391	}
392
393	/* Output connect initial data blob */
394	static void
395	sec_out_mcs_data(STREAM s, uint32 selected_protocol)
396	{
397	int hostlen = 2 * strlen(g_hostname);
398	int length = 162 + 76 + 12 + 4;
399	unsigned int i;
400
401	if (g_num_channels > 0)
402	length += g_num_channels * 12 + 8;
403
404	if (hostlen > 30)
405	hostlen = 30;
406
407	/* Generic Conference Control (T.124) ConferenceCreateRequest */
408	out_uint16_be(s, 5);
409	out_uint16_be(s, 0x14);
410	out_uint8(s, 0x7c);
411	out_uint16_be(s, 1);
412
413	out_uint16_be(s, (length \| 0x8000)); /* remaining length */
414
415	out_uint16_be(s, 8); /* length? */
416	out_uint16_be(s, 16);
417	out_uint8(s, 0);
418	out_uint16_le(s, 0xc001);
419	out_uint8(s, 0);
420
421	out_uint32_le(s, 0x61637544); /* OEM ID: "Duca", as in Ducati. */
422	out_uint16_be(s, ((length - 14) \| 0x8000)); /* remaining length */
423
424	/* Client information */
425	out_uint16_le(s, SEC_TAG_CLI_INFO);
426	out_uint16_le(s, 216); /* length */
427	out_uint16_le(s, (g_rdp_version >= RDP_V5) ? 4 : 1); /* RDP version. 1 == RDP4, 4 >= RDP5 to RDP8 */
428	out_uint16_le(s, 8);
429	out_uint16_le(s, g_width);
430	out_uint16_le(s, g_height);
431	out_uint16_le(s, 0xca01);
432	out_uint16_le(s, 0xaa03);
433	out_uint32_le(s, g_keylayout);
434	out_uint32_le(s, 2600); /* Client build. We are now 2600 compatible :-) */
435
436	/* Unicode name of client, padded to 32 bytes */
437	rdp_out_unistr(s, g_hostname, hostlen);
438	out_uint8s(s, 30 - hostlen);
439
440	/* See
441	http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wceddk40/html/cxtsksupportingremotedesktopprotocol.asp */
442	out_uint32_le(s, g_keyboard_type);
443	out_uint32_le(s, g_keyboard_subtype);
444	out_uint32_le(s, g_keyboard_functionkeys);
445	out_uint8s(s, 64); /* reserved? 4 + 12 doublewords */
446	out_uint16_le(s, 0xca01); /* colour depth? */
447	out_uint16_le(s, 1);
448
449	out_uint32(s, 0);
450	out_uint8(s, g_server_depth);
451	out_uint16_le(s, 0x0700);
452	out_uint8(s, 0);
453	out_uint32_le(s, 1);
454	out_uint8s(s, 64);
455	out_uint32_le(s, selected_protocol); /* End of client info */
456
457	/* Write a Client Cluster Data (TS_UD_CS_CLUSTER) */
458	uint32 cluster_flags = 0;
459	out_uint16_le(s, SEC_TAG_CLI_CLUSTER); /* header.type */
460	out_uint16_le(s, 12); /* length */
461
462	cluster_flags \|= SEC_CC_REDIRECTION_SUPPORTED;
463	cluster_flags \|= (SEC_CC_REDIRECT_VERSION_3 << 2);
464
465	if (g_console_session \|\| g_redirect_session_id != 0)
466	cluster_flags \|= SEC_CC_REDIRECT_SESSIONID_FIELD_VALID;
467
468	out_uint32_le(s, cluster_flags);
469	out_uint32(s, g_redirect_session_id);
470
471	/* Client encryption settings */
472	out_uint16_le(s, SEC_TAG_CLI_CRYPT);
473	out_uint16_le(s, 12); /* length */
474	out_uint32_le(s, g_encryption ? 0x3 : 0); /* encryption supported, 128-bit supported */
475	out_uint32(s, 0); /* Unknown */
476
477	DEBUG_RDP5(("g_num_channels is %d\n", g_num_channels));
478	if (g_num_channels > 0)
479	{
480	out_uint16_le(s, SEC_TAG_CLI_CHANNELS);
481	out_uint16_le(s, g_num_channels * 12 + 8); /* length */
482	out_uint32_le(s, g_num_channels); /* number of virtual channels */
483	for (i = 0; i < g_num_channels; i++)
484	{
485	DEBUG_RDP5(("Requesting channel %s\n", g_channels[i].name));
486	out_uint8a(s, g_channels[i].name, 8);
487	out_uint32_be(s, g_channels[i].flags);
488	}
489	}
490
491	s_mark_end(s);
492	}
493
494	/* Parse a public key structure */
495	static RD_BOOL
496	sec_parse_public_key(STREAM s, uint8 * modulus, uint8 * exponent)
497	{
498	uint32 magic, modulus_len;
499
500	in_uint32_le(s, magic);
501	if (magic != SEC_RSA_MAGIC)
502	{
503	error("RSA magic 0x%x\n", magic);
504	return False;
505	}
506
507	in_uint32_le(s, modulus_len);
508	modulus_len -= SEC_PADDING_SIZE;
509	if ((modulus_len < SEC_MODULUS_SIZE) \|\| (modulus_len > SEC_MAX_MODULUS_SIZE))
510	{
511	error("Bad server public key size (%u bits)\n", modulus_len * 8);
512	return False;
513	}
514
515	in_uint8s(s, 8); /* modulus_bits, unknown */
516	in_uint8a(s, exponent, SEC_EXPONENT_SIZE);
517	in_uint8a(s, modulus, modulus_len);
518	in_uint8s(s, SEC_PADDING_SIZE);
519	g_server_public_key_len = modulus_len;
520
521	return s_check(s);
522	}
523
524	/* Parse a public signature structure */
525	static RD_BOOL
526	sec_parse_public_sig(STREAM s, uint32 len, uint8 * modulus, uint8 * exponent)
527	{
528	uint8 signature[SEC_MAX_MODULUS_SIZE];
529	uint32 sig_len;
530
531	if (len != 72)
532	{
533	return True;
534	}
535	memset(signature, 0, sizeof(signature));
536	sig_len = len - 8;
537	in_uint8a(s, signature, sig_len);
538	return rdssl_sig_ok(exponent, SEC_EXPONENT_SIZE, modulus, g_server_public_key_len,
539	signature, sig_len);
540	}
541
542	/* Parse a crypto information structure */
543	static RD_BOOL
544	sec_parse_crypt_info(STREAM s, uint32 * rc4_key_size,
545	uint8 ** server_random, uint8 * modulus, uint8 * exponent)
546	{
547	uint32 crypt_level, random_len, rsa_info_len;
548	uint32 cacert_len, cert_len, flags;
549	RDSSL_CERT cacert, server_cert;
550	RDSSL_RKEY *server_public_key;
551	uint16 tag, length;
552	uint8 next_tag, end;
553
554	in_uint32_le(s, rc4_key_size); / 1 = 40-bit, 2 = 128-bit */
555	in_uint32_le(s, crypt_level); /* 1 = low, 2 = medium, 3 = high */
556	if (crypt_level == 0)
557	{
558	/* no encryption */
559	return False;
560	}
561
562	in_uint32_le(s, random_len);
563	in_uint32_le(s, rsa_info_len);
564
565	if (random_len != SEC_RANDOM_SIZE)
566	{
567	error("random len %d, expected %d\n", random_len, SEC_RANDOM_SIZE);
568	return False;
569	}
570
571	in_uint8p(s, *server_random, random_len);
572
573	/* RSA info */
574	end = s->p + rsa_info_len;
575	if (end > s->end)
576	return False;
577
578	in_uint32_le(s, flags); /* 1 = RDP4-style, 0x80000002 = X.509 */
579	if (flags & 1)
580	{
581	DEBUG_RDP5(("We're going for the RDP4-style encryption\n"));
582	in_uint8s(s, 8); /* unknown */
583
584	while (s->p < end)
585	{
586	in_uint16_le(s, tag);
587	in_uint16_le(s, length);
588
589	next_tag = s->p + length;
590
591	switch (tag)
592	{
593	case SEC_TAG_PUBKEY:
594	if (!sec_parse_public_key(s, modulus, exponent))
595	return False;
596	DEBUG_RDP5(("Got Public key, RDP4-style\n"));
597
598	break;
599
600	case SEC_TAG_KEYSIG:
601	if (!sec_parse_public_sig(s, length, modulus, exponent))
602	return False;
603	break;
604
605	default:
606	unimpl("crypt tag 0x%x\n", tag);
607	}
608
609	s->p = next_tag;
610	}
611	}
612	else
613	{
614	uint32 certcount;
615
616	DEBUG_RDP5(("We're going for the RDP5-style encryption\n"));
617	in_uint32_le(s, certcount); /* Number of certificates */
618	if (certcount < 2)
619	{
620	error("Server didn't send enough X509 certificates\n");
621	return False;
622	}
623	for (; certcount > 2; certcount--)
624	{ /* ignore all the certificates between the root and the signing CA */
625	uint32 ignorelen;
626	RDSSL_CERT *ignorecert;
627
628	DEBUG_RDP5(("Ignored certs left: %d\n", certcount));
629	in_uint32_le(s, ignorelen);
630	DEBUG_RDP5(("Ignored Certificate length is %d\n", ignorelen));
631	ignorecert = rdssl_cert_read(s->p, ignorelen);
632	in_uint8s(s, ignorelen);
633	if (ignorecert == NULL)
634	{ /* XXX: error out? */
635	DEBUG_RDP5(("got a bad cert: this will probably screw up the rest of the communication\n"));
636	}
637
638	#ifdef WITH_DEBUG_RDP5
639	DEBUG_RDP5(("cert #%d (ignored):\n", certcount));
640	rdssl_cert_print_fp(stdout, ignorecert);
641	#endif
642	}
643	/* Do da funky X.509 stuffy
644
645	"How did I find out about this? I looked up and saw a
646	bright light and when I came to I had a scar on my forehead
647	and knew about X.500"
648	- Peter Gutman in a early version of
649	http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt
650	*/
651	in_uint32_le(s, cacert_len);
652	DEBUG_RDP5(("CA Certificate length is %d\n", cacert_len));
653	cacert = rdssl_cert_read(s->p, cacert_len);
654	in_uint8s(s, cacert_len);
655	if (NULL == cacert)
656	{
657	error("Couldn't load CA Certificate from server\n");
658	return False;
659	}
660	in_uint32_le(s, cert_len);
661	DEBUG_RDP5(("Certificate length is %d\n", cert_len));
662	server_cert = rdssl_cert_read(s->p, cert_len);
663	in_uint8s(s, cert_len);
664	if (NULL == server_cert)
665	{
666	rdssl_cert_free(cacert);
667	error("Couldn't load Certificate from server\n");
668	return False;
669	}
670	if (!rdssl_certs_ok(server_cert, cacert))
671	{
672	rdssl_cert_free(server_cert);
673	rdssl_cert_free(cacert);
674	error("Security error CA Certificate invalid\n");
675	return False;
676	}
677	rdssl_cert_free(cacert);
678	in_uint8s(s, 16); /* Padding */
679	server_public_key = rdssl_cert_to_rkey(server_cert, &g_server_public_key_len);
680	if (NULL == server_public_key)
681	{
682	DEBUG_RDP5(("Didn't parse X509 correctly\n"));
683	rdssl_cert_free(server_cert);
684	return False;
685	}
686	rdssl_cert_free(server_cert);
687	if ((g_server_public_key_len < SEC_MODULUS_SIZE) \|\|
688	(g_server_public_key_len > SEC_MAX_MODULUS_SIZE))
689	{
690	error("Bad server public key size (%u bits)\n",
691	g_server_public_key_len * 8);
692	rdssl_rkey_free(server_public_key);
693	return False;
694	}
695	if (rdssl_rkey_get_exp_mod(server_public_key, exponent, SEC_EXPONENT_SIZE,
696	modulus, SEC_MAX_MODULUS_SIZE) != 0)
697	{
698	error("Problem extracting RSA exponent, modulus");
699	rdssl_rkey_free(server_public_key);
700	return False;
701	}
702	rdssl_rkey_free(server_public_key);
703	return True; /* There's some garbage here we don't care about */
704	}
705	return s_check_end(s);
706	}
707
708	/* Process crypto information blob */
709	static void
710	sec_process_crypt_info(STREAM s)
711	{
712	uint8 *server_random = NULL;
713	uint8 modulus[SEC_MAX_MODULUS_SIZE];
714	uint8 exponent[SEC_EXPONENT_SIZE];
715	uint32 rc4_key_size;
716
717	memset(modulus, 0, sizeof(modulus));
718	memset(exponent, 0, sizeof(exponent));
719	if (!sec_parse_crypt_info(s, &rc4_key_size, &server_random, modulus, exponent))
720	{
721	DEBUG(("Failed to parse crypt info\n"));
722	return;
723	}
724	DEBUG(("Generating client random\n"));
725	generate_random(g_client_random);
726	sec_rsa_encrypt(g_sec_crypted_random, g_client_random, SEC_RANDOM_SIZE,
727	g_server_public_key_len, modulus, exponent);
728	sec_generate_keys(g_client_random, server_random, rc4_key_size);
729	}
730
731
732	/* Process SRV_INFO, find RDP version supported by server */
733	static void
734	sec_process_srv_info(STREAM s)
735	{
736	in_uint16_le(s, g_server_rdp_version);
737	DEBUG_RDP5(("Server RDP version is %d\n", g_server_rdp_version));
738	if (1 == g_server_rdp_version)
739	{
740	g_rdp_version = RDP_V4;
741	g_server_depth = 8;
742	}
743	}
744
745
746	/* Process connect response data blob */
747	void
748	sec_process_mcs_data(STREAM s)
749	{
750	uint16 tag, length;
751	uint8 *next_tag;
752	uint8 len;
753
754	in_uint8s(s, 21); /* header (T.124 ConferenceCreateResponse) */
755	in_uint8(s, len);
756	if (len & 0x80)
757	in_uint8(s, len);
758
759	while (s->p < s->end)
760	{
761	in_uint16_le(s, tag);
762	in_uint16_le(s, length);
763
764	if (length <= 4)
765	return;
766
767	next_tag = s->p + length - 4;
768
769	switch (tag)
770	{
771	case SEC_TAG_SRV_INFO:
772	sec_process_srv_info(s);
773	break;
774
775	case SEC_TAG_SRV_CRYPT:
776	sec_process_crypt_info(s);
777	break;
778
779	case SEC_TAG_SRV_CHANNELS:
780	/* FIXME: We should parse this information and
781	use it to map RDP5 channels to MCS
782	channels */
783	break;
784
785	default:
786	unimpl("response tag 0x%x\n", tag);
787	}
788
789	s->p = next_tag;
790	}
791	}
792
793	/* Receive secure transport packet */
794	STREAM
795	sec_recv(uint8 * rdpver)
796	{
797	uint32 sec_flags;
798	uint16 channel;
799	STREAM s;
800
801	while ((s = mcs_recv(&channel, rdpver)) != NULL)
802	{
803	if (rdpver != NULL)
804	{
805	if (*rdpver != 3)
806	{
807	if (*rdpver & 0x80)
808	{
809	in_uint8s(s, 8); /* signature */
810	sec_decrypt(s->p, s->end - s->p);
811	}
812	return s;
813	}
814	}
815	if (g_encryption \|\| (!g_licence_issued && !g_licence_error_result))
816	{
817	in_uint32_le(s, sec_flags);
818
819	if (g_encryption)
820	{
821	if (sec_flags & SEC_ENCRYPT)
822	{
823	in_uint8s(s, 8); /* signature */
824	sec_decrypt(s->p, s->end - s->p);
825	}
826
827	if (sec_flags & SEC_LICENCE_NEG)
828	{
829	licence_process(s);
830	continue;
831	}
832
833	if (sec_flags & 0x0400) /* SEC_REDIRECT_ENCRYPT */
834	{
835	uint8 swapbyte;
836
837	in_uint8s(s, 8); /* signature */
838	sec_decrypt(s->p, s->end - s->p);
839
840	/* Check for a redirect packet, starts with 00 04 */
841	if (s->p[0] == 0 && s->p[1] == 4)
842	{
843	/* for some reason the PDU and the length seem to be swapped.
844	This isn't good, but we're going to do a byte for byte
845	swap. So the first foure value appear as: 00 04 XX YY,
846	where XX YY is the little endian length. We're going to
847	use 04 00 as the PDU type, so after our swap this will look
848	like: XX YY 04 00 */
849	swapbyte = s->p[0];
850	s->p[0] = s->p[2];
851	s->p[2] = swapbyte;
852
853	swapbyte = s->p[1];
854	s->p[1] = s->p[3];
855	s->p[3] = swapbyte;
856
857	swapbyte = s->p[2];
858	s->p[2] = s->p[3];
859	s->p[3] = swapbyte;
860	}
861	#ifdef WITH_DEBUG
862	/* warning! this debug statement will show passwords in the clear! */
863	hexdump(s->p, s->end - s->p);
864	#endif
865	}
866	}
867	else
868	{
869	if ((sec_flags & 0xffff) == SEC_LICENCE_NEG)
870	{
871	licence_process(s);
872	continue;
873	}
874	s->p -= 4;
875	}
876	}
877
878	if (channel != MCS_GLOBAL_CHANNEL)
879	{
880	channel_process(s, channel);
881	if (rdpver != NULL)
882	*rdpver = 0xff;
883	return s;
884	}
885
886	return s;
887	}
888
889	return NULL;
890	}
891
892	/* Establish a secure connection */
893	RD_BOOL
894	sec_connect(char server, char username, char domain, char password, RD_BOOL reconnect)
895	{
896	uint32 selected_proto;
897	struct stream mcs_data;
898
899	/* Start a MCS connect sequence */
900	if (!mcs_connect_start(server, username, domain, password, reconnect, &selected_proto))
901	return False;
902
903	/* We exchange some RDP data during the MCS-Connect */
904	mcs_data.size = 512;
905	mcs_data.p = mcs_data.data = (uint8 *) xmalloc(mcs_data.size);
906	sec_out_mcs_data(&mcs_data, selected_proto);
907
908	/* finialize the MCS connect sequence */
909	if (!mcs_connect_finalize(&mcs_data))
910	return False;
911
912	/* sec_process_mcs_data(&mcs_data); */
913	if (g_encryption)
914	sec_establish_key();
915	xfree(mcs_data.data);
916	return True;
917	}
918
919	/* Disconnect a connection */
920	void
921	sec_disconnect(void)
922	{
923	mcs_disconnect();
924	}
925
926	/* reset the state of the sec layer */
927	void
928	sec_reset_state(void)
929	{
930	g_server_rdp_version = 0;
931	g_sec_encrypt_use_count = 0;
932	g_sec_decrypt_use_count = 0;
933	g_licence_issued = 0;
934	g_licence_error_result = 0;
935	mcs_reset_state();
936	}

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/VBox/RDP/client-1.8.3/secure.c@ 55121

以其他格式下載: