boolean certificate_read_server_proprietary_certificate(rdpCertificate* certificate, STREAM* s)
{
uint32 dwSigAlgId;
uint32 dwKeyAlgId;
uint32 wPublicKeyBlobType;
uint32 wPublicKeyBlobLen;
uint32 wSignatureBlobType;
uint32 wSignatureBlobLen;
uint8* sigdata;
int sigdatalen;
/* -4, because we need to include dwVersion */
sigdata = stream_get_tail(s) - 4;
stream_read_uint32(s, dwSigAlgId);
stream_read_uint32(s, dwKeyAlgId);
if (!(dwSigAlgId == SIGNATURE_ALG_RSA && dwKeyAlgId == KEY_EXCHANGE_ALG_RSA))
{
printf("certificate_read_server_proprietary_certificate: parse error 1\n");
return false;
}
stream_read_uint16(s, wPublicKeyBlobType);
if (wPublicKeyBlobType != BB_RSA_KEY_BLOB)
{
printf("certificate_read_server_proprietary_certificate: parse error 2\n");
return false;
}
stream_read_uint16(s, wPublicKeyBlobLen);
if (!certificate_process_server_public_key(certificate, s, wPublicKeyBlobLen))
{
printf("certificate_read_server_proprietary_certificate: parse error 3\n");
return false;
}
sigdatalen = stream_get_tail(s) - sigdata;
stream_read_uint16(s, wSignatureBlobType);
if (wSignatureBlobType != BB_RSA_SIGNATURE_BLOB)
{
printf("certificate_read_server_proprietary_certificate: parse error 4\n");
return false;
}
stream_read_uint16(s, wSignatureBlobLen);
if (wSignatureBlobLen != 72)
{
printf("certificate_process_server_public_signature: invalid signature length (got %d, expected %d)\n", wSignatureBlobLen, 64);
return false;
}
if (!certificate_process_server_public_signature(certificate, sigdata, sigdatalen, s, wSignatureBlobLen))
{
printf("certificate_read_server_proprietary_certificate: parse error 5\n");
return false;
}
return true;
}
boolean certificate_read_server_proprietary_certificate(rdpCertificate* certificate, STREAM* s)
{
uint32 dwSigAlgId;
uint32 dwKeyAlgId;
uint32 wPublicKeyBlobType;
uint32 wPublicKeyBlobLen;
uint32 wSignatureBlobType;
uint32 wSignatureBlobLen;
printf("Server Proprietary Certificate\n");
stream_read_uint32(s, dwSigAlgId);
stream_read_uint32(s, dwKeyAlgId);
if (!(dwSigAlgId == 1 && dwKeyAlgId == 1))
{
printf("certificate_read_server_proprietary_certificate: parse error 1\n");
return False;
}
stream_read_uint16(s, wPublicKeyBlobType);
if (wPublicKeyBlobType != BB_RSA_KEY_BLOB)
{
printf("certificate_read_server_proprietary_certificate: parse error 2\n");
return False;
}
stream_read_uint16(s, wPublicKeyBlobLen);
if (!certificate_process_server_public_key(certificate, s, wPublicKeyBlobLen))
{
printf("certificate_read_server_proprietary_certificate: parse error 3\n");
return False;
}
stream_read_uint16(s, wSignatureBlobType);
if (wSignatureBlobType != BB_RSA_SIGNATURE_BLOB)
{
printf("certificate_read_server_proprietary_certificate: parse error 4\n");
return False;
}
stream_read_uint16(s, wSignatureBlobLen);
if (!certificate_process_server_public_signature(certificate, s, wSignatureBlobLen))
{
printf("certificate_read_server_proprietary_certificate: parse error 5\n");
return False;
}
return True;
}
BOOL certificate_read_server_proprietary_certificate(rdpCertificate* certificate, wStream* s)
{
UINT32 dwSigAlgId;
UINT32 dwKeyAlgId;
UINT16 wPublicKeyBlobType;
UINT16 wPublicKeyBlobLen;
UINT16 wSignatureBlobType;
UINT16 wSignatureBlobLen;
BYTE* sigdata;
size_t sigdatalen;
if (Stream_GetRemainingLength(s) < 12)
return FALSE;
/* -4, because we need to include dwVersion */
sigdata = Stream_Pointer(s) - 4;
Stream_Read_UINT32(s, dwSigAlgId);
Stream_Read_UINT32(s, dwKeyAlgId);
if (!((dwSigAlgId == SIGNATURE_ALG_RSA) && (dwKeyAlgId == KEY_EXCHANGE_ALG_RSA)))
{
WLog_ERR(TAG, "unsupported signature or key algorithm, dwSigAlgId=%"PRIu32" dwKeyAlgId=%"PRIu32"",
dwSigAlgId, dwKeyAlgId);
return FALSE;
}
Stream_Read_UINT16(s, wPublicKeyBlobType);
if (wPublicKeyBlobType != BB_RSA_KEY_BLOB)
{
WLog_ERR(TAG, "unsupported public key blob type %"PRIu16"", wPublicKeyBlobType);
return FALSE;
}
Stream_Read_UINT16(s, wPublicKeyBlobLen);
if (Stream_GetRemainingLength(s) < wPublicKeyBlobLen)
{
WLog_ERR(TAG, "not enough bytes for public key(len=%"PRIu16")", wPublicKeyBlobLen);
return FALSE;
}
if (!certificate_process_server_public_key(certificate, s, wPublicKeyBlobLen))
{
WLog_ERR(TAG, "error in server public key");
return FALSE;
}
if (Stream_GetRemainingLength(s) < 4)
return FALSE;
sigdatalen = Stream_Pointer(s) - sigdata;
Stream_Read_UINT16(s, wSignatureBlobType);
if (wSignatureBlobType != BB_RSA_SIGNATURE_BLOB)
{
WLog_ERR(TAG, "unsupported blob signature %"PRIu16"", wSignatureBlobType);
return FALSE;
}
Stream_Read_UINT16(s, wSignatureBlobLen);
if (Stream_GetRemainingLength(s) < wSignatureBlobLen)
{
WLog_ERR(TAG, "not enough bytes for signature(len=%"PRIu16")", wSignatureBlobLen);
return FALSE;
}
if (wSignatureBlobLen != 72)
{
WLog_ERR(TAG, "invalid signature length (got %"PRIu16", expected 72)", wSignatureBlobLen);
return FALSE;
}
if (!certificate_process_server_public_signature(certificate, sigdata, sigdatalen, s,
wSignatureBlobLen))
{
WLog_ERR(TAG, "unable to parse server public signature");
return FALSE;
}
return TRUE;
}
BOOL certificate_read_server_proprietary_certificate(rdpCertificate* certificate, wStream* s)
{
UINT32 dwSigAlgId;
UINT32 dwKeyAlgId;
UINT32 wPublicKeyBlobType;
UINT32 wPublicKeyBlobLen;
UINT32 wSignatureBlobType;
UINT32 wSignatureBlobLen;
BYTE* sigdata;
int sigdatalen;
if(stream_get_left(s) < 12)
return FALSE;
/* -4, because we need to include dwVersion */
sigdata = stream_get_tail(s) - 4;
stream_read_UINT32(s, dwSigAlgId);
stream_read_UINT32(s, dwKeyAlgId);
if (!(dwSigAlgId == SIGNATURE_ALG_RSA && dwKeyAlgId == KEY_EXCHANGE_ALG_RSA))
{
fprintf(stderr, "certificate_read_server_proprietary_certificate: parse error 1\n");
return FALSE;
}
stream_read_UINT16(s, wPublicKeyBlobType);
if (wPublicKeyBlobType != BB_RSA_KEY_BLOB)
{
fprintf(stderr, "certificate_read_server_proprietary_certificate: parse error 2\n");
return FALSE;
}
stream_read_UINT16(s, wPublicKeyBlobLen);
if(stream_get_left(s) < wPublicKeyBlobLen)
return FALSE;
if (!certificate_process_server_public_key(certificate, s, wPublicKeyBlobLen))
{
fprintf(stderr, "certificate_read_server_proprietary_certificate: parse error 3\n");
return FALSE;
}
if(stream_get_left(s) < 4)
return FALSE;
sigdatalen = stream_get_tail(s) - sigdata;
stream_read_UINT16(s, wSignatureBlobType);
if (wSignatureBlobType != BB_RSA_SIGNATURE_BLOB)
{
fprintf(stderr, "certificate_read_server_proprietary_certificate: parse error 4\n");
return FALSE;
}
stream_read_UINT16(s, wSignatureBlobLen);
if(stream_get_left(s) < wSignatureBlobLen)
return FALSE;
if (wSignatureBlobLen != 72)
{
fprintf(stderr, "certificate_process_server_public_signature: invalid signature length (got %d, expected %d)\n", wSignatureBlobLen, 64);
return FALSE;
}
if (!certificate_process_server_public_signature(certificate, sigdata, sigdatalen, s, wSignatureBlobLen))
{
fprintf(stderr, "certificate_read_server_proprietary_certificate: parse error 5\n");
return FALSE;
}
return TRUE;
}
BOOL certificate_read_server_proprietary_certificate(rdpCertificate* certificate, wStream* s)
{
UINT32 dwSigAlgId;
UINT32 dwKeyAlgId;
UINT32 wPublicKeyBlobType;
UINT32 wPublicKeyBlobLen;
UINT32 wSignatureBlobType;
UINT32 wSignatureBlobLen;
BYTE* sigdata;
int sigdatalen;
if (Stream_GetRemainingLength(s) < 12)
return FALSE;
/* -4, because we need to include dwVersion */
sigdata = Stream_Pointer(s) - 4;
Stream_Read_UINT32(s, dwSigAlgId);
Stream_Read_UINT32(s, dwKeyAlgId);
if (!(dwSigAlgId == SIGNATURE_ALG_RSA && dwKeyAlgId == KEY_EXCHANGE_ALG_RSA))
{
fprintf(stderr, "%s: unsupported signature or key algorithm, dwSigAlgId=%d dwKeyAlgId=%d\n",
__FUNCTION__, dwSigAlgId, dwKeyAlgId);
return FALSE;
}
Stream_Read_UINT16(s, wPublicKeyBlobType);
if (wPublicKeyBlobType != BB_RSA_KEY_BLOB)
{
fprintf(stderr, "%s: unsupported public key blob type %d\n", __FUNCTION__, wPublicKeyBlobType);
return FALSE;
}
Stream_Read_UINT16(s, wPublicKeyBlobLen);
if (Stream_GetRemainingLength(s) < wPublicKeyBlobLen)
return FALSE;
if (!certificate_process_server_public_key(certificate, s, wPublicKeyBlobLen))
{
fprintf(stderr, "%s: error in server public key\n", __FUNCTION__);
return FALSE;
}
if (Stream_GetRemainingLength(s) < 4)
return FALSE;
sigdatalen = Stream_Pointer(s) - sigdata;
Stream_Read_UINT16(s, wSignatureBlobType);
if (wSignatureBlobType != BB_RSA_SIGNATURE_BLOB)
{
fprintf(stderr, "%s: unsupported blob signature %d\n", __FUNCTION__, wSignatureBlobType);
return FALSE;
}
Stream_Read_UINT16(s, wSignatureBlobLen);
if (Stream_GetRemainingLength(s) < wSignatureBlobLen)
{
fprintf(stderr, "%s: not enought bytes for signature(len=%d)\n", __FUNCTION__, wSignatureBlobLen);
return FALSE;
}
if (wSignatureBlobLen != 72)
{
fprintf(stderr, "%s: invalid signature length (got %d, expected %d)\n", __FUNCTION__, wSignatureBlobLen, 64);
return FALSE;
}
if (!certificate_process_server_public_signature(certificate, sigdata, sigdatalen, s, wSignatureBlobLen))
{
fprintf(stderr, "%s: unable to parse server public signature\n", __FUNCTION__);
return FALSE;
}
return TRUE;
}
