mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libfreerdp-crypto: taking crypto code out of libfreerdp-core

Browse Source
This commit is contained in:
Marc-André Moreau 2012-02-17 00:58:30 -05:00
parent d29e37c20f
commit b8882a8ad2
31 changed files with 339 additions and 243 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CMakeLists.txt
View File

@ -162,6 +162,7 @@ add_subdirectory(libfreerdp-gdi)
add_subdirectory(libfreerdp-rail)
add_subdirectory(libfreerdp-cache)
add_subdirectory(libfreerdp-codec)
add_subdirectory(libfreerdp-crypto)
add_subdirectory(libfreerdp-channels)
add_subdirectory(libfreerdp-core)

6
libfreerdp-core/ber.h → include/freerdp/crypto/ber.h
View File

@ -17,8 +17,8 @@
* limitations under the License.
*/
#ifndef __BER_H
#define __BER_H
#ifndef __CRYPTO_BER_H
#define __CRYPTO_BER_H
#include <freerdp/types.h>
#include <freerdp/utils/stream.h>
@ -80,4 +80,4 @@ int ber_write_integer(STREAM* s, uint32 value);
boolean ber_read_integer_length(STREAM* s, int* length);
int ber_skip_integer(uint32 value);
#endif /* __BER_H */
#endif /* __CRYPTO_BER_H */

56
include/freerdp/crypto/certificate.h Normal file
View File

@ -0,0 +1,56 @@
/**
* FreeRDP: A Remote Desktop Protocol Client
* Certificate Handling
*
* Copyright 2011 Marc-Andre Moreau <marcandre.moreau@gmail.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef __CRYPTO_CERTIFICATE_H
#define __CRYPTO_CERTIFICATE_H
typedef struct rdp_certificate_data rdpCertificateData;
typedef struct rdp_certificate_store rdpCertificateStore;
#include <freerdp/crypto/ber.h>
#include <freerdp/crypto/crypto.h>
#include <freerdp/settings.h>
#include <freerdp/utils/blob.h>
#include <freerdp/utils/stream.h>
#include <freerdp/utils/hexdump.h>
struct rdp_certificate_data
{
char* hostname;
char* fingerprint;
};
struct rdp_certificate_store
{
FILE* fp;
char* path;
char* file;
rdpSettings* settings;
rdpCertificateData* certificate_data;
};
rdpCertificateData* certificate_data_new(char* hostname, char* fingerprint);
void certificate_data_free(rdpCertificateData* certificate_data);
rdpCertificateStore* certificate_store_new(rdpSettings* settings);
void certificate_store_free(rdpCertificateStore* certificate_store);
int certificate_data_match(rdpCertificateStore* certificate_store, rdpCertificateData* certificate_data);
void certificate_data_print(rdpCertificateStore* certificate_store, rdpCertificateData* certificate_data);
#endif /* __CRYPTO_CERTIFICATE_H */

6
libfreerdp-core/crypto.h → include/freerdp/crypto/crypto.h
View File

@ -20,10 +20,6 @@
#ifndef __CRYPTO_H
#define __CRYPTO_H
#ifdef _WIN32
#include "tcp.h"
#endif
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/rc4.h>
@ -110,7 +106,7 @@ void crypto_hmac_free(CryptoHmac hmac);
typedef struct crypto_cert_struct* CryptoCert;
#include "certificate.h"
#include <freerdp/crypto/certificate.h>
CryptoCert crypto_cert_read(uint8* data, uint32 length);
char* crypto_cert_fingerprint(X509* xcert);

6
libfreerdp-core/per.h → include/freerdp/crypto/per.h
View File

@ -17,8 +17,8 @@
* limitations under the License.
*/
#ifndef __PER_H
#define __PER_H
#ifndef __CRYPTO_PER_H
#define __CRYTPO_PER_H
#include <freerdp/utils/stream.h>
@ -45,4 +45,4 @@ void per_write_octet_string(STREAM* s, uint8* oct_str, int length, int min);
boolean per_read_numeric_string(STREAM* s, int min);
void per_write_numeric_string(STREAM* s, uint8* num_str, int length, int min);
#endif /* __PER_H */
#endif /* __CRYTPO_PER_H */

6
libfreerdp-core/tls.h → include/freerdp/crypto/tls.h
View File

@ -17,8 +17,8 @@
* limitations under the License.
*/
#ifndef __TLS_H
#define __TLS_H
#ifndef __CRYPTO_TLS_H
#define __CRYPTO_TLS_H
#include "crypto.h"
#include "certificate.h"
@ -57,4 +57,4 @@ boolean tls_print_error(char* func, SSL* connection, int value);
rdpTls* tls_new(rdpSettings* settings);
void tls_free(rdpTls* tls);
#endif /* __TLS_H */
#endif /* __CRYPTO_TLS_H */

12
include/freerdp/settings.h
View File

@ -144,9 +144,6 @@ typedef struct
/* Certificates */
typedef struct rdp_certificate rdpCertificate;
typedef struct rdp_key rdpKey;
struct rdp_CertBlob
{
uint32 length;
@ -173,6 +170,15 @@ struct rdp_certificate
rdpCertInfo cert_info;
rdpX509CertChain* x509_cert_chain;
};
typedef struct rdp_certificate rdpCertificate;
struct rdp_key
{
rdpBlob modulus;
rdpBlob private_exponent;
uint8 exponent[4];
};
typedef struct rdp_key rdpKey;
/* Channels */

11
libfreerdp-core/CMakeLists.txt
View File

@ -26,8 +26,6 @@ set(LIBFREERDP_CORE_SRCS
activation.h
extension.c
extension.h
ber.c
ber.h
gcc.c
gcc.h
mcs.c
@ -38,8 +36,6 @@ set(LIBFREERDP_CORE_SRCS
info.h
input.c
input.h
crypto.c
crypto.h
credssp.c
credssp.h
ntlmssp.c
@ -67,12 +63,8 @@ set(LIBFREERDP_CORE_SRCS
timezone.h
rdp.c
rdp.h
per.c
per.h
tcp.c
tcp.h
tls.c
tls.h
tpdu.c
tpdu.h
tpkt.c
@ -106,8 +98,9 @@ else()
target_link_libraries(freerdp-core ${ZLIB_LIBRARIES})
endif()
target_link_libraries(freerdp-core ${OPENSSL_LIBRARIES})
target_link_libraries(freerdp-core freerdp-utils)
target_link_libraries(freerdp-core freerdp-codec)
target_link_libraries(freerdp-core freerdp-crypto)
install(TARGETS freerdp-core DESTINATION ${CMAKE_INSTALL_LIBDIR})

164
libfreerdp-core/certificate.c
View File

@ -557,170 +557,6 @@ void key_free(rdpKey* key)
}
}
void certificate_store_init(rdpCertificateStore* certificate_store)
{
char* config_path;
rdpSettings* settings;
settings = certificate_store->settings;
config_path = freerdp_get_config_path(settings);
certificate_store->path = freerdp_construct_path(config_path, (char*) certificate_store_dir);
if (freerdp_check_file_exists(certificate_store->path) == false)
{
freerdp_mkdir(certificate_store->path);
printf("creating directory %s\n", certificate_store->path);
}
certificate_store->file = freerdp_construct_path(config_path, (char*) certificate_known_hosts_file);
if (freerdp_check_file_exists(certificate_store->file) == false)
{
certificate_store->fp = fopen((char*) certificate_store->file, "w+");
if (certificate_store->fp == NULL)
{
printf("certificate_store_open: error opening [%s] for writing\n", certificate_store->file);
return;
}
fflush(certificate_store->fp);
}
else
{
certificate_store->fp = fopen((char*) certificate_store->file, "r+");
}
}
int certificate_data_match(rdpCertificateStore* certificate_store, rdpCertificateData* certificate_data)
{
FILE* fp;
int length;
char* data;
char* pline;
int match = 1;
long int size;
fp = certificate_store->fp;
if (!fp)
return match;
fseek(fp, 0, SEEK_END);
size = ftell(fp);
fseek(fp, 0, SEEK_SET);
if (size < 1)
return match;
data = (char*) xmalloc(size + 2);
if (fread(data, size, 1, fp) != 1)
{
xfree(data);
return match;
}
data[size] = '\n';
data[size + 1] = '\0';
pline = strtok(data, "\n");
while (pline != NULL)
{
length = strlen(pline);
if (length > 0)
{
length = strcspn(pline, " \t");
pline[length] = '\0';
if (strcmp(pline, certificate_data->hostname) == 0)
{
pline = &pline[length + 1];
if (strcmp(pline, certificate_data->fingerprint) == 0)
match = 0;
else
match = -1;
break;
}
}
pline = strtok(NULL, "\n");
}
xfree(data);
return match;
}
void certificate_data_print(rdpCertificateStore* certificate_store, rdpCertificateData* certificate_data)
{
FILE* fp;
/* reopen in append mode */
fp = fopen(certificate_store->file, "a");
if (!fp)
return;
fprintf(fp, "%s %s\n", certificate_data->hostname, certificate_data->fingerprint);
fclose(fp);
}
rdpCertificateData* certificate_data_new(char* hostname, char* fingerprint)
{
rdpCertificateData* certdata;
certdata = (rdpCertificateData*) xzalloc(sizeof(rdpCertificateData));
if (certdata != NULL)
{
certdata->hostname = xstrdup(hostname);
certdata->fingerprint = xstrdup(fingerprint);
}
return certdata;
}
void certificate_data_free(rdpCertificateData* certificate_data)
{
if (certificate_data != NULL)
{
xfree(certificate_data->hostname);
xfree(certificate_data->fingerprint);
xfree(certificate_data);
}
}
rdpCertificateStore* certificate_store_new(rdpSettings* settings)
{
rdpCertificateStore* certificate_store;
certificate_store = (rdpCertificateStore*) xzalloc(sizeof(rdpCertificateStore));
if (certificate_store != NULL)
{
certificate_store->settings = settings;
certificate_store_init(certificate_store);
}
return certificate_store;
}
void certificate_store_free(rdpCertificateStore* certstore)
{
if (certstore != NULL)
{
if (certstore->fp != NULL)
fclose(certstore->fp);
xfree(certstore->path);
xfree(certstore->file);
xfree(certstore);
}
}
/**
* Instantiate new certificate module.\n
* @param rdp RDP module

37
libfreerdp-core/certificate.h
View File

@ -20,12 +20,10 @@
#ifndef __CERTIFICATE_H
#define __CERTIFICATE_H
typedef struct rdp_certificate_data rdpCertificateData;
typedef struct rdp_certificate_store rdpCertificateStore;
#include "rdp.h"
#include "ber.h"
#include "crypto.h"
#include <freerdp/crypto/ber.h>
#include <freerdp/crypto/crypto.h>
#include <freerdp/settings.h>
#include <freerdp/utils/blob.h>
@ -45,35 +43,6 @@ typedef struct rdp_certificate_store rdpCertificateStore;
#define BB_RSA_KEY_BLOB 6
#define BB_RSA_SIGNATURE_BLOB 8
struct rdp_key
{
rdpBlob modulus;
rdpBlob private_exponent;
uint8 exponent[4];
};
struct rdp_certificate_data
{
char* hostname;
char* fingerprint;
};
struct rdp_certificate_store
{
FILE* fp;
char* path;
char* file;
rdpSettings* settings;
rdpCertificateData* certificate_data;
};
rdpCertificateData* certificate_data_new(char* hostname, char* fingerprint);
void certificate_data_free(rdpCertificateData* certificate_data);
rdpCertificateStore* certificate_store_new(rdpSettings* settings);
void certificate_store_free(rdpCertificateStore* certificate_store);
int certificate_data_match(rdpCertificateStore* certificate_store, rdpCertificateData* certificate_data);
void certificate_data_print(rdpCertificateStore* certificate_store, rdpCertificateData* certificate_data);
void certificate_read_x509_certificate(rdpCertBlob* cert, rdpCertInfo* info);
rdpX509CertChain* certificate_new_x509_certificate_chain(uint32 count);

1
libfreerdp-core/connection.c
View File

@ -17,7 +17,6 @@
* limitations under the License.
*/
#include "per.h"
#include "info.h"
#include "input.h"

7
libfreerdp-core/credssp.h
View File

@ -22,9 +22,10 @@
typedef struct rdp_credssp rdpCredssp;
#include "tls.h"
#include "ber.h"
#include "crypto.h"
#include <freerdp/crypto/tls.h>
#include <freerdp/crypto/ber.h>
#include <freerdp/crypto/crypto.h>
#include "transport.h"
#include <freerdp/settings.h>
#include <freerdp/utils/blob.h>

2
libfreerdp-core/fastpath.c
View File

@ -21,10 +21,10 @@
#include <stdlib.h>
#include <string.h>
#include <freerdp/api.h>
#include <freerdp/crypto/per.h>
#include <freerdp/utils/stream.h>
#include "orders.h"
#include "per.h"
#include "update.h"
#include "surface.h"

2
libfreerdp-core/gcc.h
View File

@ -20,8 +20,8 @@
#ifndef __GCC_H
#define __GCC_H
#include "per.h"
#include "mcs.h"
#include <freerdp/crypto/per.h>
#include <freerdp/freerdp.h>
#include <freerdp/settings.h>

1
libfreerdp-core/license.c
View File

@ -18,6 +18,7 @@
*/
#include "redirection.h"
#include "certificate.h"
#include "license.h"

4
libfreerdp-core/license.h
View File

@ -23,8 +23,8 @@
typedef struct rdp_license rdpLicense;
#include "rdp.h"
#include "crypto.h"
#include "certificate.h"
#include <freerdp/crypto/crypto.h>
#include <freerdp/crypto/certificate.h>
#include <freerdp/freerdp.h>
#include <freerdp/utils/debug.h>

2
libfreerdp-core/mcs.h
View File

@ -20,8 +20,8 @@
#ifndef __MCS_H
#define __MCS_H
#include "ber.h"
#include "transport.h"
#include <freerdp/crypto/ber.h>
#include <freerdp/types.h>
#include <freerdp/utils/stream.h>

2
libfreerdp-core/ntlmssp.c
View File

@ -25,6 +25,8 @@
#include <openssl/engine.h>
#include <freerdp/utils/memory.h>
#include "credssp.h"
#include "ntlmssp.h"
#define NTLMSSP_NEGOTIATE_56 0x80000000 /* W (0) */

2
libfreerdp-core/ntlmssp.h
View File

@ -20,7 +20,7 @@
#ifndef __NTLMSSP_H
#define __NTLMSSP_H
#include "credssp.h"
#include <freerdp/crypto/crypto.h>
#include <freerdp/freerdp.h>
#include <freerdp/utils/blob.h>

2
libfreerdp-core/peer.c
View File

@ -17,6 +17,8 @@
* limitations under the License.
*/
#include "certificate.h"
#include "peer.h"
static boolean freerdp_peer_initialize(freerdp_peer* client)

3
libfreerdp-core/rdp.c
View File

@ -20,9 +20,10 @@
#include "rdp.h"
#include "info.h"
#include "per.h"
#include "redirection.h"
#include <freerdp/crypto/per.h>
static const char* const DATA_PDU_TYPE_STRINGS[] =
{
"", "", /* 0x00 - 0x01 */

2
libfreerdp-core/security.h
View File

@ -21,7 +21,7 @@
#define __SECURITY_H
#include "rdp.h"
#include "crypto.h"
#include <freerdp/crypto/crypto.h>
#include <freerdp/freerdp.h>
#include <freerdp/utils/stream.h>

1
libfreerdp-core/settings.c
View File

@ -18,6 +18,7 @@
*/
#include "config.h"
#include "certificate.h"
#include "capabilities.h"
#include <freerdp/utils/memory.h>

3
libfreerdp-core/transport.h
View File

@ -30,7 +30,8 @@ typedef enum
typedef struct rdp_transport rdpTransport;
#include "tcp.h"
#include "tls.h"
#include <freerdp/crypto/tls.h>
#include "credssp.h"
#include <time.h>

34
libfreerdp-crypto/CMakeLists.txt Normal file
View File

@ -0,0 +1,34 @@
# FreeRDP: A Remote Desktop Protocol Client
# libfreerdp-crypto cmake build script
#
# Copyright 2011 O.S. Systems Software Ltda.
# Copyright 2011 Otavio Salvador <otavio@ossystems.com.br>
# Copyright 2011 Marc-Andre Moreau <marcandre.moreau@gmail.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set(FREERDP_CRYPTO_SRCS
ber.c
per.c
certificate.c
crypto.c
tls.c)
add_library(freerdp-crypto ${FREERDP_CRYPTO_SRCS})
set_target_properties(freerdp-crypto PROPERTIES VERSION ${FREERDP_VERSION_FULL} SOVERSION ${FREERDP_VERSION} PREFIX "lib")
target_link_libraries(freerdp-crypto ${OPENSSL_LIBRARIES})
install(TARGETS freerdp-crypto DESTINATION ${CMAKE_INSTALL_LIBDIR})

2
libfreerdp-core/ber.c → libfreerdp-crypto/ber.c
View File

@ -17,7 +17,7 @@
* limitations under the License.
*/
#include "ber.h"
#include <freerdp/crypto/ber.h>
void ber_read_length(STREAM* s, int* length)
{

197
libfreerdp-crypto/certificate.c Normal file
View File

@ -0,0 +1,197 @@
/**
* FreeRDP: A Remote Desktop Protocol Client
* Certificate Handling
*
* Copyright 2011 Jiten Pathy
* Copyright 2011 Marc-Andre Moreau <marcandre.moreau@gmail.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <freerdp/utils/file.h>
static const char certificate_store_dir[] = "certs";
static const char certificate_known_hosts_file[] = "known_hosts";
#include <freerdp/crypto/certificate.h>
void certificate_store_init(rdpCertificateStore* certificate_store)
{
char* config_path;
rdpSettings* settings;
settings = certificate_store->settings;
config_path = freerdp_get_config_path(settings);
certificate_store->path = freerdp_construct_path(config_path, (char*) certificate_store_dir);
if (freerdp_check_file_exists(certificate_store->path) == false)
{
freerdp_mkdir(certificate_store->path);
printf("creating directory %s\n", certificate_store->path);
}
certificate_store->file = freerdp_construct_path(config_path, (char*) certificate_known_hosts_file);
if (freerdp_check_file_exists(certificate_store->file) == false)
{
certificate_store->fp = fopen((char*) certificate_store->file, "w+");
if (certificate_store->fp == NULL)
{
printf("certificate_store_open: error opening [%s] for writing\n", certificate_store->file);
return;
}
fflush(certificate_store->fp);
}
else
{
certificate_store->fp = fopen((char*) certificate_store->file, "r+");
}
}
int certificate_data_match(rdpCertificateStore* certificate_store, rdpCertificateData* certificate_data)
{
FILE* fp;
int length;
char* data;
char* pline;
int match = 1;
long int size;
fp = certificate_store->fp;
if (!fp)
return match;
fseek(fp, 0, SEEK_END);
size = ftell(fp);
fseek(fp, 0, SEEK_SET);
if (size < 1)
return match;
data = (char*) xmalloc(size + 2);
if (fread(data, size, 1, fp) != 1)
{
xfree(data);
return match;
}
data[size] = '\n';
data[size + 1] = '\0';
pline = strtok(data, "\n");
while (pline != NULL)
{
length = strlen(pline);
if (length > 0)
{
length = strcspn(pline, " \t");
pline[length] = '\0';
if (strcmp(pline, certificate_data->hostname) == 0)
{
pline = &pline[length + 1];
if (strcmp(pline, certificate_data->fingerprint) == 0)
match = 0;
else
match = -1;
break;
}
}
pline = strtok(NULL, "\n");
}
xfree(data);
return match;
}
void certificate_data_print(rdpCertificateStore* certificate_store, rdpCertificateData* certificate_data)
{
FILE* fp;
/* reopen in append mode */
fp = fopen(certificate_store->file, "a");
if (!fp)
return;
fprintf(fp, "%s %s\n", certificate_data->hostname, certificate_data->fingerprint);
fclose(fp);
}
rdpCertificateData* certificate_data_new(char* hostname, char* fingerprint)
{
rdpCertificateData* certdata;
certdata = (rdpCertificateData*) xzalloc(sizeof(rdpCertificateData));
if (certdata != NULL)
{
certdata->hostname = xstrdup(hostname);
certdata->fingerprint = xstrdup(fingerprint);
}
return certdata;
}
void certificate_data_free(rdpCertificateData* certificate_data)
{
if (certificate_data != NULL)
{
xfree(certificate_data->hostname);
xfree(certificate_data->fingerprint);
xfree(certificate_data);
}
}
rdpCertificateStore* certificate_store_new(rdpSettings* settings)
{
rdpCertificateStore* certificate_store;
certificate_store = (rdpCertificateStore*) xzalloc(sizeof(rdpCertificateStore));
if (certificate_store != NULL)
{
certificate_store->settings = settings;
certificate_store_init(certificate_store);
}
return certificate_store;
}
void certificate_store_free(rdpCertificateStore* certstore)
{
if (certstore != NULL)
{
if (certstore->fp != NULL)
fclose(certstore->fp);
xfree(certstore->path);
xfree(certstore->file);
xfree(certstore);
}
}

2
libfreerdp-core/crypto.c → libfreerdp-crypto/crypto.c
View File

@ -17,7 +17,7 @@
* limitations under the License.
*/
#include "crypto.h"
#include <freerdp/crypto/crypto.h>
CryptoSha1 crypto_sha1_init(void)
{

2
libfreerdp-core/per.c → libfreerdp-crypto/per.c
View File

@ -17,7 +17,7 @@
* limitations under the License.
*/
#include "per.h"
#include <freerdp/crypto/per.h>
/**
* Read PER length.

2
libfreerdp-core/tls.c → libfreerdp-crypto/tls.c
View File

@ -20,7 +20,7 @@
#include <freerdp/utils/stream.h>
#include <freerdp/utils/memory.h>
#include "tls.h"
#include <freerdp/crypto/tls.h>
static CryptoCert tls_get_certificate(rdpTls* tls)
{

4
server/X11/xf_peer.c
View File

@ -627,8 +627,8 @@ void* xf_peer_main_loop(void* arg)
settings->cert_file = freerdp_construct_path(server_file_path, "server.crt");
settings->privatekey_file = freerdp_construct_path(server_file_path, "server.key");
settings->nla_security = false;
//settings->nla_security = true;
//settings->nla_security = false;
settings->nla_security = true;
settings->rfx_codec = true;