Begin sending RDP4-style encryption stuff.
authorSteinar H. Gunderson <sesse@samfundet.no>
Sat, 5 Feb 2005 14:51:55 +0000 (14:51 +0000)
committerSteinar H. Gunderson <sesse@samfundet.no>
Sat, 5 Feb 2005 14:51:55 +0000 (14:51 +0000)
mcs.c

diff --git a/mcs.c b/mcs.c
index 10828f9..10469d8 100644 (file)
--- a/mcs.c
+++ b/mcs.c
@@ -193,16 +193,59 @@ mcs_recv_connect_initial()
        return s_check_end(s);
 }
 
+/* key generated with "openssl genrsa 512 | openssl rsa -text":
+modulus:
+    00:b1:e0:36:2f:fd:dd:8b:d6:64:e9:2b:14:f8:b9:
+    0b:ba:3b:b7:0a:f1:f3:97:56:93:38:01:2f:d1:31:
+    2d:70:59:de:97:6a:61:3f:cb:a4:b4:12:05:89:14:
+    d9:b0:8a:70:03:b6:f1:ad:c5:b9:19:9b:b9:8f:03:
+    51:bf:fe:f8:e5
+publicExponent: 65537 (0x10001)
+privateExponent:
+    00:a4:86:68:58:97:8d:f6:2c:06:06:8d:ac:c6:2a:
+    12:a8:dd:56:ff:2e:b0:4b:08:ee:fe:dc:4a:28:4a:
+    3e:67:2d:8e:08:6b:5f:87:69:a4:c5:a0:e7:50:1a:
+    f0:71:03:46:f2:52:7c:e6:09:40:40:61:51:76:32:
+    f8:28:72:99:41
+prime1:
+    00:db:46:d9:34:10:ce:0d:f6:f7:48:30:0f:2b:f6:
+    4d:66:40:27:00:97:db:48:77:cd:96:b5:a6:51:81:
+    a1:7c:ad
+prime2:
+    00:cf:aa:5c:d3:8a:0d:d4:91:a6:40:92:ff:2c:31:
+    d6:f9:08:8d:e8:d2:a8:2f:89:a6:88:2c:61:68:8e:
+    ee:7c:19
+*/
+unsigned char my_modulus[SEC_MODULUS_SIZE] = {
+       0xe5, 0xf8, 0xfe, 0xbf, 0x51,
+       0x03, 0x8f, 0xb9, 0x9b, 0x19, 0xb9, 0xc5, 0xad, 0xf1, 0xb6, 0x03, 0x70, 0x8a, 0xb0, 0xd9,
+       0x14, 0x89, 0x05, 0x12, 0xb4, 0xa4, 0xcb, 0x3f, 0x61, 0x6a, 0x97, 0xde, 0x59, 0x70, 0x2d,
+       0x31, 0xd1, 0x2f, 0x01, 0x38, 0x93, 0x56, 0x97, 0xf3, 0xf1, 0x0a, 0xb7, 0x3b, 0xba, 0x0b,
+       0xb9, 0xf8, 0x14, 0x2b, 0xe9, 0x64, 0xd6, 0x8b, 0xdd, 0xfd, 0x2f, 0x36, 0xe0, 0xb1
+};
+unsigned char my_exponent[SEC_EXPONENT_SIZE] = {
+       0x01, 0x00, 0x01, 0x00
+};
+unsigned char my_private_exponent[] = {
+       0x41, 0x99, 0x72, 0x28, 0xf8,
+       0x32, 0x76, 0x51, 0x61, 0x40, 0x40, 0x09, 0xe6, 0x7c, 0x52, 0xf2, 0x46, 0x03, 0x71, 0xf0,
+       0x1a, 0x50, 0xe7, 0xa0, 0xc5, 0xa4, 0x69, 0x87, 0x5f, 0x6b, 0x08, 0x8e, 0x2d, 0x67, 0x3e,
+       0x4a, 0x28, 0x4a, 0xdc, 0xfe, 0xee, 0x08, 0x4b, 0xb0, 0x2e, 0xff, 0x56, 0xdd, 0xa8, 0x12,
+       0x2a, 0xc6, 0xac, 0x8d, 0x06, 0x06, 0x2c, 0xf6, 0x8d, 0x97, 0x58, 0x68, 0x86, 0xa4
+};
+
 void
 mcs_send_connect_response()
 {
        STREAM s;
-       int i;
+       int i, length;
 
-       s = iso_init(97);
+       s = iso_init(250);
        printf("INITLEN: %u\n", s->p - s->iso_hdr);
 
-       ber_out_header(s, MCS_CONNECT_RESPONSE, 94);
+       ber_out_header(s, MCS_CONNECT_RESPONSE, 245);
        ber_out_header(s, BER_TAG_RESULT, 1);
        out_uint8(s, 0);
 
@@ -211,7 +254,7 @@ mcs_send_connect_response()
        
        mcs_out_domain_params(s, 34, 2, 0, 0xffff);  // dumdidum?
 
-       ber_out_header(s, BER_TAG_OCTET_STRING, 58);
+       ber_out_header(s, BER_TAG_OCTET_STRING, 207);
 
        // some unknown header of sorts
        out_uint8(s, 0x00);
@@ -235,8 +278,12 @@ mcs_send_connect_response()
        out_uint8(s, 0x63);
        out_uint8(s, 0x44);
        out_uint8(s, 0x6e);
+
+       length = 184;
        
-       out_uint8(s, 36);  // one byte length
+       // two bytes of length
+       out_uint8(s, 0x80 | (length >> 7));
+       out_uint8(s, length & 0x7f);
 
        // server info -- we claim to support RDP5
        out_uint16_le(s, SEC_TAG_SRV_INFO);
@@ -256,12 +303,27 @@ mcs_send_connect_response()
        
        // crypto info
        out_uint16_le(s, SEC_TAG_SRV_CRYPT);
-       out_uint16_le(s, 12); // length
+       out_uint16_le(s, 160); // length
        out_uint32_le(s, 1); // 40-bit
-       out_uint32_le(s, 0); // no encryption 
+       out_uint32_le(s, 1); // low
+
+       out_uint32_le(s, SEC_RANDOM_SIZE); // random_len
+       out_uint32_le(s, 96);             // rsa_info_len
+       out_uint8s(s, SEC_RANDOM_SIZE);    // server_random
+       out_uint32_le(s, 1);               // RDP4-style
+       out_uint8s(s, 8);                  // unknown
+
+       out_uint16_le(s, SEC_TAG_PUBKEY);
+       out_uint16_le(s, 88);
+       out_uint32_le(s, SEC_RSA_MAGIC);
+       out_uint32_le(s, SEC_MODULUS_SIZE + SEC_PADDING_SIZE);  // modulus_len
+       out_uint32_le(s, SEC_MODULUS_SIZE * 8);                 // modulus_bits
+       out_uint8s(s, 4);                                       // unknown
+       out_uint8p(s, my_exponent, SEC_EXPONENT_SIZE);
+       out_uint8p(s, my_modulus, SEC_MODULUS_SIZE);
+       out_uint8s(s, SEC_PADDING_SIZE);
        
        s_mark_end(s);
-       printf("LEN: %u\n", s->p - s->iso_hdr);
        iso_send(s);
 
 }