boolean rdp_decrypt(rdpRdp* rdp, STREAM* s, int length, uint16 securityFlags) { uint8 cmac[8], wmac[8]; if (rdp->settings->encryption_method == ENCRYPTION_METHOD_FIPS) { uint16 len; uint8 version, pad; uint8 *sig; stream_read_uint16(s, len); /* 0x10 */ stream_read_uint8(s, version); /* 0x1 */ stream_read_uint8(s, pad); sig = s->p; stream_seek(s, 8); /* signature */ length -= 12; if (!security_fips_decrypt(s->p, length, rdp)) { printf("FATAL: cannot decrypt\n"); return false; /* TODO */ } if (!security_fips_check_signature(s->p, length - pad, sig, rdp)) { printf("FATAL: invalid packet signature\n"); return false; /* TODO */ } /* is this what needs adjusting? */ s->size -= pad; return true; } stream_read(s, wmac, sizeof(wmac)); length -= sizeof(wmac); security_decrypt(s->p, length, rdp); if (securityFlags & SEC_SECURE_CHECKSUM) security_salted_mac_signature(rdp, s->p, length, false, cmac); else security_mac_signature(rdp, s->p, length, cmac); if (memcmp(wmac, cmac, sizeof(wmac)) != 0) { printf("WARNING: invalid packet signature\n"); /* * Because Standard RDP Security is totally broken, * and cannot protect against MITM, don't treat signature * verification failure as critical. This at least enables * us to work with broken RDP clients and servers that * generate invalid signatures. */ //return false; } return true; }
boolean rdp_decrypt(rdpRdp* rdp, STREAM* s, int length) { uint8 cmac[8], wmac[8]; uint32 ml; uint8* mk; if (rdp->settings->encryption_method == ENCRYPTION_METHOD_FIPS) { uint16 len; uint8 version, pad; uint8 *sig; stream_read_uint16(s, len); /* 0x10 */ stream_read_uint8(s, version); /* 0x1 */ stream_read_uint8(s, pad); sig = s->p; stream_seek(s, 8); /* signature */ length -= 12; if (!security_fips_decrypt(s->p, length, rdp)) { printf("FATAL: cannot decrypt\n"); return false; /* TODO */ } if (!security_fips_check_signature(s->p, length - pad, sig, rdp)) { printf("FATAL: invalid packet signature\n"); return false; /* TODO */ } /* is this what needs adjusting? */ s->size -= pad; return true; } stream_read(s, wmac, sizeof(wmac)); length -= sizeof(wmac); security_decrypt(s->p, length, rdp); mk = rdp->sign_key; ml = rdp->rc4_key_len; security_mac_signature(mk, ml, s->p, length, cmac); if (memcmp(wmac, cmac, sizeof(wmac)) != 0) { printf("FATAL: invalid packet signature\n"); return false; } return true; }
boolean rdp_decrypt(rdpRdp* rdp, STREAM* s, int length) { int cryptlen; if (rdp->settings->encryption_method == ENCRYPTION_METHOD_FIPS) { uint16 len; uint8 version, pad; uint8 *sig; stream_read_uint16(s, len); /* 0x10 */ stream_read_uint8(s, version); /* 0x1 */ stream_read_uint8(s, pad); sig = s->p; stream_seek(s, 8); /* signature */ cryptlen = length - 12; if (!security_fips_decrypt(s->p, cryptlen, rdp)) { printf("FATAL: cannot decrypt\n"); return false; /* TODO */ } if (!security_fips_check_signature(s->p, cryptlen-pad, sig, rdp)) { printf("FATAL: invalid packet signature\n"); return false; /* TODO */ } /* is this what needs adjusting? */ s->size -= pad; return true; } stream_seek(s, 8); /* signature */ cryptlen = length - 8; security_decrypt(s->p, cryptlen, rdp); return true; }
BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, int length, UINT16 securityFlags) { BYTE cmac[8]; BYTE wmac[8]; if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS) { UINT16 len; BYTE version, pad; BYTE* sig; if (Stream_GetRemainingLength(s) < 12) return FALSE; Stream_Read_UINT16(s, len); /* 0x10 */ Stream_Read_UINT8(s, version); /* 0x1 */ Stream_Read_UINT8(s, pad); sig = Stream_Pointer(s); Stream_Seek(s, 8); /* signature */ length -= 12; if (!security_fips_decrypt(Stream_Pointer(s), length, rdp)) { DEBUG_WARN( "FATAL: cannot decrypt\n"); return FALSE; /* TODO */ } if (!security_fips_check_signature(Stream_Pointer(s), length - pad, sig, rdp)) { DEBUG_WARN( "FATAL: invalid packet signature\n"); return FALSE; /* TODO */ } Stream_Length(s) -= pad; return TRUE; } if (Stream_GetRemainingLength(s) < 8) return FALSE; Stream_Read(s, wmac, sizeof(wmac)); length -= sizeof(wmac); if (!security_decrypt(Stream_Pointer(s), length, rdp)) return FALSE; if (securityFlags & SEC_SECURE_CHECKSUM) security_salted_mac_signature(rdp, Stream_Pointer(s), length, FALSE, cmac); else security_mac_signature(rdp, Stream_Pointer(s), length, cmac); if (memcmp(wmac, cmac, sizeof(wmac)) != 0) { DEBUG_WARN( "WARNING: invalid packet signature\n"); /* * Because Standard RDP Security is totally broken, * and cannot protect against MITM, don't treat signature * verification failure as critical. This at least enables * us to work with broken RDP clients and servers that * generate invalid signatures. */ //return FALSE; } return TRUE; }