diff --git a/cunit/test_gcc.c b/cunit/test_gcc.c index d05389ea7..929bcb8a7 100644 --- a/cunit/test_gcc.c +++ b/cunit/test_gcc.c @@ -154,11 +154,11 @@ void test_gcc_write_client_security_data(void) s = stream_new(12); settings = settings_new(); - settings->encryption_methods = - ENCRYPTION_40BIT_FLAG | - ENCRYPTION_56BIT_FLAG | - ENCRYPTION_128BIT_FLAG | - ENCRYPTION_FIPS_FLAG; + settings->encryption_method = + ENCRYPTION_METHOD_40BIT | + ENCRYPTION_METHOD_56BIT | + ENCRYPTION_METHOD_128BIT | + ENCRYPTION_METHOD_FIPS; gcc_write_client_security_data(s, settings); diff --git a/include/freerdp/settings.h b/include/freerdp/settings.h index 77730eb26..a4ed305a9 100644 --- a/include/freerdp/settings.h +++ b/include/freerdp/settings.h @@ -36,10 +36,18 @@ #define PERF_ENABLE_DESKTOP_COMPOSITION 0x00000100 /* Encryption Methods */ -#define ENCRYPTION_40BIT_FLAG 0x00000001 -#define ENCRYPTION_128BIT_FLAG 0x00000002 -#define ENCRYPTION_56BIT_FLAG 0x00000008 -#define ENCRYPTION_FIPS_FLAG 0x00000010 +#define ENCRYPTION_METHOD_NONE 0x00000000 +#define ENCRYPTION_METHOD_40BIT 0x00000001 +#define ENCRYPTION_METHOD_128BIT 0x00000002 +#define ENCRYPTION_METHOD_56BIT 0x00000008 +#define ENCRYPTION_METHOD_FIPS 0x00000010 + +/* Encryption Levels */ +#define ENCRYPTION_LEVEL_NONE 0x00000000 +#define ENCRYPTION_LEVEL_LOW 0x00000001 +#define ENCRYPTION_LEVEL_CLIENT_COMPATIBLE 0x00000002 +#define ENCRYPTION_LEVEL_HIGH 0x00000003 +#define ENCRYPTION_LEVEL_FIPS 0x00000004 /* Auto Reconnect Version */ #define AUTO_RECONNECT_VERSION_1 0x00000001 @@ -113,7 +121,8 @@ struct rdp_settings uint32 kbd_fn_keys; uint32 client_build; uint32 selected_protocol; - uint32 encryption_methods; + uint32 encryption_method; + uint32 encryption_level; BLOB server_random; BLOB server_certificate; @@ -157,6 +166,8 @@ struct rdp_settings boolean nla_security; boolean rdp_security; + uint32 share_id; + int remote_app; char app_name[64]; int bitmap_cache; diff --git a/libfreerdp-core/CMakeLists.txt b/libfreerdp-core/CMakeLists.txt index a80da74e8..959a01e5d 100644 --- a/libfreerdp-core/CMakeLists.txt +++ b/libfreerdp-core/CMakeLists.txt @@ -43,6 +43,8 @@ set(LIBFREERDP_CORE_SRCS security.c security.h settings.c + capabilities.c + capabilities.h certificate.c certificate.h connection.c diff --git a/libfreerdp-core/capabilities.c b/libfreerdp-core/capabilities.c new file mode 100644 index 000000000..9055f14f8 --- /dev/null +++ b/libfreerdp-core/capabilities.c @@ -0,0 +1,341 @@ +/** + * FreeRDP: A Remote Desktop Protocol Client + * RDP Capability Sets + * + * Copyright 2011 Marc-Andre Moreau + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "capabilities.h" + +uint8 CAPSET_TYPE_STRINGS[][32] = +{ + "Unknown", + "General", + "Bitmap", + "Order", + "Bitmap Cache", + "Control", + "Unknown", + "Window Activation", + "Pointer", + "Share", + "Color Cache", + "Unknown", + "Sound", + "Input", + "Font", + "Brush", + "Glyph Cache", + "Offscreen Bitmap Cache", + "Bitmap Cache Host Support", + "Bitmap Cache v2", + "Virtual Channel", + "DrawNineGrid Cache", + "Draw GDI+ Cache", + "Remote Programs", + "Window List", + "Desktop Composition", + "Multifragment Update", + "Large Pointer", + "Surface Commands", + "Bitmap Codecs" +}; + +void rdp_read_capability_set_header(STREAM* s, uint16* length, uint16* type) +{ + stream_read_uint16(s, *type); /* capabilitySetType */ + stream_read_uint16(s, *length); /* lengthCapability */ +} + +void rdp_read_general_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_bitmap_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_order_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_bitmap_cache_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_control_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_window_activation_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_pointer_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_share_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_color_cache_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_sound_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_input_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_font_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_brush_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_glyph_cache_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_offscreen_bitmap_cache_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_bitmap_cache_host_support_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_bitmap_cache_v2_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_virtual_channel_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_draw_nine_grid_cache_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_draw_gdi_plus_cache_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_remote_programs_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_window_list_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_desktop_composition_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_multifragment_update_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_large_pointer_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_surface_commands_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_bitmap_codecs_capability_set(STREAM* s, rdpSettings* settings) +{ + +} + +void rdp_read_demand_active(STREAM* s, rdpSettings* settings) +{ + uint16 type; + uint16 length; + uint16 numberCapabilities; + uint16 lengthSourceDescriptor; + uint16 lengthCombinedCapabilities; + + printf("Demand Active PDU\n"); + + stream_read_uint32(s, settings->share_id); /* shareId (4 bytes) */ + stream_read_uint16(s, lengthSourceDescriptor); /* lengthSourceDescriptor (2 bytes) */ + stream_read_uint16(s, lengthCombinedCapabilities); /* lengthCombinedCapabilities (2 bytes) */ + stream_seek(s, lengthSourceDescriptor); /* sourceDescriptor */ + stream_read_uint16(s, numberCapabilities); /* numberCapabilities (2 bytes) */ + stream_seek(s, 2); /* pad2Octets (2 bytes) */ + + /* capabilitySets */ + while (numberCapabilities > 0) + { + rdp_read_capability_set_header(s, &length, &type); + printf("%s Capability Set (0x%02X), length:%d\n", CAPSET_TYPE_STRINGS[type], type, length); + stream_seek(s, length - CAPSET_HEADER_LENGTH); + numberCapabilities--; + + switch (type) + { + case CAPSET_TYPE_GENERAL: + rdp_read_general_capability_set(s, settings); + break; + + case CAPSET_TYPE_BITMAP: + rdp_read_bitmap_capability_set(s, settings); + break; + + case CAPSET_TYPE_ORDER: + rdp_read_order_capability_set(s, settings); + break; + + case CAPSET_TYPE_BITMAP_CACHE: + rdp_read_bitmap_cache_capability_set(s, settings); + break; + + case CAPSET_TYPE_CONTROL: + rdp_read_control_capability_set(s, settings); + break; + + case CAPSET_TYPE_ACTIVATION: + rdp_read_window_activation_capability_set(s, settings); + break; + + case CAPSET_TYPE_POINTER: + rdp_read_pointer_capability_set(s, settings); + break; + + case CAPSET_TYPE_SHARE: + rdp_read_share_capability_set(s, settings); + break; + + case CAPSET_TYPE_COLOR_CACHE: + rdp_read_color_cache_capability_set(s, settings); + break; + + case CAPSET_TYPE_SOUND: + rdp_read_sound_capability_set(s, settings); + break; + + case CAPSET_TYPE_INPUT: + rdp_read_input_capability_set(s, settings); + break; + + case CAPSET_TYPE_FONT: + rdp_read_font_capability_set(s, settings); + break; + + case CAPSET_TYPE_BRUSH: + rdp_read_brush_capability_set(s, settings); + break; + + case CAPSET_TYPE_GLYPH_CACHE: + rdp_read_glyph_cache_capability_set(s, settings); + break; + + case CAPSET_TYPE_OFFSCREEN_CACHE: + rdp_read_offscreen_bitmap_cache_capability_set(s, settings); + break; + + case CAPSET_TYPE_BITMAP_CACHE_HOST_SUPPORT: + rdp_read_bitmap_cache_host_support_capability_set(s, settings); + break; + + case CAPSET_TYPE_BITMAP_CACHE_V2: + rdp_read_bitmap_cache_v2_capability_set(s, settings); + break; + + case CAPSET_TYPE_VIRTUAL_CHANNEL: + rdp_read_virtual_channel_capability_set(s, settings); + break; + + case CAPSET_TYPE_DRAW_NINE_GRID_CACHE: + rdp_read_draw_nine_grid_cache_capability_set(s, settings); + break; + + case CAPSET_TYPE_DRAW_GDI_PLUS: + rdp_read_draw_gdi_plus_cache_capability_set(s, settings); + break; + + case CAPSET_TYPE_RAIL: + rdp_read_remote_programs_capability_set(s, settings); + break; + + case CAPSET_TYPE_WINDOW: + rdp_read_window_list_capability_set(s, settings); + break; + + case CAPSET_TYPE_COMP_DESK: + rdp_read_desktop_composition_capability_set(s, settings); + break; + + case CAPSET_TYPE_MULTI_FRAGMENT_UPDATE: + rdp_read_multifragment_update_capability_set(s, settings); + break; + + case CAPSET_TYPE_LARGE_POINTER: + rdp_read_large_pointer_capability_set(s, settings); + break; + + case CAPSET_TYPE_SURFACE_COMMANDS: + rdp_read_surface_commands_capability_set(s, settings); + break; + + case CAPSET_TYPE_BITMAP_CODECS: + rdp_read_bitmap_codecs_capability_set(s, settings); + break; + + default: + break; + } + } +} + +void rdp_read_deactivate_all(STREAM* s, rdpSettings* settings) +{ + printf("Deactivate All PDU\n"); +} diff --git a/libfreerdp-core/capabilities.h b/libfreerdp-core/capabilities.h new file mode 100644 index 000000000..7fc229ec6 --- /dev/null +++ b/libfreerdp-core/capabilities.h @@ -0,0 +1,89 @@ +/** + * FreeRDP: A Remote Desktop Protocol Client + * RDP Capability Sets + * + * Copyright 2011 Marc-Andre Moreau + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __CAPABILITIES_H +#define __CAPABILITIES_H + +#include +#include +#include + +/* Capability Set Types */ +#define CAPSET_TYPE_GENERAL 0x0001 +#define CAPSET_TYPE_BITMAP 0x0002 +#define CAPSET_TYPE_ORDER 0x0003 +#define CAPSET_TYPE_BITMAP_CACHE 0x0004 +#define CAPSET_TYPE_CONTROL 0x0005 +#define CAPSET_TYPE_ACTIVATION 0x0007 +#define CAPSET_TYPE_POINTER 0x0008 +#define CAPSET_TYPE_SHARE 0x0009 +#define CAPSET_TYPE_COLOR_CACHE 0x000A +#define CAPSET_TYPE_SOUND 0x000C +#define CAPSET_TYPE_INPUT 0x000D +#define CAPSET_TYPE_FONT 0x000E +#define CAPSET_TYPE_BRUSH 0x000F +#define CAPSET_TYPE_GLYPH_CACHE 0x0010 +#define CAPSET_TYPE_OFFSCREEN_CACHE 0x0011 +#define CAPSET_TYPE_BITMAP_CACHE_HOST_SUPPORT 0x0012 +#define CAPSET_TYPE_BITMAP_CACHE_V2 0x0013 +#define CAPSET_TYPE_VIRTUAL_CHANNEL 0x0014 +#define CAPSET_TYPE_DRAW_NINE_GRID_CACHE 0x0015 +#define CAPSET_TYPE_DRAW_GDI_PLUS 0x0016 +#define CAPSET_TYPE_RAIL 0x0017 +#define CAPSET_TYPE_WINDOW 0x0018 +#define CAPSET_TYPE_COMP_DESK 0x0019 +#define CAPSET_TYPE_MULTI_FRAGMENT_UPDATE 0x001A +#define CAPSET_TYPE_LARGE_POINTER 0x001B +#define CAPSET_TYPE_SURFACE_COMMANDS 0x001C +#define CAPSET_TYPE_BITMAP_CODECS 0x001D + +#define CAPSET_HEADER_LENGTH 4 + +void rdp_read_demand_active(STREAM* s, rdpSettings* settings); +void rdp_read_deactivate_all(STREAM* s, rdpSettings* settings); + +void rdp_read_general_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_bitmap_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_order_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_bitmap_cache_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_control_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_window_activation_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_pointer_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_share_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_color_cache_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_sound_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_input_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_font_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_brush_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_glyph_cache_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_offscreen_bitmap_cache_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_bitmap_cache_host_support_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_bitmap_cache_v2_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_virtual_channel_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_draw_nine_grid_cache_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_draw_gdi_plus_cache_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_remote_programs_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_window_list_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_desktop_composition_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_multifragment_update_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_large_pointer_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_surface_commands_capability_set(STREAM* s, rdpSettings* settings); +void rdp_read_bitmap_codecs_capability_set(STREAM* s, rdpSettings* settings); + +#endif /* __CAPABILITIES_H */ diff --git a/libfreerdp-core/connection.c b/libfreerdp-core/connection.c index 0adf752e0..d8767645f 100644 --- a/libfreerdp-core/connection.c +++ b/libfreerdp-core/connection.c @@ -91,6 +91,8 @@ boolean rdp_client_connect(rdpRdp* rdp) return False; } + rdp->connected = True; + rdp_recv(rdp); return True; diff --git a/libfreerdp-core/gcc.c b/libfreerdp-core/gcc.c index eab01178d..7b8bebeb8 100644 --- a/libfreerdp-core/gcc.c +++ b/libfreerdp-core/gcc.c @@ -388,14 +388,14 @@ void gcc_write_client_security_data(STREAM* s, rdpSettings *settings) if (settings->encryption > 0) { - stream_write_uint32(s, settings->encryption_methods); /* encryptionMethods */ + stream_write_uint32(s, settings->encryption_method); /* encryptionMethods */ stream_write_uint32(s, 0); /* extEncryptionMethods */ } else { /* French locale, disable encryption */ stream_write_uint32(s, 0); /* encryptionMethods */ - stream_write_uint32(s, settings->encryption_methods); /* extEncryptionMethods */ + stream_write_uint32(s, settings->encryption_method); /* extEncryptionMethods */ } } diff --git a/libfreerdp-core/rdp.c b/libfreerdp-core/rdp.c index 10ee4a70e..be58f2211 100644 --- a/libfreerdp-core/rdp.c +++ b/libfreerdp-core/rdp.c @@ -47,6 +47,15 @@ void rdp_write_security_header(STREAM* s, uint16 flags) stream_write_uint16(s, 0); /* flagsHi (unused) */ } +void rdp_read_share_control_header(STREAM* s, uint16* length, uint16* type, uint16* channel_id) +{ + /* Share Control Header */ + stream_read_uint16(s, *length); /* totalLength */ + stream_read_uint16(s, *type); /* pduType */ + stream_read_uint16(s, *channel_id); /* pduSource */ + *type &= 0x0F; /* type is in the 4 least significant bits */ +} + /** * Initialize an RDP packet stream.\n * @param rdp rdp module @@ -105,7 +114,8 @@ void rdp_recv(rdpRdp* rdp) { STREAM* s; int length; - int pduLength; + uint16 pduType; + uint16 pduLength; uint16 initiator; uint16 channelId; uint16 sec_flags; @@ -122,27 +132,48 @@ void rdp_recv(rdpRdp* rdp) stream_seek(s, 1); /* dataPriority + Segmentation (0x70) */ per_read_length(s, &pduLength); /* userData (OCTET_STRING) */ - rdp_read_security_header(s, &sec_flags); - - if (sec_flags & SEC_ENCRYPT) + if (rdp->connected != True) { - printf("RDP packet is encrypted\n"); - } + rdp_read_security_header(s, &sec_flags); - if (sec_flags & SEC_PKT_MASK) - { - switch (sec_flags & SEC_PKT_MASK) + if (sec_flags & SEC_PKT_MASK) { - case SEC_LICENSE_PKT: - license_recv(rdp->license, s); + switch (sec_flags & SEC_PKT_MASK) + { + case SEC_LICENSE_PKT: + license_recv(rdp->license, s); + break; + + case SEC_REDIRECTION_PKT: + rdp_read_redirection_packet(rdp, s); + break; + + default: + printf("incorrect security flags: 0x%04X\n", sec_flags); + break; + } + } + } + else + { + rdp_read_share_control_header(s, &pduLength, &pduType, &channelId); + + switch (pduType) + { + case PDU_TYPE_DEMAND_ACTIVE: + rdp_read_demand_active(s, rdp->settings); break; - case SEC_REDIRECTION_PKT: - rdp_read_redirection_packet(rdp, s); + case PDU_TYPE_DEACTIVATE_ALL: + rdp_read_deactivate_all(s, rdp->settings); + break; + + case PDU_TYPE_SERVER_REDIRECTION: + rdp_read_enhanced_security_redirection_packet(rdp, s); break; default: - printf("incorrect security flags: 0x%04X\n", sec_flags); + printf("incorrect PDU type: 0x%04X\n", pduType); break; } } @@ -161,6 +192,7 @@ rdpRdp* rdp_new() if (rdp != NULL) { + rdp->connected = False; rdp->settings = settings_new(); rdp->registry = registry_new(rdp->settings); rdp->transport = transport_new(rdp->settings); diff --git a/libfreerdp-core/rdp.h b/libfreerdp-core/rdp.h index 3b7867f89..6b6d8c77b 100644 --- a/libfreerdp-core/rdp.h +++ b/libfreerdp-core/rdp.h @@ -31,6 +31,7 @@ typedef struct rdp_rdp rdpRdp; #include "registry.h" #include "transport.h" #include "connection.h" +#include "capabilities.h" #include #include @@ -56,8 +57,15 @@ typedef struct rdp_rdp rdpRdp; #define RDP_SECURITY_HEADER_LENGTH 4 #define RDP_PACKET_HEADER_LENGTH (TPDU_DATA_LENGTH + MCS_SEND_DATA_HEADER_LENGTH) +#define PDU_TYPE_DEMAND_ACTIVE 0x1 +#define PDU_TYPE_CONFIRM_ACTIVE 0x3 +#define PDU_TYPE_DEACTIVATE_ALL 0x6 +#define PDU_TYPE_DATA 0x7 +#define PDU_TYPE_SERVER_REDIRECTION 0xA + struct rdp_rdp { + boolean connected; struct rdp_mcs* mcs; struct rdp_nego* nego; struct rdp_license* license; diff --git a/libfreerdp-core/redirection.c b/libfreerdp-core/redirection.c index cd9624c23..cd4a36b08 100644 --- a/libfreerdp-core/redirection.c +++ b/libfreerdp-core/redirection.c @@ -29,5 +29,11 @@ void rdp_read_redirection_packet(rdpRdp* rdp, STREAM* s) { - printf("SEC_REDIRECTION_PKT\n"); + printf("Redirection Packet\n"); } + +void rdp_read_enhanced_security_redirection_packet(rdpRdp* rdp, STREAM* s) +{ + printf("Enhanced Security Redirection Packet\n"); +} + diff --git a/libfreerdp-core/redirection.h b/libfreerdp-core/redirection.h index 03612b053..78fb9aafd 100644 --- a/libfreerdp-core/redirection.h +++ b/libfreerdp-core/redirection.h @@ -26,5 +26,6 @@ #include void rdp_read_redirection_packet(rdpRdp* rdp, STREAM* s); +void rdp_read_enhanced_security_redirection_packet(rdpRdp* rdp, STREAM* s); #endif /* __REDIRECTION_H */ diff --git a/libfreerdp-core/security.c b/libfreerdp-core/security.c index 7341f478a..4516417ff 100644 --- a/libfreerdp-core/security.c +++ b/libfreerdp-core/security.c @@ -145,3 +145,30 @@ void security_mac_data(uint8* mac_salt_key, uint8* data, uint32 length, uint8* o crypto_md5_final(md5, output); } +void security_mac_signature(uint8* mac_key, int mac_key_length, uint8* data, uint32 length, uint8* output) +{ + CryptoMd5 md5; + CryptoSha1 sha1; + uint8 length_le[4]; + uint8 md5_digest[16]; + uint8 sha1_digest[20]; + + security_uint32_le(length_le, length); /* length must be little-endian */ + + /* SHA1_Digest = SHA1(MACKeyN + pad1 + length + data) */ + sha1 = crypto_sha1_init(); + crypto_sha1_update(sha1, mac_key, mac_key_length); /* MacKeyN */ + crypto_sha1_update(sha1, pad1, sizeof(pad1)); /* pad1 */ + crypto_sha1_update(sha1, length_le, sizeof(length_le)); /* length */ + crypto_sha1_update(sha1, data, length); /* data */ + crypto_sha1_final(sha1, sha1_digest); + + /* MACSignature = First64Bits(MD5(MACKeyN + pad2 + SHA1_Digest)) */ + md5 = crypto_md5_init(); + crypto_md5_update(md5, mac_key, mac_key_length); /* MacKeyN */ + crypto_md5_update(md5, pad2, sizeof(pad2)); /* pad2 */ + crypto_md5_update(md5, sha1_digest, 20); /* SHA1_Digest */ + crypto_md5_final(md5, md5_digest); + + memcpy(output, md5_digest, 8); +} diff --git a/libfreerdp-core/security.h b/libfreerdp-core/security.h index d0a3cd470..db8a0f99f 100644 --- a/libfreerdp-core/security.h +++ b/libfreerdp-core/security.h @@ -35,4 +35,6 @@ void security_mac_salt_key(uint8* session_key_blob, uint8* client_random, uint8* void security_licensing_encryption_key(uint8* session_key_blob, uint8* client_random, uint8* server_random, uint8* output); void security_mac_data(uint8* mac_salt_key, uint8* data, uint32 length, uint8* output); +void security_mac_signature(uint8* mac_key, int mac_key_length, uint8* data, uint32 length, uint8* output); + #endif /* __SECURITY_H */ diff --git a/libfreerdp-core/settings.c b/libfreerdp-core/settings.c index 9f26b1b76..79351e9b5 100644 --- a/libfreerdp-core/settings.c +++ b/libfreerdp-core/settings.c @@ -43,16 +43,15 @@ rdpSettings* settings_new() settings->kbd_subtype = 0; settings->kbd_fn_keys = 0; settings->kbd_layout = 0x409; - settings->encryption = 1; + settings->encryption = False; settings->performance_flags = PERF_DISABLE_FULLWINDOWDRAG | PERF_DISABLE_MENUANIMATIONS | PERF_DISABLE_WALLPAPER; - settings->encryption_methods = - ENCRYPTION_40BIT_FLAG | - ENCRYPTION_128BIT_FLAG; + settings->encryption_method = ENCRYPTION_METHOD_NONE; + settings->encryption_level = ENCRYPTION_LEVEL_NONE; settings->client_dir = xmalloc(strlen(client_dll)); strcpy(settings->client_dir, client_dll);