code cleanup
This commit is contained in:
parent
dc224b14fd
commit
769508bd7d
@ -192,7 +192,7 @@ static boolean rdp_establish_keys(rdpRdp* rdp)
|
|||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* now calculate encrypt / decrypt and upate keys */
|
/* now calculate encrypt / decrypt and update keys */
|
||||||
if (!security_establish_keys(client_random, rdp))
|
if (!security_establish_keys(client_random, rdp))
|
||||||
{
|
{
|
||||||
return False;
|
return False;
|
||||||
|
@ -72,7 +72,7 @@ void crypto_rc4_free(CryptoRc4 rc4)
|
|||||||
xfree(rc4);
|
xfree(rc4);
|
||||||
}
|
}
|
||||||
|
|
||||||
CryptoDes3 crypto_des3_encrypt_init(uint8 key[24], uint8 ivec[8])
|
CryptoDes3 crypto_des3_encrypt_init(uint8* key, uint8* ivec)
|
||||||
{
|
{
|
||||||
CryptoDes3 des3 = xmalloc(sizeof(*des3));
|
CryptoDes3 des3 = xmalloc(sizeof(*des3));
|
||||||
EVP_CIPHER_CTX_init(&des3->des3_ctx);
|
EVP_CIPHER_CTX_init(&des3->des3_ctx);
|
||||||
@ -81,7 +81,7 @@ CryptoDes3 crypto_des3_encrypt_init(uint8 key[24], uint8 ivec[8])
|
|||||||
return des3;
|
return des3;
|
||||||
}
|
}
|
||||||
|
|
||||||
CryptoDes3 crypto_des3_decrypt_init(uint8 key[24], uint8 ivec[8])
|
CryptoDes3 crypto_des3_decrypt_init(uint8* key, uint8* ivec)
|
||||||
{
|
{
|
||||||
CryptoDes3 des3 = xmalloc(sizeof(*des3));
|
CryptoDes3 des3 = xmalloc(sizeof(*des3));
|
||||||
EVP_CIPHER_CTX_init(&des3->des3_ctx);
|
EVP_CIPHER_CTX_init(&des3->des3_ctx);
|
||||||
@ -90,13 +90,13 @@ CryptoDes3 crypto_des3_decrypt_init(uint8 key[24], uint8 ivec[8])
|
|||||||
return des3;
|
return des3;
|
||||||
}
|
}
|
||||||
|
|
||||||
void crypto_des3_encrypt(CryptoDes3 des3, uint32 length, uint8 *in_data, uint8 *out_data)
|
void crypto_des3_encrypt(CryptoDes3 des3, uint32 length, uint8* in_data, uint8* out_data)
|
||||||
{
|
{
|
||||||
int len;
|
int len;
|
||||||
EVP_EncryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
|
EVP_EncryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
|
||||||
}
|
}
|
||||||
|
|
||||||
void crypto_des3_decrypt(CryptoDes3 des3, uint32 length, uint8 *in_data, uint8* out_data)
|
void crypto_des3_decrypt(CryptoDes3 des3, uint32 length, uint8* in_data, uint8* out_data)
|
||||||
{
|
{
|
||||||
int len;
|
int len;
|
||||||
EVP_DecryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
|
EVP_DecryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
|
||||||
@ -117,17 +117,17 @@ CryptoHmac crypto_hmac_new(void)
|
|||||||
return hmac;
|
return hmac;
|
||||||
}
|
}
|
||||||
|
|
||||||
void crypto_hmac_sha1_init(CryptoHmac hmac, uint8 *data, uint32 length)
|
void crypto_hmac_sha1_init(CryptoHmac hmac, uint8* data, uint32 length)
|
||||||
{
|
{
|
||||||
HMAC_Init_ex(&hmac->hmac_ctx, data, length, EVP_sha1(), NULL);
|
HMAC_Init_ex(&hmac->hmac_ctx, data, length, EVP_sha1(), NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
void crypto_hmac_update(CryptoHmac hmac, uint8 *data, uint32 length)
|
void crypto_hmac_update(CryptoHmac hmac, uint8* data, uint32 length)
|
||||||
{
|
{
|
||||||
HMAC_Update(&hmac->hmac_ctx, data, length);
|
HMAC_Update(&hmac->hmac_ctx, data, length);
|
||||||
}
|
}
|
||||||
|
|
||||||
void crypto_hmac_final(CryptoHmac hmac, uint8 *out_data, uint32 length)
|
void crypto_hmac_final(CryptoHmac hmac, uint8* out_data, uint32 length)
|
||||||
{
|
{
|
||||||
HMAC_Final(&hmac->hmac_ctx, out_data, &length);
|
HMAC_Final(&hmac->hmac_ctx, out_data, &length);
|
||||||
}
|
}
|
||||||
@ -142,7 +142,7 @@ CryptoCert crypto_cert_read(uint8* data, uint32 length)
|
|||||||
{
|
{
|
||||||
CryptoCert cert = xmalloc(sizeof(*cert));
|
CryptoCert cert = xmalloc(sizeof(*cert));
|
||||||
/* this will move the data pointer but we don't care, we don't use it again */
|
/* this will move the data pointer but we don't care, we don't use it again */
|
||||||
cert->px509 = d2i_X509(NULL, (D2I_X509_CONST unsigned char **) &data, length);
|
cert->px509 = d2i_X509(NULL, (D2I_X509_CONST uint8 **) &data, length);
|
||||||
return cert;
|
return cert;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -183,7 +183,7 @@ boolean crypto_cert_get_public_key(CryptoCert cert, rdpBlob* public_key)
|
|||||||
}
|
}
|
||||||
|
|
||||||
freerdp_blob_alloc(public_key, length);
|
freerdp_blob_alloc(public_key, length);
|
||||||
p = (unsigned char*) public_key->data;
|
p = (uint8*) public_key->data;
|
||||||
i2d_PublicKey(pkey, &p);
|
i2d_PublicKey(pkey, &p);
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
@ -195,7 +195,7 @@ exit:
|
|||||||
|
|
||||||
void crypto_rsa_encrypt(uint8* input, int length, uint32 key_length, uint8* modulus, uint8* exponent, uint8* output)
|
void crypto_rsa_encrypt(uint8* input, int length, uint32 key_length, uint8* modulus, uint8* exponent, uint8* output)
|
||||||
{
|
{
|
||||||
BN_CTX *ctx;
|
BN_CTX* ctx;
|
||||||
int output_length;
|
int output_length;
|
||||||
uint8* input_reverse;
|
uint8* input_reverse;
|
||||||
uint8* modulus_reverse;
|
uint8* modulus_reverse;
|
||||||
@ -258,21 +258,21 @@ void crypto_nonce(uint8* nonce, int size)
|
|||||||
|
|
||||||
char* crypto_cert_fingerprint(X509* xcert)
|
char* crypto_cert_fingerprint(X509* xcert)
|
||||||
{
|
{
|
||||||
char* p;
|
|
||||||
int i = 0;
|
int i = 0;
|
||||||
|
char* p;
|
||||||
char* fp_buffer;
|
char* fp_buffer;
|
||||||
unsigned int fp_len;
|
uint32 fp_len;
|
||||||
unsigned char fp[EVP_MAX_MD_SIZE];
|
uint8 fp[EVP_MAX_MD_SIZE];
|
||||||
|
|
||||||
X509_digest(xcert, EVP_sha1(), fp, &fp_len);
|
X509_digest(xcert, EVP_sha1(), fp, &fp_len);
|
||||||
|
|
||||||
fp_buffer = xzalloc(3 * fp_len);
|
fp_buffer = (char*) xzalloc(3 * fp_len);
|
||||||
p = fp_buffer;
|
p = fp_buffer;
|
||||||
|
|
||||||
for (i = 0; i < fp_len - 1; i++)
|
for (i = 0; i < fp_len - 1; i++)
|
||||||
{
|
{
|
||||||
sprintf(p, "%02x:", fp[i]);
|
sprintf(p, "%02x:", fp[i]);
|
||||||
p = (char*) &fp_buffer[i * 3];
|
p = &fp_buffer[i * 3];
|
||||||
}
|
}
|
||||||
sprintf(p, "%02x", fp[i]);
|
sprintf(p, "%02x", fp[i]);
|
||||||
|
|
||||||
|
@ -94,8 +94,8 @@ void crypto_rc4(CryptoRc4 rc4, uint32 length, uint8* in_data, uint8* out_data);
|
|||||||
void crypto_rc4_free(CryptoRc4 rc4);
|
void crypto_rc4_free(CryptoRc4 rc4);
|
||||||
|
|
||||||
typedef struct crypto_des3_struct* CryptoDes3;
|
typedef struct crypto_des3_struct* CryptoDes3;
|
||||||
CryptoDes3 crypto_des3_encrypt_init(uint8 key[24], uint8 ivec[8]);
|
CryptoDes3 crypto_des3_encrypt_init(uint8* key, uint8* ivec);
|
||||||
CryptoDes3 crypto_des3_decrypt_init(uint8 key[24], uint8 ivec[8]);
|
CryptoDes3 crypto_des3_decrypt_init(uint8* key, uint8* ivec);
|
||||||
void crypto_des3_encrypt(CryptoDes3 des3, uint32 length, uint8 *in_data, uint8 *out_data);
|
void crypto_des3_encrypt(CryptoDes3 des3, uint32 length, uint8 *in_data, uint8 *out_data);
|
||||||
void crypto_des3_decrypt(CryptoDes3 des3, uint32 length, uint8 *in_data, uint8* out_data);
|
void crypto_des3_decrypt(CryptoDes3 des3, uint32 length, uint8 *in_data, uint8* out_data);
|
||||||
void crypto_des3_free(CryptoDes3 des3);
|
void crypto_des3_free(CryptoDes3 des3);
|
||||||
|
@ -125,18 +125,6 @@ uint16 fastpath_read_header_rdp(rdpFastPath* fastpath, STREAM* s)
|
|||||||
return length - hs;
|
return length - hs;
|
||||||
}
|
}
|
||||||
|
|
||||||
boolean fastpath_read_security_header(rdpFastPath* fastpath, STREAM* s)
|
|
||||||
{
|
|
||||||
/* TODO: fipsInformation */
|
|
||||||
|
|
||||||
if ((fastpath->encryptionFlags & FASTPATH_OUTPUT_ENCRYPTED))
|
|
||||||
{
|
|
||||||
stream_seek(s, 8); /* dataSignature */
|
|
||||||
}
|
|
||||||
|
|
||||||
return True;
|
|
||||||
}
|
|
||||||
|
|
||||||
static void fastpath_recv_orders(rdpFastPath* fastpath, STREAM* s)
|
static void fastpath_recv_orders(rdpFastPath* fastpath, STREAM* s)
|
||||||
{
|
{
|
||||||
rdpUpdate* update = fastpath->rdp->update;
|
rdpUpdate* update = fastpath->rdp->update;
|
||||||
@ -144,8 +132,6 @@ static void fastpath_recv_orders(rdpFastPath* fastpath, STREAM* s)
|
|||||||
|
|
||||||
stream_read_uint16(s, numberOrders); /* numberOrders (2 bytes) */
|
stream_read_uint16(s, numberOrders); /* numberOrders (2 bytes) */
|
||||||
|
|
||||||
//printf("numberOrders(FastPath):%d\n", numberOrders);
|
|
||||||
|
|
||||||
while (numberOrders > 0)
|
while (numberOrders > 0)
|
||||||
{
|
{
|
||||||
update_recv_order(update, s);
|
update_recv_order(update, s);
|
||||||
|
@ -92,7 +92,6 @@ struct rdp_fastpath
|
|||||||
|
|
||||||
uint16 fastpath_read_header(rdpFastPath* fastpath, STREAM* s);
|
uint16 fastpath_read_header(rdpFastPath* fastpath, STREAM* s);
|
||||||
uint16 fastpath_read_header_rdp(rdpFastPath* fastpath, STREAM* s);
|
uint16 fastpath_read_header_rdp(rdpFastPath* fastpath, STREAM* s);
|
||||||
boolean fastpath_read_security_header(rdpFastPath* fastpath, STREAM* s);
|
|
||||||
boolean fastpath_recv_updates(rdpFastPath* fastpath, STREAM* s);
|
boolean fastpath_recv_updates(rdpFastPath* fastpath, STREAM* s);
|
||||||
boolean fastpath_recv_inputs(rdpFastPath* fastpath, STREAM* s);
|
boolean fastpath_recv_inputs(rdpFastPath* fastpath, STREAM* s);
|
||||||
|
|
||||||
|
@ -156,23 +156,25 @@ static boolean peer_recv_tpkt_pdu(rdpPeer* peer, STREAM* s)
|
|||||||
static boolean peer_recv_fastpath_pdu(rdpPeer* peer, STREAM* s)
|
static boolean peer_recv_fastpath_pdu(rdpPeer* peer, STREAM* s)
|
||||||
{
|
{
|
||||||
uint16 length;
|
uint16 length;
|
||||||
|
rdpRdp* rdp;
|
||||||
|
rdpFastPath* fastpath;
|
||||||
|
|
||||||
|
rdp = peer->rdp;
|
||||||
|
fastpath = rdp->fastpath;
|
||||||
|
length = fastpath_read_header_rdp(fastpath, s);
|
||||||
|
|
||||||
length = fastpath_read_header_rdp(peer->rdp->fastpath, s);
|
|
||||||
if (length == 0 || length > stream_get_left(s))
|
if (length == 0 || length > stream_get_left(s))
|
||||||
{
|
{
|
||||||
printf("incorrect FastPath PDU header length %d\n", length);
|
printf("incorrect FastPath PDU header length %d\n", length);
|
||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (peer->rdp->fastpath->encryptionFlags & FASTPATH_OUTPUT_ENCRYPTED)
|
if (fastpath->encryptionFlags & FASTPATH_OUTPUT_ENCRYPTED)
|
||||||
{
|
{
|
||||||
rdp_decrypt(peer->rdp, s, length);
|
rdp_decrypt(rdp, s, length);
|
||||||
}
|
}
|
||||||
|
|
||||||
//if (!fastpath_read_security_header(peer->rdp->fastpath, s))
|
return fastpath_recv_inputs(fastpath, s);
|
||||||
// return False;
|
|
||||||
|
|
||||||
return fastpath_recv_inputs(peer->rdp->fastpath, s);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static boolean peer_recv_pdu(rdpPeer* peer, STREAM* s)
|
static boolean peer_recv_pdu(rdpPeer* peer, STREAM* s)
|
||||||
|
@ -252,14 +252,14 @@ void rdp_write_header(rdpRdp* rdp, STREAM* s, uint16 length, uint16 channel_id)
|
|||||||
|
|
||||||
MCSPDU = (rdp->settings->server_mode) ? DomainMCSPDU_SendDataIndication : DomainMCSPDU_SendDataRequest;
|
MCSPDU = (rdp->settings->server_mode) ? DomainMCSPDU_SendDataIndication : DomainMCSPDU_SendDataRequest;
|
||||||
|
|
||||||
if (rdp->sec_flags & SEC_ENCRYPT && rdp->settings->encryption_method == ENCRYPTION_METHOD_FIPS) {
|
if (rdp->sec_flags & SEC_ENCRYPT && rdp->settings->encryption_method == ENCRYPTION_METHOD_FIPS)
|
||||||
|
{
|
||||||
int pad;
|
int pad;
|
||||||
|
|
||||||
body_length = length - RDP_PACKET_HEADER_LENGTH - 16;
|
body_length = length - RDP_PACKET_HEADER_LENGTH - 16;
|
||||||
pad = 8 - (body_length % 8);
|
pad = 8 - (body_length % 8);
|
||||||
if (pad != 8)
|
if (pad != 8)
|
||||||
length += pad;
|
length += pad;
|
||||||
//printf("rdp_write_header: %d %d (%d)\n", length, body_length, pad);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
mcs_write_domain_mcspdu_header(s, MCSPDU, length, 0);
|
mcs_write_domain_mcspdu_header(s, MCSPDU, length, 0);
|
||||||
@ -300,8 +300,6 @@ static uint32 rdp_security_stream_out(rdpRdp* rdp, STREAM* s, int length)
|
|||||||
memset(data+length, 0, pad);
|
memset(data+length, 0, pad);
|
||||||
stream_write_uint8(s, pad);
|
stream_write_uint8(s, pad);
|
||||||
|
|
||||||
// printf("FIPS padding %d, length %d\n", pad, length);
|
|
||||||
|
|
||||||
security_hmac_signature(data, length, s->p, rdp);
|
security_hmac_signature(data, length, s->p, rdp);
|
||||||
stream_seek(s, 8);
|
stream_seek(s, 8);
|
||||||
security_fips_encrypt(data, length + pad, rdp);
|
security_fips_encrypt(data, length + pad, rdp);
|
||||||
@ -417,8 +415,6 @@ boolean rdp_send_data_pdu(rdpRdp* rdp, STREAM* s, uint8 type, uint16 channel_id)
|
|||||||
rdp_write_share_control_header(s, length, PDU_TYPE_DATA, channel_id);
|
rdp_write_share_control_header(s, length, PDU_TYPE_DATA, channel_id);
|
||||||
rdp_write_share_data_header(s, length, type, rdp->settings->share_id);
|
rdp_write_share_data_header(s, length, type, rdp->settings->share_id);
|
||||||
|
|
||||||
//printf("send %s Data PDU (0x%02X), length:%d\n", DATA_PDU_TYPE_STRINGS[type], type, length);
|
|
||||||
|
|
||||||
s->p = sec_hold;
|
s->p = sec_hold;
|
||||||
length += rdp_security_stream_out(rdp, s, length);
|
length += rdp_security_stream_out(rdp, s, length);
|
||||||
|
|
||||||
@ -547,8 +543,6 @@ boolean rdp_recv_out_of_sequence_pdu(rdpRdp* rdp, STREAM* s)
|
|||||||
uint16 length;
|
uint16 length;
|
||||||
uint16 channelId;
|
uint16 channelId;
|
||||||
|
|
||||||
//freerdp_hexdump(s->p, stream_get_left(s));
|
|
||||||
|
|
||||||
rdp_read_share_control_header(s, &length, &type, &channelId);
|
rdp_read_share_control_header(s, &length, &type, &channelId);
|
||||||
|
|
||||||
if (type == PDU_TYPE_DATA)
|
if (type == PDU_TYPE_DATA)
|
||||||
@ -584,8 +578,8 @@ boolean rdp_decrypt(rdpRdp* rdp, STREAM* s, int length)
|
|||||||
uint8 version, pad;
|
uint8 version, pad;
|
||||||
uint8 *sig;
|
uint8 *sig;
|
||||||
|
|
||||||
stream_read_uint16(s, len); // 0x10
|
stream_read_uint16(s, len); /* 0x10 */
|
||||||
stream_read_uint8(s, version); // 0x1
|
stream_read_uint8(s, version); /* 0x1 */
|
||||||
stream_read_uint8(s, pad);
|
stream_read_uint8(s, pad);
|
||||||
|
|
||||||
sig = s->p;
|
sig = s->p;
|
||||||
@ -596,16 +590,16 @@ boolean rdp_decrypt(rdpRdp* rdp, STREAM* s, int length)
|
|||||||
if (!security_fips_decrypt(s->p, cryptlen, rdp))
|
if (!security_fips_decrypt(s->p, cryptlen, rdp))
|
||||||
{
|
{
|
||||||
printf("FATAL: cannot decrypt\n");
|
printf("FATAL: cannot decrypt\n");
|
||||||
return False; // TODO
|
return False; /* TODO */
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!security_fips_check_signature(s->p, cryptlen-pad, sig, rdp))
|
if (!security_fips_check_signature(s->p, cryptlen-pad, sig, rdp))
|
||||||
{
|
{
|
||||||
printf("FATAL: invalid packet signature\n");
|
printf("FATAL: invalid packet signature\n");
|
||||||
return False; // TODO
|
return False; /* TODO */
|
||||||
}
|
}
|
||||||
|
|
||||||
// is this what needs adjusting?
|
/* is this what needs adjusting? */
|
||||||
s->size -= pad;
|
s->size -= pad;
|
||||||
return True;
|
return True;
|
||||||
}
|
}
|
||||||
@ -689,8 +683,10 @@ static boolean rdp_recv_tpkt_pdu(rdpRdp* rdp, STREAM* s)
|
|||||||
static boolean rdp_recv_fastpath_pdu(rdpRdp* rdp, STREAM* s)
|
static boolean rdp_recv_fastpath_pdu(rdpRdp* rdp, STREAM* s)
|
||||||
{
|
{
|
||||||
uint16 length;
|
uint16 length;
|
||||||
|
rdpFastPath* fastpath;
|
||||||
|
|
||||||
length = fastpath_read_header_rdp(rdp->fastpath, s);
|
fastpath = rdp->fastpath;
|
||||||
|
length = fastpath_read_header_rdp(fastpath, s);
|
||||||
|
|
||||||
if (length == 0 || length > stream_get_left(s))
|
if (length == 0 || length > stream_get_left(s))
|
||||||
{
|
{
|
||||||
@ -698,7 +694,7 @@ static boolean rdp_recv_fastpath_pdu(rdpRdp* rdp, STREAM* s)
|
|||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (rdp->fastpath->encryptionFlags & FASTPATH_OUTPUT_ENCRYPTED)
|
if (fastpath->encryptionFlags & FASTPATH_OUTPUT_ENCRYPTED)
|
||||||
{
|
{
|
||||||
rdp_decrypt(rdp, s, length);
|
rdp_decrypt(rdp, s, length);
|
||||||
}
|
}
|
||||||
|
@ -167,11 +167,6 @@ int tcp_read(rdpTcp* tcp, uint8* data, int length)
|
|||||||
perror("recv");
|
perror("recv");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
else
|
|
||||||
{
|
|
||||||
//printf("tcp_read: length %d\n", status);
|
|
||||||
//freerdp_hexdump(data, status);
|
|
||||||
}
|
|
||||||
|
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
@ -182,9 +177,6 @@ int tcp_write(rdpTcp* tcp, uint8* data, int length)
|
|||||||
|
|
||||||
status = send(tcp->sockfd, data, length, MSG_NOSIGNAL);
|
status = send(tcp->sockfd, data, length, MSG_NOSIGNAL);
|
||||||
|
|
||||||
//printf("tcp_write: length %d\n", status);
|
|
||||||
//freerdp_hexdump(data, status);
|
|
||||||
|
|
||||||
if (status < 0)
|
if (status < 0)
|
||||||
{
|
{
|
||||||
if (errno == EAGAIN || errno == EWOULDBLOCK)
|
if (errno == EAGAIN || errno == EWOULDBLOCK)
|
||||||
|
Loading…
Reference in New Issue
Block a user