summaryrefslogtreecommitdiffstats
path: root/libxrdp/xrdp_sec.c
diff options
context:
space:
mode:
authorJay Sorg <jay.sorg@gmail.com>2014-02-24 11:37:32 -0800
committerJay Sorg <jay.sorg@gmail.com>2014-02-24 11:37:32 -0800
commite1c97ba1249c9b26e8b0302adba35e3ac65c1d01 (patch)
tree179374ea70cd5cd39980692a8ba903d00c11e10f /libxrdp/xrdp_sec.c
parent950ef882f434bae754e4221f79ac4002b77556b5 (diff)
downloadxrdp-proprietary-e1c97ba1249c9b26e8b0302adba35e3ac65c1d01.tar.gz
xrdp-proprietary-e1c97ba1249c9b26e8b0302adba35e3ac65c1d01.zip
libxrdp: fips working now
Diffstat (limited to 'libxrdp/xrdp_sec.c')
-rw-r--r--libxrdp/xrdp_sec.c51
1 files changed, 26 insertions, 25 deletions
diff --git a/libxrdp/xrdp_sec.c b/libxrdp/xrdp_sec.c
index c1768022..ee2aa319 100644
--- a/libxrdp/xrdp_sec.c
+++ b/libxrdp/xrdp_sec.c
@@ -966,7 +966,7 @@ xrdp_sec_recv(struct xrdp_sec *self, struct stream *s, int *chan)
if (flags & SEC_ENCRYPT) /* 0x08 */
{
- if (self->crypt_method == CRYPT_METHOD_FIPS)
+ if (self->crypt_level == CRYPT_LEVEL_FIPS)
{
if (!s_check_rem(s, 12))
{
@@ -974,6 +974,10 @@ xrdp_sec_recv(struct xrdp_sec *self, struct stream *s, int *chan)
}
in_uint16_le(s, len);
in_uint8(s, ver);
+ if ((len != 16) || (ver != 1))
+ {
+ return 1;
+ }
in_uint8(s, pad);
LLOGLN(10, ("xrdp_sec_recv: len %d ver %d pad %d", len, ver, pad));
in_uint8s(s, 8); /* signature(8) */
@@ -1002,7 +1006,7 @@ xrdp_sec_recv(struct xrdp_sec *self, struct stream *s, int *chan)
in_uint8a(s, self->client_crypt_random, 64);
xrdp_sec_rsa_op(self->client_random, self->client_crypt_random,
self->pub_mod, self->pri_exp);
- if (self->crypt_method == CRYPT_METHOD_FIPS)
+ if (self->crypt_level == CRYPT_LEVEL_FIPS)
{
xrdp_sec_fips_establish_keys(self);
}
@@ -1076,6 +1080,23 @@ buf_out_uint32(char *buffer, int value)
/*****************************************************************************/
/* Generate a MAC hash (5.2.3.1), using a combination of SHA1 and MD5 */
static void APP_CC
+xrdp_sec_fips_sign(struct xrdp_sec *self, char *out, int out_len,
+ char *data, int data_len)
+{
+ char buf[20];
+ char lenhdr[4];
+
+ buf_out_uint32(lenhdr, self->encrypt_use_count);
+ ssl_hmac_sha1_init(self->sign_fips_info, self->fips_sign_key, 20);
+ ssl_hmac_transform(self->sign_fips_info, data, data_len);
+ ssl_hmac_transform(self->sign_fips_info, lenhdr, 4);
+ ssl_hmac_complete(self->sign_fips_info, buf, 20);
+ g_memcpy(out, buf, out_len);
+}
+
+/*****************************************************************************/
+/* Generate a MAC hash (5.2.3.1), using a combination of SHA1 and MD5 */
+static void APP_CC
xrdp_sec_sign(struct xrdp_sec *self, char *out, int out_len,
char *data, int data_len)
{
@@ -1105,26 +1126,6 @@ xrdp_sec_sign(struct xrdp_sec *self, char *out, int out_len,
}
/*****************************************************************************/
-/* Generate a MAC hash (5.2.3.1), using a combination of SHA1 and MD5 */
-static void APP_CC
-xrdp_sec_fips_sign(struct xrdp_sec *self, char *out, int out_len,
- char *data, int data_len)
-{
- char buf[20];
- char use_count_le[4];
-
- use_count_le[0] = (self->encrypt_use_count >> 0) & 0xFF;
- use_count_le[1] = (self->encrypt_use_count >> 8) & 0xFF;
- use_count_le[2] = (self->encrypt_use_count >> 16) & 0xFF;
- use_count_le[3] = (self->encrypt_use_count >> 24) & 0xFF;
- ssl_hmac_sha1_init(self->sign_fips_info, self->fips_sign_key, 20);
- ssl_hmac_transform(self->sign_fips_info, data, data_len);
- ssl_hmac_transform(self->sign_fips_info, use_count_le, 4);
- ssl_hmac_complete(self->sign_fips_info, buf, 20);
- g_memcpy(out, buf, out_len);
-}
-
-/*****************************************************************************/
/* returns error */
int APP_CC
xrdp_sec_send(struct xrdp_sec *self, struct stream *s, int chan)
@@ -1533,7 +1534,7 @@ xrdp_sec_process_mcs_data(struct xrdp_sec *self)
in_uint16_le(s, tag);
in_uint16_le(s, size);
- if (size < 4 || !s_check_rem(s, size - 4))
+ if ((size < 4) || (!s_check_rem(s, size - 4)))
{
LLOGLN(0, ("error in xrdp_sec_process_mcs_data tag %d size %d",
tag, size));
@@ -1578,8 +1579,8 @@ xrdp_sec_process_mcs_data(struct xrdp_sec *self)
SC_MCS_MSGCHANNEL 0x0C04
SC_MULTITRANSPORT 0x0C08 */
default:
- LLOGLN(0, ("error unknown xrdp_sec_process_mcs_data tag %d "
- "size %d", tag, size));
+ LLOGLN(0, ("error unknown xrdp_sec_process_mcs_data "
+ "tag 0x%4.4x size %d", tag, size));
break;
}