dash/rdpy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix update keys for 128 56 and 40 bits keys, Client RDP basic security layer finish

Browse Source
This commit is contained in:
citronneur
2014-12-11 22:42:59 +01:00
parent d4d98471eb
commit f36f8222df
3 changed files with 42 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rdpy/protocol/rdp/gcc.py
View File

@@ -275,7 +275,7 @@ class ClientSecurityData(CompositeType):
def __init__(self, readLen = None): def __init__(self, readLen = None):
CompositeType.__init__(self, readLen = readLen) CompositeType.__init__(self, readLen = readLen)
self.encryptionMethods = UInt32Le(Encryption.ENCRYPTION_FLAG_40BIT | Encryption.ENCRYPTION_FLAG_56BIT | Encryption.ENCRYPTION_FLAG_128BIT) self.encryptionMethods = UInt32Le(Encryption.ENCRYPTION_FLAG_40BIT)
self.extEncryptionMethods = UInt32Le() self.extEncryptionMethods = UInt32Le()
class ServerSecurityData(CompositeType): class ServerSecurityData(CompositeType):

49
rdpy/protocol/rdp/sec.py
View File

@@ -176,6 +176,25 @@ def macData(macSaltKey, data):
return md5Digest.digest() return md5Digest.digest()
def tempKey(initialKey, currentKey):
"""
@see: http://msdn.microsoft.com/en-us/library/cc240792.aspx
"""
sha1Digest = sha.new()
md5Digest = md5.new()
sha1Digest.update(initialKey)
sha1Digest.update("\x36" * 40)
sha1Digest.update(currentKey)
sha1Sig = sha1Digest.digest()
md5Digest.update(initialKey)
md5Digest.update("\x5c" * 48)
md5Digest.update(sha1Sig)
return md5Digest.digest()
def gen40bits(data): def gen40bits(data):
""" """
@summary: generate 40 bits data from 128 bits data @summary: generate 40 bits data from 128 bits data
@@ -221,7 +240,7 @@ def generateKeys(clientRandom, serverRandom, method):
raise InvalidExpectedDataException("Bad encryption method") raise InvalidExpectedDataException("Bad encryption method")
def updateKeys(initialKey, currentKey, method): def updateKey(initialKey, currentKey, method):
""" """
@summary: update session key @summary: update session key
@param initialKey: {str} Initial key @param initialKey: {str} Initial key
@@ -229,8 +248,18 @@ def updateKeys(initialKey, currentKey, method):
@return newKey: {str} key to use @return newKey: {str} key to use
@see: http://msdn.microsoft.com/en-us/library/cc240792.aspx @see: http://msdn.microsoft.com/en-us/library/cc240792.aspx
""" """
tempKey128 = macData(initialKey, currentKey) #generate valid key
return rc4.crypt(rc4.RC4Key(tempKey128), tempKey128) if method == gcc.Encryption.ENCRYPTION_FLAG_40BIT:
tempKey128 = tempKey(initialKey[:8], currentKey[:8])
return gen40bits(rc4.crypt(rc4.RC4Key(tempKey128[:8]), tempKey128[:8]))
elif method == gcc.Encryption.ENCRYPTION_FLAG_56BIT:
tempKey128 = tempKey(initialKey[:8], currentKey[:8])
return gen56bits(rc4.crypt(rc4.RC4Key(tempKey128[:8]), tempKey128[:8]))
elif method == gcc.Encryption.ENCRYPTION_FLAG_128BIT:
tempKey128 = tempKey(initialKey, currentKey)
return rc4.crypt(rc4.RC4Key(tempKey128), tempKey128)
def bin2bn(b): def bin2bn(b):
""" """
@@ -341,8 +370,9 @@ class SecLayer(LayerAutomata, IStreamSender, tpkt.IFastPathListener, tpkt.IFastP
""" """
#if update is needed #if update is needed
if self._nbDecryptedPacket == 4096: if self._nbDecryptedPacket == 4096:
log.debug("Update decrypt key") log.info("update decrypt key")
self._currentDecrytKey = updateKeys(self._initialDecrytKey, self._currentDecrytKey, None) self._currentDecrytKey = updateKey( self._initialDecrytKey, self._currentDecrytKey,
self._transport.getGCCServerSettings().SC_SECURITY.encryptionMethod.value)
self._decryptRc4 = rc4.RC4Key(self._currentDecrytKey) self._decryptRc4 = rc4.RC4Key(self._currentDecrytKey)
self._nbDecryptedPacket = 0 self._nbDecryptedPacket = 0
@@ -367,8 +397,9 @@ class SecLayer(LayerAutomata, IStreamSender, tpkt.IFastPathListener, tpkt.IFastP
@return: {Tuple} (signature, encryptedData) @return: {Tuple} (signature, encryptedData)
""" """
if self._nbEncryptedPacket == 4096: if self._nbEncryptedPacket == 4096:
log.debug("Update encrypt key") log.info("update encrypt key")
self._currentEncryptKey = updateKeys(self._initialEncryptKey, self._currentEncryptKey, None) self._currentEncryptKey = updateKey( self._initialEncryptKey, self._currentEncryptKey,
self._transport.getGCCServerSettings().SC_SECURITY.encryptionMethod.value)
self._encryptRc4 = rc4.RC4Key(self._currentEncryptKey) self._encryptRc4 = rc4.RC4Key(self._currentEncryptKey)
self._nbEncryptedPacket = 0 self._nbEncryptedPacket = 0
@@ -511,7 +542,7 @@ class Client(SecLayer):
s.readType((securityFlag, securityFlagHi)) s.readType((securityFlag, securityFlagHi))
if not (securityFlag.value & SecurityFlag.SEC_LICENSE_PKT): if not (securityFlag.value & SecurityFlag.SEC_LICENSE_PKT):
raise InvalidExpectedDataException("Waiting license packet") raise InvalidExpectedDataException("waiting license packet")
if self._licenceManager.recv(s): if self._licenceManager.recv(s):
self.setNextState() self.setNextState()
@@ -538,7 +569,7 @@ class Server(SecLayer):
Send License valid error message Send License valid error message
Send Demand Active PDU Send Demand Active PDU
Wait Confirm Active PDU Wait Confirm Active PDU
@param s: Stream @param s: {Stream}
""" """
securityFlag = UInt16Le() securityFlag = UInt16Le()
securityFlagHi = UInt16Le() securityFlagHi = UInt16Le()

2
rdpy/protocol/rdp/x224.py
View File

@@ -132,7 +132,7 @@ class X224Layer(LayerAutomata, IStreamSender):
LayerAutomata.__init__(self, presentation) LayerAutomata.__init__(self, presentation)
#default selectedProtocol is SSl #default selectedProtocol is SSl
#client requested selectedProtocol #client requested selectedProtocol
self._requestedProtocol = Protocols.PROTOCOL_RDP | Protocols.PROTOCOL_SSL self._requestedProtocol = Protocols.PROTOCOL_RDP
#server selected selectedProtocol #server selected selectedProtocol
self._selectedProtocol = Protocols.PROTOCOL_SSL self._selectedProtocol = Protocols.PROTOCOL_SSL