rdpLicense* license_new(rdpRdp* rdp)
{
rdpLicense* license;
license = (rdpLicense*) malloc(sizeof(rdpLicense));
if (license != NULL)
{
ZeroMemory(license, sizeof(rdpLicense));
license->rdp = rdp;
license->state = LICENSE_STATE_AWAIT;
license->certificate = certificate_new();
license->ProductInfo = license_new_product_info();
license->ErrorInfo = license_new_binary_blob(BB_ERROR_BLOB);
license->KeyExchangeList = license_new_binary_blob(BB_KEY_EXCHG_ALG_BLOB);
license->ServerCertificate = license_new_binary_blob(BB_CERTIFICATE_BLOB);
license->ClientUserName = license_new_binary_blob(BB_CLIENT_USER_NAME_BLOB);
license->ClientMachineName = license_new_binary_blob(BB_CLIENT_MACHINE_NAME_BLOB);
license->PlatformChallenge = license_new_binary_blob(BB_ANY_BLOB);
license->EncryptedPlatformChallenge = license_new_binary_blob(BB_ANY_BLOB);
license->EncryptedPremasterSecret = license_new_binary_blob(BB_ANY_BLOB);
license->EncryptedHardwareId = license_new_binary_blob(BB_ENCRYPTED_DATA_BLOB);
license->ScopeList = license_new_scope_list();
license_generate_randoms(license);
}
return license;
}
rdpLicense* license_new(rdpRdp* rdp)
{
rdpLicense* license;
license = (rdpLicense*) malloc(sizeof(rdpLicense));
if (license != NULL)
{
ZeroMemory(license, sizeof(rdpLicense));
license->rdp = rdp;
license->state = LICENSE_STATE_AWAIT;
//license->certificate = certificate_new(rdp);
license->certificate = certificate_new();
license->product_info = license_new_product_info();
license->error_info = license_new_binary_blob(BB_ERROR_BLOB);
license->key_exchange_list = license_new_binary_blob(BB_KEY_EXCHG_ALG_BLOB);
license->server_certificate = license_new_binary_blob(BB_CERTIFICATE_BLOB);
license->client_user_name = license_new_binary_blob(BB_CLIENT_USER_NAME_BLOB);
license->client_machine_name = license_new_binary_blob(BB_CLIENT_MACHINE_NAME_BLOB);
license->platform_challenge = license_new_binary_blob(BB_ANY_BLOB);
license->encrypted_platform_challenge = license_new_binary_blob(BB_ANY_BLOB);
license->encrypted_premaster_secret = license_new_binary_blob(BB_ANY_BLOB);
license->encrypted_hwid = license_new_binary_blob(BB_ENCRYPTED_DATA_BLOB);
license->scope_list = license_new_scope_list();
license_generate_randoms(license);
}
return license;
}
BOOL gcc_read_server_security_data(wStream* s, rdpSettings* settings)
{
BYTE* data;
UINT32 length;
if (Stream_GetRemainingLength(s) < 8)
return FALSE;
Stream_Read_UINT32(s, settings->EncryptionMethods); /* encryptionMethod */
Stream_Read_UINT32(s, settings->EncryptionLevel); /* encryptionLevel */
if (settings->EncryptionMethods == 0 && settings->EncryptionLevel == 0)
{
/* serverRandom and serverRandom must not be present */
settings->DisableEncryption = FALSE;
settings->EncryptionMethods = ENCRYPTION_METHOD_NONE;
settings->EncryptionLevel = ENCRYPTION_LEVEL_NONE;
return TRUE;
}
if (Stream_GetRemainingLength(s) < 8)
return FALSE;
Stream_Read_UINT32(s, settings->ServerRandomLength); /* serverRandomLen */
Stream_Read_UINT32(s, settings->ServerCertificateLength); /* serverCertLen */
if (Stream_GetRemainingLength(s) < settings->ServerRandomLength + settings->ServerCertificateLength)
return FALSE;
if (settings->ServerRandomLength > 0)
{
/* serverRandom */
settings->ServerRandom = (BYTE*) malloc(settings->ServerRandomLength);
Stream_Read(s, settings->ServerRandom, settings->ServerRandomLength);
}
else
{
return FALSE;
}
if (settings->ServerCertificateLength > 0)
{
/* serverCertificate */
settings->ServerCertificate = (BYTE*) malloc(settings->ServerCertificateLength);
Stream_Read(s, settings->ServerCertificate, settings->ServerCertificateLength);
certificate_free(settings->RdpServerCertificate);
settings->RdpServerCertificate = certificate_new();
data = settings->ServerCertificate;
length = settings->ServerCertificateLength;
if (certificate_read_server_certificate(settings->RdpServerCertificate, data, length) < 1)
return FALSE;
}
else
{
return FALSE;
}
return TRUE;
}
boolean gcc_read_server_security_data(STREAM* s, rdpSettings *settings)
{
uint32 serverRandomLen;
uint32 serverCertLen;
uint8* data;
uint32 len;
stream_read_uint32(s, settings->encryption_method); /* encryptionMethod */
stream_read_uint32(s, settings->encryption_level); /* encryptionLevel */
if (settings->encryption_method == 0 && settings->encryption_level == 0)
{
/* serverRandom and serverRandom must not be present */
settings->encryption = false;
settings->encryption_method = ENCRYPTION_METHOD_NONE;
settings->encryption_level = ENCRYPTION_LEVEL_NONE;
return true;
}
stream_read_uint32(s, serverRandomLen); /* serverRandomLen */
stream_read_uint32(s, serverCertLen); /* serverCertLen */
if (serverRandomLen > 0)
{
/* serverRandom */
freerdp_blob_alloc(&settings->server_random, serverRandomLen);
memcpy(settings->server_random.data, s->p, serverRandomLen);
stream_seek(s, serverRandomLen);
}
else
{
return false;
}
if (serverCertLen > 0)
{
/* serverCertificate */
freerdp_blob_alloc(&settings->server_certificate, serverCertLen);
memcpy(settings->server_certificate.data, s->p, serverCertLen);
stream_seek(s, serverCertLen);
certificate_free(settings->server_cert);
settings->server_cert = certificate_new();
data = settings->server_certificate.data;
len = settings->server_certificate.length;
if (!certificate_read_server_certificate(settings->server_cert, data, len))
{
return false;
}
}
else
{
return false;
}
return true;
}
boolean gcc_read_server_security_data(STREAM* s, rdpSettings* settings)
{
uint8* data;
uint32 length;
stream_read_uint32(s, settings->encryption_method); /* encryptionMethod */
stream_read_uint32(s, settings->encryption_level); /* encryptionLevel */
if (settings->encryption_method == 0 && settings->encryption_level == 0)
{
/* serverRandom and serverRandom must not be present */
settings->encryption = false;
settings->encryption_method = ENCRYPTION_METHOD_NONE;
settings->encryption_level = ENCRYPTION_LEVEL_NONE;
return true;
}
stream_read_uint32(s, settings->server_random_length); /* serverRandomLen */
stream_read_uint32(s, settings->server_certificate_length); /* serverCertLen */
if (settings->server_random_length > 0)
{
/* serverRandom */
settings->server_random = (BYTE*) malloc(settings->server_random_length);
stream_read(s, settings->server_random, settings->server_random_length);
}
else
{
return false;
}
if (settings->server_certificate_length > 0)
{
/* serverCertificate */
settings->server_certificate = (BYTE*) malloc(settings->server_certificate_length);
stream_read(s, settings->server_certificate, settings->server_certificate_length);
certificate_free(settings->server_cert);
settings->server_cert = certificate_new();
data = settings->server_certificate;
length = settings->server_certificate_length;
if (!certificate_read_server_certificate(settings->server_cert, data, length))
return false;
}
else
{
return false;
}
return true;
}
BOOL gcc_read_server_security_data(wStream* s, rdpMcs* mcs)
{
BYTE* data;
UINT32 length;
rdpSettings* settings = mcs->settings;
BOOL validCryptoConfig = FALSE;
UINT32 serverEncryptionMethod;
if (Stream_GetRemainingLength(s) < 8)
return FALSE;
Stream_Read_UINT32(s, serverEncryptionMethod); /* encryptionMethod */
Stream_Read_UINT32(s, settings->EncryptionLevel); /* encryptionLevel */
/* Only accept valid/known encryption methods */
switch (serverEncryptionMethod)
{
case ENCRYPTION_METHOD_NONE:
WLog_DBG(TAG, "Server rdp encryption method: NONE");
break;
case ENCRYPTION_METHOD_40BIT:
WLog_DBG(TAG, "Server rdp encryption method: 40BIT");
break;
case ENCRYPTION_METHOD_56BIT:
WLog_DBG(TAG, "Server rdp encryption method: 56BIT");
break;
case ENCRYPTION_METHOD_128BIT:
WLog_DBG(TAG, "Server rdp encryption method: 128BIT");
break;
case ENCRYPTION_METHOD_FIPS:
WLog_DBG(TAG, "Server rdp encryption method: FIPS");
break;
default:
WLog_ERR(TAG, "Received unknown encryption method %08X", serverEncryptionMethod);
return FALSE;
}
if (settings->UseRdpSecurityLayer && !(settings->EncryptionMethods & serverEncryptionMethod))
{
WLog_WARN(TAG, "Server uses non-advertised encryption method 0x%08X", serverEncryptionMethod);
/* FIXME: Should we return FALSE; in this case ?? */
}
settings->EncryptionMethods = serverEncryptionMethod;
/* Verify encryption level/method combinations according to MS-RDPBCGR Section 5.3.2 */
switch (settings->EncryptionLevel)
{
case ENCRYPTION_LEVEL_NONE:
if (settings->EncryptionMethods == ENCRYPTION_METHOD_NONE)
{
validCryptoConfig = TRUE;
}
break;
case ENCRYPTION_LEVEL_FIPS:
if (settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
{
validCryptoConfig = TRUE;
}
break;
case ENCRYPTION_LEVEL_LOW:
case ENCRYPTION_LEVEL_HIGH:
case ENCRYPTION_LEVEL_CLIENT_COMPATIBLE:
if (settings->EncryptionMethods == ENCRYPTION_METHOD_40BIT ||
settings->EncryptionMethods == ENCRYPTION_METHOD_56BIT ||
settings->EncryptionMethods == ENCRYPTION_METHOD_128BIT ||
settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
{
validCryptoConfig = TRUE;
}
break;
default:
WLog_ERR(TAG, "Received unknown encryption level %08X", settings->EncryptionLevel);
}
if (!validCryptoConfig)
{
WLog_ERR(TAG, "Received invalid cryptographic configuration (level=0x%08X method=0x%08X)",
settings->EncryptionLevel, settings->EncryptionMethods);
return FALSE;
}
if (settings->EncryptionLevel == ENCRYPTION_LEVEL_NONE)
{
/* serverRandomLen and serverCertLen must not be present */
settings->UseRdpSecurityLayer = FALSE;
return TRUE;
}
if (Stream_GetRemainingLength(s) < 8)
return FALSE;
Stream_Read_UINT32(s, settings->ServerRandomLength); /* serverRandomLen */
Stream_Read_UINT32(s, settings->ServerCertificateLength); /* serverCertLen */
if (Stream_GetRemainingLength(s) < settings->ServerRandomLength + settings->ServerCertificateLength)
return FALSE;
if ((settings->ServerRandomLength <= 0) || (settings->ServerCertificateLength <= 0))
return FALSE;
/* serverRandom */
settings->ServerRandom = (BYTE*) malloc(settings->ServerRandomLength);
if (!settings->ServerRandom)
return FALSE;
Stream_Read(s, settings->ServerRandom, settings->ServerRandomLength);
/* serverCertificate */
settings->ServerCertificate = (BYTE*) malloc(settings->ServerCertificateLength);
if (!settings->ServerCertificate)
return FALSE;
Stream_Read(s, settings->ServerCertificate, settings->ServerCertificateLength);
certificate_free(settings->RdpServerCertificate);
settings->RdpServerCertificate = certificate_new();
if (!settings->RdpServerCertificate)
return FALSE;
data = settings->ServerCertificate;
length = settings->ServerCertificateLength;
return certificate_read_server_certificate(settings->RdpServerCertificate, data, length);
}
