void license_encrypt_premaster_secret(rdpLicense* license)
{
uint8* encrypted_premaster_secret;
#if 0
int key_length;
uint8* modulus;
uint8* exponent;
rdpCertificate *certificate;
if (license->server_certificate->length)
certificate = license->certificate;
else
certificate = license->rdp->settings->server_cert;
exponent = certificate->cert_info.exponent;
modulus = certificate->cert_info.modulus.data;
key_length = certificate->cert_info.modulus.length;
#ifdef WITH_DEBUG_LICENSE
printf("modulus (%d bits):\n", key_length * 8);
freerdp_hexdump(modulus, key_length);
printf("exponent:\n");
freerdp_hexdump(exponent, 4);
#endif
encrypted_premaster_secret = (uint8*) xmalloc(MODULUS_MAX_SIZE);
memset(encrypted_premaster_secret, 0, MODULUS_MAX_SIZE);
crypto_rsa_encrypt(license->premaster_secret, PREMASTER_SECRET_LENGTH,
key_length, modulus, exponent, encrypted_premaster_secret);
license->encrypted_premaster_secret->type = BB_RANDOM_BLOB;
license->encrypted_premaster_secret->length = PREMASTER_SECRET_LENGTH;
license->encrypted_premaster_secret->data = encrypted_premaster_secret;
#else
encrypted_premaster_secret = (uint8*) xmalloc(MODULUS_MAX_SIZE);
memset(encrypted_premaster_secret, 0, MODULUS_MAX_SIZE);
license->encrypted_premaster_secret->type = BB_RANDOM_BLOB;
license->encrypted_premaster_secret->length = PREMASTER_SECRET_LENGTH;
license->encrypted_premaster_secret->data = encrypted_premaster_secret;
#endif
}
static boolean rdp_establish_keys(rdpRdp* rdp)
{
uint8 client_random[32];
uint8 crypt_client_random[256 + 8];
uint32 key_len;
uint8* mod;
uint8* exp;
uint32 length;
STREAM* s;
if (rdp->settings->encryption == False)
{
/* no RDP encryption */
return True;
}
/* encrypt client random */
memset(crypt_client_random, 0, sizeof(crypt_client_random));
memset(client_random, 0x5e, 32);
crypto_nonce(client_random, 32);
key_len = rdp->settings->server_cert->cert_info.modulus.length;
mod = rdp->settings->server_cert->cert_info.modulus.data;
exp = rdp->settings->server_cert->cert_info.exponent;
crypto_rsa_encrypt(client_random, 32, key_len, mod, exp, crypt_client_random);
/* send crypt client random to server */
length = 7 + 8 + 4 + 4 + key_len + 8;
s = transport_send_stream_init(rdp->mcs->transport, length);
tpkt_write_header(s, length);
tpdu_write_header(s, 2, 0xf0);
per_write_choice(s, DomainMCSPDU_SendDataRequest << 2);
per_write_integer16(s, rdp->mcs->user_id, MCS_BASE_CHANNEL_ID);
per_write_integer16(s, MCS_GLOBAL_CHANNEL_ID, 0);
stream_write_uint8(s, 0x70);
length = (4 + 4 + key_len + 8) | 0x8000;
stream_write_uint16_be(s, length);
stream_write_uint32(s, 1); /* SEC_CLIENT_RANDOM */
length = key_len + 8;
stream_write_uint32(s, length);
memcpy(s->p, crypt_client_random, length);
stream_seek(s, length);
if (transport_write(rdp->mcs->transport, s) < 0)
{
return False;
}
/* now calculate encrypt / decrypt and update keys */
if (!security_establish_keys(client_random, rdp))
{
return False;
}
rdp->do_crypt = True;
if (rdp->settings->encryption_method == ENCRYPTION_METHOD_FIPS)
{
uint8 fips_ivec[8] = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF };
rdp->fips_encrypt = crypto_des3_encrypt_init(rdp->fips_encrypt_key, fips_ivec);
rdp->fips_decrypt = crypto_des3_decrypt_init(rdp->fips_decrypt_key, fips_ivec);
rdp->fips_hmac = crypto_hmac_new();
return True;
}
rdp->rc4_decrypt_key = crypto_rc4_init(rdp->decrypt_key, rdp->rc4_key_len);
rdp->rc4_encrypt_key = crypto_rc4_init(rdp->encrypt_key, rdp->rc4_key_len);
return True;
}
int sss_test2()
{
uint32 D[MAX_N_LENGTH] =
{
0x0e85980c, 0x64ed9426, 0x6965357b, 0x148d7858,
0x1fccaf34, 0x9dbb975d, 0xdbd454bf, 0xd31430f7,
0xbcad1f90, 0x8ff6a4ad, 0xec59636f, 0xd0b54bc8,
0x14614184, 0x7a1bbf74, 0xa7838212, 0x6a782cb3,
0xd7e372fd, 0x8c146b8d, 0x0ca47816, 0x781323e6,
0x00e729c5, 0xc9e7a788, 0x4d9a3516, 0xf9b81076,
0xdf9bbb1d, 0x3edf8067, 0xf10fe7c7, 0x2a147030,
0x09d038d3, 0x95e72f37, 0x7678c1f9, 0xaf1a81a1
};
uint32 E[MAX_N_LENGTH] =
{
0x10001,
};
uint32 N[MAX_N_LENGTH] =
{
0xe6f18faf, 0x4db624a6, 0x9471fbeb, 0x0156b6db,
0xcadff22a, 0x6cb96fd8, 0x70f28e44, 0x32b10c1b,
0xeea8dc03, 0x3372e6c0, 0x83a74734, 0x01101ea6,
0x1f04e6b3, 0x41ec9759, 0xf2f6f77c, 0x16c5dd97,
0xf5db6c60, 0xbd53bca9, 0xbdd7aebf, 0x70f338f4,
0xb45a259c, 0xcff12faf, 0xdb5d435a, 0xeb075da7,
0xd844a150, 0x2a98baba, 0x81c16187, 0x093b548c,
0x20dec362, 0x64cfc03f, 0xe797a77d, 0x658e31eb
};
uint32 rsa[MAX_N_LENGTH]; /* rsa加密后的数据 */
uint32 rsaDec[MAX_N_LENGTH]; /* rsa解密后的数据 */
uint32 org_data[MAX_N_LENGTH]; /*源数据*/
uint32 tmp_cmn_buff[MAX_N_LENGTH];
rsa_public_key key_input[2] = {{0,{0},{0}},{0,{0},{0}}};
int ret = 0;
int rsa_out_len = sizeof(rsa);
int rsaDec_out_len = sizeof(rsaDec);
int i = 0;
rever(N, MAX_N_LENGTH);
rever(D, MAX_N_LENGTH);
memset(tmp_cmn_buff, 0, sizeof(u32) * MAX_N_LENGTH);
memset(rsa, 0, 4 * MAX_N_LENGTH);
memset(rsaDec, 0, 4 * MAX_N_LENGTH);
memset(org_data, 0, sizeof(org_data));
memcpy(tmp_cmn_buff, N, sizeof(u32) * MAX_N_LENGTH);
nn_encode((uint8*)&N[0], (uint16)(sizeof(u32) * MAX_N_LENGTH), (uint32*)tmp_cmn_buff,(uint16) MAX_N_LENGTH);
memcpy(tmp_cmn_buff, D, sizeof(u32) * MAX_N_LENGTH);
nn_encode((uint8*)&D[0], (uint16)(sizeof(u32) * MAX_N_LENGTH), (uint32*)tmp_cmn_buff, (uint16)MAX_N_LENGTH);
memcpy(tmp_cmn_buff, E, sizeof(u32) * MAX_N_LENGTH);
nn_encode((uint8*)&E[0], (uint16)(sizeof(u32) * MAX_N_LENGTH), (uint32*)tmp_cmn_buff, (uint16)MAX_N_LENGTH);
key_input[1].bits = 8*sizeof(N);
memcpy(key_input[1].modulus, N, sizeof(N));
memcpy(key_input[1].public_exponent, D, sizeof(D));
org_data[0] = 0xFFFFFFFF;
org_data[1] = 116;
org_data[2] = 116;
org_data[3] = 116;
org_data[4] = 116;
org_data[5] = 116;
org_data[6] = 116;
ret = crypto_rsa_encrypt((char*)org_data, 7*4, (char*)&key_input, sizeof(key_input), (char*)rsa, &rsa_out_len);
if(BSP_ERROR == ret)
{
security_print("function : %s -- linenum : %d -- retval : %X\n", ret);
return ret;
}
security_print("rsa_out_len : %d\n\n",rsa_out_len);
for(i = 0; i < rsa_out_len/4; i++)
security_print("%lx\n", rsa[i]);
security_print("========================\n");
key_input[1].bits = 8*sizeof(N);
memcpy(key_input[1].modulus, N, sizeof(N));
memcpy(key_input[1].public_exponent, E, sizeof(E));
ret = crypto_rsa_decrypt((char*)rsa, rsa_out_len, (char*)&key_input, sizeof(key_input), (char*)rsaDec, &rsaDec_out_len);
if(BSP_ERROR == ret)
{
security_print("function : %s -- linenum : %d -- retval : %X\n", ret);
return ret;
}
security_print("rsaDec_out_len : %d\n\n", rsaDec_out_len);
for(i = 0; i < rsaDec_out_len/4; i++)
security_print("%lx\n",rsaDec[i]);
ret = memcmp(org_data, rsaDec, (unsigned) rsaDec_out_len);
if(BSP_ERROR == ret)
{
security_print("function : %s -- linenum : %d -- retval : %X\n", ret);
return ret;
}
return ret;
}
