boolean rdp_decrypt(rdpRdp* rdp, STREAM* s, int length, uint16 securityFlags)
{
uint8 cmac[8], wmac[8];
if (rdp->settings->encryption_method == ENCRYPTION_METHOD_FIPS)
{
uint16 len;
uint8 version, pad;
uint8 *sig;
stream_read_uint16(s, len); /* 0x10 */
stream_read_uint8(s, version); /* 0x1 */
stream_read_uint8(s, pad);
sig = s->p;
stream_seek(s, 8); /* signature */
length -= 12;
if (!security_fips_decrypt(s->p, length, rdp))
{
printf("FATAL: cannot decrypt\n");
return false; /* TODO */
}
if (!security_fips_check_signature(s->p, length - pad, sig, rdp))
{
printf("FATAL: invalid packet signature\n");
return false; /* TODO */
}
/* is this what needs adjusting? */
s->size -= pad;
return true;
}
stream_read(s, wmac, sizeof(wmac));
length -= sizeof(wmac);
security_decrypt(s->p, length, rdp);
if (securityFlags & SEC_SECURE_CHECKSUM)
security_salted_mac_signature(rdp, s->p, length, false, cmac);
else
security_mac_signature(rdp, s->p, length, cmac);
if (memcmp(wmac, cmac, sizeof(wmac)) != 0)
{
printf("WARNING: invalid packet signature\n");
/*
* Because Standard RDP Security is totally broken,
* and cannot protect against MITM, don't treat signature
* verification failure as critical. This at least enables
* us to work with broken RDP clients and servers that
* generate invalid signatures.
*/
//return false;
}
return true;
}
boolean rdp_decrypt(rdpRdp* rdp, STREAM* s, int length)
{
uint8 cmac[8], wmac[8];
uint32 ml;
uint8* mk;
if (rdp->settings->encryption_method == ENCRYPTION_METHOD_FIPS)
{
uint16 len;
uint8 version, pad;
uint8 *sig;
stream_read_uint16(s, len); /* 0x10 */
stream_read_uint8(s, version); /* 0x1 */
stream_read_uint8(s, pad);
sig = s->p;
stream_seek(s, 8); /* signature */
length -= 12;
if (!security_fips_decrypt(s->p, length, rdp))
{
printf("FATAL: cannot decrypt\n");
return false; /* TODO */
}
if (!security_fips_check_signature(s->p, length - pad, sig, rdp))
{
printf("FATAL: invalid packet signature\n");
return false; /* TODO */
}
/* is this what needs adjusting? */
s->size -= pad;
return true;
}
stream_read(s, wmac, sizeof(wmac));
length -= sizeof(wmac);
security_decrypt(s->p, length, rdp);
mk = rdp->sign_key;
ml = rdp->rc4_key_len;
security_mac_signature(mk, ml, s->p, length, cmac);
if (memcmp(wmac, cmac, sizeof(wmac)) != 0) {
printf("FATAL: invalid packet signature\n");
return false;
}
return true;
}
boolean rdp_decrypt(rdpRdp* rdp, STREAM* s, int length)
{
int cryptlen;
if (rdp->settings->encryption_method == ENCRYPTION_METHOD_FIPS)
{
uint16 len;
uint8 version, pad;
uint8 *sig;
stream_read_uint16(s, len); /* 0x10 */
stream_read_uint8(s, version); /* 0x1 */
stream_read_uint8(s, pad);
sig = s->p;
stream_seek(s, 8); /* signature */
cryptlen = length - 12;
if (!security_fips_decrypt(s->p, cryptlen, rdp))
{
printf("FATAL: cannot decrypt\n");
return false; /* TODO */
}
if (!security_fips_check_signature(s->p, cryptlen-pad, sig, rdp))
{
printf("FATAL: invalid packet signature\n");
return false; /* TODO */
}
/* is this what needs adjusting? */
s->size -= pad;
return true;
}
stream_seek(s, 8); /* signature */
cryptlen = length - 8;
security_decrypt(s->p, cryptlen, rdp);
return true;
}
BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, int length, UINT16 securityFlags)
{
BYTE cmac[8];
BYTE wmac[8];
if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
{
UINT16 len;
BYTE version, pad;
BYTE* sig;
if (Stream_GetRemainingLength(s) < 12)
return FALSE;
Stream_Read_UINT16(s, len); /* 0x10 */
Stream_Read_UINT8(s, version); /* 0x1 */
Stream_Read_UINT8(s, pad);
sig = Stream_Pointer(s);
Stream_Seek(s, 8); /* signature */
length -= 12;
if (!security_fips_decrypt(Stream_Pointer(s), length, rdp))
{
DEBUG_WARN( "FATAL: cannot decrypt\n");
return FALSE; /* TODO */
}
if (!security_fips_check_signature(Stream_Pointer(s), length - pad, sig, rdp))
{
DEBUG_WARN( "FATAL: invalid packet signature\n");
return FALSE; /* TODO */
}
Stream_Length(s) -= pad;
return TRUE;
}
if (Stream_GetRemainingLength(s) < 8)
return FALSE;
Stream_Read(s, wmac, sizeof(wmac));
length -= sizeof(wmac);
if (!security_decrypt(Stream_Pointer(s), length, rdp))
return FALSE;
if (securityFlags & SEC_SECURE_CHECKSUM)
security_salted_mac_signature(rdp, Stream_Pointer(s), length, FALSE, cmac);
else
security_mac_signature(rdp, Stream_Pointer(s), length, cmac);
if (memcmp(wmac, cmac, sizeof(wmac)) != 0)
{
DEBUG_WARN( "WARNING: invalid packet signature\n");
/*
* Because Standard RDP Security is totally broken,
* and cannot protect against MITM, don't treat signature
* verification failure as critical. This at least enables
* us to work with broken RDP clients and servers that
* generate invalid signatures.
*/
//return FALSE;
}
return TRUE;
}
