rdpLicense* license_new(rdpRdp* rdp) { rdpLicense* license; license = (rdpLicense*) malloc(sizeof(rdpLicense)); if (license != NULL) { ZeroMemory(license, sizeof(rdpLicense)); license->rdp = rdp; license->state = LICENSE_STATE_AWAIT; license->certificate = certificate_new(); license->ProductInfo = license_new_product_info(); license->ErrorInfo = license_new_binary_blob(BB_ERROR_BLOB); license->KeyExchangeList = license_new_binary_blob(BB_KEY_EXCHG_ALG_BLOB); license->ServerCertificate = license_new_binary_blob(BB_CERTIFICATE_BLOB); license->ClientUserName = license_new_binary_blob(BB_CLIENT_USER_NAME_BLOB); license->ClientMachineName = license_new_binary_blob(BB_CLIENT_MACHINE_NAME_BLOB); license->PlatformChallenge = license_new_binary_blob(BB_ANY_BLOB); license->EncryptedPlatformChallenge = license_new_binary_blob(BB_ANY_BLOB); license->EncryptedPremasterSecret = license_new_binary_blob(BB_ANY_BLOB); license->EncryptedHardwareId = license_new_binary_blob(BB_ENCRYPTED_DATA_BLOB); license->ScopeList = license_new_scope_list(); license_generate_randoms(license); } return license; }
rdpLicense* license_new(rdpRdp* rdp) { rdpLicense* license; license = (rdpLicense*) malloc(sizeof(rdpLicense)); if (license != NULL) { ZeroMemory(license, sizeof(rdpLicense)); license->rdp = rdp; license->state = LICENSE_STATE_AWAIT; //license->certificate = certificate_new(rdp); license->certificate = certificate_new(); license->product_info = license_new_product_info(); license->error_info = license_new_binary_blob(BB_ERROR_BLOB); license->key_exchange_list = license_new_binary_blob(BB_KEY_EXCHG_ALG_BLOB); license->server_certificate = license_new_binary_blob(BB_CERTIFICATE_BLOB); license->client_user_name = license_new_binary_blob(BB_CLIENT_USER_NAME_BLOB); license->client_machine_name = license_new_binary_blob(BB_CLIENT_MACHINE_NAME_BLOB); license->platform_challenge = license_new_binary_blob(BB_ANY_BLOB); license->encrypted_platform_challenge = license_new_binary_blob(BB_ANY_BLOB); license->encrypted_premaster_secret = license_new_binary_blob(BB_ANY_BLOB); license->encrypted_hwid = license_new_binary_blob(BB_ENCRYPTED_DATA_BLOB); license->scope_list = license_new_scope_list(); license_generate_randoms(license); } return license; }
BOOL gcc_read_server_security_data(wStream* s, rdpSettings* settings) { BYTE* data; UINT32 length; if (Stream_GetRemainingLength(s) < 8) return FALSE; Stream_Read_UINT32(s, settings->EncryptionMethods); /* encryptionMethod */ Stream_Read_UINT32(s, settings->EncryptionLevel); /* encryptionLevel */ if (settings->EncryptionMethods == 0 && settings->EncryptionLevel == 0) { /* serverRandom and serverRandom must not be present */ settings->DisableEncryption = FALSE; settings->EncryptionMethods = ENCRYPTION_METHOD_NONE; settings->EncryptionLevel = ENCRYPTION_LEVEL_NONE; return TRUE; } if (Stream_GetRemainingLength(s) < 8) return FALSE; Stream_Read_UINT32(s, settings->ServerRandomLength); /* serverRandomLen */ Stream_Read_UINT32(s, settings->ServerCertificateLength); /* serverCertLen */ if (Stream_GetRemainingLength(s) < settings->ServerRandomLength + settings->ServerCertificateLength) return FALSE; if (settings->ServerRandomLength > 0) { /* serverRandom */ settings->ServerRandom = (BYTE*) malloc(settings->ServerRandomLength); Stream_Read(s, settings->ServerRandom, settings->ServerRandomLength); } else { return FALSE; } if (settings->ServerCertificateLength > 0) { /* serverCertificate */ settings->ServerCertificate = (BYTE*) malloc(settings->ServerCertificateLength); Stream_Read(s, settings->ServerCertificate, settings->ServerCertificateLength); certificate_free(settings->RdpServerCertificate); settings->RdpServerCertificate = certificate_new(); data = settings->ServerCertificate; length = settings->ServerCertificateLength; if (certificate_read_server_certificate(settings->RdpServerCertificate, data, length) < 1) return FALSE; } else { return FALSE; } return TRUE; }
boolean gcc_read_server_security_data(STREAM* s, rdpSettings *settings) { uint32 serverRandomLen; uint32 serverCertLen; uint8* data; uint32 len; stream_read_uint32(s, settings->encryption_method); /* encryptionMethod */ stream_read_uint32(s, settings->encryption_level); /* encryptionLevel */ if (settings->encryption_method == 0 && settings->encryption_level == 0) { /* serverRandom and serverRandom must not be present */ settings->encryption = false; settings->encryption_method = ENCRYPTION_METHOD_NONE; settings->encryption_level = ENCRYPTION_LEVEL_NONE; return true; } stream_read_uint32(s, serverRandomLen); /* serverRandomLen */ stream_read_uint32(s, serverCertLen); /* serverCertLen */ if (serverRandomLen > 0) { /* serverRandom */ freerdp_blob_alloc(&settings->server_random, serverRandomLen); memcpy(settings->server_random.data, s->p, serverRandomLen); stream_seek(s, serverRandomLen); } else { return false; } if (serverCertLen > 0) { /* serverCertificate */ freerdp_blob_alloc(&settings->server_certificate, serverCertLen); memcpy(settings->server_certificate.data, s->p, serverCertLen); stream_seek(s, serverCertLen); certificate_free(settings->server_cert); settings->server_cert = certificate_new(); data = settings->server_certificate.data; len = settings->server_certificate.length; if (!certificate_read_server_certificate(settings->server_cert, data, len)) { return false; } } else { return false; } return true; }
boolean gcc_read_server_security_data(STREAM* s, rdpSettings* settings) { uint8* data; uint32 length; stream_read_uint32(s, settings->encryption_method); /* encryptionMethod */ stream_read_uint32(s, settings->encryption_level); /* encryptionLevel */ if (settings->encryption_method == 0 && settings->encryption_level == 0) { /* serverRandom and serverRandom must not be present */ settings->encryption = false; settings->encryption_method = ENCRYPTION_METHOD_NONE; settings->encryption_level = ENCRYPTION_LEVEL_NONE; return true; } stream_read_uint32(s, settings->server_random_length); /* serverRandomLen */ stream_read_uint32(s, settings->server_certificate_length); /* serverCertLen */ if (settings->server_random_length > 0) { /* serverRandom */ settings->server_random = (BYTE*) malloc(settings->server_random_length); stream_read(s, settings->server_random, settings->server_random_length); } else { return false; } if (settings->server_certificate_length > 0) { /* serverCertificate */ settings->server_certificate = (BYTE*) malloc(settings->server_certificate_length); stream_read(s, settings->server_certificate, settings->server_certificate_length); certificate_free(settings->server_cert); settings->server_cert = certificate_new(); data = settings->server_certificate; length = settings->server_certificate_length; if (!certificate_read_server_certificate(settings->server_cert, data, length)) return false; } else { return false; } return true; }
BOOL gcc_read_server_security_data(wStream* s, rdpMcs* mcs) { BYTE* data; UINT32 length; rdpSettings* settings = mcs->settings; BOOL validCryptoConfig = FALSE; UINT32 serverEncryptionMethod; if (Stream_GetRemainingLength(s) < 8) return FALSE; Stream_Read_UINT32(s, serverEncryptionMethod); /* encryptionMethod */ Stream_Read_UINT32(s, settings->EncryptionLevel); /* encryptionLevel */ /* Only accept valid/known encryption methods */ switch (serverEncryptionMethod) { case ENCRYPTION_METHOD_NONE: WLog_DBG(TAG, "Server rdp encryption method: NONE"); break; case ENCRYPTION_METHOD_40BIT: WLog_DBG(TAG, "Server rdp encryption method: 40BIT"); break; case ENCRYPTION_METHOD_56BIT: WLog_DBG(TAG, "Server rdp encryption method: 56BIT"); break; case ENCRYPTION_METHOD_128BIT: WLog_DBG(TAG, "Server rdp encryption method: 128BIT"); break; case ENCRYPTION_METHOD_FIPS: WLog_DBG(TAG, "Server rdp encryption method: FIPS"); break; default: WLog_ERR(TAG, "Received unknown encryption method %08X", serverEncryptionMethod); return FALSE; } if (settings->UseRdpSecurityLayer && !(settings->EncryptionMethods & serverEncryptionMethod)) { WLog_WARN(TAG, "Server uses non-advertised encryption method 0x%08X", serverEncryptionMethod); /* FIXME: Should we return FALSE; in this case ?? */ } settings->EncryptionMethods = serverEncryptionMethod; /* Verify encryption level/method combinations according to MS-RDPBCGR Section 5.3.2 */ switch (settings->EncryptionLevel) { case ENCRYPTION_LEVEL_NONE: if (settings->EncryptionMethods == ENCRYPTION_METHOD_NONE) { validCryptoConfig = TRUE; } break; case ENCRYPTION_LEVEL_FIPS: if (settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS) { validCryptoConfig = TRUE; } break; case ENCRYPTION_LEVEL_LOW: case ENCRYPTION_LEVEL_HIGH: case ENCRYPTION_LEVEL_CLIENT_COMPATIBLE: if (settings->EncryptionMethods == ENCRYPTION_METHOD_40BIT || settings->EncryptionMethods == ENCRYPTION_METHOD_56BIT || settings->EncryptionMethods == ENCRYPTION_METHOD_128BIT || settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS) { validCryptoConfig = TRUE; } break; default: WLog_ERR(TAG, "Received unknown encryption level %08X", settings->EncryptionLevel); } if (!validCryptoConfig) { WLog_ERR(TAG, "Received invalid cryptographic configuration (level=0x%08X method=0x%08X)", settings->EncryptionLevel, settings->EncryptionMethods); return FALSE; } if (settings->EncryptionLevel == ENCRYPTION_LEVEL_NONE) { /* serverRandomLen and serverCertLen must not be present */ settings->UseRdpSecurityLayer = FALSE; return TRUE; } if (Stream_GetRemainingLength(s) < 8) return FALSE; Stream_Read_UINT32(s, settings->ServerRandomLength); /* serverRandomLen */ Stream_Read_UINT32(s, settings->ServerCertificateLength); /* serverCertLen */ if (Stream_GetRemainingLength(s) < settings->ServerRandomLength + settings->ServerCertificateLength) return FALSE; if ((settings->ServerRandomLength <= 0) || (settings->ServerCertificateLength <= 0)) return FALSE; /* serverRandom */ settings->ServerRandom = (BYTE*) malloc(settings->ServerRandomLength); if (!settings->ServerRandom) return FALSE; Stream_Read(s, settings->ServerRandom, settings->ServerRandomLength); /* serverCertificate */ settings->ServerCertificate = (BYTE*) malloc(settings->ServerCertificateLength); if (!settings->ServerCertificate) return FALSE; Stream_Read(s, settings->ServerCertificate, settings->ServerCertificateLength); certificate_free(settings->RdpServerCertificate); settings->RdpServerCertificate = certificate_new(); if (!settings->RdpServerCertificate) return FALSE; data = settings->ServerCertificate; length = settings->ServerCertificateLength; return certificate_read_server_certificate(settings->RdpServerCertificate, data, length); }