code cleanup
This commit is contained in:
parent
dc224b14fd
commit
769508bd7d
@ -192,7 +192,7 @@ static boolean rdp_establish_keys(rdpRdp* rdp)
|
||||
return False;
|
||||
}
|
||||
|
||||
/* now calculate encrypt / decrypt and upate keys */
|
||||
/* now calculate encrypt / decrypt and update keys */
|
||||
if (!security_establish_keys(client_random, rdp))
|
||||
{
|
||||
return False;
|
||||
|
@ -72,7 +72,7 @@ void crypto_rc4_free(CryptoRc4 rc4)
|
||||
xfree(rc4);
|
||||
}
|
||||
|
||||
CryptoDes3 crypto_des3_encrypt_init(uint8 key[24], uint8 ivec[8])
|
||||
CryptoDes3 crypto_des3_encrypt_init(uint8* key, uint8* ivec)
|
||||
{
|
||||
CryptoDes3 des3 = xmalloc(sizeof(*des3));
|
||||
EVP_CIPHER_CTX_init(&des3->des3_ctx);
|
||||
@ -81,7 +81,7 @@ CryptoDes3 crypto_des3_encrypt_init(uint8 key[24], uint8 ivec[8])
|
||||
return des3;
|
||||
}
|
||||
|
||||
CryptoDes3 crypto_des3_decrypt_init(uint8 key[24], uint8 ivec[8])
|
||||
CryptoDes3 crypto_des3_decrypt_init(uint8* key, uint8* ivec)
|
||||
{
|
||||
CryptoDes3 des3 = xmalloc(sizeof(*des3));
|
||||
EVP_CIPHER_CTX_init(&des3->des3_ctx);
|
||||
@ -90,13 +90,13 @@ CryptoDes3 crypto_des3_decrypt_init(uint8 key[24], uint8 ivec[8])
|
||||
return des3;
|
||||
}
|
||||
|
||||
void crypto_des3_encrypt(CryptoDes3 des3, uint32 length, uint8 *in_data, uint8 *out_data)
|
||||
void crypto_des3_encrypt(CryptoDes3 des3, uint32 length, uint8* in_data, uint8* out_data)
|
||||
{
|
||||
int len;
|
||||
EVP_EncryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
|
||||
}
|
||||
|
||||
void crypto_des3_decrypt(CryptoDes3 des3, uint32 length, uint8 *in_data, uint8* out_data)
|
||||
void crypto_des3_decrypt(CryptoDes3 des3, uint32 length, uint8* in_data, uint8* out_data)
|
||||
{
|
||||
int len;
|
||||
EVP_DecryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
|
||||
@ -117,17 +117,17 @@ CryptoHmac crypto_hmac_new(void)
|
||||
return hmac;
|
||||
}
|
||||
|
||||
void crypto_hmac_sha1_init(CryptoHmac hmac, uint8 *data, uint32 length)
|
||||
void crypto_hmac_sha1_init(CryptoHmac hmac, uint8* data, uint32 length)
|
||||
{
|
||||
HMAC_Init_ex(&hmac->hmac_ctx, data, length, EVP_sha1(), NULL);
|
||||
}
|
||||
|
||||
void crypto_hmac_update(CryptoHmac hmac, uint8 *data, uint32 length)
|
||||
void crypto_hmac_update(CryptoHmac hmac, uint8* data, uint32 length)
|
||||
{
|
||||
HMAC_Update(&hmac->hmac_ctx, data, length);
|
||||
}
|
||||
|
||||
void crypto_hmac_final(CryptoHmac hmac, uint8 *out_data, uint32 length)
|
||||
void crypto_hmac_final(CryptoHmac hmac, uint8* out_data, uint32 length)
|
||||
{
|
||||
HMAC_Final(&hmac->hmac_ctx, out_data, &length);
|
||||
}
|
||||
@ -142,7 +142,7 @@ CryptoCert crypto_cert_read(uint8* data, uint32 length)
|
||||
{
|
||||
CryptoCert cert = xmalloc(sizeof(*cert));
|
||||
/* this will move the data pointer but we don't care, we don't use it again */
|
||||
cert->px509 = d2i_X509(NULL, (D2I_X509_CONST unsigned char **) &data, length);
|
||||
cert->px509 = d2i_X509(NULL, (D2I_X509_CONST uint8 **) &data, length);
|
||||
return cert;
|
||||
}
|
||||
|
||||
@ -183,7 +183,7 @@ boolean crypto_cert_get_public_key(CryptoCert cert, rdpBlob* public_key)
|
||||
}
|
||||
|
||||
freerdp_blob_alloc(public_key, length);
|
||||
p = (unsigned char*) public_key->data;
|
||||
p = (uint8*) public_key->data;
|
||||
i2d_PublicKey(pkey, &p);
|
||||
|
||||
exit:
|
||||
@ -195,7 +195,7 @@ exit:
|
||||
|
||||
void crypto_rsa_encrypt(uint8* input, int length, uint32 key_length, uint8* modulus, uint8* exponent, uint8* output)
|
||||
{
|
||||
BN_CTX *ctx;
|
||||
BN_CTX* ctx;
|
||||
int output_length;
|
||||
uint8* input_reverse;
|
||||
uint8* modulus_reverse;
|
||||
@ -258,21 +258,21 @@ void crypto_nonce(uint8* nonce, int size)
|
||||
|
||||
char* crypto_cert_fingerprint(X509* xcert)
|
||||
{
|
||||
char* p;
|
||||
int i = 0;
|
||||
char* p;
|
||||
char* fp_buffer;
|
||||
unsigned int fp_len;
|
||||
unsigned char fp[EVP_MAX_MD_SIZE];
|
||||
uint32 fp_len;
|
||||
uint8 fp[EVP_MAX_MD_SIZE];
|
||||
|
||||
X509_digest(xcert, EVP_sha1(), fp, &fp_len);
|
||||
|
||||
fp_buffer = xzalloc(3 * fp_len);
|
||||
fp_buffer = (char*) xzalloc(3 * fp_len);
|
||||
p = fp_buffer;
|
||||
|
||||
for (i = 0; i < fp_len - 1; i++)
|
||||
{
|
||||
sprintf(p, "%02x:", fp[i]);
|
||||
p = (char*) &fp_buffer[i * 3];
|
||||
p = &fp_buffer[i * 3];
|
||||
}
|
||||
sprintf(p, "%02x", fp[i]);
|
||||
|
||||
|
@ -94,8 +94,8 @@ void crypto_rc4(CryptoRc4 rc4, uint32 length, uint8* in_data, uint8* out_data);
|
||||
void crypto_rc4_free(CryptoRc4 rc4);
|
||||
|
||||
typedef struct crypto_des3_struct* CryptoDes3;
|
||||
CryptoDes3 crypto_des3_encrypt_init(uint8 key[24], uint8 ivec[8]);
|
||||
CryptoDes3 crypto_des3_decrypt_init(uint8 key[24], uint8 ivec[8]);
|
||||
CryptoDes3 crypto_des3_encrypt_init(uint8* key, uint8* ivec);
|
||||
CryptoDes3 crypto_des3_decrypt_init(uint8* key, uint8* ivec);
|
||||
void crypto_des3_encrypt(CryptoDes3 des3, uint32 length, uint8 *in_data, uint8 *out_data);
|
||||
void crypto_des3_decrypt(CryptoDes3 des3, uint32 length, uint8 *in_data, uint8* out_data);
|
||||
void crypto_des3_free(CryptoDes3 des3);
|
||||
|
@ -125,18 +125,6 @@ uint16 fastpath_read_header_rdp(rdpFastPath* fastpath, STREAM* s)
|
||||
return length - hs;
|
||||
}
|
||||
|
||||
boolean fastpath_read_security_header(rdpFastPath* fastpath, STREAM* s)
|
||||
{
|
||||
/* TODO: fipsInformation */
|
||||
|
||||
if ((fastpath->encryptionFlags & FASTPATH_OUTPUT_ENCRYPTED))
|
||||
{
|
||||
stream_seek(s, 8); /* dataSignature */
|
||||
}
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
static void fastpath_recv_orders(rdpFastPath* fastpath, STREAM* s)
|
||||
{
|
||||
rdpUpdate* update = fastpath->rdp->update;
|
||||
@ -144,8 +132,6 @@ static void fastpath_recv_orders(rdpFastPath* fastpath, STREAM* s)
|
||||
|
||||
stream_read_uint16(s, numberOrders); /* numberOrders (2 bytes) */
|
||||
|
||||
//printf("numberOrders(FastPath):%d\n", numberOrders);
|
||||
|
||||
while (numberOrders > 0)
|
||||
{
|
||||
update_recv_order(update, s);
|
||||
|
@ -92,7 +92,6 @@ struct rdp_fastpath
|
||||
|
||||
uint16 fastpath_read_header(rdpFastPath* fastpath, STREAM* s);
|
||||
uint16 fastpath_read_header_rdp(rdpFastPath* fastpath, STREAM* s);
|
||||
boolean fastpath_read_security_header(rdpFastPath* fastpath, STREAM* s);
|
||||
boolean fastpath_recv_updates(rdpFastPath* fastpath, STREAM* s);
|
||||
boolean fastpath_recv_inputs(rdpFastPath* fastpath, STREAM* s);
|
||||
|
||||
|
@ -156,23 +156,25 @@ static boolean peer_recv_tpkt_pdu(rdpPeer* peer, STREAM* s)
|
||||
static boolean peer_recv_fastpath_pdu(rdpPeer* peer, STREAM* s)
|
||||
{
|
||||
uint16 length;
|
||||
rdpRdp* rdp;
|
||||
rdpFastPath* fastpath;
|
||||
|
||||
rdp = peer->rdp;
|
||||
fastpath = rdp->fastpath;
|
||||
length = fastpath_read_header_rdp(fastpath, s);
|
||||
|
||||
length = fastpath_read_header_rdp(peer->rdp->fastpath, s);
|
||||
if (length == 0 || length > stream_get_left(s))
|
||||
{
|
||||
printf("incorrect FastPath PDU header length %d\n", length);
|
||||
return False;
|
||||
}
|
||||
|
||||
if (peer->rdp->fastpath->encryptionFlags & FASTPATH_OUTPUT_ENCRYPTED)
|
||||
if (fastpath->encryptionFlags & FASTPATH_OUTPUT_ENCRYPTED)
|
||||
{
|
||||
rdp_decrypt(peer->rdp, s, length);
|
||||
rdp_decrypt(rdp, s, length);
|
||||
}
|
||||
|
||||
//if (!fastpath_read_security_header(peer->rdp->fastpath, s))
|
||||
// return False;
|
||||
|
||||
return fastpath_recv_inputs(peer->rdp->fastpath, s);
|
||||
return fastpath_recv_inputs(fastpath, s);
|
||||
}
|
||||
|
||||
static boolean peer_recv_pdu(rdpPeer* peer, STREAM* s)
|
||||
|
@ -252,14 +252,14 @@ void rdp_write_header(rdpRdp* rdp, STREAM* s, uint16 length, uint16 channel_id)
|
||||
|
||||
MCSPDU = (rdp->settings->server_mode) ? DomainMCSPDU_SendDataIndication : DomainMCSPDU_SendDataRequest;
|
||||
|
||||
if (rdp->sec_flags & SEC_ENCRYPT && rdp->settings->encryption_method == ENCRYPTION_METHOD_FIPS) {
|
||||
if (rdp->sec_flags & SEC_ENCRYPT && rdp->settings->encryption_method == ENCRYPTION_METHOD_FIPS)
|
||||
{
|
||||
int pad;
|
||||
|
||||
body_length = length - RDP_PACKET_HEADER_LENGTH - 16;
|
||||
pad = 8 - (body_length % 8);
|
||||
if (pad != 8)
|
||||
length += pad;
|
||||
//printf("rdp_write_header: %d %d (%d)\n", length, body_length, pad);
|
||||
}
|
||||
|
||||
mcs_write_domain_mcspdu_header(s, MCSPDU, length, 0);
|
||||
@ -300,8 +300,6 @@ static uint32 rdp_security_stream_out(rdpRdp* rdp, STREAM* s, int length)
|
||||
memset(data+length, 0, pad);
|
||||
stream_write_uint8(s, pad);
|
||||
|
||||
// printf("FIPS padding %d, length %d\n", pad, length);
|
||||
|
||||
security_hmac_signature(data, length, s->p, rdp);
|
||||
stream_seek(s, 8);
|
||||
security_fips_encrypt(data, length + pad, rdp);
|
||||
@ -417,8 +415,6 @@ boolean rdp_send_data_pdu(rdpRdp* rdp, STREAM* s, uint8 type, uint16 channel_id)
|
||||
rdp_write_share_control_header(s, length, PDU_TYPE_DATA, channel_id);
|
||||
rdp_write_share_data_header(s, length, type, rdp->settings->share_id);
|
||||
|
||||
//printf("send %s Data PDU (0x%02X), length:%d\n", DATA_PDU_TYPE_STRINGS[type], type, length);
|
||||
|
||||
s->p = sec_hold;
|
||||
length += rdp_security_stream_out(rdp, s, length);
|
||||
|
||||
@ -547,8 +543,6 @@ boolean rdp_recv_out_of_sequence_pdu(rdpRdp* rdp, STREAM* s)
|
||||
uint16 length;
|
||||
uint16 channelId;
|
||||
|
||||
//freerdp_hexdump(s->p, stream_get_left(s));
|
||||
|
||||
rdp_read_share_control_header(s, &length, &type, &channelId);
|
||||
|
||||
if (type == PDU_TYPE_DATA)
|
||||
@ -584,8 +578,8 @@ boolean rdp_decrypt(rdpRdp* rdp, STREAM* s, int length)
|
||||
uint8 version, pad;
|
||||
uint8 *sig;
|
||||
|
||||
stream_read_uint16(s, len); // 0x10
|
||||
stream_read_uint8(s, version); // 0x1
|
||||
stream_read_uint16(s, len); /* 0x10 */
|
||||
stream_read_uint8(s, version); /* 0x1 */
|
||||
stream_read_uint8(s, pad);
|
||||
|
||||
sig = s->p;
|
||||
@ -596,16 +590,16 @@ boolean rdp_decrypt(rdpRdp* rdp, STREAM* s, int length)
|
||||
if (!security_fips_decrypt(s->p, cryptlen, rdp))
|
||||
{
|
||||
printf("FATAL: cannot decrypt\n");
|
||||
return False; // TODO
|
||||
return False; /* TODO */
|
||||
}
|
||||
|
||||
if (!security_fips_check_signature(s->p, cryptlen-pad, sig, rdp))
|
||||
{
|
||||
printf("FATAL: invalid packet signature\n");
|
||||
return False; // TODO
|
||||
return False; /* TODO */
|
||||
}
|
||||
|
||||
// is this what needs adjusting?
|
||||
/* is this what needs adjusting? */
|
||||
s->size -= pad;
|
||||
return True;
|
||||
}
|
||||
@ -689,8 +683,10 @@ static boolean rdp_recv_tpkt_pdu(rdpRdp* rdp, STREAM* s)
|
||||
static boolean rdp_recv_fastpath_pdu(rdpRdp* rdp, STREAM* s)
|
||||
{
|
||||
uint16 length;
|
||||
rdpFastPath* fastpath;
|
||||
|
||||
length = fastpath_read_header_rdp(rdp->fastpath, s);
|
||||
fastpath = rdp->fastpath;
|
||||
length = fastpath_read_header_rdp(fastpath, s);
|
||||
|
||||
if (length == 0 || length > stream_get_left(s))
|
||||
{
|
||||
@ -698,7 +694,7 @@ static boolean rdp_recv_fastpath_pdu(rdpRdp* rdp, STREAM* s)
|
||||
return False;
|
||||
}
|
||||
|
||||
if (rdp->fastpath->encryptionFlags & FASTPATH_OUTPUT_ENCRYPTED)
|
||||
if (fastpath->encryptionFlags & FASTPATH_OUTPUT_ENCRYPTED)
|
||||
{
|
||||
rdp_decrypt(rdp, s, length);
|
||||
}
|
||||
|
@ -167,11 +167,6 @@ int tcp_read(rdpTcp* tcp, uint8* data, int length)
|
||||
perror("recv");
|
||||
return -1;
|
||||
}
|
||||
else
|
||||
{
|
||||
//printf("tcp_read: length %d\n", status);
|
||||
//freerdp_hexdump(data, status);
|
||||
}
|
||||
|
||||
return status;
|
||||
}
|
||||
@ -182,9 +177,6 @@ int tcp_write(rdpTcp* tcp, uint8* data, int length)
|
||||
|
||||
status = send(tcp->sockfd, data, length, MSG_NOSIGNAL);
|
||||
|
||||
//printf("tcp_write: length %d\n", status);
|
||||
//freerdp_hexdump(data, status);
|
||||
|
||||
if (status < 0)
|
||||
{
|
||||
if (errno == EAGAIN || errno == EWOULDBLOCK)
|
||||
|
Loading…
Reference in New Issue
Block a user