initial fips encryption work

include/freerdp/settings.h

@@ -214,6 +214,10 @@ struct rdp_settings
 	uint8 encrypt_update_key[16];
 	int rc4_key_len;
 
+	uint8 fips_sign_key[20];
+	uint8 fips_encrypt_key[24];
+	uint8 fips_decrypt_key[24];
+
 	boolean console_audio;
 	boolean console_session;
 	uint32 redirected_session_id;

libfreerdp-core/connection.c

@@ -198,11 +198,21 @@ static boolean rdp_establish_keys(rdpRdp* rdp)
 		return False;
 	}
 
+	rdp->do_crypt = True;
+
+	if (rdp->settings->encryption_method == ENCRYPTION_METHOD_FIPS)
+	{
+		uint8 fips_ivec[8] = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF };
+		rdp->fips_encrypt = crypto_des3_encrypt_init(rdp->settings->fips_encrypt_key, fips_ivec);
+		rdp->fips_decrypt = crypto_des3_decrypt_init(rdp->settings->fips_decrypt_key, fips_ivec);
+
+		rdp->fips_hmac = crypto_hmac_new();
+		return True;
+	}
+
 	rdp->rc4_decrypt_key = crypto_rc4_init(rdp->settings->decrypt_key, rdp->settings->rc4_key_len);
 	rdp->rc4_encrypt_key = crypto_rc4_init(rdp->settings->encrypt_key, rdp->settings->rc4_key_len);
 
-	rdp->do_crypt = True;
-
 	return True;
 }
 

libfreerdp-core/crypto.c

@@ -72,6 +72,72 @@ void crypto_rc4_free(CryptoRc4 rc4)
 	xfree(rc4);
 }
 
+CryptoDes3 crypto_des3_encrypt_init(uint8 key[24], uint8 ivec[8])
+{
+	CryptoDes3 des3 = xmalloc(sizeof(*des3));
+	EVP_CIPHER_CTX_init(&des3->des3_ctx);
+	EVP_EncryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
+	EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0);
+	return des3;
+}
+
+CryptoDes3 crypto_des3_decrypt_init(uint8 key[24], uint8 ivec[8])
+{
+	CryptoDes3 des3 = xmalloc(sizeof(*des3));
+	EVP_CIPHER_CTX_init(&des3->des3_ctx);
+	EVP_DecryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
+	EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0);
+	return des3;
+}
+
+void crypto_des3_encrypt(CryptoDes3 des3, uint32 length, uint8 *in_data, uint8 *out_data)
+{
+	int len;
+	EVP_EncryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
+}
+
+void crypto_des3_decrypt(CryptoDes3 des3, uint32 length, uint8 *in_data, uint8* out_data)
+{
+	int len;
+	EVP_DecryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
+	if (length != len)
+		abort();	// TODO
+}
+
+void crypto_des3_free(CryptoDes3 des3)
+{
+	EVP_CIPHER_CTX_cleanup(&des3->des3_ctx);
+	xfree(des3);
+}
+
+CryptoHmac crypto_hmac_new(void)
+{
+	CryptoHmac hmac = xmalloc(sizeof(*hmac));
+	HMAC_CTX_init(&hmac->hmac_ctx);
+	return hmac;
+}
+
+void crypto_hmac_sha1_init(CryptoHmac hmac, uint8 *data, uint32 length)
+{
+	HMAC_Init_ex(&hmac->hmac_ctx, data, length, EVP_sha1(), NULL);
+}
+
+void crypto_hmac_update(CryptoHmac hmac, uint8 *data, uint32 length)
+{
+	HMAC_Update(&hmac->hmac_ctx, data, length);
+}
+
+void crypto_hmac_final(CryptoHmac hmac, uint8 *out_data, uint32 length)
+{
+	HMAC_Final(&hmac->hmac_ctx, out_data, &length);
+}
+
+void crypto_hmac_free(CryptoHmac hmac)
+{
+	HMAC_CTX_cleanup(&hmac->hmac_ctx);
+	xfree(hmac);
+}
+
 CryptoCert crypto_cert_read(uint8* data, uint32 length)
 {
 	CryptoCert cert = xmalloc(sizeof(*cert));

libfreerdp-core/crypto.h

@@ -29,6 +29,7 @@
 #include <openssl/rc4.h>
 #include <openssl/md5.h>
 #include <openssl/sha.h>
+#include <openssl/hmac.h>
 #include <openssl/bn.h>
 #include <openssl/x509v3.h>
 #include <openssl/rand.h>
@@ -62,6 +63,16 @@ struct crypto_rc4_struct
 	RC4_KEY rc4_key;
 };
 
+struct crypto_des3_struct
+{
+	EVP_CIPHER_CTX des3_ctx;
+};
+
+struct crypto_hmac_struct
+{
+	HMAC_CTX hmac_ctx;
+};
+
 struct crypto_cert_struct
 {
 	X509 * px509;
@@ -82,6 +93,20 @@ CryptoRc4 crypto_rc4_init(uint8* key, uint32 length);
 void crypto_rc4(CryptoRc4 rc4, uint32 length, uint8* in_data, uint8* out_data);
 void crypto_rc4_free(CryptoRc4 rc4);
 
+typedef struct crypto_des3_struct* CryptoDes3;
+CryptoDes3 crypto_des3_encrypt_init(uint8 key[24], uint8 ivec[8]);
+CryptoDes3 crypto_des3_decrypt_init(uint8 key[24], uint8 ivec[8]);
+void crypto_des3_encrypt(CryptoDes3 des3, uint32 length, uint8 *in_data, uint8 *out_data);
+void crypto_des3_decrypt(CryptoDes3 des3, uint32 length, uint8 *in_data, uint8* out_data);
+void crypto_des3_free(CryptoDes3 des3);
+
+typedef struct crypto_hmac_struct* CryptoHmac;
+CryptoHmac crypto_hmac_new(void);
+void crypto_hmac_sha1_init(CryptoHmac hmac, uint8 *data, uint32 length);
+void crypto_hmac_update(CryptoHmac hmac, uint8 *data, uint32 length);
+void crypto_hmac_final(CryptoHmac hmac, uint8 *out_data, uint32 length);
+void crypto_hmac_free(CryptoHmac hmac);
+
 typedef struct crypto_cert_struct* CryptoCert;
 CryptoCert crypto_cert_read(uint8* data, uint32 length);
 char* cypto_cert_fingerprint(X509* xcert);

libfreerdp-core/rdp.c

@@ -1,3 +1,4 @@
+
 /**
  * FreeRDP: A Remote Desktop Protocol Client
  * RDP Core
@@ -161,6 +162,8 @@ static int rdp_security_stream_init(rdpRdp* rdp, STREAM* s)
 	if (rdp->do_crypt)
 	{
 		stream_seek(s, 12);
+		if (rdp->settings->encryption_method == ENCRYPTION_METHOD_FIPS)
+			stream_seek(s, 4);
 		rdp->sec_flags |= SEC_ENCRYPT;
 	}
 	else if (rdp->sec_flags != 0)
@@ -246,9 +249,20 @@ boolean rdp_read_header(rdpRdp* rdp, STREAM* s, uint16* length, uint16* channel_
 void rdp_write_header(rdpRdp* rdp, STREAM* s, uint16 length, uint16 channel_id)
 {
 	enum DomainMCSPDU MCSPDU;
+	int body_length;
 
 	MCSPDU = (rdp->settings->server_mode) ? DomainMCSPDU_SendDataIndication : DomainMCSPDU_SendDataRequest;
 
+	if (rdp->sec_flags & SEC_ENCRYPT && rdp->settings->encryption_method == ENCRYPTION_METHOD_FIPS) {
+		int pad;
+
+		body_length = length - RDP_PACKET_HEADER_LENGTH - 16;
+		pad = 8 - (body_length % 8);
+		if (pad != 8)
+			length += pad;
+		//printf("rdp_write_header: %d %d (%d)\n", length, body_length, pad);
+	}
+
 	mcs_write_domain_mcspdu_header(s, MCSPDU, length, 0);
 	per_write_integer16(s, rdp->mcs->user_id, MCS_BASE_CHANNEL_ID); /* initiator */
 	per_write_integer16(s, channel_id, 0); /* channelId */
@@ -264,6 +278,7 @@ static uint32 rdp_security_stream_out(rdpRdp* rdp, STREAM* s, int length)
 	uint8* mk;
 	uint8* data;
 	uint32 sec_flags;
+	uint32 pad = 0;
 
 	sec_flags = rdp->sec_flags;
 	if (sec_flags != 0)
@@ -271,26 +286,53 @@ static uint32 rdp_security_stream_out(rdpRdp* rdp, STREAM* s, int length)
 		rdp_write_security_header(s, sec_flags);
 		if (sec_flags & SEC_ENCRYPT)
 		{
-			data = s->p + 8;
-			length = length - (data - s->data);
-			mk = rdp->settings->sign_key;
-			ml = rdp->settings->rc4_key_len;
-			security_mac_signature(mk, ml, data, length, s->p);
-			stream_seek(s, 8);
-			security_encrypt(s->p, length, rdp);
+			if (rdp->settings->encryption_method == ENCRYPTION_METHOD_FIPS)
+			{
+				data = s->p + 12;
+
+				length = length - (data - s->data);
+				stream_write_uint16(s, 0x10); /* length */
+				stream_write_uint8(s, 0x1); /* TSFIPS_VERSION 1*/
+				/* handle padding */
+				pad = 8 - (length % 8);
+				if (pad == 8)
+					pad = 0;
+				if (pad)
+					memset(data+length, 0, pad);
+				stream_write_uint8(s, pad);
+
+				// printf("FIPS padding %d, length %d\n", pad, length);
+
+				security_hmac_signature(data, length, s->p, rdp);
+				stream_seek(s, 8);
+				security_fips_encrypt(data, length + pad, rdp);
+			}
+			else
+			{
+				data = s->p + 8;
+				length = length - (data - s->data);
+
+				mk = rdp->settings->sign_key;
+				ml = rdp->settings->rc4_key_len;
+				security_mac_signature(mk, ml, data, length, s->p);
+				stream_seek(s, 8);
+				security_encrypt(s->p, length, rdp);
+			}
 		}
 		rdp->sec_flags = 0;
 	}
-	return 0;
+	return pad;
 }
 
-static uint32 rdp_get_sec_bytes(uint32 sec_flags)
+static uint32 rdp_get_sec_bytes(rdpRdp* rdp)
 {
 	uint32 sec_bytes;
 
-	if (sec_flags & SEC_ENCRYPT)
+	if (rdp->sec_flags & SEC_ENCRYPT) {
 		sec_bytes = 12;
-	else if (sec_flags != 0)
+		if (rdp->settings->encryption_method == ENCRYPTION_METHOD_FIPS)
+			sec_bytes += 4;
+	} else if (rdp->sec_flags != 0)
 		sec_bytes = 4;
 	else
 		sec_bytes = 0;
@@ -315,12 +357,12 @@ boolean rdp_send(rdpRdp* rdp, STREAM* s, uint16 channel_id)
 
 	rdp_write_header(rdp, s, length, channel_id);
 
-	sec_bytes = rdp_get_sec_bytes(rdp->sec_flags);
+	sec_bytes = rdp_get_sec_bytes(rdp);
 	sec_hold = s->p;
 	stream_seek(s, sec_bytes);
 
 	s->p = sec_hold;
-	rdp_security_stream_out(rdp, s, length);
+	length += rdp_security_stream_out(rdp, s, length);
 	
 	stream_set_pos(s, length);
 	if (transport_write(rdp->transport, s) < 0)
@@ -340,14 +382,14 @@ boolean rdp_send_pdu(rdpRdp* rdp, STREAM* s, uint16 type, uint16 channel_id)
 
 	rdp_write_header(rdp, s, length, MCS_GLOBAL_CHANNEL_ID);
 
-	sec_bytes = rdp_get_sec_bytes(rdp->sec_flags);
+	sec_bytes = rdp_get_sec_bytes(rdp);
 	sec_hold = s->p;
 	stream_seek(s, sec_bytes);
 
 	rdp_write_share_control_header(s, length, type, channel_id);
 
 	s->p = sec_hold;
-	rdp_security_stream_out(rdp, s, length);
+	length += rdp_security_stream_out(rdp, s, length);
 
 	stream_set_pos(s, length);
 	if (transport_write(rdp->transport, s) < 0)
@@ -367,7 +409,7 @@ boolean rdp_send_data_pdu(rdpRdp* rdp, STREAM* s, uint8 type, uint16 channel_id)
 
 	rdp_write_header(rdp, s, length, MCS_GLOBAL_CHANNEL_ID);
 
-	sec_bytes = rdp_get_sec_bytes(rdp->sec_flags);
+	sec_bytes = rdp_get_sec_bytes(rdp);
 	sec_hold = s->p;
 	stream_seek(s, sec_bytes);
 
@@ -377,7 +419,7 @@ boolean rdp_send_data_pdu(rdpRdp* rdp, STREAM* s, uint8 type, uint16 channel_id)
 	//printf("send %s Data PDU (0x%02X), length:%d\n", DATA_PDU_TYPE_STRINGS[type], type, length);
 
 	s->p = sec_hold;
-	rdp_security_stream_out(rdp, s, length);
+	length += rdp_security_stream_out(rdp, s, length);
 
 	stream_set_pos(s, length);
 	if (transport_write(rdp->transport, s) < 0)
@@ -535,6 +577,38 @@ boolean rdp_decrypt(rdpRdp* rdp, STREAM* s, int length)
 {
 	int cryptlen;
 
+	if (rdp->settings->encryption_method == ENCRYPTION_METHOD_FIPS)
+	{
+		uint16 len;
+		uint8 version, pad;
+		uint8 *sig;
+
+		stream_read_uint16(s, len);	// 0x10
+		stream_read_uint8(s, version);	// 0x1
+		stream_read_uint8(s, pad);
+
+		sig = s->p;
+		stream_seek(s, 8);	/* signature */
+
+		cryptlen = length - 12;
+
+		if (!security_fips_decrypt(s->p, cryptlen, rdp))
+		{
+			printf("FATAL: cannot decrypt\n");
+			return False;	// TODO
+		}
+
+		if (!security_fips_check_signature(s->p, cryptlen-pad, sig, rdp))
+		{
+			printf("FATAL: invalid packet signature\n");
+			return False;	// TODO
+		}
+
+		// is this what needs adjusting?
+		s->size -= pad;
+		return True;
+	}
+
 	stream_seek(s, 8); /* signature */
 	cryptlen = length - 8;
 	security_decrypt(s->p, cryptlen, rdp);

libfreerdp-core/rdp.h

@@ -132,6 +132,9 @@ struct rdp_rdp
 	int decrypt_use_count;
 	struct crypto_rc4_struct* rc4_encrypt_key;
 	int encrypt_use_count;
+	struct crypto_des3_struct* fips_encrypt;
+	struct crypto_des3_struct* fips_decrypt;
+	struct crypto_hmac_struct* fips_hmac;
 	uint32 sec_flags;
 	boolean do_crypt;
 };

libfreerdp-core/security.c

@@ -40,6 +40,79 @@ static uint8 pad2[48] =
 	"\x5C\x5C\x5C\x5C\x5C\x5C\x5C\x5C"
 };
 
+static uint8
+fips_reverse_table[256] = {
+ 0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0,
+ 0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0,
+ 0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8,
+ 0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8,
+ 0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4,
+ 0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4,
+ 0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec,
+ 0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc,
+ 0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2,
+ 0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2,
+ 0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea,
+ 0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa,
+ 0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6,
+ 0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6,
+ 0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee,
+ 0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe,
+ 0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1,
+ 0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1,
+ 0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9,
+ 0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9,
+ 0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5,
+ 0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5,
+ 0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed,
+ 0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd,
+ 0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3,
+ 0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3,
+ 0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb,
+ 0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb,
+ 0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7,
+ 0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7,
+ 0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef,
+ 0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff,
+};
+
+static uint8
+fips_oddparity_table[256] = {
+ 0x01, 0x01, 0x02, 0x02, 0x04, 0x04, 0x07, 0x07,
+ 0x08, 0x08, 0x0b, 0x0b, 0x0d, 0x0d, 0x0e, 0x0e,
+ 0x10, 0x10, 0x13, 0x13, 0x15, 0x15, 0x16, 0x16,
+ 0x19, 0x19, 0x1a, 0x1a, 0x1c, 0x1c, 0x1f, 0x1f,
+ 0x20, 0x20, 0x23, 0x23, 0x25, 0x25, 0x26, 0x26,
+ 0x29, 0x29, 0x2a, 0x2a, 0x2c, 0x2c, 0x2f, 0x2f,
+ 0x31, 0x31, 0x32, 0x32, 0x34, 0x34, 0x37, 0x37,
+ 0x38, 0x38, 0x3b, 0x3b, 0x3d, 0x3d, 0x3e, 0x3e,
+ 0x40, 0x40, 0x43, 0x43, 0x45, 0x45, 0x46, 0x46,
+ 0x49, 0x49, 0x4a, 0x4a, 0x4c, 0x4c, 0x4f, 0x4f,
+ 0x51, 0x51, 0x52, 0x52, 0x54, 0x54, 0x57, 0x57,
+ 0x58, 0x58, 0x5b, 0x5b, 0x5d, 0x5d, 0x5e, 0x5e,
+ 0x61, 0x61, 0x62, 0x62, 0x64, 0x64, 0x67, 0x67,
+ 0x68, 0x68, 0x6b, 0x6b, 0x6d, 0x6d, 0x6e, 0x6e,
+ 0x70, 0x70, 0x73, 0x73, 0x75, 0x75, 0x76, 0x76,
+ 0x79, 0x79, 0x7a, 0x7a, 0x7c, 0x7c, 0x7f, 0x7f,
+ 0x80, 0x80, 0x83, 0x83, 0x85, 0x85, 0x86, 0x86,
+ 0x89, 0x89, 0x8a, 0x8a, 0x8c, 0x8c, 0x8f, 0x8f,
+ 0x91, 0x91, 0x92, 0x92, 0x94, 0x94, 0x97, 0x97,
+ 0x98, 0x98, 0x9b, 0x9b, 0x9d, 0x9d, 0x9e, 0x9e,
+ 0xa1, 0xa1, 0xa2, 0xa2, 0xa4, 0xa4, 0xa7, 0xa7,
+ 0xa8, 0xa8, 0xab, 0xab, 0xad, 0xad, 0xae, 0xae,
+ 0xb0, 0xb0, 0xb3, 0xb3, 0xb5, 0xb5, 0xb6, 0xb6,
+ 0xb9, 0xb9, 0xba, 0xba, 0xbc, 0xbc, 0xbf, 0xbf,
+ 0xc1, 0xc1, 0xc2, 0xc2, 0xc4, 0xc4, 0xc7, 0xc7,
+ 0xc8, 0xc8, 0xcb, 0xcb, 0xcd, 0xcd, 0xce, 0xce,
+ 0xd0, 0xd0, 0xd3, 0xd3, 0xd5, 0xd5, 0xd6, 0xd6,
+ 0xd9, 0xd9, 0xda, 0xda, 0xdc, 0xdc, 0xdf, 0xdf,
+ 0xe0, 0xe0, 0xe3, 0xe3, 0xe5, 0xe5, 0xe6, 0xe6,
+ 0xe9, 0xe9, 0xea, 0xea, 0xec, 0xec, 0xef, 0xef,
+ 0xf1, 0xf1, 0xf2, 0xf2, 0xf4, 0xf4, 0xf7, 0xf7,
+ 0xf8, 0xf8, 0xfb, 0xfb, 0xfd, 0xfd, 0xfe, 0xfe,
+};
+
+
 static void security_salted_hash(uint8* salt, uint8* input, int length, uint8* salt1, uint8* salt2, uint8* output)
 {
 	CryptoMd5 md5;
@@ -191,6 +264,41 @@ static void security_X(uint8* master_secret, uint8* client_random, uint8* server
 	security_premaster_hash("ZZZ", 3, master_secret, client_random, server_random, &output[32]);
 }
 
+static void
+fips_expand_key_bits(uint8 *in, uint8 *out)
+{
+	uint8 buf[21], c;
+	int i, b, p, r;
+
+	// reverse every byte in the key
+	for (i = 0; i < 21; i++)
+		buf[i] = fips_reverse_table[in[i]];
+
+	// insert a zero-bit after every 7th bit
+	for (i = 0, b = 0; i < 24; i++, b += 7)
+	{
+		p = b/8;
+		r = b%8;
+		if (r == 0)
+		{
+			out[i] = buf[p] & 0xfe;
+		}
+		else
+		{
+			// c is accumulator
+			c = buf[p] << r;
+			c |= buf[p+1] >> (8-r);
+			out[i] = c & 0xfe;
+		}
+	}
+
+	// reverse every byte
+	// alter lsb so the byte has odd parity
+	for (i = 0; i < 24; i++)
+		out[i] = fips_oddparity_table[fips_reverse_table[out[i]]];
+}
+
+
 boolean security_establish_keys(uint8* client_random, rdpSettings* settings)
 {
 	uint8 pre_master_secret[48];
@@ -201,6 +309,35 @@ boolean security_establish_keys(uint8* client_random, rdpSettings* settings)
 
 	server_random = settings->server_random.data;
 
+	if (settings->encryption_method == ENCRYPTION_METHOD_FIPS)
+	{
+		CryptoSha1 sha1;
+		uint8 client_encrypt_key_t[21], client_decrypt_key_t[21];
+
+		printf("FIPS Compliant encryption level.\n");
+
+		sha1 = crypto_sha1_init();
+		crypto_sha1_update(sha1, client_random + 16, 16);
+		crypto_sha1_update(sha1, server_random + 16, 16);
+		crypto_sha1_final(sha1, client_encrypt_key_t);
+
+		client_encrypt_key_t[20] = client_encrypt_key_t[0];
+		fips_expand_key_bits(client_encrypt_key_t, settings->fips_encrypt_key);
+
+		sha1 = crypto_sha1_init();
+		crypto_sha1_update(sha1, client_random, 16);
+		crypto_sha1_update(sha1, server_random, 16);
+		crypto_sha1_final(sha1, client_decrypt_key_t);
+
+		client_decrypt_key_t[20] = client_decrypt_key_t[0];
+		fips_expand_key_bits(client_decrypt_key_t, settings->fips_decrypt_key);
+
+		sha1 = crypto_sha1_init();
+		crypto_sha1_update(sha1, client_decrypt_key_t, 20);
+		crypto_sha1_update(sha1, client_encrypt_key_t, 20);
+		crypto_sha1_final(sha1, settings->fips_sign_key);
+	}
+
 	memcpy(pre_master_secret, client_random, 24);
 	memcpy(pre_master_secret + 24, server_random, 24);
 
@@ -219,7 +356,7 @@ boolean security_establish_keys(uint8* client_random, rdpSettings* settings)
 		memcpy(settings->encrypt_key, salt40, 3); /* TODO 56 bit */
 		settings->rc4_key_len = 8;
 	}
-	else /* 128 bit */
+	else if (settings->encryption_method == 2) /* 128 bit */
 	{
 		settings->rc4_key_len = 16;
 	}
@@ -287,3 +424,52 @@ boolean security_decrypt(uint8* data, int length, rdpRdp* rdp)
 	rdp->decrypt_use_count += 1;
 	return True;
 }
+
+void security_hmac_signature(uint8* data, int length, uint8* output, rdpRdp* rdp)
+{
+	uint8 buf[20];
+	uint8 use_count_le[4];
+
+	security_uint32_le(use_count_le, rdp->encrypt_use_count);
+
+	crypto_hmac_sha1_init(rdp->fips_hmac, rdp->settings->fips_sign_key, 20);
+	crypto_hmac_update(rdp->fips_hmac, data, length);
+	crypto_hmac_update(rdp->fips_hmac, use_count_le, 4);
+	crypto_hmac_final(rdp->fips_hmac, buf, 20);
+
+	memmove(output, buf, 8);
+}
+
+boolean security_fips_encrypt(uint8* data, int length, rdpRdp* rdp)
+{
+	crypto_des3_encrypt(rdp->fips_encrypt, length, data, data);
+	rdp->encrypt_use_count++;
+	return True;
+}
+
+boolean security_fips_decrypt(uint8* data, int length, rdpRdp* rdp)
+{
+	crypto_des3_decrypt(rdp->fips_decrypt, length, data, data);
+	return True;
+}
+
+boolean security_fips_check_signature(uint8* data, int length, uint8* sig, rdpRdp* rdp)
+{
+	uint8 buf[20];
+	uint8 use_count_le[4];
+
+	security_uint32_le(use_count_le, rdp->decrypt_use_count);
+
+	crypto_hmac_sha1_init(rdp->fips_hmac, rdp->settings->fips_sign_key, 20);
+	crypto_hmac_update(rdp->fips_hmac, data, length);
+	crypto_hmac_update(rdp->fips_hmac, use_count_le, 4);
+	crypto_hmac_final(rdp->fips_hmac, buf, 20);
+
+	rdp->decrypt_use_count++;
+
+	if (memcmp(sig, buf, 8))
+		return False;
+
+	return True;
+}
+

libfreerdp-core/security.h

@@ -38,4 +38,9 @@ boolean security_establish_keys(uint8* client_random, rdpSettings* settings);
 boolean security_encrypt(uint8* data, int length, rdpRdp* rdp);
 boolean security_decrypt(uint8* data, int length, rdpRdp* rdp);
 
+void security_hmac_signature(uint8* data, int length, uint8* output, rdpRdp* rdp);
+boolean security_fips_encrypt(uint8* data, int length, rdpRdp* rdp);
+boolean security_fips_decrypt(uint8* data, int length, rdpRdp* rdp);
+boolean security_fips_check_signature(uint8* data, int length, uint8* sig, rdpRdp* rdp);
+
 #endif /* __SECURITY_H */

libfreerdp-utils/args.c

@@ -368,8 +368,8 @@ int freerdp_parse_args(rdpSettings* settings, int argc, char** argv,
 				settings->tls_security = False;
 				settings->nla_security = False;
 				settings->encryption = True;
-				settings->encryption_method = ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_128BIT;
-				settings->encryption_level = ENCRYPTION_LEVEL_HIGH;
+				settings->encryption_method = ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS;
+				settings->encryption_level = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
 			}
 			else if (strncmp("tls", argv[index], 1) == 0) /* TLS */
 			{