void license_encrypt_premaster_secret(rdpLicense* license) { uint8* encrypted_premaster_secret; #if 0 int key_length; uint8* modulus; uint8* exponent; rdpCertificate *certificate; if (license->server_certificate->length) certificate = license->certificate; else certificate = license->rdp->settings->server_cert; exponent = certificate->cert_info.exponent; modulus = certificate->cert_info.modulus.data; key_length = certificate->cert_info.modulus.length; #ifdef WITH_DEBUG_LICENSE printf("modulus (%d bits):\n", key_length * 8); freerdp_hexdump(modulus, key_length); printf("exponent:\n"); freerdp_hexdump(exponent, 4); #endif encrypted_premaster_secret = (uint8*) xmalloc(MODULUS_MAX_SIZE); memset(encrypted_premaster_secret, 0, MODULUS_MAX_SIZE); crypto_rsa_encrypt(license->premaster_secret, PREMASTER_SECRET_LENGTH, key_length, modulus, exponent, encrypted_premaster_secret); license->encrypted_premaster_secret->type = BB_RANDOM_BLOB; license->encrypted_premaster_secret->length = PREMASTER_SECRET_LENGTH; license->encrypted_premaster_secret->data = encrypted_premaster_secret; #else encrypted_premaster_secret = (uint8*) xmalloc(MODULUS_MAX_SIZE); memset(encrypted_premaster_secret, 0, MODULUS_MAX_SIZE); license->encrypted_premaster_secret->type = BB_RANDOM_BLOB; license->encrypted_premaster_secret->length = PREMASTER_SECRET_LENGTH; license->encrypted_premaster_secret->data = encrypted_premaster_secret; #endif }
static boolean rdp_establish_keys(rdpRdp* rdp) { uint8 client_random[32]; uint8 crypt_client_random[256 + 8]; uint32 key_len; uint8* mod; uint8* exp; uint32 length; STREAM* s; if (rdp->settings->encryption == False) { /* no RDP encryption */ return True; } /* encrypt client random */ memset(crypt_client_random, 0, sizeof(crypt_client_random)); memset(client_random, 0x5e, 32); crypto_nonce(client_random, 32); key_len = rdp->settings->server_cert->cert_info.modulus.length; mod = rdp->settings->server_cert->cert_info.modulus.data; exp = rdp->settings->server_cert->cert_info.exponent; crypto_rsa_encrypt(client_random, 32, key_len, mod, exp, crypt_client_random); /* send crypt client random to server */ length = 7 + 8 + 4 + 4 + key_len + 8; s = transport_send_stream_init(rdp->mcs->transport, length); tpkt_write_header(s, length); tpdu_write_header(s, 2, 0xf0); per_write_choice(s, DomainMCSPDU_SendDataRequest << 2); per_write_integer16(s, rdp->mcs->user_id, MCS_BASE_CHANNEL_ID); per_write_integer16(s, MCS_GLOBAL_CHANNEL_ID, 0); stream_write_uint8(s, 0x70); length = (4 + 4 + key_len + 8) | 0x8000; stream_write_uint16_be(s, length); stream_write_uint32(s, 1); /* SEC_CLIENT_RANDOM */ length = key_len + 8; stream_write_uint32(s, length); memcpy(s->p, crypt_client_random, length); stream_seek(s, length); if (transport_write(rdp->mcs->transport, s) < 0) { return False; } /* now calculate encrypt / decrypt and update keys */ if (!security_establish_keys(client_random, rdp)) { return False; } rdp->do_crypt = True; if (rdp->settings->encryption_method == ENCRYPTION_METHOD_FIPS) { uint8 fips_ivec[8] = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF }; rdp->fips_encrypt = crypto_des3_encrypt_init(rdp->fips_encrypt_key, fips_ivec); rdp->fips_decrypt = crypto_des3_decrypt_init(rdp->fips_decrypt_key, fips_ivec); rdp->fips_hmac = crypto_hmac_new(); return True; } rdp->rc4_decrypt_key = crypto_rc4_init(rdp->decrypt_key, rdp->rc4_key_len); rdp->rc4_encrypt_key = crypto_rc4_init(rdp->encrypt_key, rdp->rc4_key_len); return True; }
int sss_test2() { uint32 D[MAX_N_LENGTH] = { 0x0e85980c, 0x64ed9426, 0x6965357b, 0x148d7858, 0x1fccaf34, 0x9dbb975d, 0xdbd454bf, 0xd31430f7, 0xbcad1f90, 0x8ff6a4ad, 0xec59636f, 0xd0b54bc8, 0x14614184, 0x7a1bbf74, 0xa7838212, 0x6a782cb3, 0xd7e372fd, 0x8c146b8d, 0x0ca47816, 0x781323e6, 0x00e729c5, 0xc9e7a788, 0x4d9a3516, 0xf9b81076, 0xdf9bbb1d, 0x3edf8067, 0xf10fe7c7, 0x2a147030, 0x09d038d3, 0x95e72f37, 0x7678c1f9, 0xaf1a81a1 }; uint32 E[MAX_N_LENGTH] = { 0x10001, }; uint32 N[MAX_N_LENGTH] = { 0xe6f18faf, 0x4db624a6, 0x9471fbeb, 0x0156b6db, 0xcadff22a, 0x6cb96fd8, 0x70f28e44, 0x32b10c1b, 0xeea8dc03, 0x3372e6c0, 0x83a74734, 0x01101ea6, 0x1f04e6b3, 0x41ec9759, 0xf2f6f77c, 0x16c5dd97, 0xf5db6c60, 0xbd53bca9, 0xbdd7aebf, 0x70f338f4, 0xb45a259c, 0xcff12faf, 0xdb5d435a, 0xeb075da7, 0xd844a150, 0x2a98baba, 0x81c16187, 0x093b548c, 0x20dec362, 0x64cfc03f, 0xe797a77d, 0x658e31eb }; uint32 rsa[MAX_N_LENGTH]; /* rsa加密后的数据 */ uint32 rsaDec[MAX_N_LENGTH]; /* rsa解密后的数据 */ uint32 org_data[MAX_N_LENGTH]; /*源数据*/ uint32 tmp_cmn_buff[MAX_N_LENGTH]; rsa_public_key key_input[2] = {{0,{0},{0}},{0,{0},{0}}}; int ret = 0; int rsa_out_len = sizeof(rsa); int rsaDec_out_len = sizeof(rsaDec); int i = 0; rever(N, MAX_N_LENGTH); rever(D, MAX_N_LENGTH); memset(tmp_cmn_buff, 0, sizeof(u32) * MAX_N_LENGTH); memset(rsa, 0, 4 * MAX_N_LENGTH); memset(rsaDec, 0, 4 * MAX_N_LENGTH); memset(org_data, 0, sizeof(org_data)); memcpy(tmp_cmn_buff, N, sizeof(u32) * MAX_N_LENGTH); nn_encode((uint8*)&N[0], (uint16)(sizeof(u32) * MAX_N_LENGTH), (uint32*)tmp_cmn_buff,(uint16) MAX_N_LENGTH); memcpy(tmp_cmn_buff, D, sizeof(u32) * MAX_N_LENGTH); nn_encode((uint8*)&D[0], (uint16)(sizeof(u32) * MAX_N_LENGTH), (uint32*)tmp_cmn_buff, (uint16)MAX_N_LENGTH); memcpy(tmp_cmn_buff, E, sizeof(u32) * MAX_N_LENGTH); nn_encode((uint8*)&E[0], (uint16)(sizeof(u32) * MAX_N_LENGTH), (uint32*)tmp_cmn_buff, (uint16)MAX_N_LENGTH); key_input[1].bits = 8*sizeof(N); memcpy(key_input[1].modulus, N, sizeof(N)); memcpy(key_input[1].public_exponent, D, sizeof(D)); org_data[0] = 0xFFFFFFFF; org_data[1] = 116; org_data[2] = 116; org_data[3] = 116; org_data[4] = 116; org_data[5] = 116; org_data[6] = 116; ret = crypto_rsa_encrypt((char*)org_data, 7*4, (char*)&key_input, sizeof(key_input), (char*)rsa, &rsa_out_len); if(BSP_ERROR == ret) { security_print("function : %s -- linenum : %d -- retval : %X\n", ret); return ret; } security_print("rsa_out_len : %d\n\n",rsa_out_len); for(i = 0; i < rsa_out_len/4; i++) security_print("%lx\n", rsa[i]); security_print("========================\n"); key_input[1].bits = 8*sizeof(N); memcpy(key_input[1].modulus, N, sizeof(N)); memcpy(key_input[1].public_exponent, E, sizeof(E)); ret = crypto_rsa_decrypt((char*)rsa, rsa_out_len, (char*)&key_input, sizeof(key_input), (char*)rsaDec, &rsaDec_out_len); if(BSP_ERROR == ret) { security_print("function : %s -- linenum : %d -- retval : %X\n", ret); return ret; } security_print("rsaDec_out_len : %d\n\n", rsaDec_out_len); for(i = 0; i < rsaDec_out_len/4; i++) security_print("%lx\n",rsaDec[i]); ret = memcmp(org_data, rsaDec, (unsigned) rsaDec_out_len); if(BSP_ERROR == ret) { security_print("function : %s -- linenum : %d -- retval : %X\n", ret); return ret; } return ret; }