X-Git-Url: https://git.sesse.net/?p=rdpsrv;a=blobdiff_plain;f=secure.c;h=51e5f84c22062d965d3f6ea21a87ba34abd93049;hp=fd96936e09bebc0cff5a93cc52bb4dd9f38c2965;hb=132e47e292eea211b9ab0ba2f835cb7f41197ada;hpb=b3ae47054997c61d01087d17a3ab001b0a54324b diff --git a/secure.c b/secure.c index fd96936..51e5f84 100644 --- a/secure.c +++ b/secure.c @@ -51,6 +51,8 @@ static uint8 sec_decrypt_update_key[16]; static uint8 sec_encrypt_update_key[16]; static uint8 sec_crypted_random[SEC_MODULUS_SIZE]; +RSA *privkey; + uint16 g_server_rdp_version = 0; /* @@ -154,6 +156,19 @@ sec_generate_keys(uint8 * client_key, uint8 * server_key, int rc4_key_size) /* Initialise RC4 state arrays */ RC4_set_key(&rc4_decrypt_key, rc4_key_len, sec_decrypt_key); RC4_set_key(&rc4_encrypt_key, rc4_key_len, sec_encrypt_key); + + { + int i; + printf("sec_decrypt_key: "); + for (i = 0; i < 16; ++i) + printf("0x%02x ", sec_decrypt_key[i]); + printf("\n"); + + printf("sec_encrypt_key: "); + for (i = 0; i < 16; ++i) + printf("0x%02x ", sec_encrypt_key[i]); + printf("\n"); + } } static uint8 pad_54[40] = { @@ -244,12 +259,12 @@ sec_encrypt(uint8 * data, int length) if (use_count == 4096) { - sec_update(sec_encrypt_key, sec_encrypt_update_key); - RC4_set_key(&rc4_encrypt_key, rc4_key_len, sec_encrypt_key); + sec_update(sec_decrypt_key, sec_decrypt_update_key); + RC4_set_key(&rc4_decrypt_key, rc4_key_len, sec_decrypt_key); use_count = 0; } - RC4(&rc4_encrypt_key, length, data, data); + RC4(&rc4_decrypt_key, length, data, data); use_count++; } @@ -261,12 +276,12 @@ sec_decrypt(uint8 * data, int length) if (use_count == 4096) { - sec_update(sec_decrypt_key, sec_decrypt_update_key); - RC4_set_key(&rc4_decrypt_key, rc4_key_len, sec_decrypt_key); + sec_update(sec_encrypt_key, sec_encrypt_update_key); + RC4_set_key(&rc4_encrypt_key, rc4_key_len, sec_encrypt_key); use_count = 0; } - RC4(&rc4_decrypt_key, length, data, data); + RC4(&rc4_encrypt_key, length, data, data); use_count++; } @@ -343,8 +358,10 @@ sec_send_to_channel(STREAM s, uint32 flags, uint16 channel) { int datalen; +// DEBUG(("sending packet to channel %u\n", channel)); + s_pop_layer(s, sec_hdr); - //if (!g_licence_issued || (flags & SEC_ENCRYPT)) +// if (!g_licence_issued || (flags & SEC_ENCRYPT)) out_uint32_le(s, flags); if (flags & SEC_ENCRYPT) @@ -711,6 +728,8 @@ sec_process_mcs_data(STREAM s) } } +extern unsigned char cacert[]; + /* Receive secure transport packet */ STREAM sec_recv(void) @@ -721,23 +740,66 @@ sec_recv(void) while ((s = mcs_recv(&channel)) != NULL) { - if (/*g_encryption || !g_licence_issued*/ 0) + if (/*g_encryption || !g_licence_issued*/ 1) { in_uint32_le(s, sec_flags); - + printf("sec_flags=%x\n", sec_flags); + if (sec_flags & SEC_ENCRYPT) { + printf("encrypt\n"); in_uint8s(s, 8); /* signature */ sec_decrypt(s->p, s->end - s->p); } if (sec_flags & SEC_LICENCE_NEG) { - licence_process(s); + printf("SEC_LICENSE_NEG unknown\n"); + //licence_process(s); + continue; + } + + if (sec_flags & SEC_LOGON_INFO) + { + printf("Received logon packet!\n"); + rdp_get_logon_info(s); + } + + if (sec_flags & SEC_CLIENT_RANDOM) { + uint32 length; + uint8 inr[SEC_MODULUS_SIZE]; + int i; + + printf("Receiving the client random!\n"); + in_uint32_le(s, length); + if (length != SEC_MODULUS_SIZE + SEC_PADDING_SIZE) { + error("Client random was wrong size, %u bytes\n", length); + } + in_uint8a(s, sec_crypted_random, SEC_MODULUS_SIZE); + in_uint8s(s, SEC_PADDING_SIZE); + if (!s_check_end(s)) { + error("Junk after client random\n"); + } + + reverse(sec_crypted_random, SEC_MODULUS_SIZE); + + RSA_private_decrypt(SEC_MODULUS_SIZE, sec_crypted_random, inr, privkey, RSA_NO_PADDING); + + reverse(inr + SEC_RANDOM_SIZE, SEC_RANDOM_SIZE); + + printf("Unencrypted client random: "); + for (i = 0; i < SEC_RANDOM_SIZE; ++i) { + printf("0x%x ", inr[i + SEC_RANDOM_SIZE]); + } + printf("\n"); + + // now we can generate the keys + sec_generate_keys(inr + SEC_RANDOM_SIZE, cacert, 8); continue; } } + printf("Received MCS data on ch %u\n", channel); if (channel != MCS_GLOBAL_CHANNEL) { channel_process(s, channel);