Moved assistance to winpr crypto.

This commit is contained in:
Armin Novak 2016-03-07 11:51:13 +01:00
parent 52f1e6b27a
commit 2208a84cd4
3 changed files with 56 additions and 72 deletions

View File

@ -25,10 +25,9 @@ set(${MODULE_PREFIX}_SRCS
freerdp_module_add(${${MODULE_PREFIX}_SRCS})
freerdp_include_directory_add(${OPENSSL_INCLUDE_DIR})
freerdp_include_directory_add(${ZLIB_INCLUDE_DIRS})
freerdp_library_add(${OPENSSL_LIBRARIES} ${ZLIB_LIBRARIES})
freerdp_library_add(${ZLIB_LIBRARIES})
if(BUILD_TESTING)
add_subdirectory(test)

View File

@ -26,11 +26,6 @@
#include <winpr/print.h>
#include <winpr/windows.h>
#include <openssl/ssl.h>
#include <openssl/evp.h>
#include <openssl/aes.h>
#include <openssl/engine.h>
#include <freerdp/log.h>
#include <freerdp/client/file.h>
#include <freerdp/client/cmdline.h>
@ -77,11 +72,12 @@
int freerdp_assistance_crypt_derive_key_sha1(BYTE* hash, int hashLength, BYTE* key, int keyLength)
{
int rc = -1;
int i;
BYTE* buffer;
BYTE pad1[64];
BYTE pad2[64];
SHA_CTX hashCtx;
WINPR_SHA1_CTX hashCtx;
memset(pad1, 0x36, 64);
memset(pad2, 0x5C, 64);
@ -95,21 +91,29 @@ int freerdp_assistance_crypt_derive_key_sha1(BYTE* hash, int hashLength, BYTE* k
buffer = (BYTE*) calloc(1, hashLength * 2);
if (!buffer)
return -1;
goto fail;
SHA1_Init(&hashCtx);
SHA1_Update(&hashCtx, pad1, 64);
SHA1_Final((void*) buffer, &hashCtx);
if (!winpr_SHA1_Init(&hashCtx))
goto fail;
if (!winpr_SHA1_Update(&hashCtx, pad1, 64))
goto fail;
if (!winpr_SHA1_Final(&hashCtx, buffer, hashLength))
goto fail;
SHA1_Init(&hashCtx);
SHA1_Update(&hashCtx, pad2, 64);
SHA1_Final((void*) &buffer[hashLength], &hashCtx);
if (!winpr_SHA1_Init(&hashCtx))
goto fail;
if (!winpr_SHA1_Update(&hashCtx, pad2, 64))
goto fail;
if (!winpr_SHA1_Final(&hashCtx, &buffer[hashLength], hashLength))
goto fail;
CopyMemory(key, buffer, keyLength);
rc = 1;
fail:
free(buffer);
return 1;
return rc;
}
int freerdp_assistance_parse_address_list(rdpAssistanceFile* file, char* list)
@ -543,15 +547,16 @@ char* freerdp_assistance_generate_pass_stub(DWORD flags)
BYTE* freerdp_assistance_encrypt_pass_stub(const char* password, const char* passStub, int* pEncryptedSize)
{
BOOL rc;
int status;
WINPR_MD5_CTX md5Ctx;
int cbPasswordW;
int cbPassStubW;
int EncryptedSize;
BYTE PasswordHash[WINPR_MD5_DIGEST_LENGTH];
EVP_CIPHER_CTX rc4Ctx;
WINPR_CIPHER_CTX* rc4Ctx;
BYTE* pbIn, *pbOut;
int cbOut, cbIn, cbFinal;
size_t cbOut, cbIn, cbFinal;
WCHAR* PasswordW = NULL;
WCHAR* PassStubW = NULL;
@ -617,21 +622,9 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* password, const char* pas
free(PasswordW);
free(PassStubW);
EVP_CIPHER_CTX_init(&rc4Ctx);
status = EVP_EncryptInit_ex(&rc4Ctx, EVP_rc4(), NULL, NULL, NULL);
if (!status)
{
WLog_ERR(TAG, "EVP_CipherInit_ex failure");
free (pbOut);
free (pbIn);
return NULL;
}
status = EVP_EncryptInit_ex(&rc4Ctx, NULL, NULL, PasswordHash, NULL);
if (!status)
rc4Ctx = winpr_Cipher_New(WINPR_CIPHER_ARC4_128, WINPR_ENCRYPT,
PasswordHash, NULL);
if (!rc4Ctx)
{
WLog_ERR(TAG, "EVP_CipherInit_ex failure");
free (pbOut);
@ -642,26 +635,26 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* password, const char* pas
cbOut = cbFinal = 0;
cbIn = EncryptedSize;
status = EVP_EncryptUpdate(&rc4Ctx, pbOut, &cbOut, pbIn, cbIn);
rc = winpr_Cipher_Update(rc4Ctx, pbIn, cbIn, pbOut, &cbOut);
free(pbIn);
if (!status)
if (!rc)
{
WLog_ERR(TAG, "EVP_CipherUpdate failure");
winpr_Cipher_Free(rc4Ctx);
free (pbOut);
return NULL;
}
status = EVP_EncryptFinal_ex(&rc4Ctx, pbOut + cbOut, &cbFinal);
if (!status)
if (!winpr_Cipher_Final(rc4Ctx, pbOut + cbOut, &cbFinal))
{
WLog_ERR(TAG, "EVP_CipherFinal_ex failure");
winpr_Cipher_Free(rc4Ctx);
free (pbOut);
return NULL;
}
EVP_CIPHER_CTX_cleanup(&rc4Ctx);
winpr_Cipher_Free(rc4Ctx);
*pEncryptedSize = EncryptedSize;
@ -671,17 +664,17 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* password, const char* pas
int freerdp_assistance_decrypt2(rdpAssistanceFile* file, const char* password)
{
int status;
SHA_CTX shaCtx;
WINPR_SHA1_CTX shaCtx;
int cbPasswordW;
int cchOutW = 0;
WCHAR* pbOutW = NULL;
EVP_CIPHER_CTX aesDec;
WINPR_CIPHER_CTX* aesDec;
WCHAR* PasswordW = NULL;
BYTE* pbIn, *pbOut;
int cbOut, cbIn, cbFinal;
BYTE DerivedKey[AES_BLOCK_SIZE];
BYTE InitializationVector[AES_BLOCK_SIZE];
BYTE PasswordHash[SHA_DIGEST_LENGTH];
size_t cbOut, cbIn, cbFinal;
BYTE DerivedKey[WINPR_AES_BLOCK_SIZE];
BYTE InitializationVector[WINPR_AES_BLOCK_SIZE];
BYTE PasswordHash[WINPR_SHA1_DIGEST_LENGTH];
status = ConvertToUnicode(CP_UTF8, 0, password, -1, &PasswordW, 0);
@ -690,9 +683,13 @@ int freerdp_assistance_decrypt2(rdpAssistanceFile* file, const char* password)
cbPasswordW = (status - 1) * 2;
SHA1_Init(&shaCtx);
SHA1_Update(&shaCtx, PasswordW, cbPasswordW);
SHA1_Final((void*) PasswordHash, &shaCtx);
if (!winpr_SHA1_Init(&shaCtx) ||
!winpr_SHA1_Update(&shaCtx, (BYTE*)PasswordW, cbPasswordW) ||
!winpr_SHA1_Final(&shaCtx, PasswordHash, sizeof(PasswordHash)))
{
free (PasswordW);
return -1;
}
status = freerdp_assistance_crypt_derive_key_sha1(PasswordHash, sizeof(PasswordHash),
DerivedKey, sizeof(DerivedKey));
@ -705,22 +702,9 @@ int freerdp_assistance_decrypt2(rdpAssistanceFile* file, const char* password)
ZeroMemory(InitializationVector, sizeof(InitializationVector));
EVP_CIPHER_CTX_init(&aesDec);
status = EVP_DecryptInit_ex(&aesDec, EVP_aes_128_cbc(), NULL, NULL, NULL);
if (status != 1)
{
free(PasswordW);
return -1;
}
EVP_CIPHER_CTX_set_key_length(&aesDec, (128 / 8));
EVP_CIPHER_CTX_set_padding(&aesDec, 0);
status = EVP_DecryptInit_ex(&aesDec, EVP_aes_128_cbc(), NULL, DerivedKey, InitializationVector);
if (status != 1)
aesDec = winpr_Cipher_New(WINPR_CIPHER_AES_128_CBC, WINPR_DECRYPT,
DerivedKey, InitializationVector);
if (!aesDec)
{
free(PasswordW);
return -1;
@ -729,34 +713,33 @@ int freerdp_assistance_decrypt2(rdpAssistanceFile* file, const char* password)
cbOut = cbFinal = 0;
cbIn = file->EncryptedLHTicketLength;
pbIn = (BYTE*) file->EncryptedLHTicket;
pbOut = (BYTE*) calloc(1, cbIn + AES_BLOCK_SIZE + 2);
pbOut = (BYTE*) calloc(1, cbIn + WINPR_AES_BLOCK_SIZE + 2);
if (!pbOut)
{
winpr_Cipher_Free(aesDec);
free(PasswordW);
return -1;
}
status = EVP_DecryptUpdate(&aesDec, pbOut, &cbOut, pbIn, cbIn);
if (status != 1)
if (!winpr_Cipher_Update(aesDec, pbIn, cbIn, pbOut, &cbOut))
{
winpr_Cipher_Free(aesDec);
free(PasswordW);
free(pbOut);
return -1;
}
status = EVP_DecryptFinal_ex(&aesDec, pbOut + cbOut, &cbFinal);
if (status != 1)
if (!winpr_Cipher_Final(aesDec, pbOut + cbOut, &cbFinal))
{
WLog_ERR(TAG, "EVP_DecryptFinal_ex failure");
winpr_Cipher_Free(aesDec);
free(PasswordW);
free(pbOut);
return -1;
}
EVP_CIPHER_CTX_cleanup(&aesDec);
winpr_Cipher_Free(aesDec);
cbOut += cbFinal;
cbFinal = 0;

View File

@ -913,6 +913,8 @@ WINPR_API void winpr_RC4_Free(WINPR_RC4_CTX* ctx);
* Generic Cipher API
*/
#define WINPR_AES_BLOCK_SIZE 16
/* cipher operation types */
#define WINPR_ENCRYPT 0
#define WINPR_DECRYPT 1