mirror of https://github.com/FreeRDP/FreeRDP
Merge pull request #3171 from akallabeth/crypto_simplification
Crypto simplification
This commit is contained in:
Bernhard Miklautz
commit
014f31db35
|
|
@ -38,11 +38,7 @@
|
|||
|
||||
#include <freerdp/api.h>
|
||||
#include <freerdp/freerdp.h>
|
||||
|
||||
struct crypto_des3_struct
|
||||
{
|
||||
EVP_CIPHER_CTX des3_ctx;
|
||||
};
|
||||
#include <freerdp/crypto/certificate.h>
|
||||
|
||||
struct crypto_cert_struct
|
||||
{
|
||||
|
|
@ -54,18 +50,8 @@ struct crypto_cert_struct
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
typedef struct crypto_des3_struct* CryptoDes3;
|
||||
|
||||
FREERDP_API CryptoDes3 crypto_des3_encrypt_init(const BYTE* key, const BYTE* ivec);
|
||||
FREERDP_API CryptoDes3 crypto_des3_decrypt_init(const BYTE* key, const BYTE* ivec);
|
||||
FREERDP_API BOOL crypto_des3_encrypt(CryptoDes3 des3, UINT32 length, const BYTE *in_data, BYTE *out_data);
|
||||
FREERDP_API BOOL crypto_des3_decrypt(CryptoDes3 des3, UINT32 length, const BYTE *in_data, BYTE* out_data);
|
||||
FREERDP_API void crypto_des3_free(CryptoDes3 des3);
|
||||
|
||||
typedef struct crypto_cert_struct* CryptoCert;
|
||||
|
||||
#include <freerdp/crypto/certificate.h>
|
||||
|
||||
FREERDP_API CryptoCert crypto_cert_read(BYTE* data, UINT32 length);
|
||||
FREERDP_API char* crypto_cert_fingerprint(X509* xcert);
|
||||
FREERDP_API char* crypto_cert_subject(X509* xcert);
|
||||
|
|
@ -92,7 +78,6 @@ FREERDP_API int crypto_rsa_public_decrypt(const BYTE* input, int length, UINT32
|
|||
FREERDP_API int crypto_rsa_private_encrypt(const BYTE* input, int length, UINT32 key_length, const BYTE* modulus, const BYTE* private_exponent, BYTE* output);
|
||||
FREERDP_API int crypto_rsa_private_decrypt(const BYTE* input, int length, UINT32 key_length, const BYTE* modulus, const BYTE* private_exponent, BYTE* output);
|
||||
FREERDP_API void crypto_reverse(BYTE* data, int length);
|
||||
FREERDP_API void crypto_nonce(BYTE* nonce, int size);
|
||||
|
||||
FREERDP_API char* crypto_base64_encode(const BYTE* data, int length);
|
||||
FREERDP_API void crypto_base64_decode(const char* enc_data, int length, BYTE** dec_data, int* res_length);
|
||||
|
|
|
|||
|
|
@ -437,7 +437,7 @@ static BOOL rdp_client_establish_keys(rdpRdp* rdp)
|
|||
if (!settings->ClientRandom)
|
||||
return FALSE;
|
||||
|
||||
crypto_nonce(settings->ClientRandom, settings->ClientRandomLength);
|
||||
winpr_RAND(settings->ClientRandom, settings->ClientRandomLength);
|
||||
key_len = settings->RdpServerCertificate->cert_info.ModulusLength;
|
||||
mod = settings->RdpServerCertificate->cert_info.Modulus;
|
||||
exp = settings->RdpServerCertificate->cert_info.exponent;
|
||||
|
|
@ -490,13 +490,19 @@ static BOOL rdp_client_establish_keys(rdpRdp* rdp)
|
|||
|
||||
if (settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
|
||||
{
|
||||
rdp->fips_encrypt = crypto_des3_encrypt_init(rdp->fips_encrypt_key, fips_ivec);
|
||||
rdp->fips_encrypt = winpr_Cipher_New( WINPR_CIPHER_DES_EDE3_CBC,
|
||||
WINPR_ENCRYPT,
|
||||
rdp->fips_encrypt_key,
|
||||
fips_ivec);
|
||||
if (!rdp->fips_encrypt)
|
||||
{
|
||||
WLog_ERR(TAG, "unable to allocate des3 encrypt key");
|
||||
goto end;
|
||||
}
|
||||
rdp->fips_decrypt = crypto_des3_decrypt_init(rdp->fips_decrypt_key, fips_ivec);
|
||||
rdp->fips_decrypt = winpr_Cipher_New(WINPR_CIPHER_DES_EDE3_CBC,
|
||||
WINPR_DECRYPT,
|
||||
rdp->fips_decrypt_key,
|
||||
fips_ivec);
|
||||
if (!rdp->fips_decrypt)
|
||||
{
|
||||
WLog_ERR(TAG, "unable to allocate des3 decrypt key");
|
||||
|
|
@ -513,12 +519,27 @@ static BOOL rdp_client_establish_keys(rdpRdp* rdp)
|
|||
goto end;
|
||||
}
|
||||
|
||||
winpr_RC4_Init(rdp->rc4_decrypt_key, rdp->decrypt_key, rdp->rc4_key_len);
|
||||
winpr_RC4_Init(rdp->rc4_encrypt_key, rdp->encrypt_key, rdp->rc4_key_len);
|
||||
rdp->rc4_decrypt_key = winpr_RC4_New(rdp->decrypt_key, rdp->rc4_key_len);
|
||||
rdp->rc4_encrypt_key = winpr_RC4_New(rdp->encrypt_key, rdp->rc4_key_len);
|
||||
if (!rdp->rc4_decrypt_key || !rdp->rc4_encrypt_key)
|
||||
goto end;
|
||||
|
||||
ret = TRUE;
|
||||
end:
|
||||
free(crypt_client_random);
|
||||
if (!ret)
|
||||
{
|
||||
winpr_Cipher_Free(rdp->fips_decrypt);
|
||||
winpr_Cipher_Free(rdp->fips_encrypt);
|
||||
winpr_RC4_Free(rdp->rc4_decrypt_key);
|
||||
winpr_RC4_Free(rdp->rc4_encrypt_key);
|
||||
|
||||
rdp->fips_decrypt = NULL;
|
||||
rdp->fips_encrypt = NULL;
|
||||
rdp->rc4_decrypt_key = NULL;
|
||||
rdp->rc4_encrypt_key = NULL;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
@ -575,12 +596,12 @@ BOOL rdp_server_establish_keys(rdpRdp* rdp, wStream* s)
|
|||
if (rand_len != key_len + 8)
|
||||
{
|
||||
WLog_ERR(TAG, "invalid encrypted client random length");
|
||||
goto end2;
|
||||
goto end;
|
||||
}
|
||||
|
||||
crypt_client_random = calloc(1, rand_len);
|
||||
if (!crypt_client_random)
|
||||
goto end2;
|
||||
goto end;
|
||||
Stream_Read(s, crypt_client_random, rand_len);
|
||||
|
||||
mod = rdp->settings->RdpServerRsaKey->Modulus;
|
||||
|
|
@ -589,22 +610,26 @@ BOOL rdp_server_establish_keys(rdpRdp* rdp, wStream* s)
|
|||
|
||||
/* now calculate encrypt / decrypt and update keys */
|
||||
if (!security_establish_keys(client_random, rdp))
|
||||
{
|
||||
goto end;
|
||||
}
|
||||
|
||||
rdp->do_crypt = TRUE;
|
||||
|
||||
if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
|
||||
{
|
||||
rdp->fips_encrypt = crypto_des3_encrypt_init(rdp->fips_encrypt_key, fips_ivec);
|
||||
rdp->fips_encrypt = winpr_Cipher_New(WINPR_CIPHER_DES_EDE3_CBC,
|
||||
WINPR_ENCRYPT,
|
||||
rdp->fips_encrypt_key,
|
||||
fips_ivec);
|
||||
if (!rdp->fips_encrypt)
|
||||
{
|
||||
WLog_ERR(TAG, "unable to allocate des3 encrypt key");
|
||||
goto end;
|
||||
}
|
||||
|
||||
rdp->fips_decrypt = crypto_des3_decrypt_init(rdp->fips_decrypt_key, fips_ivec);
|
||||
rdp->fips_decrypt = winpr_Cipher_New(WINPR_CIPHER_DES_EDE3_CBC,
|
||||
WINPR_DECRYPT,
|
||||
rdp->fips_decrypt_key,
|
||||
fips_ivec);
|
||||
if (!rdp->fips_decrypt)
|
||||
{
|
||||
WLog_ERR(TAG, "unable to allocate des3 decrypt key");
|
||||
|
|
@ -621,15 +646,28 @@ BOOL rdp_server_establish_keys(rdpRdp* rdp, wStream* s)
|
|||
goto end;
|
||||
}
|
||||
|
||||
winpr_RC4_Init(rdp->rc4_decrypt_key, rdp->decrypt_key, rdp->rc4_key_len);
|
||||
winpr_RC4_Init(rdp->rc4_encrypt_key, rdp->encrypt_key, rdp->rc4_key_len);
|
||||
rdp->rc4_decrypt_key = winpr_RC4_New(rdp->decrypt_key, rdp->rc4_key_len);
|
||||
rdp->rc4_encrypt_key = winpr_RC4_New(rdp->encrypt_key, rdp->rc4_key_len);
|
||||
if (!rdp->rc4_decrypt_key || rdp->rc4_encrypt_key)
|
||||
goto end;
|
||||
|
||||
ret = TRUE;
|
||||
end:
|
||||
free(crypt_client_random);
|
||||
end2:
|
||||
free(client_random);
|
||||
|
||||
if (!ret)
|
||||
{
|
||||
winpr_Cipher_Free(rdp->fips_encrypt);
|
||||
winpr_Cipher_Free(rdp->fips_decrypt);
|
||||
winpr_RC4_Free(rdp->rc4_encrypt_key);
|
||||
winpr_RC4_Free(rdp->rc4_decrypt_key);
|
||||
|
||||
rdp->fips_encrypt = NULL;
|
||||
rdp->fips_decrypt = NULL;
|
||||
rdp->rc4_encrypt_key = NULL;
|
||||
rdp->rc4_decrypt_key = NULL;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1349,7 +1349,7 @@ BOOL gcc_write_server_security_data(wStream* s, rdpMcs* mcs)
|
|||
|
||||
settings->ServerRandomLength = serverRandomLen;
|
||||
settings->ServerRandom = (BYTE*) malloc(serverRandomLen);
|
||||
crypto_nonce(settings->ServerRandom, serverRandomLen);
|
||||
winpr_RAND(settings->ServerRandom, serverRandomLen);
|
||||
Stream_Write(s, settings->ServerRandom, serverRandomLen);
|
||||
|
||||
sigData = Stream_Pointer(s);
|
||||
|
|
|
|||
|
|
@ -329,10 +329,10 @@ void license_generate_randoms(rdpLicense* license)
|
|||
ZeroMemory(license->ClientRandom, CLIENT_RANDOM_LENGTH); /* ClientRandom */
|
||||
ZeroMemory(license->PremasterSecret, PREMASTER_SECRET_LENGTH); /* PremasterSecret */
|
||||
#ifndef LICENSE_NULL_CLIENT_RANDOM
|
||||
crypto_nonce(license->ClientRandom, CLIENT_RANDOM_LENGTH); /* ClientRandom */
|
||||
winpr_RAND(license->ClientRandom, CLIENT_RANDOM_LENGTH); /* ClientRandom */
|
||||
#endif
|
||||
#ifndef LICENSE_NULL_PREMASTER_SECRET
|
||||
crypto_nonce(license->PremasterSecret, PREMASTER_SECRET_LENGTH); /* PremasterSecret */
|
||||
winpr_RAND(license->PremasterSecret, PREMASTER_SECRET_LENGTH); /* PremasterSecret */
|
||||
#endif
|
||||
}
|
||||
|
||||
|
|
@ -458,20 +458,23 @@ BOOL license_encrypt_premaster_secret(rdpLicense* license)
|
|||
|
||||
BOOL license_decrypt_platform_challenge(rdpLicense* license)
|
||||
{
|
||||
WINPR_RC4_CTX rc4;
|
||||
BOOL rc;
|
||||
WINPR_RC4_CTX* rc4;
|
||||
|
||||
license->PlatformChallenge->data = (BYTE *)malloc(license->EncryptedPlatformChallenge->length);
|
||||
if (!license->PlatformChallenge->data)
|
||||
return FALSE;
|
||||
license->PlatformChallenge->length = license->EncryptedPlatformChallenge->length;
|
||||
|
||||
winpr_RC4_Init(&rc4, license->LicensingEncryptionKey, LICENSING_ENCRYPTION_KEY_LENGTH);
|
||||
winpr_RC4_Update(&rc4, license->EncryptedPlatformChallenge->length,
|
||||
if ((rc4 = winpr_RC4_New(license->LicensingEncryptionKey,
|
||||
LICENSING_ENCRYPTION_KEY_LENGTH)) == NULL)
|
||||
return FALSE;
|
||||
rc = winpr_RC4_Update(rc4, license->EncryptedPlatformChallenge->length,
|
||||
license->EncryptedPlatformChallenge->data,
|
||||
license->PlatformChallenge->data);
|
||||
|
||||
winpr_RC4_Final(&rc4);
|
||||
return TRUE;
|
||||
winpr_RC4_Free(rc4);
|
||||
return rc;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -1015,7 +1018,7 @@ BOOL license_send_platform_challenge_response_packet(rdpLicense* license)
|
|||
wStream* s;
|
||||
int length;
|
||||
BYTE* buffer;
|
||||
WINPR_RC4_CTX rc4;
|
||||
WINPR_RC4_CTX* rc4;
|
||||
BYTE mac_data[16];
|
||||
BOOL status;
|
||||
|
||||
|
|
@ -1036,14 +1039,22 @@ BOOL license_send_platform_challenge_response_packet(rdpLicense* license)
|
|||
if (!status)
|
||||
return FALSE;
|
||||
|
||||
winpr_RC4_Init(&rc4, license->LicensingEncryptionKey, LICENSING_ENCRYPTION_KEY_LENGTH);
|
||||
rc4 = winpr_RC4_New(license->LicensingEncryptionKey,
|
||||
LICENSING_ENCRYPTION_KEY_LENGTH);
|
||||
if (!rc4)
|
||||
return FALSE;
|
||||
|
||||
buffer = (BYTE*) malloc(HWID_LENGTH);
|
||||
if (!buffer)
|
||||
return FALSE;
|
||||
|
||||
winpr_RC4_Update(&rc4, HWID_LENGTH, license->HardwareId, buffer);
|
||||
winpr_RC4_Final(&rc4);
|
||||
status = winpr_RC4_Update(rc4, HWID_LENGTH, license->HardwareId, buffer);
|
||||
winpr_RC4_Free(rc4);
|
||||
if (!status)
|
||||
{
|
||||
free(buffer);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
license->EncryptedHardwareId->type = BB_DATA_BLOB;
|
||||
license->EncryptedHardwareId->data = buffer;
|
||||
|
|
|
|||
|
|
@ -1590,25 +1590,25 @@ void rdp_reset(rdpRdp* rdp)
|
|||
|
||||
if (rdp->rc4_decrypt_key)
|
||||
{
|
||||
winpr_RC4_Final(rdp->rc4_decrypt_key);
|
||||
winpr_RC4_Free(rdp->rc4_decrypt_key);
|
||||
rdp->rc4_decrypt_key = NULL;
|
||||
}
|
||||
|
||||
if (rdp->rc4_encrypt_key)
|
||||
{
|
||||
winpr_RC4_Final(rdp->rc4_encrypt_key);
|
||||
winpr_RC4_Free(rdp->rc4_encrypt_key);
|
||||
rdp->rc4_encrypt_key = NULL;
|
||||
}
|
||||
|
||||
if (rdp->fips_encrypt)
|
||||
{
|
||||
crypto_des3_free(rdp->fips_encrypt);
|
||||
winpr_Cipher_Free(rdp->fips_encrypt);
|
||||
rdp->fips_encrypt = NULL;
|
||||
}
|
||||
|
||||
if (rdp->fips_decrypt)
|
||||
{
|
||||
crypto_des3_free(rdp->fips_decrypt);
|
||||
winpr_Cipher_Free(rdp->fips_decrypt);
|
||||
rdp->fips_decrypt = NULL;
|
||||
}
|
||||
|
||||
|
|
@ -1661,10 +1661,10 @@ void rdp_free(rdpRdp* rdp)
|
|||
{
|
||||
if (rdp)
|
||||
{
|
||||
winpr_RC4_Final(rdp->rc4_decrypt_key);
|
||||
winpr_RC4_Final(rdp->rc4_encrypt_key);
|
||||
crypto_des3_free(rdp->fips_encrypt);
|
||||
crypto_des3_free(rdp->fips_decrypt);
|
||||
winpr_RC4_Free(rdp->rc4_decrypt_key);
|
||||
winpr_RC4_Free(rdp->rc4_encrypt_key);
|
||||
winpr_Cipher_Free(rdp->fips_encrypt);
|
||||
winpr_Cipher_Free(rdp->fips_decrypt);
|
||||
free(rdp->fips_hmac);
|
||||
freerdp_settings_free(rdp->settings);
|
||||
freerdp_settings_free(rdp->settingsCopy);
|
||||
|
|
|
|||
|
|
@ -154,8 +154,8 @@ struct rdp_rdp
|
|||
WINPR_RC4_CTX* rc4_encrypt_key;
|
||||
int encrypt_use_count;
|
||||
int encrypt_checksum_use_count;
|
||||
struct crypto_des3_struct* fips_encrypt;
|
||||
struct crypto_des3_struct* fips_decrypt;
|
||||
WINPR_CIPHER_CTX* fips_encrypt;
|
||||
WINPR_CIPHER_CTX* fips_decrypt;
|
||||
WINPR_HMAC_CTX* fips_hmac;
|
||||
UINT32 sec_flags;
|
||||
BOOL do_crypt;
|
||||
|
|
|
|||
|
|
@ -538,7 +538,8 @@ BOOL security_key_update(BYTE* key, BYTE* update_key, int key_len, rdpRdp* rdp)
|
|||
BYTE sha1h[WINPR_SHA1_DIGEST_LENGTH];
|
||||
WINPR_MD5_CTX md5;
|
||||
WINPR_SHA1_CTX sha1;
|
||||
WINPR_RC4_CTX rc4;
|
||||
WINPR_RC4_CTX* rc4;
|
||||
BOOL rc;
|
||||
BYTE salt[] = { 0xD1, 0x26, 0x9E }; /* 40 bits: 3 bytes, 56 bits: 1 byte */
|
||||
|
||||
if (!winpr_SHA1_Init(&sha1))
|
||||
|
|
@ -563,11 +564,12 @@ BOOL security_key_update(BYTE* key, BYTE* update_key, int key_len, rdpRdp* rdp)
|
|||
if (!winpr_MD5_Final(&md5, key, WINPR_MD5_DIGEST_LENGTH))
|
||||
return FALSE;
|
||||
|
||||
if (!winpr_RC4_Init(&rc4, key, key_len))
|
||||
if ((rc4 = winpr_RC4_New(key, key_len)) == NULL)
|
||||
return FALSE;
|
||||
if (!winpr_RC4_Update(&rc4, key_len, key, key))
|
||||
return FALSE;
|
||||
if (!winpr_RC4_Final(&rc4))
|
||||
rc = winpr_RC4_Update(rc4, key_len, key, key);
|
||||
winpr_RC4_Free(rc4);
|
||||
|
||||
if (!rc)
|
||||
return FALSE;
|
||||
|
||||
if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_40BIT)
|
||||
|
|
@ -585,9 +587,9 @@ BOOL security_encrypt(BYTE* data, int length, rdpRdp* rdp)
|
|||
if (!security_key_update(rdp->encrypt_key, rdp->encrypt_update_key, rdp->rc4_key_len, rdp))
|
||||
return FALSE;
|
||||
|
||||
if (!winpr_RC4_Final(rdp->rc4_encrypt_key))
|
||||
return FALSE;
|
||||
if (!winpr_RC4_Init(rdp->rc4_encrypt_key, rdp->encrypt_key, rdp->rc4_key_len))
|
||||
winpr_RC4_Free(rdp->rc4_encrypt_key);
|
||||
rdp->rc4_encrypt_key = winpr_RC4_New(rdp->encrypt_key, rdp->rc4_key_len);
|
||||
if (!rdp->rc4_encrypt_key)
|
||||
return FALSE;
|
||||
|
||||
rdp->encrypt_use_count = 0;
|
||||
|
|
@ -609,9 +611,10 @@ BOOL security_decrypt(BYTE* data, int length, rdpRdp* rdp)
|
|||
{
|
||||
if (!security_key_update(rdp->decrypt_key, rdp->decrypt_update_key, rdp->rc4_key_len, rdp))
|
||||
return FALSE;
|
||||
if (!winpr_RC4_Final(rdp->rc4_decrypt_key))
|
||||
return FALSE;
|
||||
if (!winpr_RC4_Init(rdp->rc4_decrypt_key, rdp->decrypt_key, rdp->rc4_key_len))
|
||||
winpr_RC4_Free(rdp->rc4_decrypt_key);
|
||||
rdp->rc4_decrypt_key = winpr_RC4_New(rdp->decrypt_key,
|
||||
rdp->rc4_key_len);
|
||||
if (!rdp->rc4_decrypt_key)
|
||||
return FALSE;
|
||||
|
||||
rdp->decrypt_use_count = 0;
|
||||
|
|
@ -646,7 +649,9 @@ BOOL security_hmac_signature(const BYTE* data, int length, BYTE* output, rdpRdp*
|
|||
|
||||
BOOL security_fips_encrypt(BYTE* data, int length, rdpRdp* rdp)
|
||||
{
|
||||
if (!crypto_des3_encrypt(rdp->fips_encrypt, length, data, data))
|
||||
size_t olen;
|
||||
|
||||
if (!winpr_Cipher_Update(rdp->fips_encrypt, data, length, data, &olen))
|
||||
return FALSE;
|
||||
rdp->encrypt_use_count++;
|
||||
return TRUE;
|
||||
|
|
@ -654,7 +659,11 @@ BOOL security_fips_encrypt(BYTE* data, int length, rdpRdp* rdp)
|
|||
|
||||
BOOL security_fips_decrypt(BYTE* data, int length, rdpRdp* rdp)
|
||||
{
|
||||
return crypto_des3_decrypt(rdp->fips_decrypt, length, data, data);
|
||||
size_t olen;
|
||||
|
||||
if (!winpr_Cipher_Update(rdp->fips_decrypt, data, length, data, &olen))
|
||||
return FALSE;
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
BOOL security_fips_check_signature(const BYTE* data, int length, const BYTE* sig, rdpRdp* rdp)
|
||||
|
|
|
|||
|
|
@ -29,54 +29,6 @@
|
|||
|
||||
#define TAG FREERDP_TAG("crypto")
|
||||
|
||||
CryptoDes3 crypto_des3_encrypt_init(const BYTE* key, const BYTE* ivec)
|
||||
{
|
||||
CryptoDes3 des3 = malloc(sizeof(*des3));
|
||||
if (!des3)
|
||||
return NULL;
|
||||
|
||||
EVP_CIPHER_CTX_init(&des3->des3_ctx);
|
||||
EVP_EncryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
|
||||
EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0);
|
||||
return des3;
|
||||
}
|
||||
|
||||
CryptoDes3 crypto_des3_decrypt_init(const BYTE* key, const BYTE* ivec)
|
||||
{
|
||||
CryptoDes3 des3 = malloc(sizeof(*des3));
|
||||
if (!des3)
|
||||
return NULL;
|
||||
|
||||
EVP_CIPHER_CTX_init(&des3->des3_ctx);
|
||||
EVP_DecryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
|
||||
EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0);
|
||||
return des3;
|
||||
}
|
||||
|
||||
BOOL crypto_des3_encrypt(CryptoDes3 des3, UINT32 length, const BYTE* in_data, BYTE* out_data)
|
||||
{
|
||||
int len;
|
||||
return EVP_EncryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length) == 1;
|
||||
}
|
||||
|
||||
BOOL crypto_des3_decrypt(CryptoDes3 des3, UINT32 length, const BYTE* in_data, BYTE* out_data)
|
||||
{
|
||||
int len;
|
||||
int ret = EVP_DecryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
|
||||
|
||||
if (length != len)
|
||||
abort(); /* TODO */
|
||||
return ret == 1;
|
||||
}
|
||||
|
||||
void crypto_des3_free(CryptoDes3 des3)
|
||||
{
|
||||
if (des3 == NULL)
|
||||
return;
|
||||
EVP_CIPHER_CTX_cleanup(&des3->des3_ctx);
|
||||
free(des3);
|
||||
}
|
||||
|
||||
CryptoCert crypto_cert_read(BYTE* data, UINT32 length)
|
||||
{
|
||||
CryptoCert cert = malloc(sizeof(*cert));
|
||||
|
|
@ -240,11 +192,6 @@ void crypto_reverse(BYTE* data, int length)
|
|||
}
|
||||
}
|
||||
|
||||
void crypto_nonce(BYTE* nonce, int size)
|
||||
{
|
||||
winpr_RAND((void*) nonce, size);
|
||||
}
|
||||
|
||||
char* crypto_cert_fingerprint(X509* xcert)
|
||||
{
|
||||
int i = 0;
|
||||
|
|
|
|||
|
|
@ -901,9 +901,9 @@ typedef union _WINPR_RC4_CTX WINPR_RC4_CTX;
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
WINPR_API BOOL winpr_RC4_Init(WINPR_RC4_CTX* ctx, const BYTE* key, size_t keylen);
|
||||
WINPR_API WINPR_RC4_CTX* winpr_RC4_New(const BYTE* key, size_t keylen);
|
||||
WINPR_API BOOL winpr_RC4_Update(WINPR_RC4_CTX* ctx, size_t length, const BYTE* input, BYTE* output);
|
||||
WINPR_API BOOL winpr_RC4_Final(WINPR_RC4_CTX* ctx);
|
||||
WINPR_API void winpr_RC4_Free(WINPR_RC4_CTX* ctx);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
@ -1016,9 +1016,10 @@ typedef union _WINPR_CIPHER_CTX WINPR_CIPHER_CTX;
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
WINPR_API BOOL winpr_Cipher_Init(WINPR_CIPHER_CTX* ctx, int cipher, int op, const BYTE* key, const BYTE* iv);
|
||||
WINPR_API WINPR_CIPHER_CTX* winpr_Cipher_New(int cipher, int op, const BYTE* key, const BYTE* iv);
|
||||
WINPR_API BOOL winpr_Cipher_Update(WINPR_CIPHER_CTX* ctx, const BYTE* input, size_t ilen, BYTE* output, size_t* olen);
|
||||
WINPR_API BOOL winpr_Cipher_Final(WINPR_CIPHER_CTX* ctx, BYTE* output, size_t* olen);
|
||||
WINPR_API void winpr_Cipher_Free(WINPR_CIPHER_CTX* ctx);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
|
|||
|
|
@ -43,15 +43,24 @@
|
|||
* RC4
|
||||
*/
|
||||
|
||||
BOOL winpr_RC4_Init(WINPR_RC4_CTX* ctx, const BYTE* key, size_t keylen)
|
||||
WINPR_RC4_CTX* winpr_RC4_New(const BYTE* key, size_t keylen)
|
||||
{
|
||||
WINPR_RC4_CTX* ctx = NULL;
|
||||
|
||||
if (!key || (keylen == 0))
|
||||
return NULL;
|
||||
|
||||
ctx = calloc(1, sizeof(WINPR_RC4_CTX));
|
||||
if (!ctx)
|
||||
return NULL;
|
||||
|
||||
#if defined(WITH_OPENSSL)
|
||||
RC4_set_key((RC4_KEY*) ctx, keylen, key);
|
||||
#elif defined(WITH_MBEDTLS) && defined(MBEDTLS_ARC4_C)
|
||||
mbedtls_arc4_init((mbedtls_arc4_context*) ctx);
|
||||
mbedtls_arc4_setup((mbedtls_arc4_context*) ctx, key, keylen);
|
||||
#endif
|
||||
return TRUE;
|
||||
return ctx;
|
||||
}
|
||||
|
||||
BOOL winpr_RC4_Update(WINPR_RC4_CTX* ctx, size_t length, const BYTE* input, BYTE* output)
|
||||
|
|
@ -60,20 +69,23 @@ BOOL winpr_RC4_Update(WINPR_RC4_CTX* ctx, size_t length, const BYTE* input, BYTE
|
|||
RC4((RC4_KEY*) ctx, length, input, output);
|
||||
#elif defined(WITH_MBEDTLS) && defined(MBEDTLS_ARC4_C)
|
||||
if (mbedtls_arc4_crypt((mbedtls_arc4_context*) ctx, length, input, output) != 0)
|
||||
return FALSE;
|
||||
return FALSE;
|
||||
#endif
|
||||
|
||||
return TRUE;
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
BOOL winpr_RC4_Final(WINPR_RC4_CTX* ctx)
|
||||
void winpr_RC4_Free(WINPR_RC4_CTX* ctx)
|
||||
{
|
||||
if (!ctx)
|
||||
return;
|
||||
|
||||
#if defined(WITH_OPENSSL)
|
||||
|
||||
#elif defined(WITH_MBEDTLS) && defined(MBEDTLS_ARC4_C)
|
||||
mbedtls_arc4_free((mbedtls_arc4_context*) ctx);
|
||||
#endif
|
||||
return TRUE;
|
||||
free(ctx);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -500,44 +512,74 @@ mbedtls_cipher_type_t winpr_mbedtls_get_cipher_type(int cipher)
|
|||
}
|
||||
#endif
|
||||
|
||||
BOOL winpr_Cipher_Init(WINPR_CIPHER_CTX* ctx, int cipher, int op, const BYTE* key, const BYTE* iv)
|
||||
WINPR_CIPHER_CTX* winpr_Cipher_New(int cipher, int op, const BYTE* key, const BYTE* iv)
|
||||
{
|
||||
WINPR_CIPHER_CTX* ctx;
|
||||
#if defined(WITH_OPENSSL)
|
||||
int operation;
|
||||
const EVP_CIPHER* evp;
|
||||
evp = winpr_openssl_get_evp_cipher(cipher);
|
||||
|
||||
if (!evp)
|
||||
return FALSE;
|
||||
|
||||
operation = (op == WINPR_ENCRYPT) ? 1 : 0;
|
||||
EVP_CIPHER_CTX_init((EVP_CIPHER_CTX*) ctx);
|
||||
|
||||
if (EVP_CipherInit_ex((EVP_CIPHER_CTX*) ctx, evp, NULL, key, iv, operation) != 1)
|
||||
return FALSE;
|
||||
EVP_CIPHER_CTX* octx;
|
||||
#elif defined(WITH_MBEDTLS)
|
||||
int key_bitlen;
|
||||
mbedtls_operation_t operation;
|
||||
mbedtls_cipher_type_t cipher_type;
|
||||
const mbedtls_cipher_info_t* cipher_info;
|
||||
#endif
|
||||
|
||||
ctx = calloc(1, sizeof(WINPR_CIPHER_CTX));
|
||||
if (!ctx)
|
||||
return NULL;
|
||||
|
||||
#if defined(WITH_OPENSSL)
|
||||
octx = (EVP_CIPHER_CTX*)ctx;
|
||||
evp = winpr_openssl_get_evp_cipher(cipher);
|
||||
|
||||
if (!evp)
|
||||
{
|
||||
free (ctx);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
operation = (op == WINPR_ENCRYPT) ? 1 : 0;
|
||||
EVP_CIPHER_CTX_init(octx);
|
||||
|
||||
if (EVP_CipherInit_ex(octx, evp, NULL, key, iv, operation) != 1)
|
||||
{
|
||||
EVP_CIPHER_CTX_cleanup(octx);
|
||||
free (octx);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
EVP_CIPHER_CTX_set_padding(octx, 0);
|
||||
#elif defined(WITH_MBEDTLS)
|
||||
cipher_type = winpr_mbedtls_get_cipher_type(cipher);
|
||||
cipher_info = mbedtls_cipher_info_from_type(cipher_type);
|
||||
|
||||
if (!cipher_info)
|
||||
return FALSE;
|
||||
{
|
||||
free (ctx);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
operation = (op == WINPR_ENCRYPT) ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT;
|
||||
mbedtls_cipher_init((mbedtls_cipher_context_t*) ctx);
|
||||
|
||||
if (mbedtls_cipher_setup((mbedtls_cipher_context_t*) ctx, cipher_info) != 0)
|
||||
return FALSE;
|
||||
{
|
||||
free (ctx);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
key_bitlen = mbedtls_cipher_get_key_bitlen((mbedtls_cipher_context_t*) ctx);
|
||||
|
||||
if (mbedtls_cipher_setkey((mbedtls_cipher_context_t*) ctx, key, key_bitlen, operation) != 0)
|
||||
return FALSE;
|
||||
{
|
||||
mbedtls_cipher_free((mbedtls_cipher_context_t*) ctx);
|
||||
free (ctx);
|
||||
return NULL;
|
||||
}
|
||||
#endif
|
||||
return TRUE;
|
||||
return ctx;
|
||||
}
|
||||
|
||||
BOOL winpr_Cipher_Update(WINPR_CIPHER_CTX* ctx, const BYTE* input, size_t ilen, BYTE* output, size_t* olen)
|
||||
|
|
@ -564,17 +606,27 @@ BOOL winpr_Cipher_Final(WINPR_CIPHER_CTX* ctx, BYTE* output, size_t* olen)
|
|||
if (EVP_CipherFinal_ex((EVP_CIPHER_CTX*) ctx, output, &outl) != 1)
|
||||
return FALSE;
|
||||
|
||||
EVP_CIPHER_CTX_cleanup((EVP_CIPHER_CTX*) ctx);
|
||||
*olen = (size_t) outl;
|
||||
#elif defined(WITH_MBEDTLS)
|
||||
if (mbedtls_cipher_finish((mbedtls_cipher_context_t*) ctx, output, olen) != 0)
|
||||
return FALSE;
|
||||
|
||||
mbedtls_cipher_free((mbedtls_cipher_context_t*) ctx);
|
||||
#endif
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
void winpr_Cipher_Free(WINPR_CIPHER_CTX* ctx)
|
||||
{
|
||||
if (!ctx)
|
||||
return;
|
||||
|
||||
#if defined(WITH_OPENSSL)
|
||||
EVP_CIPHER_CTX_cleanup((EVP_CIPHER_CTX*) ctx);
|
||||
#elif defined(WITH_MBEDTLS)
|
||||
mbedtls_cipher_free((mbedtls_cipher_context_t*) ctx);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Key Generation
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -150,7 +150,7 @@ BOOL CryptProtectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags)
|
|||
{
|
||||
BYTE* pCipherText;
|
||||
size_t cbOut, cbFinal;
|
||||
WINPR_CIPHER_CTX enc;
|
||||
WINPR_CIPHER_CTX* enc;
|
||||
BYTE randomKey[256];
|
||||
WINPR_PROTECTED_MEMORY_BLOCK* pMemBlock;
|
||||
|
||||
|
|
@ -186,27 +186,35 @@ BOOL CryptProtectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags)
|
|||
pCipherText = (BYTE*) malloc(cbOut);
|
||||
|
||||
if (!pCipherText)
|
||||
{
|
||||
free(pMemBlock);
|
||||
return FALSE;
|
||||
}
|
||||
goto out;
|
||||
|
||||
winpr_Cipher_Init(&enc, WINPR_CIPHER_AES_256_CBC, WINPR_ENCRYPT, pMemBlock->key, pMemBlock->iv);
|
||||
winpr_Cipher_Update(&enc, pMemBlock->pData, pMemBlock->cbData, pCipherText, &cbOut);
|
||||
winpr_Cipher_Final(&enc, pCipherText + cbOut, &cbFinal);
|
||||
if ((enc = winpr_Cipher_New(WINPR_CIPHER_AES_256_CBC, WINPR_ENCRYPT,
|
||||
pMemBlock->key, pMemBlock->iv)) == NULL)
|
||||
goto out;
|
||||
if (!winpr_Cipher_Update(enc, pMemBlock->pData, pMemBlock->cbData, pCipherText, &cbOut))
|
||||
goto out;
|
||||
if (!winpr_Cipher_Final(enc, pCipherText + cbOut, &cbFinal))
|
||||
goto out;
|
||||
winpr_Cipher_Free(enc);
|
||||
|
||||
CopyMemory(pMemBlock->pData, pCipherText, pMemBlock->cbData);
|
||||
free(pCipherText);
|
||||
|
||||
return ListDictionary_Add(g_ProtectedMemoryBlocks, pData, pMemBlock);
|
||||
out:
|
||||
free (pMemBlock);
|
||||
free (pCipherText);
|
||||
winpr_Cipher_Free(enc);
|
||||
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
BOOL CryptUnprotectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags)
|
||||
{
|
||||
BYTE* pPlainText;
|
||||
BYTE* pPlainText = NULL;
|
||||
size_t cbOut, cbFinal;
|
||||
WINPR_CIPHER_CTX dec;
|
||||
WINPR_PROTECTED_MEMORY_BLOCK* pMemBlock;
|
||||
WINPR_CIPHER_CTX* dec = NULL;
|
||||
WINPR_PROTECTED_MEMORY_BLOCK* pMemBlock = NULL;
|
||||
|
||||
if (dwFlags != CRYPTPROTECTMEMORY_SAME_PROCESS)
|
||||
return FALSE;
|
||||
|
|
@ -217,18 +225,23 @@ BOOL CryptUnprotectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags)
|
|||
pMemBlock = (WINPR_PROTECTED_MEMORY_BLOCK*) ListDictionary_GetItemValue(g_ProtectedMemoryBlocks, pData);
|
||||
|
||||
if (!pMemBlock)
|
||||
return FALSE;
|
||||
goto out;
|
||||
|
||||
cbOut = pMemBlock->cbData + 16 - 1;
|
||||
|
||||
pPlainText = (BYTE*) malloc(cbOut);
|
||||
|
||||
if (!pPlainText)
|
||||
return FALSE;
|
||||
goto out;
|
||||
|
||||
winpr_Cipher_Init(&dec, WINPR_CIPHER_AES_256_CBC, WINPR_DECRYPT, pMemBlock->key, pMemBlock->iv);
|
||||
winpr_Cipher_Update(&dec, pMemBlock->pData, pMemBlock->cbData, pPlainText, &cbOut);
|
||||
winpr_Cipher_Final(&dec, pPlainText + cbOut, &cbFinal);
|
||||
if ((dec = winpr_Cipher_New(WINPR_CIPHER_AES_256_CBC, WINPR_DECRYPT,
|
||||
pMemBlock->key, pMemBlock->iv)) == NULL)
|
||||
goto out;
|
||||
if (!winpr_Cipher_Update(dec, pMemBlock->pData, pMemBlock->cbData, pPlainText, &cbOut))
|
||||
goto out;
|
||||
if (!winpr_Cipher_Final(dec, pPlainText + cbOut, &cbFinal))
|
||||
goto out;
|
||||
winpr_Cipher_Free(dec);
|
||||
|
||||
CopyMemory(pMemBlock->pData, pPlainText, pMemBlock->cbData);
|
||||
SecureZeroMemory(pPlainText, pMemBlock->cbData);
|
||||
|
|
@ -239,6 +252,12 @@ BOOL CryptUnprotectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags)
|
|||
free(pMemBlock);
|
||||
|
||||
return TRUE;
|
||||
|
||||
out:
|
||||
free(pPlainText);
|
||||
free(pMemBlock);
|
||||
winpr_Cipher_Free(dec);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
BOOL CryptProtectData(DATA_BLOB* pDataIn, LPCWSTR szDataDescr, DATA_BLOB* pOptionalEntropy,
|
||||
|
|
|
|||
|
|
@ -7,22 +7,26 @@ static const BYTE* TEST_RC4_KEY = (BYTE*) "Key";
|
|||
static const char* TEST_RC4_PLAINTEXT = "Plaintext";
|
||||
static const BYTE* TEST_RC4_CIPHERTEXT = (BYTE*) "\xBB\xF3\x16\xE8\xD9\x40\xAF\x0A\xD3";
|
||||
|
||||
BOOL test_crypto_cipher_rc4()
|
||||
static BOOL test_crypto_cipher_rc4()
|
||||
{
|
||||
size_t len;
|
||||
BYTE* text;
|
||||
WINPR_RC4_CTX ctx;
|
||||
BOOL rc = FALSE;
|
||||
BYTE* text = NULL;
|
||||
WINPR_RC4_CTX* ctx;
|
||||
|
||||
len = strlen(TEST_RC4_PLAINTEXT);
|
||||
|
||||
text = (BYTE*) calloc(1, len);
|
||||
|
||||
if (!text)
|
||||
return FALSE;
|
||||
goto out;
|
||||
|
||||
winpr_RC4_Init(&ctx, TEST_RC4_KEY, strlen((char*) TEST_RC4_KEY));
|
||||
winpr_RC4_Update(&ctx, len, (BYTE*) TEST_RC4_PLAINTEXT, text);
|
||||
winpr_RC4_Final(&ctx);
|
||||
if ((ctx = winpr_RC4_New(TEST_RC4_KEY, strlen((char*) TEST_RC4_KEY))) == NULL)
|
||||
goto out;
|
||||
rc = winpr_RC4_Update(ctx, len, (BYTE*) TEST_RC4_PLAINTEXT, text);
|
||||
winpr_RC4_Free(ctx);
|
||||
if (!rc)
|
||||
goto out;
|
||||
|
||||
if (memcmp(text, TEST_RC4_CIPHERTEXT, len) != 0)
|
||||
{
|
||||
|
|
@ -36,11 +40,14 @@ BOOL test_crypto_cipher_rc4()
|
|||
|
||||
free(actual);
|
||||
free(expected);
|
||||
|
||||
return FALSE;
|
||||
goto out;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
rc = TRUE;
|
||||
|
||||
out:
|
||||
free(text);
|
||||
return rc;
|
||||
}
|
||||
|
||||
static const BYTE* TEST_RAND_DATA = (BYTE*)
|
||||
|
|
@ -56,7 +63,7 @@ static const BYTE* TEST_CIPHER_KEY = (BYTE*)
|
|||
static const BYTE* TEST_CIPHER_IV = (BYTE*)
|
||||
"\xFE\xE3\x9F\xF0\xD1\x5E\x37\x0C\xAB\xAB\x9B\x04\xF3\xDB\x99\x15";
|
||||
|
||||
BOOL test_crypto_cipher_key()
|
||||
static BOOL test_crypto_cipher_key()
|
||||
{
|
||||
int status;
|
||||
BYTE key[32];
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
static const char* TEST_MD5_DATA = "test";
|
||||
static const BYTE* TEST_MD5_HASH = (BYTE*) "\x09\x8f\x6b\xcd\x46\x21\xd3\x73\xca\xde\x4e\x83\x26\x27\xb4\xf6";
|
||||
|
||||
BOOL test_crypto_hash_md5()
|
||||
static BOOL test_crypto_hash_md5(void)
|
||||
{
|
||||
BYTE hash[WINPR_MD5_DIGEST_LENGTH];
|
||||
WINPR_MD5_CTX ctx;
|
||||
|
|
@ -31,7 +31,7 @@ BOOL test_crypto_hash_md5()
|
|||
free(actual);
|
||||
free(expected);
|
||||
|
||||
return -1;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
|
|
@ -40,7 +40,7 @@ BOOL test_crypto_hash_md5()
|
|||
static const char* TEST_MD4_DATA = "test";
|
||||
static const BYTE* TEST_MD4_HASH = (BYTE*) "\xdb\x34\x6d\x69\x1d\x7a\xcc\x4d\xc2\x62\x5d\xb1\x9f\x9e\x3f\x52";
|
||||
|
||||
BOOL test_crypto_hash_md4()
|
||||
static BOOL test_crypto_hash_md4(void)
|
||||
{
|
||||
BYTE hash[WINPR_MD4_DIGEST_LENGTH];
|
||||
WINPR_MD4_CTX ctx;
|
||||
|
|
@ -65,7 +65,7 @@ BOOL test_crypto_hash_md4()
|
|||
free(actual);
|
||||
free(expected);
|
||||
|
||||
return -1;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
|
|
@ -74,7 +74,7 @@ BOOL test_crypto_hash_md4()
|
|||
static const char* TEST_SHA1_DATA = "test";
|
||||
static const BYTE* TEST_SHA1_HASH = (BYTE*) "\xa9\x4a\x8f\xe5\xcc\xb1\x9b\xa6\x1c\x4c\x08\x73\xd3\x91\xe9\x87\x98\x2f\xbb\xd3";
|
||||
|
||||
BOOL test_crypto_hash_sha1()
|
||||
static BOOL test_crypto_hash_sha1(void)
|
||||
{
|
||||
BYTE hash[WINPR_SHA1_DIGEST_LENGTH];
|
||||
WINPR_SHA1_CTX ctx;
|
||||
|
|
@ -91,15 +91,15 @@ BOOL test_crypto_hash_sha1()
|
|||
char* actual;
|
||||
char* expected;
|
||||
|
||||
actual = winpr_BinToHexString(hash, WINPR_MD5_DIGEST_LENGTH, FALSE);
|
||||
expected = winpr_BinToHexString(TEST_SHA1_HASH, WINPR_MD5_DIGEST_LENGTH, FALSE);
|
||||
actual = winpr_BinToHexString(hash, WINPR_SHA1_DIGEST_LENGTH, FALSE);
|
||||
expected = winpr_BinToHexString(TEST_SHA1_HASH, WINPR_SHA1_DIGEST_LENGTH, FALSE);
|
||||
|
||||
fprintf(stderr, "unexpected SHA1 hash: Actual: %s Expected: %s\n", actual, expected);
|
||||
|
||||
free(actual);
|
||||
free(expected);
|
||||
|
||||
return -1;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
|
|
@ -109,32 +109,32 @@ static const char* TEST_HMAC_MD5_DATA = "Hi There";
|
|||
static const BYTE* TEST_HMAC_MD5_KEY = (BYTE*) "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
|
||||
static const BYTE* TEST_HMAC_MD5_HASH = (BYTE*) "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc\x9d";
|
||||
|
||||
BOOL test_crypto_hash_hmac_md5()
|
||||
static BOOL test_crypto_hash_hmac_md5(void)
|
||||
{
|
||||
BYTE hash[WINPR_MD5_DIGEST_LENGTH];
|
||||
WINPR_HMAC_CTX ctx;
|
||||
|
||||
if (!winpr_HMAC_Init(&ctx, WINPR_MD_MD5, TEST_HMAC_MD5_KEY, WINPR_SHA1_DIGEST_LENGTH))
|
||||
if (!winpr_HMAC_Init(&ctx, WINPR_MD_MD5, TEST_HMAC_MD5_KEY, WINPR_MD5_DIGEST_LENGTH))
|
||||
return FALSE;
|
||||
if (!winpr_HMAC_Update(&ctx, (BYTE*) TEST_HMAC_MD5_DATA, strlen(TEST_HMAC_MD5_DATA)))
|
||||
return FALSE;
|
||||
if (!winpr_HMAC_Final(&ctx, hash, sizeof(hash)))
|
||||
return FALSE;
|
||||
|
||||
if (memcmp(hash, TEST_HMAC_MD5_HASH, WINPR_SHA1_DIGEST_LENGTH) != 0)
|
||||
if (memcmp(hash, TEST_HMAC_MD5_HASH, WINPR_MD5_DIGEST_LENGTH) != 0)
|
||||
{
|
||||
char* actual;
|
||||
char* expected;
|
||||
|
||||
actual = winpr_BinToHexString(hash, WINPR_SHA1_DIGEST_LENGTH, FALSE);
|
||||
expected = winpr_BinToHexString(TEST_HMAC_MD5_HASH, WINPR_SHA1_DIGEST_LENGTH, FALSE);
|
||||
actual = winpr_BinToHexString(hash, WINPR_MD5_DIGEST_LENGTH, FALSE);
|
||||
expected = winpr_BinToHexString(TEST_HMAC_MD5_HASH, WINPR_MD5_DIGEST_LENGTH, FALSE);
|
||||
|
||||
fprintf(stderr, "unexpected HMAC-MD5 hash: Actual: %s Expected: %s\n", actual, expected);
|
||||
|
||||
free(actual);
|
||||
free(expected);
|
||||
|
||||
return -1;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
|
|
@ -144,7 +144,7 @@ static const char* TEST_HMAC_SHA1_DATA = "Hi There";
|
|||
static const BYTE* TEST_HMAC_SHA1_KEY = (BYTE*) "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
|
||||
static const BYTE* TEST_HMAC_SHA1_HASH = (BYTE*) "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c\x8e\xf1\x46\xbe\x00";
|
||||
|
||||
BOOL test_crypto_hash_hmac_sha1()
|
||||
static BOOL test_crypto_hash_hmac_sha1(void)
|
||||
{
|
||||
BYTE hash[WINPR_SHA1_DIGEST_LENGTH];
|
||||
WINPR_HMAC_CTX ctx;
|
||||
|
|
@ -169,7 +169,7 @@ BOOL test_crypto_hash_hmac_sha1()
|
|||
free(actual);
|
||||
free(expected);
|
||||
|
||||
return -1;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
|
|
|
|||
|
|
@ -239,6 +239,8 @@ void ntlm_ContextFree(NTLM_CONTEXT* context)
|
|||
if (!context)
|
||||
return;
|
||||
|
||||
winpr_RC4_Free(context->SendRc4Seal);
|
||||
winpr_RC4_Free(context->RecvRc4Seal);
|
||||
sspi_SecBufferFree(&context->NegotiateMessage);
|
||||
sspi_SecBufferFree(&context->ChallengeMessage);
|
||||
sspi_SecBufferFree(&context->AuthenticateMessage);
|
||||
|
|
@ -931,7 +933,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, ULONG fQOP,
|
|||
/* Encrypt message using with RC4, result overwrites original buffer */
|
||||
|
||||
if (context->confidentiality)
|
||||
winpr_RC4_Update(&context->SendRc4Seal, length, (BYTE*) data, (BYTE*) data_buffer->pvBuffer);
|
||||
winpr_RC4_Update(context->SendRc4Seal, length, (BYTE*) data, (BYTE*) data_buffer->pvBuffer);
|
||||
else
|
||||
CopyMemory(data_buffer->pvBuffer, data, length);
|
||||
|
||||
|
|
@ -943,7 +945,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, ULONG fQOP,
|
|||
#endif
|
||||
free(data);
|
||||
/* RC4-encrypt first 8 bytes of digest */
|
||||
winpr_RC4_Update(&context->SendRc4Seal, 8, digest, checksum);
|
||||
winpr_RC4_Update(context->SendRc4Seal, 8, digest, checksum);
|
||||
signature = (BYTE*) signature_buffer->pvBuffer;
|
||||
/* Concatenate version, ciphertext and sequence number to build signature */
|
||||
CopyMemory(signature, (void*) &version, 4);
|
||||
|
|
@ -1000,7 +1002,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, PSecBufferD
|
|||
/* Decrypt message using with RC4, result overwrites original buffer */
|
||||
|
||||
if (context->confidentiality)
|
||||
winpr_RC4_Update(&context->RecvRc4Seal, length, (BYTE*) data, (BYTE*) data_buffer->pvBuffer);
|
||||
winpr_RC4_Update(context->RecvRc4Seal, length, (BYTE*) data, (BYTE*) data_buffer->pvBuffer);
|
||||
else
|
||||
CopyMemory(data_buffer->pvBuffer, data, length);
|
||||
|
||||
|
|
@ -1017,7 +1019,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, PSecBufferD
|
|||
#endif
|
||||
free(data);
|
||||
/* RC4-encrypt first 8 bytes of digest */
|
||||
winpr_RC4_Update(&context->RecvRc4Seal, 8, digest, checksum);
|
||||
winpr_RC4_Update(context->RecvRc4Seal, 8, digest, checksum);
|
||||
/* Concatenate version, ciphertext and sequence number to build signature */
|
||||
CopyMemory(expected_signature, (void*) &version, 4);
|
||||
CopyMemory(&expected_signature[4], (void*) checksum, 8);
|
||||
|
|
|
|||
|
|
@ -225,8 +225,8 @@ struct _NTLM_CONTEXT
|
|||
BYTE MachineID[32];
|
||||
BOOL SendVersionInfo;
|
||||
BOOL confidentiality;
|
||||
WINPR_RC4_CTX SendRc4Seal;
|
||||
WINPR_RC4_CTX RecvRc4Seal;
|
||||
WINPR_RC4_CTX* SendRc4Seal;
|
||||
WINPR_RC4_CTX* RecvRc4Seal;
|
||||
BYTE* SendSigningKey;
|
||||
BYTE* RecvSigningKey;
|
||||
BYTE* SendSealingKey;
|
||||
|
|
|
|||
|
|
@ -341,8 +341,8 @@ int ntlm_compute_lm_v2_response(NTLM_CONTEXT* context)
|
|||
response = (BYTE*) context->LmChallengeResponse.pvBuffer;
|
||||
/* Compute the HMAC-MD5 hash of the resulting value using the NTLMv2 hash as the key */
|
||||
winpr_HMAC(WINPR_MD_MD5, (void*) context->NtlmV2Hash, WINPR_MD5_DIGEST_LENGTH,
|
||||
(BYTE*) value, WINPR_MD5_DIGEST_LENGTH,
|
||||
(BYTE*) response, WINPR_MD5_DIGEST_LENGTH);
|
||||
(BYTE*) value, WINPR_MD5_DIGEST_LENGTH,
|
||||
(BYTE*) response, WINPR_MD5_DIGEST_LENGTH);
|
||||
/* Concatenate the resulting HMAC-MD5 hash and the client challenge, giving us the LMv2 response (24 bytes) */
|
||||
CopyMemory(&response[16], context->ClientChallenge, 8);
|
||||
return 1;
|
||||
|
|
@ -412,8 +412,8 @@ int ntlm_compute_ntlm_v2_response(NTLM_CONTEXT* context)
|
|||
CopyMemory(blob, context->ServerChallenge, 8);
|
||||
CopyMemory(&blob[8], ntlm_v2_temp.pvBuffer, ntlm_v2_temp.cbBuffer);
|
||||
winpr_HMAC(WINPR_MD_MD5, (BYTE*) context->NtlmV2Hash, WINPR_MD5_DIGEST_LENGTH,
|
||||
(BYTE*) ntlm_v2_temp_chal.pvBuffer, ntlm_v2_temp_chal.cbBuffer,
|
||||
(BYTE*) nt_proof_str, WINPR_MD5_DIGEST_LENGTH);
|
||||
(BYTE*) ntlm_v2_temp_chal.pvBuffer, ntlm_v2_temp_chal.cbBuffer,
|
||||
(BYTE*) nt_proof_str, WINPR_MD5_DIGEST_LENGTH);
|
||||
|
||||
/* NtChallengeResponse, Concatenate NTProofStr with temp */
|
||||
|
||||
|
|
@ -425,8 +425,8 @@ int ntlm_compute_ntlm_v2_response(NTLM_CONTEXT* context)
|
|||
CopyMemory(&blob[16], ntlm_v2_temp.pvBuffer, ntlm_v2_temp.cbBuffer);
|
||||
/* Compute SessionBaseKey, the HMAC-MD5 hash of NTProofStr using the NTLMv2 hash as the key */
|
||||
winpr_HMAC(WINPR_MD_MD5, (BYTE*) context->NtlmV2Hash, WINPR_MD5_DIGEST_LENGTH,
|
||||
(BYTE*) nt_proof_str, WINPR_MD5_DIGEST_LENGTH,
|
||||
(BYTE*) context->SessionBaseKey, WINPR_MD5_DIGEST_LENGTH);
|
||||
(BYTE*) nt_proof_str, WINPR_MD5_DIGEST_LENGTH,
|
||||
(BYTE*) context->SessionBaseKey, WINPR_MD5_DIGEST_LENGTH);
|
||||
sspi_SecBufferFree(&ntlm_v2_temp);
|
||||
sspi_SecBufferFree(&ntlm_v2_temp_chal);
|
||||
return 1;
|
||||
|
|
@ -442,10 +442,12 @@ int ntlm_compute_ntlm_v2_response(NTLM_CONTEXT* context)
|
|||
|
||||
void ntlm_rc4k(BYTE* key, int length, BYTE* plaintext, BYTE* ciphertext)
|
||||
{
|
||||
WINPR_RC4_CTX rc4;
|
||||
winpr_RC4_Init(&rc4, (void*) key, 16);
|
||||
winpr_RC4_Update(&rc4, length, (void*) plaintext, (void*) ciphertext);
|
||||
winpr_RC4_Final(&rc4);
|
||||
WINPR_RC4_CTX* rc4 = winpr_RC4_New(key, 16);
|
||||
if (rc4)
|
||||
{
|
||||
winpr_RC4_Update(rc4, length, plaintext, ciphertext);
|
||||
winpr_RC4_Free(rc4);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -662,8 +664,8 @@ void ntlm_init_rc4_seal_states(NTLM_CONTEXT* context)
|
|||
context->RecvSigningKey = context->ClientSigningKey;
|
||||
context->SendSealingKey = context->ClientSealingKey;
|
||||
context->RecvSealingKey = context->ServerSealingKey;
|
||||
winpr_RC4_Init(&context->SendRc4Seal, context->ServerSealingKey, 16);
|
||||
winpr_RC4_Init(&context->RecvRc4Seal, context->ClientSealingKey, 16);
|
||||
context->SendRc4Seal = winpr_RC4_New(context->ServerSealingKey, 16);
|
||||
context->RecvRc4Seal = winpr_RC4_New(context->ClientSealingKey, 16);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -671,8 +673,8 @@ void ntlm_init_rc4_seal_states(NTLM_CONTEXT* context)
|
|||
context->RecvSigningKey = context->ServerSigningKey;
|
||||
context->SendSealingKey = context->ServerSealingKey;
|
||||
context->RecvSealingKey = context->ClientSealingKey;
|
||||
winpr_RC4_Init(&context->SendRc4Seal, context->ClientSealingKey, 16);
|
||||
winpr_RC4_Init(&context->RecvRc4Seal, context->ServerSealingKey, 16);
|
||||
context->SendRc4Seal = winpr_RC4_New(context->ClientSealingKey, 16);
|
||||
context->RecvRc4Seal = winpr_RC4_New(context->ServerSealingKey, 16);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue