[core,fastpath] unify fastpath stream decryption

libfreerdp/core/fastpath.c

@@ -46,6 +46,18 @@
 
 #define TAG FREERDP_TAG("core.fastpath")
 
+enum FASTPATH_INPUT_ENCRYPTION_FLAGS
+{
+	FASTPATH_INPUT_SECURE_CHECKSUM = 0x1,
+	FASTPATH_INPUT_ENCRYPTED = 0x2
+};
+
+enum FASTPATH_OUTPUT_ENCRYPTION_FLAGS
+{
+	FASTPATH_OUTPUT_SECURE_CHECKSUM = 0x1,
+	FASTPATH_OUTPUT_ENCRYPTED = 0x2
+};
+
 struct rdp_fastpath
 {
 	rdpRdp* rdp;
@@ -1195,8 +1207,10 @@ BOOL fastpath_send_update_pdu(rdpFastPath* fastpath, BYTE updateCode, wStream* s
 
 		fpUpdatePduHeader.length = fpUpdateHeader.size + fpHeaderSize + pad;
 		Stream_SetPosition(fs, 0);
-		fastpath_write_update_pdu_header(fs, &fpUpdatePduHeader, rdp);
+		if (!fastpath_write_update_pdu_header(fs, &fpUpdatePduHeader, rdp))
-		fastpath_write_update_header(fs, &fpUpdateHeader);
+			return FALSE;
+		if (!fastpath_write_update_header(fs, &fpUpdateHeader))
+			return FALSE;
 
 		if (!Stream_CheckAndLogRequiredCapacity(TAG, (fs), (size_t)DstSize + pad))
 			return FALSE;
@@ -1284,3 +1298,20 @@ BYTE fastpath_get_encryption_flags(rdpFastPath* fastpath)
 	WINPR_ASSERT(fastpath);
 	return fastpath->encryptionFlags;
 }
+
+BOOL fastpath_decrypt(rdpFastPath* fastpath, wStream* s, UINT16* length)
+{
+	WINPR_ASSERT(fastpath);
+	if (fastpath_get_encryption_flags(fastpath) & FASTPATH_OUTPUT_ENCRYPTED)
+	{
+		const UINT16 flags =
+		    (fastpath_get_encryption_flags(fastpath) & FASTPATH_OUTPUT_SECURE_CHECKSUM)
+		        ? SEC_SECURE_CHECKSUM
+		        : 0;
+
+		if (!rdp_decrypt(fastpath->rdp, s, length, flags))
+			return FALSE;
+	}
+
+	return TRUE;
+}

libfreerdp/core/fastpath.h

@@ -55,18 +55,6 @@ enum FASTPATH_OUTPUT_ACTION_TYPE
 	FASTPATH_OUTPUT_ACTION_X224 = 0x3
 };
 
-enum FASTPATH_INPUT_ENCRYPTION_FLAGS
-{
-	FASTPATH_INPUT_SECURE_CHECKSUM = 0x1,
-	FASTPATH_INPUT_ENCRYPTED = 0x2
-};
-
-enum FASTPATH_OUTPUT_ENCRYPTION_FLAGS
-{
-	FASTPATH_OUTPUT_SECURE_CHECKSUM = 0x1,
-	FASTPATH_OUTPUT_ENCRYPTED = 0x2
-};
-
 enum FASTPATH_UPDATETYPE
 {
 	FASTPATH_UPDATETYPE_ORDERS = 0x0,
@@ -142,6 +130,8 @@ FREERDP_LOCAL BOOL fastpath_read_header_rdp(rdpFastPath* fastpath, wStream* s, U
 FREERDP_LOCAL int fastpath_recv_updates(rdpFastPath* fastpath, wStream* s);
 FREERDP_LOCAL int fastpath_recv_inputs(rdpFastPath* fastpath, wStream* s);
 
+FREERDP_LOCAL BOOL fastpath_decrypt(rdpFastPath* fastpath, wStream* s, UINT16* length);
+
 FREERDP_LOCAL wStream* fastpath_input_pdu_init_header(rdpFastPath* fastpath);
 FREERDP_LOCAL wStream* fastpath_input_pdu_init(rdpFastPath* fastpath, BYTE eventFlags,
                                                BYTE eventCode);

libfreerdp/core/peer.c

@@ -676,14 +676,8 @@ static state_run_t peer_recv_fastpath_pdu(freerdp_peer* client, wStream* s)
 	if (!Stream_CheckAndLogRequiredLength(TAG, s, length))
 		return STATE_RUN_FAILED;
 
-	if (fastpath_get_encryption_flags(fastpath) & FASTPATH_OUTPUT_ENCRYPTED)
+	if (!fastpath_decrypt(fastpath, s, &length))
-	{
+		return STATE_RUN_FAILED;
-		if (!rdp_decrypt(rdp, s, &length,
-		                 (fastpath_get_encryption_flags(fastpath) & FASTPATH_OUTPUT_SECURE_CHECKSUM)
-		                     ? SEC_SECURE_CHECKSUM
-		                     : 0))
-			return STATE_RUN_FAILED;
-	}
 
 	rdp->inPackets++;
 

libfreerdp/core/rdp.c

@@ -1619,18 +1619,8 @@ static state_run_t rdp_recv_fastpath_pdu(rdpRdp* rdp, wStream* s)
 		rdp->autodetect->bandwidthMeasureByteCount += length;
 	}
 
-	if (fastpath_get_encryption_flags(fastpath) & FASTPATH_OUTPUT_ENCRYPTED)
+	if (!fastpath_decrypt(fastpath, s, &length))
-	{
+		return STATE_RUN_FAILED;
-		UINT16 flags = (fastpath_get_encryption_flags(fastpath) & FASTPATH_OUTPUT_SECURE_CHECKSUM)
-		                   ? SEC_SECURE_CHECKSUM
-		                   : 0;
-
-		if (!rdp_decrypt(rdp, s, &length, flags))
-		{
-			WLog_ERR(TAG, "rdp_recv_fastpath_pdu: rdp_decrypt() fail");
-			return STATE_RUN_FAILED;
-		}
-	}
 
 	return fastpath_recv_updates(rdp->fastpath, s);
 }