pxcloud/freerdp2
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update upstream source from tag 'upstream/2.10.0+dfsg1'

Browse Source 
Update to upstream version '2.10.0+dfsg1'
with Debian dir b038285fe6
This commit is contained in:
Mike Gabriel 2023-02-26 21:53:37 +01:00
commit 4781bcfcda
50 changed files with 1906 additions and 1467 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
CMakeLists.txt
View File

@ -85,7 +85,7 @@ if ($ENV{BUILD_NUMBER})
endif()
set(WITH_LIBRARY_VERSIONING "ON")
set(RAW_VERSION_STRING "2.9.0")
set(RAW_VERSION_STRING "2.10.0")
if(EXISTS "${CMAKE_SOURCE_DIR}/.source_tag")
file(READ ${CMAKE_SOURCE_DIR}/.source_tag RAW_VERSION_STRING)
elseif(USE_VERSION_FROM_GIT_TAG)
@ -990,7 +990,16 @@ if (APPLE)
else (APPLE)
set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
if (NOT FREEBSD)
set(CMAKE_INSTALL_RPATH "\$ORIGIN/../${CMAKE_INSTALL_LIBDIR}:\$ORIGIN/..")
if (NOT BUILTIN_CHANNELS)
if (NOT DEFINED WITH_PLUGIN_RPATH_ONLY)
set(CMAKE_INSTALL_RPATH "\$ORIGIN/../${CMAKE_INSTALL_LIBDIR}:\$ORIGIN/..:\$ORIGIN/../${FREERDP_PLUGIN_PATH}")
else()
# we need to supply this run path, even if not using RPATH in general
set(CMAKE_INSTALL_RPATH "\$ORIGIN/../${FREERDP_PLUGIN_PATH}")
endif()
else()
set(CMAKE_INSTALL_RPATH "\$ORIGIN/../${CMAKE_INSTALL_LIBDIR}:\$ORIGIN/..")
endif()
endif()
endif(APPLE)

23
ChangeLog
View File

@ -1,3 +1,26 @@
# 2023-02-16 Version 2.10.0
Notewhorth changes:
* Fix android build scripts, use CMake from SDK
* Fix connection negotiation with mstsc/msrdc #8426
* [ntlm]: use rfc5929 binding hash algorithm #8430
* [channels,printer] Fixed reference counting #8433
* Fix uwac pixman #8439
* Fix Rdp security #8457
* [client,x11] Detect key autorepeat #8522
* [build] add channel path to RPATH #8551
* Fix build with BUILTIN_CHANNELS=OFF #8560
* revert changes so that the osmajortype/osminortype is not overwritten #8571
* [uwac] do not use iso C functions #8604
* [winpr,sam] fix inalid NULL arguments #8605
* Fix incompatible function pointer types #8625
Fixed issues:
* Backported #8581: Ignore data PDUs for DVCs that were not opened successfully
* Backported #8498: [channel,urbdrc] fix type of usb hotplug callback
* Backported #8537: Extended info enforce limits
* Backported #8611: [core] add missing redirection fields
# 2022-11-16 Version 2.9.0
Notewhorth changes:

2
channels/printer/client/cups/printer_cups.c
View File

@ -403,8 +403,8 @@ FREERDP_API rdpPrinterDriver* freerdp_printer_client_subsystem_entry(void)
uniq_cups_driver->driver.ReleaseRef = printer_cups_release_ref_driver;
uniq_cups_driver->id_sequence = 1;
uniq_cups_driver->driver.AddRef(&uniq_cups_driver->driver);
}
uniq_cups_driver->driver.AddRef(&uniq_cups_driver->driver);
return &uniq_cups_driver->driver;
}

2
channels/printer/client/win/printer_win.c
View File

@ -452,8 +452,8 @@ FREERDP_API rdpPrinterDriver* freerdp_printer_client_subsystem_entry(void)
win_driver->driver.ReleaseRef = printer_win_release_ref_driver;
win_driver->id_sequence = 1;
win_driver->driver.AddRef(&win_driver->driver);
}
win_driver->driver.AddRef(&win_driver->driver);
return &win_driver->driver;
}

2
channels/rdp2tcp/client/CMakeLists.txt
View File

@ -22,6 +22,6 @@ set(${MODULE_PREFIX}_SRCS
add_channel_client_library(${MODULE_PREFIX} ${MODULE_NAME} ${CHANNEL_NAME} TRUE "VirtualChannelEntryEx")
target_link_libraries(${MODULE_NAME} freerdp)
target_link_libraries(${MODULE_NAME} winpr freerdp)
set_property(TARGET ${MODULE_NAME} PROPERTY FOLDER "Channels/${CHANNEL_NAME}/Client")

3
channels/rdpsnd/client/proxy/CMakeLists.txt
View File

@ -25,6 +25,9 @@ include_directories(..)
add_channel_client_subsystem_library(${MODULE_PREFIX} ${MODULE_NAME} ${CHANNEL_NAME} "" TRUE "")
if (NOT BUILTIN_CHANNELS)
list(APPEND ${MODULE_PREFIX}_LIBS freerdp-client)
endif()
list(APPEND ${MODULE_PREFIX}_LIBS freerdp)
list(APPEND ${MODULE_PREFIX}_LIBS winpr)

4
channels/urbdrc/client/libusb/libusb_udevman.c
View File

@ -581,8 +581,8 @@ static BOOL device_is_filtered(struct libusb_device* dev,
return filtered;
}
static int hotplug_callback(struct libusb_context* ctx, struct libusb_device* dev,
libusb_hotplug_event event, void* user_data)
static int LIBUSB_CALL hotplug_callback(struct libusb_context* ctx, struct libusb_device* dev,
libusb_hotplug_event event, void* user_data)
{
VID_PID_PAIR pair;
struct libusb_device_descriptor desc;

6
channels/video/client/CMakeLists.txt
View File

@ -25,8 +25,10 @@ include_directories(..)
add_channel_client_library(${MODULE_PREFIX} ${MODULE_NAME} ${CHANNEL_NAME} TRUE "DVCPluginEntry")
if (NOT BUILTIN_CHANNELS)
set(${MODULE_PREFIX}_LIBS ${${MODULE_PREFIX}_LIBS} freerdp-client)
set(${MODULE_PREFIX}_LIBS ${${MODULE_PREFIX}_LIBS} rdpgfx-client)
endif()
set(${MODULE_PREFIX}_LIBS ${${MODULE_PREFIX}_LIBS} winpr)
target_link_libraries(${MODULE_NAME} ${${MODULE_PREFIX}_LIBS})

2
client/X11/xf_disp.c
View File

@ -248,7 +248,7 @@ static void xf_disp_OnTimer(void* context, TimerEventArgs* e)
xf_disp_sendResize(xfDisp);
}
static void xf_disp_OnWindowStateChange(void* context, const WindowStateChangeEventArgs* e)
static void xf_disp_OnWindowStateChange(void* context, WindowStateChangeEventArgs* e)
{
xfContext* xfc;
xfDispContext* xfDisp;

25
client/X11/xf_event.c
View File

@ -521,6 +521,29 @@ static BOOL xf_event_KeyRelease(xfContext* xfc, const XKeyEvent* event, BOOL app
return TRUE;
}
/* Release a key, but ignore the event in case of autorepeat.
*/
static BOOL xf_event_KeyReleaseOrIgnore(xfContext* xfc, const XKeyEvent* event, BOOL app)
{
WINPR_ASSERT(xfc);
WINPR_ASSERT(event);
if ((event->type == KeyRelease) && XEventsQueued(xfc->display, QueuedAfterReading))
{
XEvent nev = { 0 };
XPeekEvent(xfc->display, &nev);
if ((nev.type == KeyPress) && (nev.xkey.time == event->time) &&
(nev.xkey.keycode == event->keycode))
{
/* Key wasnt actually released */
return TRUE;
}
}
return xf_event_KeyRelease(xfc, event, app);
}
static BOOL xf_event_FocusIn(xfContext* xfc, const XFocusInEvent* event, BOOL app)
{
if (event->mode == NotifyGrab)
@ -1086,7 +1109,7 @@ BOOL xf_event_process(freerdp* instance, const XEvent* event)
break;
case KeyRelease:
status = xf_event_KeyRelease(xfc, &event->xkey, xfc->remote_app);
status = xf_event_KeyReleaseOrIgnore(xfc, &event->xkey, xfc->remote_app);
break;
case FocusIn:

3
config.h.in
View File

@ -186,4 +186,7 @@
#cmakedefine WITH_INTERNAL_MD4
#cmakedefine WITH_INTERNAL_MD5
/* Uwac */
#cmakedefine HAVE_PIXMAN_REGION
#endif /* FREERDP_CONFIG_H */

2
include/freerdp/crypto/crypto.h
View File

@ -22,6 +22,7 @@
/* OpenSSL includes windows.h */
#include <winpr/windows.h>
#include <winpr/custom-crypto.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
@ -54,6 +55,7 @@ extern "C"
typedef struct crypto_cert_struct* CryptoCert;
FREERDP_API CryptoCert crypto_cert_read(BYTE* data, UINT32 length);
FREERDP_API WINPR_MD_TYPE crypto_cert_get_signature_alg(X509* xcert);
FREERDP_API BYTE* crypto_cert_hash(X509* xcert, const char* hash, UINT32* length);
FREERDP_API char* crypto_cert_fingerprint_by_hash(X509* xcert, const char* hash);
FREERDP_API char* crypto_cert_fingerprint(X509* xcert);

15
include/freerdp/settings.h
View File

@ -251,6 +251,9 @@ typedef enum
#define LB_TARGET_NET_ADDRESSES 0x00000800
#define LB_CLIENT_TSV_URL 0x00001000
#define LB_SERVER_TSV_CAPABLE 0x00002000
#define LB_PASSWORD_IS_PK_ENCRYPTED 0x00004000
#define LB_REDIRECTION_GUID 0x00008000
#define LB_TARGET_CERTIFICATE 0x00010000
#define LB_PASSWORD_MAX_LENGTH 512
@ -681,6 +684,10 @@ typedef struct _RDPDR_PARALLEL RDPDR_PARALLEL;
#define FreeRDP_RedirectionAcceptedCert (1231)
#define FreeRDP_RedirectionAcceptedCertLength (1232)
#define FreeRDP_RedirectionPreferType (1233)
#define FreeRDP_RedirectionGuid (1234)
#define FreeRDP_RedirectionGuidLength (1235)
#define FreeRDP_RedirectionTargetCertificate (1236)
#define FreeRDP_RedirectionTargetCertificateLength (1237)
#define FreeRDP_Password51 (1280)
#define FreeRDP_Password51Length (1281)
#define FreeRDP_SmartcardLogon (1282)
@ -1141,7 +1148,11 @@ struct rdp_settings
ALIGN64 char* RedirectionAcceptedCert; /* 1231 */
ALIGN64 UINT32 RedirectionAcceptedCertLength; /* 1232 */
ALIGN64 UINT32 RedirectionPreferType; /* 1233 */
UINT64 padding1280[1280 - 1234]; /* 1234 */
ALIGN64 BYTE* RedirectionGuid; /* 1234 */
ALIGN64 UINT32 RedirectionGuidLength; /* 1235 */
ALIGN64 BYTE* RedirectionTargetCertificate; /* 1236 */
ALIGN64 UINT32 RedirectionTargetCertificateLength; /* 1237 */
UINT64 padding1280[1280 - 1238]; /* 1238 */
/**
* Security
@ -1635,6 +1646,8 @@ extern "C"
FREERDP_API void freerdp_dynamic_channel_collection_free(rdpSettings* settings);
FREERDP_API void freerdp_target_net_addresses_free(rdpSettings* settings);
FREERDP_API BOOL freerdp_target_net_addresses_copy(rdpSettings* settings, char** addresses,
UINT32 count);
FREERDP_API void freerdp_performance_flags_make(rdpSettings* settings);
FREERDP_API void freerdp_performance_flags_split(rdpSettings* settings);

39
include/freerdp/utils/string.h Normal file
View File

@ -0,0 +1,39 @@
/**
* FreeRDP: A Remote Desktop Protocol Implementation
*
* String Utils - Helper functions converting something to string
*
* Copyright 2022 Armin Novak <armin.novak@thincast.com>
* Copyright 2022 Thincast Technologies GmbH
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef FREERDP_UTILS_STRING_H
#define FREERDP_UTILS_STRING_H
#include <freerdp/api.h>
#include <freerdp/types.h>
#ifdef __cplusplus
extern "C"
{
#endif
FREERDP_API char* rdp_redirection_flags_to_string(UINT32 flags, char* buffer, size_t size);
#ifdef __cplusplus
}
#endif
#endif /* FREERDP_UTILS_STRING_H */

8
libfreerdp/codec/region.c
View File

@ -496,7 +496,6 @@ BOOL region16_union_rect(REGION16* dst, const REGION16* src, const RECTANGLE_16*
UINT32 usedRects, srcNbRects;
UINT16 topInterBand;
assert(src);
assert(src->data);
assert(dst);
srcExtents = region16_extents(src);
dstExtents = region16_extents_noconst(dst);
@ -658,8 +657,8 @@ BOOL region16_union_rect(REGION16* dst, const REGION16* src, const RECTANGLE_16*
dstRect++;
}
if ((src == dst) && (src->data->size > 0) && (src->data != &empty_region))
free(src->data);
if ((src == dst) && (dst->data != &empty_region))
free(dst->data);
dstExtents->top = MIN(rect->top, srcExtents->top);
dstExtents->left = MIN(rect->left, srcExtents->left);
@ -673,10 +672,7 @@ BOOL region16_union_rect(REGION16* dst, const REGION16* src, const RECTANGLE_16*
dst->data = newItems;
if (!dst->data)
{
free(newItems);
return FALSE;
}
dst->data->nbRects = usedRects;
return region16_simplify_bands(dst);

32
libfreerdp/common/settings.c
View File

@ -948,3 +948,35 @@ char* freerdp_rail_support_flags_to_string(UINT32 flags, char* buffer, size_t le
winpr_str_append("RAIL_LEVEL_LANGUAGE_IME_SYNC_SUPPORTED", buffer, length, "|");
return buffer;
}
BOOL freerdp_target_net_addresses_copy(rdpSettings* settings, char** addresses, UINT32 count)
{
UINT32 i;
WINPR_ASSERT(settings);
WINPR_ASSERT(addresses);
freerdp_target_net_addresses_free(settings);
settings->TargetNetAddressCount = count;
settings->TargetNetAddresses = (char**)calloc(settings->TargetNetAddressCount, sizeof(char*));
if (!settings->TargetNetAddresses)
{
freerdp_target_net_addresses_free(settings);
return FALSE;
}
for (i = 0; i < settings->TargetNetAddressCount; i++)
{
settings->TargetNetAddresses[i] = _strdup(addresses[i]);
if (!settings->TargetNetAddresses[i])
{
freerdp_target_net_addresses_free(settings);
return FALSE;
}
}
return TRUE;
}

28
libfreerdp/common/settings_getters.c
View File

@ -1509,12 +1509,18 @@ UINT32 freerdp_settings_get_uint32(const rdpSettings* settings, size_t id)
case FreeRDP_RedirectionFlags:
return settings->RedirectionFlags;
case FreeRDP_RedirectionGuidLength:
return settings->RedirectionGuidLength;
case FreeRDP_RedirectionPasswordLength:
return settings->RedirectionPasswordLength;
case FreeRDP_RedirectionPreferType:
return settings->RedirectionPreferType;
case FreeRDP_RedirectionTargetCertificateLength:
return settings->RedirectionTargetCertificateLength;
case FreeRDP_RedirectionTsvUrlLength:
return settings->RedirectionTsvUrlLength;
@ -1938,6 +1944,10 @@ BOOL freerdp_settings_set_uint32(rdpSettings* settings, size_t id, UINT32 val)
settings->RedirectionFlags = val;
break;
case FreeRDP_RedirectionGuidLength:
settings->RedirectionGuidLength = val;
break;
case FreeRDP_RedirectionPasswordLength:
settings->RedirectionPasswordLength = val;
break;
@ -1946,6 +1956,10 @@ BOOL freerdp_settings_set_uint32(rdpSettings* settings, size_t id, UINT32 val)
settings->RedirectionPreferType = val;
break;
case FreeRDP_RedirectionTargetCertificateLength:
settings->RedirectionTargetCertificateLength = val;
break;
case FreeRDP_RedirectionTsvUrlLength:
settings->RedirectionTsvUrlLength = val;
break;
@ -2868,9 +2882,15 @@ const void* freerdp_settings_get_pointer(const rdpSettings* settings, size_t id)
case FreeRDP_ReceivedCapabilities:
return settings->ReceivedCapabilities;
case FreeRDP_RedirectionGuid:
return settings->RedirectionGuid;
case FreeRDP_RedirectionPassword:
return settings->RedirectionPassword;
case FreeRDP_RedirectionTargetCertificate:
return settings->RedirectionTargetCertificate;
case FreeRDP_RedirectionTsvUrl:
return settings->RedirectionTsvUrl;
@ -2976,10 +2996,18 @@ BOOL freerdp_settings_set_pointer(rdpSettings* settings, size_t id, const void*
settings->ReceivedCapabilities = (void*)val;
break;
case FreeRDP_RedirectionGuid:
settings->RedirectionGuid = (void*)val;
break;
case FreeRDP_RedirectionPassword:
settings->RedirectionPassword = (void*)val;
break;
case FreeRDP_RedirectionTargetCertificate:
settings->RedirectionTargetCertificate = (void*)val;
break;
case FreeRDP_RedirectionTsvUrl:
settings->RedirectionTsvUrl = (void*)val;
break;

221
libfreerdp/common/settings_str.c
View File

@ -262,8 +262,10 @@ static const struct settings_str_entry settings_map[] = {
{ FreeRDP_RedirectedSessionId, 3, "FreeRDP_RedirectedSessionId" },
{ FreeRDP_RedirectionAcceptedCertLength, 3, "FreeRDP_RedirectionAcceptedCertLength" },
{ FreeRDP_RedirectionFlags, 3, "FreeRDP_RedirectionFlags" },
{ FreeRDP_RedirectionGuidLength, 3, "FreeRDP_RedirectionGuidLength" },
{ FreeRDP_RedirectionPasswordLength, 3, "FreeRDP_RedirectionPasswordLength" },
{ FreeRDP_RedirectionPreferType, 3, "FreeRDP_RedirectionPreferType" },
{ FreeRDP_RedirectionTargetCertificateLength, 3, "FreeRDP_RedirectionTargetCertificateLength" },
{ FreeRDP_RedirectionTsvUrlLength, 3, "FreeRDP_RedirectionTsvUrlLength" },
{ FreeRDP_RemoteAppNumIconCacheEntries, 3, "FreeRDP_RemoteAppNumIconCacheEntries" },
{ FreeRDP_RemoteAppNumIconCaches, 3, "FreeRDP_RemoteAppNumIconCaches" },
@ -381,7 +383,9 @@ static const struct settings_str_entry settings_map[] = {
{ FreeRDP_RdpServerCertificate, 8, "FreeRDP_RdpServerCertificate" },
{ FreeRDP_RdpServerRsaKey, 8, "FreeRDP_RdpServerRsaKey" },
{ FreeRDP_ReceivedCapabilities, 8, "FreeRDP_ReceivedCapabilities" },
{ FreeRDP_RedirectionGuid, 8, "FreeRDP_RedirectionGuid" },
{ FreeRDP_RedirectionPassword, 8, "FreeRDP_RedirectionPassword" },
{ FreeRDP_RedirectionTargetCertificate, 8, "FreeRDP_RedirectionTargetCertificate" },
{ FreeRDP_RedirectionTsvUrl, 8, "FreeRDP_RedirectionTsvUrl" },
{ FreeRDP_ServerAutoReconnectCookie, 8, "FreeRDP_ServerAutoReconnectCookie" },
{ FreeRDP_ServerCertificate, 8, "FreeRDP_ServerCertificate" },
@ -395,10 +399,6 @@ static const struct settings_str_entry settings_map[] = {
BOOL freerdp_settings_clone_keys(rdpSettings* dst, const rdpSettings* src)
{
size_t x;
WINPR_ASSERT(dst);
WINPR_ASSERT(src);
for (x = 0; x < ARRAYSIZE(settings_map); x++)
{
const struct settings_str_entry* cur = &settings_map[x];
@ -472,214 +472,9 @@ BOOL freerdp_settings_clone_keys(rdpSettings* dst, const rdpSettings* src)
return TRUE;
}
BOOL freerdp_settings_print_diff(wLog* log, DWORD level, const rdpSettings* settings,
const rdpSettings* other)
{
BOOL rc = FALSE;
size_t x;
WINPR_ASSERT(log);
WINPR_ASSERT(settings);
WINPR_ASSERT(other);
for (x = 0; x < ARRAYSIZE(settings_map); x++)
{
const struct settings_str_entry* cur = &settings_map[x];
switch (cur->type)
{
case 0: /* bool */
{
BOOL sval = freerdp_settings_get_bool(settings, cur->id);
BOOL cval = freerdp_settings_get_bool(other, cur->id);
if (sval != cval)
{
rc = TRUE;
WLog_Print(log, level, "%s [BOOL]: %s -> %s", cur->str, sval ? "TRUE" : "FALSE",
cval ? "TRUE" : "FALSE");
}
}
break;
case 1: /* UINT16 */
{
UINT16 sval = freerdp_settings_get_uint16(settings, cur->id);
UINT16 cval = freerdp_settings_get_uint16(other, cur->id);
if (sval != cval)
{
rc = TRUE;
WLog_Print(log, level, "%s [UINT16]: %" PRIu16 " -> %" PRIu16, cur->str, sval,
cval);
}
}
break;
case 2: /* INT16 */
{
INT16 sval = freerdp_settings_get_int16(settings, cur->id);
INT16 cval = freerdp_settings_get_int16(other, cur->id);
if (sval != cval)
{
rc = TRUE;
WLog_Print(log, level, "%s [INT16]: %" PRId16 " -> %" PRId16, cur->str, sval,
cval);
}
}
break;
case 3: /* UINT32 */
{
UINT32 sval = freerdp_settings_get_uint32(settings, cur->id);
UINT32 cval = freerdp_settings_get_uint32(other, cur->id);
if (sval != cval)
{
rc = TRUE;
WLog_Print(log, level, "%s [UINT32]: %" PRIu32 " -> %" PRIu32, cur->str, sval,
cval);
}
}
break;
case 4: /* INT32 */
{
INT32 sval = freerdp_settings_get_int32(settings, cur->id);
INT32 cval = freerdp_settings_get_int32(other, cur->id);
if (sval != cval)
{
rc = TRUE;
WLog_Print(log, level, "%s [INT32]: %" PRId32 " -> %" PRId32, cur->str, sval,
cval);
}
}
break;
case 5: /* UINT64 */
{
UINT64 sval = freerdp_settings_get_uint64(settings, cur->id);
UINT64 cval = freerdp_settings_get_uint64(other, cur->id);
if (sval != cval)
{
rc = TRUE;
WLog_Print(log, level, "%s [UINT64]: %" PRIu64 " -> %" PRIu64, cur->str, sval,
cval);
}
}
break;
case 6: /* INT64 */
{
INT64 sval = freerdp_settings_get_int64(settings, cur->id);
INT64 cval = freerdp_settings_get_int64(other, cur->id);
if (sval != cval)
{
rc = TRUE;
WLog_Print(log, level, "%s [INT64]: %" PRId64 " -> %" PRId64, cur->str, sval,
cval);
}
}
break;
case 7: /* strings */
{
const char* sval = freerdp_settings_get_string(settings, cur->id);
const char* cval = freerdp_settings_get_string(other, cur->id);
if (sval != cval)
{
if (!sval || !cval || (strcmp(sval, cval) != 0))
{
rc = TRUE;
WLog_Print(log, level, "%s [STRING]: '%s' -> '%s'", cur->str, sval, cval);
}
}
}
break;
case 8: /* pointer */
{
const void* sval = freerdp_settings_get_pointer(settings, cur->id);
const void* cval = freerdp_settings_get_pointer(other, cur->id);
if (sval != cval)
{
if ((sval && !cval) || (!sval && cval))
{
rc = TRUE;
WLog_Print(log, level, "%s [POINTER]: '%p' -> '%p'", cur->str, sval, cval);
}
}
}
break;
}
}
return rc;
}
void freerdp_settings_dump(wLog* log, DWORD level, const rdpSettings* settings)
{
size_t x;
WINPR_ASSERT(log);
WINPR_ASSERT(settings);
for (x = 0; x < ARRAYSIZE(settings_map); x++)
{
const struct settings_str_entry* cur = &settings_map[x];
switch (cur->type)
{
case 0: /* bool */
{
BOOL sval = freerdp_settings_get_bool(settings, cur->id);
WLog_Print(log, level, "%s [BOOL]: %s", cur->str, sval ? "TRUE" : "FALSE");
}
break;
case 1: /* UINT16 */
{
UINT16 sval = freerdp_settings_get_uint16(settings, cur->id);
WLog_Print(log, level, "%s [UINT16]: %" PRIu16, cur->str, sval);
}
break;
case 2: /* INT16 */
{
INT16 sval = freerdp_settings_get_int16(settings, cur->id);
WLog_Print(log, level, "%s [INT16]: %" PRId16, cur->str, sval);
}
break;
case 3: /* UINT32 */
{
UINT32 sval = freerdp_settings_get_uint32(settings, cur->id);
WLog_Print(log, level, "%s [UINT32]: %" PRIu32, cur->str, sval);
}
break;
case 4: /* INT32 */
{
INT32 sval = freerdp_settings_get_int32(settings, cur->id);
WLog_Print(log, level, "%s [INT32]: %" PRId32, cur->str, sval);
}
break;
case 5: /* UINT64 */
{
UINT64 sval = freerdp_settings_get_uint64(settings, cur->id);
WLog_Print(log, level, "%s [UINT64]: %" PRIu64, cur->str, sval);
}
break;
case 6: /* INT64 */
{
INT64 sval = freerdp_settings_get_int64(settings, cur->id);
WLog_Print(log, level, "%s [INT64]: %" PRId64, cur->str, sval);
}
break;
case 7: /* strings */
{
const char* sval = freerdp_settings_get_string(settings, cur->id);
WLog_Print(log, level, "%s [STRING]: '%s'", cur->str, sval);
}
break;
case 8: /* pointer */
{
const void* sval = freerdp_settings_get_pointer(settings, cur->id);
WLog_Print(log, level, "%s [POINTER]: '%p'", cur->str, sval);
}
break;
}
}
}
void freerdp_settings_free_keys(rdpSettings* dst, BOOL cleanup)
{
size_t x;
WINPR_ASSERT(dst);
for (x = 0; x < ARRAYSIZE(settings_map); x++)
{
const struct settings_str_entry* cur = &settings_map[x];
@ -698,9 +493,6 @@ void freerdp_settings_free_keys(rdpSettings* dst, BOOL cleanup)
SSIZE_T freerdp_settings_get_key_for_name(const char* value)
{
size_t x;
WINPR_ASSERT(value);
for (x = 0; x < ARRAYSIZE(settings_map); x++)
{
const struct settings_str_entry* cur = &settings_map[x];
@ -713,9 +505,6 @@ SSIZE_T freerdp_settings_get_key_for_name(const char* value)
SSIZE_T freerdp_settings_get_type_for_name(const char* value)
{
size_t x;
WINPR_ASSERT(value);
for (x = 0; x < ARRAYSIZE(settings_map); x++)
{
const struct settings_str_entry* cur = &settings_map[x];
@ -728,7 +517,6 @@ SSIZE_T freerdp_settings_get_type_for_name(const char* value)
SSIZE_T freerdp_settings_get_type_for_key(size_t key)
{
size_t x;
for (x = 0; x < ARRAYSIZE(settings_map); x++)
{
const struct settings_str_entry* cur = &settings_map[x];
@ -741,7 +529,6 @@ SSIZE_T freerdp_settings_get_type_for_key(size_t key)
const char* freerdp_settings_get_name_for_key(size_t key)
{
size_t x;
for (x = 0; x < ARRAYSIZE(settings_map); x++)
{
const struct settings_str_entry* cur = &settings_map[x];

2
libfreerdp/core/CMakeLists.txt
View File

@ -50,6 +50,8 @@ set(${MODULE_PREFIX}_GATEWAY_SRCS
${${MODULE_PREFIX}_GATEWAY_DIR}/ncacn_http.h)
set(${MODULE_PREFIX}_SRCS
utils.c
utils.h
bulk.c
bulk.h
activation.c

31
libfreerdp/core/capabilities.c
View File

@ -162,17 +162,26 @@ static BOOL rdp_read_general_capability_set(wStream* s, rdpSettings* settings)
if (Stream_GetRemainingLength(s) < 20)
return FALSE;
Stream_Read_UINT16(s, settings->OsMajorType); /* osMajorType (2 bytes) */
Stream_Read_UINT16(s, settings->OsMinorType); /* osMinorType (2 bytes) */
Stream_Seek_UINT16(s); /* protocolVersion (2 bytes) */
Stream_Seek_UINT16(s); /* pad2OctetsA (2 bytes) */
Stream_Seek_UINT16(s); /* generalCompressionTypes (2 bytes) */
Stream_Read_UINT16(s, extraFlags); /* extraFlags (2 bytes) */
Stream_Seek_UINT16(s); /* updateCapabilityFlag (2 bytes) */
Stream_Seek_UINT16(s); /* remoteUnshareFlag (2 bytes) */
Stream_Seek_UINT16(s); /* generalCompressionLevel (2 bytes) */
Stream_Read_UINT8(s, refreshRectSupport); /* refreshRectSupport (1 byte) */
Stream_Read_UINT8(s, suppressOutputSupport); /* suppressOutputSupport (1 byte) */
if (settings->ServerMode)
{
Stream_Read_UINT16(s, settings->OsMajorType); /* osMajorType (2 bytes) */
Stream_Read_UINT16(s, settings->OsMinorType); /* osMinorType (2 bytes) */
}
else
{
Stream_Seek_UINT16(s); /* osMajorType (2 bytes) */
Stream_Seek_UINT16(s); /* osMinorType (2 bytes) */
}
Stream_Seek_UINT16(s); /* protocolVersion (2 bytes) */
Stream_Seek_UINT16(s); /* pad2OctetsA (2 bytes) */
Stream_Seek_UINT16(s); /* generalCompressionTypes (2 bytes) */
Stream_Read_UINT16(s, extraFlags); /* extraFlags (2 bytes) */
Stream_Seek_UINT16(s); /* updateCapabilityFlag (2 bytes) */
Stream_Seek_UINT16(s); /* remoteUnshareFlag (2 bytes) */
Stream_Seek_UINT16(s); /* generalCompressionLevel (2 bytes) */
Stream_Read_UINT8(s, refreshRectSupport); /* refreshRectSupport (1 byte) */
Stream_Read_UINT8(s, suppressOutputSupport); /* suppressOutputSupport (1 byte) */
settings->NoBitmapCompressionHeader = (extraFlags & NO_BITMAP_COMPRESSION_HDR) ? TRUE : FALSE;
settings->LongCredentialsSupported = (extraFlags & LONG_CREDENTIALS_SUPPORTED) ? TRUE : FALSE;

27
libfreerdp/core/connection.c
View File

@ -717,10 +717,9 @@ static BOOL rdp_client_establish_keys(rdpRdp* rdp)
goto end;
}
rdp->rc4_decrypt_key = winpr_RC4_New(rdp->decrypt_key, rdp->rc4_key_len);
rdp->rc4_encrypt_key = winpr_RC4_New(rdp->encrypt_key, rdp->rc4_key_len);
if (!rdp->rc4_decrypt_key || !rdp->rc4_encrypt_key)
if (!rdp_reset_rc4_encrypt_keys(rdp))
goto end;
if (!rdp_reset_rc4_decrypt_keys(rdp))
goto end;
ret = TRUE;
@ -731,12 +730,11 @@ end:
{
winpr_Cipher_Free(rdp->fips_decrypt);
winpr_Cipher_Free(rdp->fips_encrypt);
winpr_RC4_Free(rdp->rc4_decrypt_key);
winpr_RC4_Free(rdp->rc4_encrypt_key);
rdp->fips_decrypt = NULL;
rdp->fips_encrypt = NULL;
rdp->rc4_decrypt_key = NULL;
rdp->rc4_encrypt_key = NULL;
rdp_free_rc4_decrypt_keys(rdp);
rdp_free_rc4_encrypt_keys(rdp);
}
return ret;
@ -852,10 +850,10 @@ BOOL rdp_server_establish_keys(rdpRdp* rdp, wStream* s)
goto end;
}
rdp->rc4_decrypt_key = winpr_RC4_New(rdp->decrypt_key, rdp->rc4_key_len);
rdp->rc4_encrypt_key = winpr_RC4_New(rdp->encrypt_key, rdp->rc4_key_len);
if (!rdp_reset_rc4_encrypt_keys(rdp))
goto end;
if (!rdp->rc4_decrypt_key || !rdp->rc4_encrypt_key)
if (!rdp_reset_rc4_decrypt_keys(rdp))
goto end;
ret = tpkt_ensure_stream_consumed(s, length);
@ -866,12 +864,11 @@ end:
{
winpr_Cipher_Free(rdp->fips_encrypt);
winpr_Cipher_Free(rdp->fips_decrypt);
winpr_RC4_Free(rdp->rc4_encrypt_key);
winpr_RC4_Free(rdp->rc4_decrypt_key);
rdp->fips_encrypt = NULL;
rdp->fips_decrypt = NULL;
rdp->rc4_encrypt_key = NULL;
rdp->rc4_decrypt_key = NULL;
rdp_free_rc4_encrypt_keys(rdp);
rdp_free_rc4_decrypt_keys(rdp);
}
return ret;

136
libfreerdp/core/info.c
View File

@ -69,8 +69,8 @@ static const struct info_flags_t info_flags[] = {
{ INFO_HIDEF_RAIL_SUPPORTED, "INFO_HIDEF_RAIL_SUPPORTED" },
};
static BOOL rdp_read_info_null_string(UINT32 flags, wStream* s, size_t cbLen, CHAR** dst,
size_t max)
static BOOL rdp_read_info_null_string(const char* what, UINT32 flags, wStream* s, size_t cbLen,
CHAR** dst, size_t max, BOOL isNullTerminated)
{
CHAR* ret = NULL;
@ -78,23 +78,24 @@ static BOOL rdp_read_info_null_string(UINT32 flags, wStream* s, size_t cbLen, CH
const size_t nullSize = unicode ? sizeof(WCHAR) : sizeof(CHAR);
if (Stream_GetRemainingLength(s) < (size_t)(cbLen))
{
WLog_ERR(TAG, "protocol error: no data to read for %s [expected %" PRIuz "]", what, cbLen);
return FALSE;
}
if (cbLen > 0)
{
WCHAR domain[512 / sizeof(WCHAR) + sizeof(WCHAR)] = { 0 };
/* cbDomain is the size in bytes of the character data in the Domain field.
* This size excludes (!) the length of the mandatory null terminator.
* Maximum value including the mandatory null terminator: 512
*/
if ((cbLen % 2) || (cbLen > (max - nullSize)))
const WCHAR* domain = Stream_Pointer(s);
if (isNullTerminated && (max > 0))
max -= nullSize;
if ((cbLen > max) || (unicode && ((cbLen % 2) != 0)))
{
WLog_ERR(TAG, "protocol error: invalid value: %" PRIuz "", cbLen);
WLog_ERR(TAG, "protocol error: %s has invalid value: %" PRIuz "", what, cbLen);
return FALSE;
}
Stream_Read(s, domain, cbLen);
if (unicode)
{
if (ConvertFromUnicode(CP_UTF8, 0, domain, cbLen, &ret, 0, NULL, NULL) < 1)
@ -110,6 +111,13 @@ static BOOL rdp_read_info_null_string(UINT32 flags, wStream* s, size_t cbLen, CH
return FALSE;
memcpy(ret, domain, cbLen);
}
if (!Stream_SafeSeek(s, cbLen))
{
WLog_ERR(TAG, "protocol error: no data to read for %s [expected %" PRIuz "]", what,
cbLen);
return FALSE;
}
}
free(*dst);
@ -251,13 +259,23 @@ static BOOL rdp_read_client_auto_reconnect_cookie(rdpRdp* rdp, wStream* s)
* @param settings settings
*/
static void rdp_write_client_auto_reconnect_cookie(rdpRdp* rdp, wStream* s)
static BOOL rdp_write_client_auto_reconnect_cookie(rdpRdp* rdp, wStream* s)
{
BYTE* p;
ARC_CS_PRIVATE_PACKET* autoReconnectCookie;
rdpSettings* settings = rdp->settings;
rdpSettings* settings;
WINPR_ASSERT(rdp);
settings = rdp->settings;
WINPR_ASSERT(settings);
autoReconnectCookie = settings->ClientAutoReconnectCookie;
WINPR_ASSERT(autoReconnectCookie);
p = autoReconnectCookie->securityVerifier;
WINPR_ASSERT(p);
WLog_DBG(TAG,
"ClientAutoReconnectCookie: Version: %" PRIu32 " LogonId: %" PRIu32 " ArcRandomBits: "
"%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8
@ -266,10 +284,34 @@ static void rdp_write_client_auto_reconnect_cookie(rdpRdp* rdp, wStream* s)
"%02" PRIX8 "",
autoReconnectCookie->version, autoReconnectCookie->logonId, p[0], p[1], p[2], p[3],
p[4], p[5], p[6], p[7], p[8], p[9], p[10], p[11], p[12], p[13], p[14], p[15]);
if (!Stream_EnsureRemainingCapacity(s, 12ull + 16ull))
return FALSE;
Stream_Write_UINT32(s, autoReconnectCookie->cbLen); /* cbLen (4 bytes) */
Stream_Write_UINT32(s, autoReconnectCookie->version); /* version (4 bytes) */
Stream_Write_UINT32(s, autoReconnectCookie->logonId); /* LogonId (4 bytes) */
Stream_Write(s, autoReconnectCookie->securityVerifier, 16); /* SecurityVerifier (16 bytes) */
return TRUE;
}
/*
* Get the cbClientAddress size limit
* see [MS-RDPBCGR] 2.2.1.11.1.1.1 Extended Info Packet (TS_EXTENDED_INFO_PACKET)
*/
static size_t rdp_get_client_address_max_size(const rdpRdp* rdp)
{
UINT32 version;
rdpSettings* settings;
WINPR_ASSERT(rdp);
settings = rdp->settings;
WINPR_ASSERT(settings);
version = freerdp_settings_get_uint32(settings, FreeRDP_RdpVersion);
if (version < RDP_VERSION_10_0)
return 64;
return 80;
}
/**
@ -293,27 +335,11 @@ static BOOL rdp_read_extended_info_packet(rdpRdp* rdp, wStream* s)
Stream_Read_UINT16(s, clientAddressFamily); /* clientAddressFamily (2 bytes) */
Stream_Read_UINT16(s, cbClientAddress); /* cbClientAddress (2 bytes) */
/* cbClientAddress is the size in bytes of the character data in the clientAddress field.
* This size includes the length of the mandatory null terminator.
* The maximum allowed value is 80 bytes
* Note: Although according to [MS-RDPBCGR 2.2.1.11.1.1.1] the null terminator
* is mandatory, connections via Microsoft's TS Gateway set cbClientAddress to 0.
*/
if ((cbClientAddress % 2) || cbClientAddress > 80)
{
WLog_ERR(TAG, "protocol error: invalid cbClientAddress value: %" PRIu16 "",
cbClientAddress);
return FALSE;
}
settings->IPv6Enabled = (clientAddressFamily == ADDRESS_FAMILY_INET6 ? TRUE : FALSE);
if (Stream_GetRemainingLength(s) < cbClientAddress)
return FALSE;
if (!rdp_read_info_null_string(INFO_UNICODE, s, cbClientAddress, &settings->ClientAddress,
(settings->RdpVersion < RDP_VERSION_10_0) ? 64 : 80))
if (!rdp_read_info_null_string("cbClientAddress", INFO_UNICODE, s, cbClientAddress,
&settings->ClientAddress, rdp_get_client_address_max_size(rdp),
TRUE))
return FALSE;
if (Stream_GetRemainingLength(s) < 2)
@ -329,7 +355,8 @@ static BOOL rdp_read_extended_info_packet(rdpRdp* rdp, wStream* s)
* sets cbClientDir to 0.
*/
if (!rdp_read_info_null_string(INFO_UNICODE, s, cbClientDir, &settings->ClientDir, 512))
if (!rdp_read_info_null_string("cbClientDir", INFO_UNICODE, s, cbClientDir,
&settings->ClientDir, 512, TRUE))
return FALSE;
/**
@ -399,9 +426,11 @@ static BOOL rdp_write_extended_info_packet(rdpRdp* rdp, wStream* s)
int rc;
UINT16 clientAddressFamily;
WCHAR* clientAddress = NULL;
UINT16 cbClientAddress;
size_t cbClientAddress;
const size_t cbClientAddressMax = rdp_get_client_address_max_size(rdp);
WCHAR* clientDir = NULL;
UINT16 cbClientDir;
size_t cbClientDir;
const size_t cbClientDirMax = 512;
UINT16 cbAutoReconnectCookie;
rdpSettings* settings;
if (!rdp || !rdp->settings || !s)
@ -412,30 +441,53 @@ static BOOL rdp_write_extended_info_packet(rdpRdp* rdp, wStream* s)
if ((rc < 0) || (rc > (UINT16_MAX / 2)))
goto fail;
cbClientAddress = (UINT16)rc * 2;
if (cbClientAddress > cbClientAddressMax)
{
WLog_WARN(TAG,
"[%s] the client address %s [%" PRIuz "] exceeds the limit of %" PRIuz
", truncating.",
__FUNCTION__, settings->ClientAddress, cbClientAddress, cbClientAddressMax);
clientAddress[(cbClientAddressMax / sizeof(WCHAR)) - 1] = '\0';
cbClientAddress = cbClientAddressMax;
}
rc = ConvertToUnicode(CP_UTF8, 0, settings->ClientDir, -1, &clientDir, 0);
if ((rc < 0) || (rc > (UINT16_MAX / 2)))
goto fail;
cbClientDir = (UINT16)rc * 2;
if (cbClientDir > cbClientDirMax)
{
WLog_WARN(
TAG, "[%s] the client dir %s [%" PRIuz "] exceeds the limit of %" PRIuz ", truncating.",
__FUNCTION__, settings->ClientDir, cbClientDir, cbClientDirMax);
clientDir[(cbClientDirMax / sizeof(WCHAR)) - 1] = '\0';
cbClientDir = cbClientDirMax;
}
if (settings->ServerAutoReconnectCookie->cbLen > UINT16_MAX)
goto fail;
cbAutoReconnectCookie = (UINT16)settings->ServerAutoReconnectCookie->cbLen;
if (!Stream_EnsureRemainingCapacity(s, 4ull + cbClientAddress + 2ull + cbClientDir))
goto fail;
Stream_Write_UINT16(s, clientAddressFamily); /* clientAddressFamily (2 bytes) */
Stream_Write_UINT16(s, cbClientAddress + 2); /* cbClientAddress (2 bytes) */
Stream_Write_UINT16(s, cbClientAddress); /* cbClientAddress (2 bytes) */
Stream_Write(s, clientAddress, cbClientAddress); /* clientAddress */
Stream_Write_UINT16(s, 0);
Stream_Write_UINT16(s, cbClientDir + 2); /* cbClientDir (2 bytes) */
Stream_Write_UINT16(s, cbClientDir); /* cbClientDir (2 bytes) */
Stream_Write(s, clientDir, cbClientDir); /* clientDir */
Stream_Write_UINT16(s, 0);
if (!rdp_write_client_time_zone(s, settings)) /* clientTimeZone (172 bytes) */
goto fail;
if (!Stream_EnsureRemainingCapacity(s, 10ull))
goto fail;
Stream_Write_UINT32(s, 0); /* clientSessionId (4 bytes), should be set to 0 */
freerdp_performance_flags_make(settings);
Stream_Write_UINT32(s, settings->PerformanceFlags); /* performanceFlags (4 bytes) */
@ -445,7 +497,11 @@ static BOOL rdp_write_extended_info_packet(rdpRdp* rdp, wStream* s)
{
if (!rdp_compute_client_auto_reconnect_cookie(rdp))
goto fail;
rdp_write_client_auto_reconnect_cookie(rdp, s); /* autoReconnectCookie */
if (!rdp_write_client_auto_reconnect_cookie(rdp, s)) /* autoReconnectCookie */
goto fail;
if (!Stream_EnsureRemainingCapacity(s, 4ull))
goto fail;
Stream_Write_UINT16(s, 0); /* reserved1 (2 bytes) */
Stream_Write_UINT16(s, 0); /* reserved2 (2 bytes) */
}

17
libfreerdp/core/nego.c
View File

@ -710,6 +710,11 @@ static BOOL nego_read_request_token_or_cookie(rdpNego* nego, wStream* s)
if (memcmp(Stream_Pointer(s), "Cookie: mstshash=", 17) != 0)
{
if (memcmp(Stream_Pointer(s), "Cookie: msts=", 13) != 0)
{
/* remaining bytes are neither a token nor a cookie */
return TRUE;
}
isToken = TRUE;
}
else
@ -805,6 +810,14 @@ BOOL nego_read_request(rdpNego* nego, wStream* s)
return FALSE;
}
/* Skip over optional RDP_NEG_CORRELATION_INFO
* see MS-RDPBCGR 2.2.1.1.2 RDP Correlation Info (RDP_NEG_CORRELATION_INFO)
*/
if (Stream_GetRemainingLength(s) >= 36)
{
Stream_Seek(s, 36);
}
return tpkt_ensure_stream_consumed(s, length);
}
@ -1139,8 +1152,8 @@ BOOL nego_send_negotiation_response(rdpNego* nego)
settings->UseRdpSecurityLayer = FALSE;
settings->EncryptionLevel = ENCRYPTION_LEVEL_NONE;
}
if (!settings->RdpServerRsaKey && !settings->RdpKeyFile && !settings->RdpKeyContent)
else if (!settings->RdpServerRsaKey && !settings->RdpKeyFile &&
!settings->RdpKeyContent)
{
WLog_ERR(TAG, "Missing server certificate");
return FALSE;

78
libfreerdp/core/nla.c
View File

@ -424,8 +424,10 @@ static int nla_client_init(rdpNla* nla)
nla->haveContext = FALSE;
nla->haveInputBuffer = FALSE;
nla->havePubKeyAuth = FALSE;
ZeroMemory(&nla->inputBuffer, sizeof(SecBuffer));
ZeroMemory(&nla->outputBuffer, sizeof(SecBuffer));
sspi_SecBufferFree(&nla->inputBuffer);
sspi_SecBufferFree(&nla->outputBuffer);
ZeroMemory(&nla->ContextSizes, sizeof(SecPkgContext_Sizes));
/*
* from tspkg.dll: 0x00000132
@ -438,6 +440,26 @@ static int nla_client_init(rdpNla* nla)
return 1;
}
static BOOL nla_alloc_buffer(SecBuffer* buffer, size_t size)
{
sspi_SecBufferFree(buffer);
buffer->BufferType = SECBUFFER_TOKEN;
return sspi_SecBufferAlloc(buffer, size) != 0;
}
static BOOL nla_transfer_buffer(SecBuffer* dst, SecBuffer* src)
{
WINPR_ASSERT(dst);
WINPR_ASSERT(src);
sspi_SecBufferFree(dst);
dst->cbBuffer = src->cbBuffer;
src->cbBuffer = 0;
dst->pvBuffer = src->pvBuffer;
src->pvBuffer = NULL;
return TRUE;
}
int nla_client_begin(rdpNla* nla)
{
if (nla_client_init(nla) < 1)
@ -449,11 +471,8 @@ int nla_client_begin(rdpNla* nla)
nla->outputBufferDesc.ulVersion = SECBUFFER_VERSION;
nla->outputBufferDesc.cBuffers = 1;
nla->outputBufferDesc.pBuffers = &nla->outputBuffer;
nla->outputBuffer.BufferType = SECBUFFER_TOKEN;
nla->outputBuffer.cbBuffer = nla->cbMaxToken;
nla->outputBuffer.pvBuffer = malloc(nla->outputBuffer.cbBuffer);
if (!nla->outputBuffer.pvBuffer)
if (!nla_alloc_buffer(&nla->outputBuffer, nla->cbMaxToken))
return -1;
nla->status = nla->table->InitializeSecurityContext(
@ -518,8 +537,8 @@ int nla_client_begin(rdpNla* nla)
if (nla->outputBuffer.cbBuffer < 1)
return -1;
nla->negoToken.pvBuffer = nla->outputBuffer.pvBuffer;
nla->negoToken.cbBuffer = nla->outputBuffer.cbBuffer;
if (!nla_transfer_buffer(&nla->negoToken, &nla->outputBuffer))
return -1;
if (!nla_send(nla, "Client: Sending Authentication Token"))
{
@ -542,16 +561,15 @@ static int nla_client_recv(rdpNla* nla)
nla->inputBufferDesc.cBuffers = 1;
nla->inputBufferDesc.pBuffers = &nla->inputBuffer;
nla->inputBuffer.BufferType = SECBUFFER_TOKEN;
nla->inputBuffer.pvBuffer = nla->negoToken.pvBuffer;
nla->inputBuffer.cbBuffer = nla->negoToken.cbBuffer;
if (!nla_transfer_buffer(&nla->inputBuffer, &nla->negoToken))
return -1;
nla->outputBufferDesc.ulVersion = SECBUFFER_VERSION;
nla->outputBufferDesc.cBuffers = 1;
nla->outputBufferDesc.pBuffers = &nla->outputBuffer;
nla->outputBuffer.BufferType = SECBUFFER_TOKEN;
nla->outputBuffer.cbBuffer = nla->cbMaxToken;
nla->outputBuffer.pvBuffer = malloc(nla->outputBuffer.cbBuffer);
if (!nla->outputBuffer.pvBuffer)
if (!nla_alloc_buffer(&nla->outputBuffer, nla->cbMaxToken))
return -1;
nla->status = nla->table->InitializeSecurityContext(
@ -560,8 +578,8 @@ static int nla_client_recv(rdpNla* nla)
&nla->pfContextAttr, &nla->expiration);
WLog_VRB(TAG, "InitializeSecurityContext %s [0x%08" PRIX32 "]",
GetSecurityStatusString(nla->status), nla->status);
free(nla->inputBuffer.pvBuffer);
nla->inputBuffer.pvBuffer = NULL;
sspi_SecBufferFree(&nla->inputBuffer);
if ((nla->status == SEC_I_COMPLETE_AND_CONTINUE) || (nla->status == SEC_I_COMPLETE_NEEDED))
{
@ -607,8 +625,8 @@ static int nla_client_recv(rdpNla* nla)
return -1;
}
nla->negoToken.pvBuffer = nla->outputBuffer.pvBuffer;
nla->negoToken.cbBuffer = nla->outputBuffer.cbBuffer;
if (!nla_transfer_buffer(&nla->negoToken, &nla->outputBuffer))
return -1;
if (!nla_send(nla, "Client: Sending Authentication Token"))
{
@ -799,8 +817,10 @@ static int nla_server_init(rdpNla* nla)
nla->haveContext = FALSE;
nla->haveInputBuffer = FALSE;
nla->havePubKeyAuth = FALSE;
ZeroMemory(&nla->inputBuffer, sizeof(SecBuffer));
ZeroMemory(&nla->outputBuffer, sizeof(SecBuffer));
sspi_SecBufferFree(&nla->inputBuffer);
sspi_SecBufferFree(&nla->outputBuffer);
ZeroMemory(&nla->inputBufferDesc, sizeof(SecBufferDesc));
ZeroMemory(&nla->outputBufferDesc, sizeof(SecBufferDesc));
ZeroMemory(&nla->ContextSizes, sizeof(SecPkgContext_Sizes));
@ -843,10 +863,10 @@ static int nla_server_authenticate(rdpNla* nla)
if (nla_recv(nla, "Receiving Authentication Token") < 0)
return -1;
nla->inputBuffer.pvBuffer = nla->negoToken.pvBuffer;
nla->inputBuffer.cbBuffer = nla->negoToken.cbBuffer;
if (!nla_transfer_buffer(&nla->inputBuffer, &nla->negoToken))
return -1;
if (nla->negoToken.cbBuffer < 1)
if (nla->inputBuffer.cbBuffer < 1)
{
WLog_ERR(TAG, "CredSSP: invalid negoToken!");
return -1;
@ -855,11 +875,8 @@ static int nla_server_authenticate(rdpNla* nla)
nla->outputBufferDesc.ulVersion = SECBUFFER_VERSION;
nla->outputBufferDesc.cBuffers = 1;
nla->outputBufferDesc.pBuffers = &nla->outputBuffer;
nla->outputBuffer.BufferType = SECBUFFER_TOKEN;
nla->outputBuffer.cbBuffer = nla->cbMaxToken;
nla->outputBuffer.pvBuffer = malloc(nla->outputBuffer.cbBuffer);
if (!nla->outputBuffer.pvBuffer)
if (!nla_alloc_buffer(&nla->outputBuffer, nla->cbMaxToken))
return -1;
nla->status = nla->table->AcceptSecurityContext(
@ -868,8 +885,9 @@ static int nla_server_authenticate(rdpNla* nla)
&nla->pfContextAttr, &nla->expiration);
WLog_VRB(TAG, "AcceptSecurityContext status %s [0x%08" PRIX32 "]",
GetSecurityStatusString(nla->status), nla->status);
nla->negoToken.pvBuffer = nla->outputBuffer.pvBuffer;
nla->negoToken.cbBuffer = nla->outputBuffer.cbBuffer;
if (!nla_transfer_buffer(&nla->negoToken, &nla->outputBuffer))
return -1;
if ((nla->status == SEC_I_COMPLETE_AND_CONTINUE) || (nla->status == SEC_I_COMPLETE_NEEDED))
{
@ -2261,6 +2279,8 @@ void nla_buffer_free(rdpNla* nla)
sspi_SecBufferFree(&nla->negoToken);
sspi_SecBufferFree(&nla->pubKeyAuth);
sspi_SecBufferFree(&nla->authInfo);
sspi_SecBufferFree(&nla->inputBuffer);
sspi_SecBufferFree(&nla->outputBuffer);
}
LPTSTR nla_make_spn(const char* ServiceClass, const char* hostname)

51
libfreerdp/core/rdp.c
View File

@ -1874,17 +1874,8 @@ void rdp_reset(rdpRdp* rdp)
settings = rdp->settings;
bulk_reset(rdp->bulk);
if (rdp->rc4_decrypt_key)
{
winpr_RC4_Free(rdp->rc4_decrypt_key);
rdp->rc4_decrypt_key = NULL;
}
if (rdp->rc4_encrypt_key)
{
winpr_RC4_Free(rdp->rc4_encrypt_key);
rdp->rc4_encrypt_key = NULL;
}
rdp_free_rc4_decrypt_keys(rdp);
rdp_free_rc4_encrypt_keys(rdp);
if (rdp->fips_encrypt)
{
@ -1943,8 +1934,8 @@ void rdp_free(rdpRdp* rdp)
if (rdp)
{
DeleteCriticalSection(&rdp->critical);
winpr_RC4_Free(rdp->rc4_decrypt_key);
winpr_RC4_Free(rdp->rc4_encrypt_key);
rdp_free_rc4_decrypt_keys(rdp);
rdp_free_rc4_encrypt_keys(rdp);
winpr_Cipher_Free(rdp->fips_encrypt);
winpr_Cipher_Free(rdp->fips_decrypt);
freerdp_settings_free(rdp->settings);
@ -1964,3 +1955,37 @@ void rdp_free(rdpRdp* rdp)
free(rdp);
}
}
BOOL rdp_reset_rc4_encrypt_keys(rdpRdp* rdp)
{
WINPR_ASSERT(rdp);
rdp_free_rc4_encrypt_keys(rdp);
rdp->rc4_encrypt_key = winpr_RC4_New(rdp->encrypt_key, rdp->rc4_key_len);
rdp->encrypt_use_count = 0;
return rdp->rc4_encrypt_key != NULL;
}
void rdp_free_rc4_encrypt_keys(rdpRdp* rdp)
{
WINPR_ASSERT(rdp);
winpr_RC4_Free(rdp->rc4_encrypt_key);
rdp->rc4_encrypt_key = NULL;
}
void rdp_free_rc4_decrypt_keys(rdpRdp* rdp)
{
WINPR_ASSERT(rdp);
winpr_RC4_Free(rdp->rc4_decrypt_key);
rdp->rc4_decrypt_key = NULL;
}
BOOL rdp_reset_rc4_decrypt_keys(rdpRdp* rdp)
{
WINPR_ASSERT(rdp);
rdp_free_rc4_decrypt_keys(rdp);
rdp->rc4_decrypt_key = winpr_RC4_New(rdp->decrypt_key, rdp->rc4_key_len);
rdp->decrypt_use_count = 0;
return rdp->rc4_decrypt_key != NULL;
}

6
libfreerdp/core/rdp.h
View File

@ -242,4 +242,10 @@ BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, UINT16* pLength, UINT16 securityFlags)
BOOL rdp_set_error_info(rdpRdp* rdp, UINT32 errorInfo);
BOOL rdp_send_error_info(rdpRdp* rdp);
void rdp_free_rc4_encrypt_keys(rdpRdp* rdp);
BOOL rdp_reset_rc4_encrypt_keys(rdpRdp* rdp);
void rdp_free_rc4_decrypt_keys(rdpRdp* rdp);
BOOL rdp_reset_rc4_decrypt_keys(rdpRdp* rdp);
#endif /* FREERDP_LIB_CORE_RDP_H */

523
libfreerdp/core/redirection.c
View File

@ -23,10 +23,11 @@
#include <winpr/crt.h>
#include <freerdp/log.h>
#include <freerdp/utils/string.h>
#include "connection.h"
#include "redirection.h"
#include "utils.h"
#define TAG FREERDP_TAG("core.redirection")
@ -35,108 +36,167 @@ struct rdp_redirection
UINT32 flags;
UINT32 sessionID;
BYTE* TsvUrl;
DWORD TsvUrlLength;
UINT32 TsvUrlLength;
char* Username;
char* Domain;
BYTE* Password;
DWORD PasswordLength;
UINT32 PasswordLength;
char* TargetFQDN;
BYTE* LoadBalanceInfo;
DWORD LoadBalanceInfoLength;
UINT32 LoadBalanceInfoLength;
char* TargetNetBiosName;
char* TargetNetAddress;
UINT32 TargetNetAddressesCount;
char** TargetNetAddresses;
UINT32 RedirectionGuidLength;
BYTE* RedirectionGuid;
UINT32 TargetCertificateLength;
BYTE* TargetCertificate;
};
static void redirection_free_array(char*** what, UINT32* count)
{
WINPR_ASSERT(what);
WINPR_ASSERT(count);
if (*what)
{
for (UINT32 x = 0; x < *count; x++)
free((*what)[x]);
free(*what);
}
*what = NULL;
*count = 0;
}
static void redirection_free_string(char** str)
{
WINPR_ASSERT(str);
free(*str);
*str = NULL;
}
static void redirection_free_data(BYTE** str, UINT32* length)
{
WINPR_ASSERT(str);
free(*str);
if (length)
*length = 0;
*str = NULL;
}
static BOOL redirection_copy_data(char** dst, UINT32* plen, const char* str, UINT32 len)
{
redirection_free_data(dst, plen);
if (!str || (len == 0))
return TRUE;
*dst = malloc(len);
if (!*dst)
return FALSE;
memcpy(*dst, str, len);
*plen = len;
return *dst != NULL;
}
static BOOL freerdp_settings_set_pointer_len(rdpSettings* settings, size_t id, const BYTE* data,
size_t length)
{
BYTE** pdata = NULL;
UINT32* plen = NULL;
switch (id)
{
case FreeRDP_TargetNetAddress:
pdata = &settings->TargetNetAddress;
plen = &settings->TargetNetAddressCount;
break;
case FreeRDP_LoadBalanceInfo:
pdata = &settings->LoadBalanceInfo;
plen = &settings->LoadBalanceInfoLength;
break;
case FreeRDP_RedirectionPassword:
pdata = &settings->RedirectionPassword;
plen = &settings->RedirectionPasswordLength;
break;
case FreeRDP_RedirectionTsvUrl:
pdata = &settings->RedirectionTsvUrl;
plen = &settings->RedirectionTsvUrlLength;
break;
case FreeRDP_RedirectionGuid:
pdata = &settings->RedirectionGuid;
plen = &settings->RedirectionGuidLength;
break;
case FreeRDP_RedirectionTargetCertificate:
pdata = &settings->RedirectionTargetCertificate;
plen = &settings->RedirectionTargetCertificateLength;
break;
default:
return FALSE;
}
return redirection_copy_data(pdata, plen, data, length);
}
static void rdp_print_redirection_flags(UINT32 flags)
{
WLog_DBG(TAG, "redirectionFlags = {");
if (flags & LB_TARGET_NET_ADDRESS)
WLog_DBG(TAG, "\tLB_TARGET_NET_ADDRESS");
if (flags & LB_LOAD_BALANCE_INFO)
WLog_DBG(TAG, "\tLB_LOAD_BALANCE_INFO");
if (flags & LB_USERNAME)
WLog_DBG(TAG, "\tLB_USERNAME");
if (flags & LB_DOMAIN)
WLog_DBG(TAG, "\tLB_DOMAIN");
if (flags & LB_PASSWORD)
WLog_DBG(TAG, "\tLB_PASSWORD");
if (flags & LB_DONTSTOREUSERNAME)
WLog_DBG(TAG, "\tLB_DONTSTOREUSERNAME");
if (flags & LB_SMARTCARD_LOGON)
WLog_DBG(TAG, "\tLB_SMARTCARD_LOGON");
if (flags & LB_NOREDIRECT)
WLog_DBG(TAG, "\tLB_NOREDIRECT");
if (flags & LB_TARGET_FQDN)
WLog_DBG(TAG, "\tLB_TARGET_FQDN");
if (flags & LB_TARGET_NETBIOS_NAME)
WLog_DBG(TAG, "\tLB_TARGET_NETBIOS_NAME");
if (flags & LB_TARGET_NET_ADDRESSES)
WLog_DBG(TAG, "\tLB_TARGET_NET_ADDRESSES");
if (flags & LB_CLIENT_TSV_URL)
WLog_DBG(TAG, "\tLB_CLIENT_TSV_URL");
if (flags & LB_SERVER_TSV_CAPABLE)
WLog_DBG(TAG, "\tLB_SERVER_TSV_CAPABLE");
for (UINT32 x = 0; x < 32; x++)
{
const UINT32 mask = 1 << x;
if ((flags & mask) != 0)
{
char buffer[64] = { 0 };
WLog_DBG(TAG, "\t%s", rdp_redirection_flags_to_string(mask, buffer, sizeof(buffer)));
}
}
WLog_DBG(TAG, "}");
}
static BOOL rdp_redirection_read_unicode_string(wStream* s, char** str, size_t maxLength)
{
UINT32 length;
WCHAR* wstr = NULL;
UINT32 length = 0;
const WCHAR* wstr = NULL;
if (Stream_GetRemainingLength(s) < 4)
{
WLog_ERR(TAG, "rdp_redirection_read_string failure: cannot read length");
if (!Stream_CheckAndLogRequiredLength(TAG, s, 4))
return FALSE;
}
Stream_Read_UINT32(s, length);
if ((length % 2) || length < 2 || length > maxLength)
{
WLog_ERR(TAG,
"rdp_redirection_read_string failure: invalid unicode string length: %" PRIu32 "",
WLog_ERR(TAG, "[%s] failure: invalid unicode string length: %" PRIu32 "", __FUNCTION__,
length);
return FALSE;
}
if (Stream_GetRemainingLength(s) < length)
if (!Stream_CheckAndLogRequiredLength(TAG, s, length))
{
WLog_ERR(TAG,
"rdp_redirection_read_string failure: insufficient stream length (%" PRIu32
" bytes required)",
length);
WLog_ERR(TAG, "[%s] failure: insufficient stream length (%" PRIu32 " bytes required)",
__FUNCTION__, length);
return FALSE;
}
wstr = (WCHAR*)Stream_Pointer(s);
wstr = (const WCHAR*)Stream_Pointer(s);
if (wstr[length / 2 - 1])
{
WLog_ERR(TAG, "rdp_redirection_read_string failure: unterminated unicode string");
WLog_ERR(TAG, "[%s] failure: unterminated unicode string", __FUNCTION__);
return FALSE;
}
if (ConvertFromUnicode(CP_UTF8, 0, wstr, -1, str, 0, NULL, NULL) < 1)
redirection_free_string(str);
{
WLog_ERR(TAG, "rdp_redirection_read_string failure: string conversion failed");
return FALSE;
const int res =
ConvertFromUnicode(CP_UTF8, 0, wstr, length / sizeof(WCHAR), str, 0, NULL, NULL);
if ((res < 0) || !(*str))
{
WLog_ERR(TAG, "[%s] failure: string conversion failed", __FUNCTION__);
return FALSE;
}
}
Stream_Seek(s, length);
@ -145,23 +205,40 @@ static BOOL rdp_redirection_read_unicode_string(wStream* s, char** str, size_t m
int rdp_redirection_apply_settings(rdpRdp* rdp)
{
rdpSettings* settings = rdp->settings;
rdpRedirection* redirection = rdp->redirection;
rdpSettings* settings = NULL;
rdpRedirection* redirection = NULL;
WINPR_ASSERT(rdp);
settings = rdp->settings;
WINPR_ASSERT(settings);
redirection = rdp->redirection;
WINPR_ASSERT(redirection);
{
char buffer[2048] = { 0 };
WLog_DBG(TAG, "RedirectionFlags=%s",
rdp_redirection_flags_to_string(redirection->flags, buffer, sizeof(buffer)));
}
settings->RedirectionFlags = redirection->flags;
settings->RedirectedSessionId = redirection->sessionID;
if (settings->RedirectionFlags & LB_TARGET_NET_ADDRESS)
{
if (!freerdp_settings_set_string(settings, FreeRDP_TargetNetAddress,
redirection->TargetNetAddress))
return -1;
}
if (settings->RedirectionFlags & LB_LOAD_BALANCE_INFO)
{
/* LoadBalanceInfo may not contain a null terminator */
free(settings->LoadBalanceInfo);
settings->LoadBalanceInfoLength = redirection->LoadBalanceInfoLength;
settings->LoadBalanceInfo = (BYTE*)malloc(settings->LoadBalanceInfoLength);
if (!settings->LoadBalanceInfo)
if (!freerdp_settings_set_pointer_len(settings, FreeRDP_LoadBalanceInfo,
redirection->LoadBalanceInfo,
redirection->LoadBalanceInfoLength))
return -1;
CopyMemory(settings->LoadBalanceInfo, redirection->LoadBalanceInfo,
settings->LoadBalanceInfoLength);
}
else
{
@ -169,128 +246,138 @@ int rdp_redirection_apply_settings(rdpRdp* rdp)
* Free previous LoadBalanceInfo, if any, otherwise it may end up
* being reused for the redirected session, which is not what we want.
*/
free(settings->LoadBalanceInfo);
settings->LoadBalanceInfo = NULL;
settings->LoadBalanceInfoLength = 0;
}
if (settings->RedirectionFlags & LB_TARGET_FQDN)
{
free(settings->RedirectionTargetFQDN);
settings->RedirectionTargetFQDN = _strdup(redirection->TargetFQDN);
if (!settings->RedirectionTargetFQDN)
return -1;
}
if (settings->RedirectionFlags & LB_TARGET_NET_ADDRESS)
{
free(settings->TargetNetAddress);
settings->TargetNetAddress = _strdup(redirection->TargetNetAddress);
if (!settings->TargetNetAddress)
return -1;
}
if (settings->RedirectionFlags & LB_TARGET_NETBIOS_NAME)
{
free(settings->RedirectionTargetNetBiosName);
settings->RedirectionTargetNetBiosName = _strdup(redirection->TargetNetBiosName);
if (!settings->RedirectionTargetNetBiosName)
if (!freerdp_settings_set_pointer_len(settings, FreeRDP_LoadBalanceInfo, NULL, 0))
return -1;
}
if (settings->RedirectionFlags & LB_USERNAME)
{
free(settings->RedirectionUsername);
settings->RedirectionUsername = _strdup(redirection->Username);
if (!settings->RedirectionUsername)
if (!freerdp_settings_set_string(settings, FreeRDP_RedirectionUsername,
redirection->Username))
return -1;
}
if (settings->RedirectionFlags & LB_DOMAIN)
{
free(settings->RedirectionDomain);
settings->RedirectionDomain = _strdup(redirection->Domain);
if (!settings->RedirectionDomain)
if (!freerdp_settings_set_string(settings, FreeRDP_RedirectionDomain, redirection->Domain))
return -1;
}
if (settings->RedirectionFlags & LB_PASSWORD)
{
/* Password may be a cookie without a null terminator */
free(settings->RedirectionPassword);
settings->RedirectionPasswordLength = redirection->PasswordLength;
/* For security reasons we'll allocate an additional zero WCHAR at the
* end of the buffer that is not included in RedirectionPasswordLength
*/
settings->RedirectionPassword =
(BYTE*)calloc(1, settings->RedirectionPasswordLength + sizeof(WCHAR));
if (!settings->RedirectionPassword)
if (!freerdp_settings_set_pointer_len(settings, FreeRDP_RedirectionPassword,
redirection->Password, redirection->PasswordLength))
return -1;
}
CopyMemory(settings->RedirectionPassword, redirection->Password,
settings->RedirectionPasswordLength);
if (settings->RedirectionFlags & LB_DONTSTOREUSERNAME)
{
// TODO
}
if (settings->RedirectionFlags & LB_SMARTCARD_LOGON)
{
// TODO
}
if (settings->RedirectionFlags & LB_NOREDIRECT)
{
// TODO
}
if (settings->RedirectionFlags & LB_TARGET_FQDN)
{
if (!freerdp_settings_set_string(settings, FreeRDP_RedirectionTargetFQDN,
redirection->TargetFQDN))
return -1;
}
if (settings->RedirectionFlags & LB_TARGET_NETBIOS_NAME)
{
if (!freerdp_settings_set_string(settings, FreeRDP_RedirectionTargetNetBiosName,
redirection->TargetNetBiosName))
return -1;
}
if (settings->RedirectionFlags & LB_TARGET_NET_ADDRESSES)
{
if (!freerdp_target_net_addresses_copy(settings, redirection->TargetNetAddresses,
redirection->TargetNetAddressesCount))
return -1;
}
if (settings->RedirectionFlags & LB_CLIENT_TSV_URL)
{
/* TsvUrl may not contain a null terminator */
free(settings->RedirectionTsvUrl);
settings->RedirectionTsvUrlLength = redirection->TsvUrlLength;
settings->RedirectionTsvUrl = (BYTE*)malloc(settings->RedirectionTsvUrlLength);
if (!settings->RedirectionTsvUrl)
if (!freerdp_settings_set_pointer_len(settings, FreeRDP_RedirectionTsvUrl,
redirection->TsvUrl, redirection->TsvUrlLength))
return -1;
CopyMemory(settings->RedirectionTsvUrl, redirection->TsvUrl,
settings->RedirectionTsvUrlLength);
}
if (settings->RedirectionFlags & LB_TARGET_NET_ADDRESSES)
if (settings->RedirectionFlags & LB_SERVER_TSV_CAPABLE)
{
UINT32 i;
freerdp_target_net_addresses_free(settings);
settings->TargetNetAddressCount = redirection->TargetNetAddressesCount;
settings->TargetNetAddresses =
(char**)calloc(settings->TargetNetAddressCount, sizeof(char*));
// TODO
}
if (!settings->TargetNetAddresses)
{
settings->TargetNetAddressCount = 0;
if (settings->RedirectionFlags & LB_PASSWORD_IS_PK_ENCRYPTED)
{
// TODO
}
if (settings->RedirectionFlags & LB_REDIRECTION_GUID)
{
if (!freerdp_settings_set_pointer_len(settings, FreeRDP_RedirectionGuid,
redirection->RedirectionGuid,
redirection->RedirectionGuidLength))
return -1;
}
}
for (i = 0; i < settings->TargetNetAddressCount; i++)
{
settings->TargetNetAddresses[i] = _strdup(redirection->TargetNetAddresses[i]);
if (!settings->TargetNetAddresses[i])
{
UINT32 j;
for (j = 0; j < i; j++)
free(settings->TargetNetAddresses[j]);
return -1;
}
}
if (settings->RedirectionFlags & LB_TARGET_CERTIFICATE)
{
if (!freerdp_settings_set_pointer_len(settings, FreeRDP_RedirectionTargetCertificate,
redirection->TargetCertificate,
redirection->TargetCertificateLength))
return -1;
}
return 0;
}
static BOOL rdp_recv_server_redirection_pdu(rdpRdp* rdp, wStream* s)
static BOOL rdp_redirection_read_data(UINT32 flag, wStream* s, UINT32* pLength, BYTE** pData)
{
UINT16 flags;
UINT16 length;
char buffer[64] = { 0 };
WINPR_ASSERT(pLength);
WINPR_ASSERT(pData);
if (!Stream_CheckAndLogRequiredLength(TAG, s, 4))
return FALSE;
Stream_Read_UINT32(s, *pLength);
if (!Stream_CheckAndLogRequiredLength(TAG, s, *pLength))
return FALSE;
redirection_free_data(pData, NULL);
*pData = (BYTE*)malloc(*pLength);
if (!*pData)
return FALSE;
Stream_Read(s, *pData, *pLength);
WLog_DBG(TAG, "%s:", rdp_redirection_flags_to_string(flag, buffer, sizeof(buffer)));
winpr_HexDump(TAG, WLOG_DEBUG, *pData, *pLength);
return TRUE;
}
static int rdp_recv_server_redirection_pdu(rdpRdp* rdp, wStream* s)
{
UINT16 flags = 0;
UINT16 length = 0;
rdpRedirection* redirection = rdp->redirection;
if (Stream_GetRemainingLength(s) < 12)
if (!Stream_CheckAndLogRequiredLength(TAG, s, 12))
return -1;
Stream_Read_UINT16(s, flags); /* flags (2 bytes) */
@ -329,23 +416,9 @@ static BOOL rdp_recv_server_redirection_pdu(rdpRdp* rdp, wStream* s)
* 0010 34 30 32 36 34 33 32 2e 31 35 36 32 39 2e 30 30 4026432.15629.00
* 0020 30 30 0d 0a 00..
*/
if (Stream_GetRemainingLength(s) < 4)
if (!rdp_redirection_read_data(LB_LOAD_BALANCE_INFO, s, &redirection->LoadBalanceInfoLength,
&redirection->LoadBalanceInfo))
return -1;
Stream_Read_UINT32(s, redirection->LoadBalanceInfoLength);
if (Stream_GetRemainingLength(s) < redirection->LoadBalanceInfoLength)
return -1;
redirection->LoadBalanceInfo = (BYTE*)malloc(redirection->LoadBalanceInfoLength);
if (!redirection->LoadBalanceInfo)
return -1;
Stream_Read(s, redirection->LoadBalanceInfo, redirection->LoadBalanceInfoLength);
WLog_DBG(TAG, "loadBalanceInfo:");
winpr_HexDump(TAG, WLOG_DEBUG, redirection->LoadBalanceInfo,
redirection->LoadBalanceInfoLength);
}
if (redirection->flags & LB_USERNAME)
@ -359,7 +432,7 @@ static BOOL rdp_recv_server_redirection_pdu(rdpRdp* rdp, wStream* s)
if (redirection->flags & LB_DOMAIN)
{
if (!rdp_redirection_read_unicode_string(s, &(redirection->Domain), 52))
return FALSE;
return -1;
WLog_DBG(TAG, "Domain: %s", redirection->Domain);
}
@ -387,32 +460,24 @@ static BOOL rdp_recv_server_redirection_pdu(rdpRdp* rdp, wStream* s)
* Notwithstanding the above, we'll allocated an additional zero WCHAR at the
* end of the buffer which won't get counted in PasswordLength.
*/
if (Stream_GetRemainingLength(s) < 4)
if (!rdp_redirection_read_data(LB_PASSWORD, s, &redirection->PasswordLength,
&redirection->Password))
return -1;
Stream_Read_UINT32(s, redirection->PasswordLength);
/* [MS-RDPBCGR] specifies 512 bytes as the upper limit for the password length
* including the null terminatior(s). This should also be enough for the unknown
* password cookie format (see previous comment).
*/
if ((redirection->flags & LB_PASSWORD_IS_PK_ENCRYPTED) == 0)
{
const size_t charLen = redirection->PasswordLength / sizeof(WCHAR);
if (redirection->PasswordLength > LB_PASSWORD_MAX_LENGTH)
return -1;
if (Stream_GetRemainingLength(s) < redirection->PasswordLength)
return -1;
if (redirection->PasswordLength > LB_PASSWORD_MAX_LENGTH)
return -1;
redirection->Password = (BYTE*)calloc(1, redirection->PasswordLength + sizeof(WCHAR));
if (!redirection->Password)
return -1;
Stream_Read(s, redirection->Password, redirection->PasswordLength);
WLog_DBG(TAG, "PasswordCookie:");
#if defined(WITH_DEBUG_REDIR)
winpr_HexDump(TAG, WLOG_DEBUG, redirection->Password, redirection->PasswordLength);
#endif
/* Ensure the text password is '\0' terminated */
if (_wcsnlen((const WCHAR*)redirection->Password, charLen) == charLen)
return -1;
}
}
if (redirection->flags & LB_TARGET_FQDN)
@ -433,31 +498,33 @@ static BOOL rdp_recv_server_redirection_pdu(rdpRdp* rdp, wStream* s)
if (redirection->flags & LB_CLIENT_TSV_URL)
{
if (Stream_GetRemainingLength(s) < 4)
if (!rdp_redirection_read_data(LB_CLIENT_TSV_URL, s, &redirection->TsvUrlLength,
&redirection->TsvUrl))
return -1;
}
Stream_Read_UINT32(s, redirection->TsvUrlLength);
if (Stream_GetRemainingLength(s) < redirection->TsvUrlLength)
if (redirection->flags & LB_REDIRECTION_GUID)
{
if (!rdp_redirection_read_data(LB_REDIRECTION_GUID, s, &redirection->RedirectionGuidLength,
&redirection->RedirectionGuid))
return -1;
}
redirection->TsvUrl = (BYTE*)malloc(redirection->TsvUrlLength);
if (!redirection->TsvUrl)
if (redirection->flags & LB_TARGET_CERTIFICATE)
{
if (!rdp_redirection_read_data(LB_TARGET_CERTIFICATE, s,
&redirection->TargetCertificateLength,
&redirection->TargetCertificate))
return -1;
Stream_Read(s, redirection->TsvUrl, redirection->TsvUrlLength);
WLog_DBG(TAG, "TsvUrl:");
winpr_HexDump(TAG, WLOG_DEBUG, redirection->TsvUrl, redirection->TsvUrlLength);
}
if (redirection->flags & LB_TARGET_NET_ADDRESSES)
{
int i;
UINT32 count;
UINT32 targetNetAddressesLength;
size_t i = 0;
UINT32 count = 0;
UINT32 targetNetAddressesLength = 0;
if (Stream_GetRemainingLength(s) < 8)
if (!Stream_CheckAndLogRequiredLength(TAG, s, 8))
return -1;
Stream_Read_UINT32(s, targetNetAddressesLength);
@ -466,16 +533,17 @@ static BOOL rdp_recv_server_redirection_pdu(rdpRdp* rdp, wStream* s)
redirection->TargetNetAddresses = (char**)calloc(count, sizeof(char*));
if (!redirection->TargetNetAddresses)
return FALSE;
return -1;
WLog_DBG(TAG, "TargetNetAddressesCount: %" PRIu32 "", redirection->TargetNetAddressesCount);
WLog_DBG(TAG, "TargetNetAddressesCount: %" PRIu32 "", count);
for (i = 0; i < (int)count; i++)
for (i = 0; i < count; i++)
{
if (!rdp_redirection_read_unicode_string(s, &(redirection->TargetNetAddresses[i]), 80))
return FALSE;
return -1;
WLog_DBG(TAG, "TargetNetAddresses[%d]: %s", i, redirection->TargetNetAddresses[i]);
WLog_DBG(TAG, "TargetNetAddresses[%" PRIuz "]: %s", i,
redirection->TargetNetAddresses[i]);
}
}
@ -512,7 +580,7 @@ int rdp_recv_enhanced_security_redirection_packet(rdpRdp* rdp, wStream* s)
return status;
}
rdpRedirection* redirection_new()
rdpRedirection* redirection_new(void)
{
rdpRedirection* redirection;
redirection = (rdpRedirection*)calloc(1, sizeof(rdpRedirection));
@ -528,26 +596,19 @@ void redirection_free(rdpRedirection* redirection)
{
if (redirection)
{
free(redirection->TsvUrl);
free(redirection->Username);
free(redirection->Domain);
free(redirection->TargetFQDN);
free(redirection->TargetNetBiosName);
free(redirection->TargetNetAddress);
free(redirection->LoadBalanceInfo);
free(redirection->Password);
if (redirection->TargetNetAddresses)
{
int i;
for (i = 0; i < (int)redirection->TargetNetAddressesCount; i++)
{
free(redirection->TargetNetAddresses[i]);
}
free(redirection->TargetNetAddresses);
}
redirection_free_data(&redirection->TsvUrl, &redirection->TsvUrlLength);
redirection_free_string(&redirection->Username);
redirection_free_string(&redirection->Domain);
redirection_free_string(&redirection->TargetFQDN);
redirection_free_string(&redirection->TargetNetBiosName);
redirection_free_string(&redirection->TargetNetAddress);
redirection_free_data(&redirection->LoadBalanceInfo, &redirection->LoadBalanceInfoLength);
redirection_free_data(&redirection->Password, &redirection->PasswordLength);
redirection_free_data(&redirection->RedirectionGuid, &redirection->RedirectionGuidLength);
redirection_free_data(&redirection->TargetCertificate,
&redirection->TargetCertificateLength);
redirection_free_array(&redirection->TargetNetAddresses,
&redirection->TargetNetAddressesCount);
free(redirection);
}

25
libfreerdp/core/security.c
View File

@ -719,18 +719,19 @@ BOOL security_encrypt(BYTE* data, size_t length, rdpRdp* rdp)
{
BOOL rc = FALSE;
EnterCriticalSection(&rdp->critical);
if (!rdp->rc4_encrypt_key)
{
WLog_ERR(TAG, "[%s] rdp->rc4_encrypt_key=%p", __FUNCTION__, rdp->rc4_encrypt_key);
goto fail;
}
if (rdp->encrypt_use_count >= 4096)
{
if (!security_key_update(rdp->encrypt_key, rdp->encrypt_update_key, rdp->rc4_key_len, rdp))
goto fail;
winpr_RC4_Free(rdp->rc4_encrypt_key);
rdp->rc4_encrypt_key = winpr_RC4_New(rdp->encrypt_key, rdp->rc4_key_len);
if (!rdp->rc4_encrypt_key)
if (!rdp_reset_rc4_encrypt_keys(rdp))
goto fail;
rdp->encrypt_use_count = 0;
}
if (!winpr_RC4_Update(rdp->rc4_encrypt_key, length, data, data))
@ -748,21 +749,19 @@ BOOL security_decrypt(BYTE* data, size_t length, rdpRdp* rdp)
{
BOOL rc = FALSE;
EnterCriticalSection(&rdp->critical);
if (rdp->rc4_decrypt_key == NULL)
if (!rdp->rc4_decrypt_key)
{
WLog_ERR(TAG, "[%s] rdp->rc4_decrypt_key=%p", __FUNCTION__, rdp->rc4_decrypt_key);
goto fail;
}
if (rdp->decrypt_use_count >= 4096)
{
if (!security_key_update(rdp->decrypt_key, rdp->decrypt_update_key, rdp->rc4_key_len, rdp))
goto fail;
winpr_RC4_Free(rdp->rc4_decrypt_key);
rdp->rc4_decrypt_key = winpr_RC4_New(rdp->decrypt_key, rdp->rc4_key_len);
if (!rdp->rc4_decrypt_key)
if (!rdp_reset_rc4_decrypt_keys(rdp))
goto fail;
rdp->decrypt_use_count = 0;
}
if (!winpr_RC4_Update(rdp->rc4_decrypt_key, length, data, data))

18
libfreerdp/core/server.c
View File

@ -291,9 +291,27 @@ static BOOL wts_read_drdynvc_pdu(rdpPeerChannel* channel)
return wts_read_drdynvc_create_response(dvc, channel->receiveData, length);
case DATA_FIRST_PDU:
if (dvc->dvc_open_state != DVC_OPEN_STATE_SUCCEEDED)
{
WLog_ERR(TAG,
"ChannelId %" PRIu32 " did not open successfully. "
"Ignoring DYNVC_DATA_FIRST PDU",
ChannelId);
return TRUE;
}
return wts_read_drdynvc_data_first(dvc, channel->receiveData, Sp, length);
case DATA_PDU:
if (dvc->dvc_open_state != DVC_OPEN_STATE_SUCCEEDED)
{
WLog_ERR(TAG,
"ChannelId %" PRIu32 " did not open successfully. "
"Ignoring DYNVC_DATA PDU",
ChannelId);
return TRUE;
}
return wts_read_drdynvc_data(dvc, channel->receiveData, length);
case CLOSE_REQUEST_PDU:

4
libfreerdp/core/test/settings_property_lists.h
View File

@ -259,8 +259,10 @@ static const size_t uint32_list_indices[] = {
FreeRDP_RedirectedSessionId,
FreeRDP_RedirectionAcceptedCertLength,
FreeRDP_RedirectionFlags,
FreeRDP_RedirectionGuidLength,
FreeRDP_RedirectionPasswordLength,
FreeRDP_RedirectionPreferType,
FreeRDP_RedirectionTargetCertificateLength,
FreeRDP_RedirectionTsvUrlLength,
FreeRDP_RemoteAppNumIconCacheEntries,
FreeRDP_RemoteAppNumIconCaches,
@ -394,7 +396,9 @@ static const size_t pointer_list_indices[] = {
FreeRDP_RdpServerCertificate,
FreeRDP_RdpServerRsaKey,
FreeRDP_ReceivedCapabilities,
FreeRDP_RedirectionGuid,
FreeRDP_RedirectionPassword,
FreeRDP_RedirectionTargetCertificate,
FreeRDP_RedirectionTsvUrl,
FreeRDP_ServerAutoReconnectCookie,
FreeRDP_ServerCertificate,

46
libfreerdp/core/timezone.c
View File

@ -22,12 +22,13 @@
#endif
#include <winpr/crt.h>
#include <winpr/assert.h>
#include <winpr/timezone.h>
#include "timezone.h"
static void rdp_read_system_time(wStream* s, SYSTEMTIME* system_time);
static void rdp_write_system_time(wStream* s, SYSTEMTIME* system_time);
static BOOL rdp_read_system_time(wStream* s, SYSTEMTIME* system_time);
static BOOL rdp_write_system_time(wStream* s, const SYSTEMTIME* system_time);
/**
* Read SYSTEM_TIME structure (TS_SYSTEMTIME).\n
@ -36,8 +37,13 @@ static void rdp_write_system_time(wStream* s, SYSTEMTIME* system_time);
* @param system_time system time structure
*/
void rdp_read_system_time(wStream* s, SYSTEMTIME* system_time)
BOOL rdp_read_system_time(wStream* s, SYSTEMTIME* system_time)
{
WINPR_ASSERT(system_time);
if (Stream_GetRemainingLength(s) < 16ull)
return FALSE;
Stream_Read_UINT16(s, system_time->wYear); /* wYear, must be set to 0 */
Stream_Read_UINT16(s, system_time->wMonth); /* wMonth */
Stream_Read_UINT16(s, system_time->wDayOfWeek); /* wDayOfWeek */
@ -46,6 +52,7 @@ void rdp_read_system_time(wStream* s, SYSTEMTIME* system_time)
Stream_Read_UINT16(s, system_time->wMinute); /* wMinute */
Stream_Read_UINT16(s, system_time->wSecond); /* wSecond */
Stream_Read_UINT16(s, system_time->wMilliseconds); /* wMilliseconds */
return TRUE;
}
/**
@ -55,8 +62,12 @@ void rdp_read_system_time(wStream* s, SYSTEMTIME* system_time)
* @param system_time system time structure
*/
void rdp_write_system_time(wStream* s, SYSTEMTIME* system_time)
BOOL rdp_write_system_time(wStream* s, const SYSTEMTIME* system_time)
{
WINPR_ASSERT(system_time);
if (!Stream_EnsureRemainingCapacity(s, 16ull))
return FALSE;
Stream_Write_UINT16(s, system_time->wYear); /* wYear, must be set to 0 */
Stream_Write_UINT16(s, system_time->wMonth); /* wMonth */
Stream_Write_UINT16(s, system_time->wDayOfWeek); /* wDayOfWeek */
@ -70,6 +81,7 @@ void rdp_write_system_time(wStream* s, SYSTEMTIME* system_time)
system_time->wYear, system_time->wMonth, system_time->wDayOfWeek,
system_time->wDay, system_time->wHour, system_time->wMinute,
system_time->wSecond, system_time->wMilliseconds);
return TRUE;
}
/**
@ -81,7 +93,7 @@ void rdp_write_system_time(wStream* s, SYSTEMTIME* system_time)
BOOL rdp_read_client_time_zone(wStream* s, rdpSettings* settings)
{
LPTIME_ZONE_INFORMATION tz;
LPTIME_ZONE_INFORMATION tz = { 0 };
if (!s || !settings)
return FALSE;
@ -97,11 +109,13 @@ BOOL rdp_read_client_time_zone(wStream* s, rdpSettings* settings)
Stream_Read_UINT32(s, tz->Bias); /* Bias */
/* standardName (64 bytes) */
Stream_Read(s, tz->StandardName, sizeof(tz->StandardName));
rdp_read_system_time(s, &tz->StandardDate); /* StandardDate */
if (!rdp_read_system_time(s, &tz->StandardDate)) /* StandardDate */
return FALSE;
Stream_Read_UINT32(s, tz->StandardBias); /* StandardBias */
/* daylightName (64 bytes) */
Stream_Read(s, tz->DaylightName, sizeof(tz->DaylightName));
rdp_read_system_time(s, &tz->DaylightDate); /* DaylightDate */
if (!rdp_read_system_time(s, &tz->DaylightDate)) /* DaylightDate */
return FALSE;
Stream_Read_UINT32(s, tz->DaylightBias); /* DaylightBias */
return TRUE;
}
@ -115,19 +129,26 @@ BOOL rdp_read_client_time_zone(wStream* s, rdpSettings* settings)
BOOL rdp_write_client_time_zone(wStream* s, rdpSettings* settings)
{
LPTIME_ZONE_INFORMATION tz;
LPTIME_ZONE_INFORMATION tz = { 0 };
WINPR_ASSERT(settings);
tz = settings->ClientTimeZone;
if (!tz)
return FALSE;
GetTimeZoneInformation(tz);
if (!Stream_EnsureRemainingCapacity(s, 4ull + sizeof(tz->StandardName)))
return FALSE;
/* Bias */
Stream_Write_UINT32(s, tz->Bias);
/* standardName (64 bytes) */
Stream_Write(s, tz->StandardName, sizeof(tz->StandardName));
/* StandardDate */
rdp_write_system_time(s, &tz->StandardDate);
if (!rdp_write_system_time(s, &tz->StandardDate))
return FALSE;
#ifdef WITH_DEBUG_TIMEZONE
WLog_DBG(TIMEZONE_TAG, "bias=%" PRId32 "", tz->Bias);
WLog_DBG(TIMEZONE_TAG, "StandardName:");
@ -139,14 +160,19 @@ BOOL rdp_write_client_time_zone(wStream* s, rdpSettings* settings)
#endif
/* Note that StandardBias is ignored if no valid standardDate is provided. */
/* StandardBias */
if (!Stream_EnsureRemainingCapacity(s, 4ull + sizeof(tz->DaylightName)))
return FALSE;
Stream_Write_UINT32(s, tz->StandardBias);
DEBUG_TIMEZONE("StandardBias=%" PRId32 "", tz->StandardBias);
/* daylightName (64 bytes) */
Stream_Write(s, tz->DaylightName, sizeof(tz->DaylightName));
/* DaylightDate */
rdp_write_system_time(s, &tz->DaylightDate);
if (!rdp_write_system_time(s, &tz->DaylightDate))
return FALSE;
/* Note that DaylightBias is ignored if no valid daylightDate is provided. */
/* DaylightBias */
if (!Stream_EnsureRemainingCapacity(s, 4ull))
return FALSE;
Stream_Write_UINT32(s, tz->DaylightBias);
DEBUG_TIMEZONE("DaylightBias=%" PRId32 "", tz->DaylightBias);
return TRUE;

22
libfreerdp/core/utils.c
View File

@ -31,6 +31,19 @@
#include "utils.h"
BOOL utils_str_copy(const char* value, char** dst)
{
WINPR_ASSERT(dst);
free(*dst);
*dst = NULL;
if (!value)
return TRUE;
(*dst) = _strdup(value);
return (*dst) != NULL;
}
BOOL utils_abort_connect(rdpContext* context)
{
WINPR_ASSERT(context);
@ -43,3 +56,12 @@ BOOL utils_reset_abort(rdpContext* context)
WINPR_ASSERT(context);
return ResetEvent(context->abortEvent);
}
BOOL utils_str_is_empty(const char* str)
{
if (!str)
return TRUE;
if (strlen(str) == 0)
return TRUE;
return FALSE;
}

3
libfreerdp/core/utils.h
View File

@ -27,4 +27,7 @@
BOOL utils_reset_abort(rdpContext* context);
BOOL utils_abort_connect(rdpContext* context);
BOOL utils_str_is_empty(const char* str);
BOOL utils_str_copy(const char* value, char** dst);
#endif /* FREERDP_LIB_CORE_UTILS_H */

54
libfreerdp/crypto/crypto.c
View File

@ -21,8 +21,10 @@
#include "config.h"
#endif
#include <openssl/objects.h>
#include <winpr/crt.h>
#include <winpr/crypto.h>
#include <winpr/assert.h>
#include <freerdp/log.h>
#include <freerdp/crypto/crypto.h>
@ -943,3 +945,53 @@ out_free_issuer:
free(issuer);
free(subject);
}
WINPR_MD_TYPE crypto_cert_get_signature_alg(X509* xcert)
{
WINPR_ASSERT(xcert);
const int nid = X509_get_signature_nid(xcert);
int hash_nid = 0;
if (OBJ_find_sigid_algs(nid, &hash_nid, NULL) != 1)
return WINPR_MD_NONE;
switch (hash_nid)
{
case NID_md2:
return WINPR_MD_MD2;
case NID_md4:
return WINPR_MD_MD4;
case NID_md5:
return WINPR_MD_MD5;
case NID_sha1:
return WINPR_MD_SHA1;
case NID_sha224:
return WINPR_MD_SHA224;
case NID_sha256:
return WINPR_MD_SHA256;
case NID_sha384:
return WINPR_MD_SHA384;
case NID_sha512:
return WINPR_MD_SHA512;
case NID_ripemd160:
return WINPR_MD_RIPEMD160;
#if (OPENSSL_VERSION_NUMBER >= 0x1010101fL) || defined(LIBRESSL_VERSION_NUMBER)
case NID_sha3_224:
return WINPR_MD_SHA3_224;
case NID_sha3_256:
return WINPR_MD_SHA3_256;
case NID_sha3_384:
return WINPR_MD_SHA3_384;
case NID_sha3_512:
return WINPR_MD_SHA3_512;
#endif
case NID_shake128:
return WINPR_MD_SHAKE128;
case NID_shake256:
return WINPR_MD_SHAKE256;
case NID_undef:
default:
return WINPR_MD_NONE;
}
}

20
libfreerdp/crypto/tls.c
View File

@ -617,7 +617,25 @@ static SecPkgContext_Bindings* tls_get_channel_bindings(X509* cert)
SEC_CHANNEL_BINDINGS* ChannelBindings;
SecPkgContext_Bindings* ContextBindings;
const size_t PrefixLength = strnlen(TLS_SERVER_END_POINT, ARRAYSIZE(TLS_SERVER_END_POINT));
BYTE* CertificateHash = crypto_cert_hash(cert, "sha256", &CertificateHashLength);
/* See https://www.rfc-editor.org/rfc/rfc5929 for details about hashes */
WINPR_MD_TYPE alg = crypto_cert_get_signature_alg(cert);
const char* hash;
switch (alg)
{
case WINPR_MD_MD5:
case WINPR_MD_SHA1:
hash = winpr_md_type_to_string(WINPR_MD_SHA256);
break;
default:
hash = winpr_md_type_to_string(alg);
break;
}
if (!hash)
return NULL;
BYTE* CertificateHash = crypto_cert_hash(cert, hash, &CertificateHashLength);
if (!CertificateHash)
return NULL;

1
libfreerdp/utils/CMakeLists.txt
View File

@ -25,6 +25,7 @@ set(${MODULE_PREFIX}_SRCS
profiler.c
ringbuffer.c
signal.c
string.c
stopwatch.c)
freerdp_module_add(${${MODULE_PREFIX}_SRCS})

62
libfreerdp/utils/string.c Normal file
View File

@ -0,0 +1,62 @@
/**
* FreeRDP: A Remote Desktop Protocol Implementation
*
* String Utils - Helper functions converting something to string
*
* Copyright 2022 Armin Novak <armin.novak@thincast.com>
* Copyright 2022 Thincast Technologies GmbH
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <freerdp/utils/string.h>
#include <freerdp/settings.h>
char* rdp_redirection_flags_to_string(UINT32 flags, char* buffer, size_t size)
{
size_t x;
struct map_t
{
UINT32 flag;
const char* name;
};
const struct map_t map[] = {
{ LB_TARGET_NET_ADDRESS, "LB_TARGET_NET_ADDRESS" },
{ LB_LOAD_BALANCE_INFO, "LB_LOAD_BALANCE_INFO" },
{ LB_USERNAME, "LB_USERNAME" },
{ LB_DOMAIN, "LB_DOMAIN" },
{ LB_PASSWORD, "LB_PASSWORD" },
{ LB_DONTSTOREUSERNAME, "LB_DONTSTOREUSERNAME" },
{ LB_SMARTCARD_LOGON, "LB_SMARTCARD_LOGON" },
{ LB_NOREDIRECT, "LB_NOREDIRECT" },
{ LB_TARGET_FQDN, "LB_TARGET_FQDN" },
{ LB_TARGET_NETBIOS_NAME, "LB_TARGET_NETBIOS_NAME" },
{ LB_TARGET_NET_ADDRESSES, "LB_TARGET_NET_ADDRESSES" },
{ LB_CLIENT_TSV_URL, "LB_CLIENT_TSV_URL" },
{ LB_SERVER_TSV_CAPABLE, "LB_SERVER_TSV_CAPABLE" },
{ LB_PASSWORD_IS_PK_ENCRYPTED, "LB_PASSWORD_IS_PK_ENCRYPTED" },
{ LB_REDIRECTION_GUID, "LB_REDIRECTION_GUID" },
{ LB_TARGET_CERTIFICATE, "LB_TARGET_CERTIFICATE" },
};
for (x = 0; x < ARRAYSIZE(map); x++)
{
const struct map_t* cur = &map[x];
if (flags & cur->flag)
{
if (!winpr_str_append(cur->name, buffer, size, "|"))
return NULL;
}
}
return buffer;
}

8
uwac/CMakeLists.txt
View File

@ -23,6 +23,14 @@ set(UWAC_VERSION "${UWAC_VERSION_MAJOR}.${UWAC_VERSION_MINOR}.${UWAC_VERSION_REV
set(UWAC_VERSION_FULL "${UWAC_VERSION}")
set(UWAC_API_VERSION "${UWAC_VERSION_MAJOR}")
option(HAVE_PIXMAN_REGION "Use PIXMAN or FreeRDP for region calculations" OFF)
if (HAVE_PIXMAN_REGION)
include(FindPkgConfig)
pkg_check_modules(pixman REQUIRED pixman-1)
include_directories(${pixman_INCLUDE_DIRS})
endif()
add_subdirectory(include)
add_subdirectory(libuwac)

8
uwac/libuwac/CMakeLists.txt
View File

@ -70,13 +70,17 @@ set(${MODULE_PREFIX}_SRCS
add_library(${MODULE_NAME} ${${MODULE_PREFIX}_SRCS})
set_target_properties(${MODULE_NAME} PROPERTIES OUTPUT_NAME ${MODULE_NAME}${UWAC_API_VERSION})
if (WITH_LIBRARY_VERSIONING)
set_target_properties(${MODULE_NAME} PROPERTIES VERSION ${UWAC_VERSION} SOVERSION ${UWAC_API_VERSION})
endif()
target_link_libraries(${MODULE_NAME} ${${MODULE_PREFIX}_LIBS} ${PRIVATE_KEYWORD} ${WAYLAND_LIBS} ${XKBCOMMON_LIBS} ${EPOLLSHIM_LIBS} freerdp)
target_link_libraries(${MODULE_NAME} ${${MODULE_PREFIX}_LIBS} ${PRIVATE_KEYWORD} ${WAYLAND_LIBS} ${XKBCOMMON_LIBS} ${EPOLLSHIM_LIBS})
if (HAVE_PIXMAN_REGION)
target_link_libraries(${MODULE_NAME} PRIVATE ${pixman_LINK_LIBRARIES})
else()
target_link_libraries(${MODULE_NAME} PRIVATE freerdp)
endif()
install(TARGETS ${MODULE_NAME} DESTINATION ${CMAKE_INSTALL_LIBDIR} EXPORT uwac)

2
uwac/libuwac/uwac-clipboard.c
View File

@ -54,7 +54,7 @@ static void data_offer_offer(void* data, struct wl_data_offer* data_offer,
else
{
event->seat = seat;
sprintf_s(event->mime, sizeof(event->mime), "%s", offered_mime_type);
snprintf(event->mime, sizeof(event->mime), "%s", offered_mime_type);
}
}
}

10
uwac/libuwac/uwac-input.c
View File

@ -25,6 +25,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <inttypes.h>
#include <assert.h>
#include <errno.h>
#include <time.h>
@ -71,8 +72,8 @@ static struct wl_buffer* create_pointer_buffer(UwacSeat* seat, const void* src,
wl_shm_pool_destroy(pool);
if (munmap(data, size) < 0)
fprintf(stderr, "%s: munmap(%p, %" PRIuz ") failed with [%d] %s\n", __FUNCTION__, data,
size, errno, strerror(errno));
fprintf(stderr, "%s: munmap(%p, %z) failed with [%d] %s\n", __FUNCTION__, data, size, errno,
strerror(errno));
error_mmap:
close(fd);
@ -136,7 +137,7 @@ static UwacReturnCode set_cursor_image(UwacSeat* seat, uint32_t serial)
if (surface && buffer_add_listener_success > -1)
{
wl_surface_attach(surface, buffer, -x, -y);
wl_surface_attach(surface, buffer, 0, 0);
wl_surface_damage(surface, 0, 0, image->width, image->height);
wl_surface_commit(surface);
}
@ -731,6 +732,7 @@ static void pointer_handle_enter(void* data, struct wl_pointer* pointer, uint32_
}
input->display->serial = serial;
input->display->pointer_focus_serial = serial;
window = wl_surface_get_user_data(surface);
if (window)
window->pointer_enter_serial = serial;
@ -1161,5 +1163,5 @@ UwacReturnCode UwacSeatSetMouseCursor(UwacSeat* seat, const void* data, size_t l
{
seat->pointer_type = 1;
}
return set_cursor_image(seat, seat->display->serial);
return set_cursor_image(seat, seat->display->pointer_focus_serial);
}

5
uwac/libuwac/uwac-priv.h
View File

@ -121,6 +121,7 @@ struct uwac_display
bool running;
UwacTask dispatch_fd_task;
uint32_t serial;
uint32_t pointer_focus_serial;
struct wl_list windows;
@ -237,8 +238,8 @@ struct uwac_window
struct wl_region* opaque_region;
struct wl_region* input_region;
SSIZE_T drawingBufferIdx;
SSIZE_T pendingBufferIdx;
ssize_t drawingBufferIdx;
ssize_t pendingBufferIdx;
struct wl_surface* surface;
struct wl_shell_surface* shell_surface;
struct xdg_surface* xdg_surface;

8
uwac/libuwac/uwac-window.c
View File

@ -370,9 +370,9 @@ error_mmap:
return ret;
}
static UwacBuffer* UwacWindowFindFreeBuffer(UwacWindow* w, SSIZE_T* index)
static UwacBuffer* UwacWindowFindFreeBuffer(UwacWindow* w, ssize_t* index)
{
SSIZE_T i;
ssize_t i;
int ret;
if (index)
@ -637,7 +637,7 @@ static const struct wl_callback_listener frame_listener = { frame_done_cb };
#ifdef HAVE_PIXMAN_REGION
static void damage_surface(UwacWindow* window, UwacBuffer* buffer)
{
UINT32 nrects, i;
uint32_t nrects, i;
const pixman_box32_t* box = pixman_region32_rectangles(&buffer->damage, &nrects);
for (i = 0; i < nrects; i++, box++)
@ -689,7 +689,7 @@ static void frame_done_cb(void* data, struct wl_callback* callback, uint32_t tim
UwacReturnCode UwacWindowAddDamage(UwacWindow* window, uint32_t x, uint32_t y, uint32_t width,
uint32_t height)
{
UwacBuffer* buf = window->drawingBuffer;
UwacBuffer* buf = &window->buffers[window->drawingBufferIdx];
if (!pixman_region32_union_rect(&buf->damage, &buf->damage, x, y, width, height))
return UWAC_ERROR_INTERNAL;

2
winpr/CMakeLists.txt
View File

@ -57,7 +57,7 @@ if (NOT WIN32)
endif()
# Soname versioning
set(RAW_VERSION_STRING "2.9.0")
set(RAW_VERSION_STRING "2.10.0")
if(EXISTS "${CMAKE_SOURCE_DIR}/.source_tag")
file(READ ${CMAKE_SOURCE_DIR}/.source_tag RAW_VERSION_STRING)
elseif(USE_VERSION_FROM_GIT_TAG)

828
winpr/include/winpr/crypto.h
View File

@ -20,831 +20,7 @@
#ifndef WINPR_CRYPTO_H
#define WINPR_CRYPTO_H
#include <winpr/winpr.h>
#include <winpr/wtypes.h>
#include <winpr/error.h>
#ifdef _WIN32
#include <wincrypt.h>
#endif
#ifndef ALG_TYPE_RESERVED7
#define ALG_TYPE_RESERVED7 (7 << 9)
#endif
#if (NTDDI_VERSION <= 0x05010200)
#define ALG_SID_SHA_256 12
#define ALG_SID_SHA_384 13
#define ALG_SID_SHA_512 14
#define CALG_SHA_256 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256)
#define CALG_SHA_384 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384)
#define CALG_SHA_512 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512)
#endif
#ifndef _WIN32
/* ncrypt.h */
typedef ULONG_PTR NCRYPT_HANDLE;
typedef ULONG_PTR NCRYPT_PROV_HANDLE;
typedef ULONG_PTR NCRYPT_KEY_HANDLE;
typedef ULONG_PTR NCRYPT_HASH_HANDLE;
typedef ULONG_PTR NCRYPT_SECRET_HANDLE;
/* wincrypt.h */
#define GET_ALG_CLASS(x) (x & (7 << 13))
#define GET_ALG_TYPE(x) (x & (15 << 9))
#define GET_ALG_SID(x) (x & (511))
#define ALG_CLASS_ANY (0)
#define ALG_CLASS_SIGNATURE (1 << 13)
#define ALG_CLASS_MSG_ENCRYPT (2 << 13)
#define ALG_CLASS_DATA_ENCRYPT (3 << 13)
#define ALG_CLASS_HASH (4 << 13)
#define ALG_CLASS_KEY_EXCHANGE (5 << 13)
#define ALG_CLASS_ALL (7 << 13)
#define ALG_TYPE_ANY (0)
#define ALG_TYPE_DSS (1 << 9)
#define ALG_TYPE_RSA (2 << 9)
#define ALG_TYPE_BLOCK (3 << 9)
#define ALG_TYPE_STREAM (4 << 9)
#define ALG_TYPE_DH (5 << 9)
#define ALG_TYPE_SECURECHANNEL (6 << 9)
#define ALG_SID_ANY (0)
#define ALG_SID_RSA_ANY 0
#define ALG_SID_RSA_PKCS 1
#define ALG_SID_RSA_MSATWORK 2
#define ALG_SID_RSA_ENTRUST 3
#define ALG_SID_RSA_PGP 4
#define ALG_SID_DSS_ANY 0
#define ALG_SID_DSS_PKCS 1
#define ALG_SID_DSS_DMS 2
#define ALG_SID_DES 1
#define ALG_SID_3DES 3
#define ALG_SID_DESX 4
#define ALG_SID_IDEA 5
#define ALG_SID_CAST 6
#define ALG_SID_SAFERSK64 7
#define ALG_SID_SAFERSK128 8
#define ALG_SID_3DES_112 9
#define ALG_SID_CYLINK_MEK 12
#define ALG_SID_RC5 13
#define ALG_SID_AES_128 14
#define ALG_SID_AES_192 15
#define ALG_SID_AES_256 16
#define ALG_SID_AES 17
#define ALG_SID_SKIPJACK 10
#define ALG_SID_TEK 11
#define CRYPT_MODE_CBCI 6
#define CRYPT_MODE_CFBP 7
#define CRYPT_MODE_OFBP 8
#define CRYPT_MODE_CBCOFM 9
#define CRYPT_MODE_CBCOFMI 10
#define ALG_SID_RC2 2
#define ALG_SID_RC4 1
#define ALG_SID_SEAL 2
#define ALG_SID_DH_SANDF 1
#define ALG_SID_DH_EPHEM 2
#define ALG_SID_AGREED_KEY_ANY 3
#define ALG_SID_KEA 4
#define ALG_SID_ECDH 5
#define ALG_SID_MD2 1
#define ALG_SID_MD4 2
#define ALG_SID_MD5 3
#define ALG_SID_SHA 4
#define ALG_SID_SHA1 4
#define ALG_SID_MAC 5
#define ALG_SID_RIPEMD 6
#define ALG_SID_RIPEMD160 7
#define ALG_SID_SSL3SHAMD5 8
#define ALG_SID_HMAC 9
#define ALG_SID_TLS1PRF 10
#define ALG_SID_HASH_REPLACE_OWF 11
#define ALG_SID_SHA_256 12
#define ALG_SID_SHA_384 13
#define ALG_SID_SHA_512 14
#define ALG_SID_SSL3_MASTER 1
#define ALG_SID_SCHANNEL_MASTER_HASH 2
#define ALG_SID_SCHANNEL_MAC_KEY 3
#define ALG_SID_PCT1_MASTER 4
#define ALG_SID_SSL2_MASTER 5
#define ALG_SID_TLS1_MASTER 6
#define ALG_SID_SCHANNEL_ENC_KEY 7
#define ALG_SID_ECMQV 1
#define CALG_MD2 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD2)
#define CALG_MD4 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD4)
#define CALG_MD5 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD5)
#define CALG_SHA (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA)
#define CALG_SHA1 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA1)
#define CALG_MAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MAC)
#define CALG_RSA_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_RSA | ALG_SID_RSA_ANY)
#define CALG_DSS_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_DSS_ANY)
#define CALG_NO_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_ANY | ALG_SID_ANY)
#define CALG_RSA_KEYX (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_RSA | ALG_SID_RSA_ANY)
#define CALG_DES (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_DES)
#define CALG_3DES_112 (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_3DES_112)
#define CALG_3DES (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_3DES)
#define CALG_DESX (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_DESX)
#define CALG_RC2 (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_RC2)
#define CALG_RC4 (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_STREAM | ALG_SID_RC4)
#define CALG_SEAL (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_STREAM | ALG_SID_SEAL)
#define CALG_DH_SF (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_DH_SANDF)
#define CALG_DH_EPHEM (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_DH_EPHEM)
#define CALG_AGREEDKEY_ANY (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_AGREED_KEY_ANY)
#define CALG_KEA_KEYX (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_KEA)
#define CALG_HUGHES_MD5 (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_ANY | ALG_SID_MD5)
#define CALG_SKIPJACK (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_SKIPJACK)
#define CALG_TEK (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_TEK)
#define CALG_CYLINK_MEK (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_CYLINK_MEK)
#define CALG_SSL3_SHAMD5 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SSL3SHAMD5)
#define CALG_SSL3_MASTER (ALG_CLASS_MSG_ENCRYPT | ALG_TYPE_SECURECHANNEL | ALG_SID_SSL3_MASTER)
#define CALG_SCHANNEL_MASTER_HASH \
(ALG_CLASS_MSG_ENCRYPT | ALG_TYPE_SECURECHANNEL | ALG_SID_SCHANNEL_MASTER_HASH)
#define CALG_SCHANNEL_MAC_KEY \
(ALG_CLASS_MSG_ENCRYPT | ALG_TYPE_SECURECHANNEL | ALG_SID_SCHANNEL_MAC_KEY)
#define CALG_SCHANNEL_ENC_KEY \
(ALG_CLASS_MSG_ENCRYPT | ALG_TYPE_SECURECHANNEL | ALG_SID_SCHANNEL_ENC_KEY)
#define CALG_PCT1_MASTER (ALG_CLASS_MSG_ENCRYPT | ALG_TYPE_SECURECHANNEL | ALG_SID_PCT1_MASTER)
#define CALG_SSL2_MASTER (ALG_CLASS_MSG_ENCRYPT | ALG_TYPE_SECURECHANNEL | ALG_SID_SSL2_MASTER)
#define CALG_TLS1_MASTER (ALG_CLASS_MSG_ENCRYPT | ALG_TYPE_SECURECHANNEL | ALG_SID_TLS1_MASTER)
#define CALG_RC5 (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_RC5)
#define CALG_HMAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HMAC)
#define CALG_TLS1PRF (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_TLS1PRF)
#define CALG_HASH_REPLACE_OWF (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HASH_REPLACE_OWF)
#define CALG_AES_128 (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_AES_128)
#define CALG_AES_192 (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_AES_192)
#define CALG_AES_256 (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_AES_256)
#define CALG_AES (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_AES)
#define CALG_SHA_256 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256)
#define CALG_SHA_384 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384)
#define CALG_SHA_512 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512)
#define CALG_ECDH (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_ECDH)
#define CALG_ECMQV (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_ANY | ALG_SID_ECMQV)
typedef struct _CRYPTOAPI_BLOB
{
DWORD cbData;
BYTE* pbData;
} CRYPT_INTEGER_BLOB, *PCRYPT_INTEGER_BLOB, CRYPT_UINT_BLOB, *PCRYPT_UINT_BLOB, CRYPT_OBJID_BLOB,
*PCRYPT_OBJID_BLOB, CERT_NAME_BLOB, *PCERT_NAME_BLOB, CERT_RDN_VALUE_BLOB,
*PCERT_RDN_VALUE_BLOB, CERT_BLOB, *PCERT_BLOB, CRL_BLOB, *PCRL_BLOB, DATA_BLOB, *PDATA_BLOB,
CRYPT_DATA_BLOB, *PCRYPT_DATA_BLOB, CRYPT_HASH_BLOB, *PCRYPT_HASH_BLOB, CRYPT_DIGEST_BLOB,
*PCRYPT_DIGEST_BLOB, CRYPT_DER_BLOB, *PCRYPT_DER_BLOB, CRYPT_ATTR_BLOB, *PCRYPT_ATTR_BLOB;
typedef struct _CRYPT_ALGORITHM_IDENTIFIER
{
LPSTR pszObjId;
CRYPT_OBJID_BLOB Parameters;
} CRYPT_ALGORITHM_IDENTIFIER, *PCRYPT_ALGORITHM_IDENTIFIER;
typedef struct _CRYPT_BIT_BLOB
{
DWORD cbData;
BYTE* pbData;
DWORD cUnusedBits;
} CRYPT_BIT_BLOB, *PCRYPT_BIT_BLOB;
typedef struct _CERT_PUBLIC_KEY_INFO
{
CRYPT_ALGORITHM_IDENTIFIER Algorithm;
CRYPT_BIT_BLOB PublicKey;
} CERT_PUBLIC_KEY_INFO, *PCERT_PUBLIC_KEY_INFO;
typedef struct _CERT_EXTENSION
{
LPSTR pszObjId;
BOOL fCritical;
CRYPT_OBJID_BLOB Value;
} CERT_EXTENSION, *PCERT_EXTENSION;
typedef const CERT_EXTENSION* PCCERT_EXTENSION;
typedef struct _CERT_INFO
{
DWORD dwVersion;
CRYPT_INTEGER_BLOB SerialNumber;
CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
CERT_NAME_BLOB Issuer;
FILETIME NotBefore;
FILETIME NotAfter;
CERT_NAME_BLOB Subject;
CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;
CRYPT_BIT_BLOB IssuerUniqueId;
CRYPT_BIT_BLOB SubjectUniqueId;
DWORD cExtension;
PCERT_EXTENSION rgExtension;
} CERT_INFO, *PCERT_INFO;
typedef void* HCERTSTORE;
typedef ULONG_PTR HCRYPTPROV;
typedef ULONG_PTR HCRYPTPROV_LEGACY;
typedef struct _CERT_CONTEXT
{
DWORD dwCertEncodingType;
BYTE* pbCertEncoded;
DWORD cbCertEncoded;
PCERT_INFO pCertInfo;
HCERTSTORE hCertStore;
} CERT_CONTEXT, *PCERT_CONTEXT;
typedef const CERT_CONTEXT* PCCERT_CONTEXT;
#define CERT_ENCODING_TYPE_MASK 0x0000FFFF
#define CMSG_ENCODING_TYPE_MASK 0xFFFF0000
#define GET_CERT_ENCODING_TYPE(x) (x & CERT_ENCODING_TYPE_MASK)
#define GET_CMSG_ENCODING_TYPE(x) (x & CMSG_ENCODING_TYPE_MASK)
#define CRYPT_ASN_ENCODING 0x00000001
#define CRYPT_NDR_ENCODING 0x00000002
#define X509_ASN_ENCODING 0x00000001
#define X509_NDR_ENCODING 0x00000002
#define PKCS_7_ASN_ENCODING 0x00010000
#define PKCS_7_NDR_ENCODING 0x00020000
#define CERT_COMPARE_MASK 0xFFFF
#define CERT_COMPARE_SHIFT 16
#define CERT_COMPARE_ANY 0
#define CERT_COMPARE_SHA1_HASH 1
#define CERT_COMPARE_NAME 2
#define CERT_COMPARE_ATTR 3
#define CERT_COMPARE_MD5_HASH 4
#define CERT_COMPARE_PROPERTY 5
#define CERT_COMPARE_PUBLIC_KEY 6
#define CERT_COMPARE_HASH CERT_COMPARE_SHA1_HASH
#define CERT_COMPARE_NAME_STR_A 7
#define CERT_COMPARE_NAME_STR_W 8
#define CERT_COMPARE_KEY_SPEC 9
#define CERT_COMPARE_ENHKEY_USAGE 10
#define CERT_COMPARE_CTL_USAGE CERT_COMPARE_ENHKEY_USAGE
#define CERT_COMPARE_SUBJECT_CERT 11
#define CERT_COMPARE_ISSUER_OF 12
#define CERT_COMPARE_EXISTING 13
#define CERT_COMPARE_SIGNATURE_HASH 14
#define CERT_COMPARE_KEY_IDENTIFIER 15
#define CERT_COMPARE_CERT_ID 16
#define CERT_COMPARE_CROSS_CERT_DIST_POINTS 17
#define CERT_COMPARE_PUBKEY_MD5_HASH 18
#define CERT_COMPARE_SUBJECT_INFO_ACCESS 19
#define CERT_COMPARE_HASH_STR 20
#define CERT_COMPARE_HAS_PRIVATE_KEY 21
#define CERT_FIND_ANY (CERT_COMPARE_ANY << CERT_COMPARE_SHIFT)
#define CERT_FIND_SHA1_HASH (CERT_COMPARE_SHA1_HASH << CERT_COMPARE_SHIFT)
#define CERT_FIND_MD5_HASH (CERT_COMPARE_MD5_HASH << CERT_COMPARE_SHIFT)
#define CERT_FIND_SIGNATURE_HASH (CERT_COMPARE_SIGNATURE_HASH << CERT_COMPARE_SHIFT)
#define CERT_FIND_KEY_IDENTIFIER (CERT_COMPARE_KEY_IDENTIFIER << CERT_COMPARE_SHIFT)
#define CERT_FIND_HASH CERT_FIND_SHA1_HASH
#define CERT_FIND_PROPERTY (CERT_COMPARE_PROPERTY << CERT_COMPARE_SHIFT)
#define CERT_FIND_PUBLIC_KEY (CERT_COMPARE_PUBLIC_KEY << CERT_COMPARE_SHIFT)
#define CERT_FIND_SUBJECT_NAME (CERT_COMPARE_NAME << CERT_COMPARE_SHIFT | CERT_INFO_SUBJECT_FLAG)
#define CERT_FIND_SUBJECT_ATTR (CERT_COMPARE_ATTR << CERT_COMPARE_SHIFT | CERT_INFO_SUBJECT_FLAG)
#define CERT_FIND_ISSUER_NAME (CERT_COMPARE_NAME << CERT_COMPARE_SHIFT | CERT_INFO_ISSUER_FLAG)
#define CERT_FIND_ISSUER_ATTR (CERT_COMPARE_ATTR << CERT_COMPARE_SHIFT | CERT_INFO_ISSUER_FLAG)
#define CERT_FIND_SUBJECT_STR_A \
(CERT_COMPARE_NAME_STR_A << CERT_COMPARE_SHIFT | CERT_INFO_SUBJECT_FLAG)
#define CERT_FIND_SUBJECT_STR_W \
(CERT_COMPARE_NAME_STR_W << CERT_COMPARE_SHIFT | CERT_INFO_SUBJECT_FLAG)
#define CERT_FIND_SUBJECT_STR CERT_FIND_SUBJECT_STR_W
#define CERT_FIND_ISSUER_STR_A \
(CERT_COMPARE_NAME_STR_A << CERT_COMPARE_SHIFT | CERT_INFO_ISSUER_FLAG)
#define CERT_FIND_ISSUER_STR_W \
(CERT_COMPARE_NAME_STR_W << CERT_COMPARE_SHIFT | CERT_INFO_ISSUER_FLAG)
#define CERT_FIND_ISSUER_STR CERT_FIND_ISSUER_STR_W
#define CERT_FIND_KEY_SPEC (CERT_COMPARE_KEY_SPEC << CERT_COMPARE_SHIFT)
#define CERT_FIND_ENHKEY_USAGE (CERT_COMPARE_ENHKEY_USAGE << CERT_COMPARE_SHIFT)
#define CERT_FIND_CTL_USAGE CERT_FIND_ENHKEY_USAGE
#define CERT_FIND_SUBJECT_CERT (CERT_COMPARE_SUBJECT_CERT << CERT_COMPARE_SHIFT)
#define CERT_FIND_ISSUER_OF (CERT_COMPARE_ISSUER_OF << CERT_COMPARE_SHIFT)
#define CERT_FIND_EXISTING (CERT_COMPARE_EXISTING << CERT_COMPARE_SHIFT)
#define CERT_FIND_CERT_ID (CERT_COMPARE_CERT_ID << CERT_COMPARE_SHIFT)
#define CERT_FIND_CROSS_CERT_DIST_POINTS (CERT_COMPARE_CROSS_CERT_DIST_POINTS << CERT_COMPARE_SHIFT)
#define CERT_FIND_PUBKEY_MD5_HASH (CERT_COMPARE_PUBKEY_MD5_HASH << CERT_COMPARE_SHIFT)
#define CERT_FIND_SUBJECT_INFO_ACCESS (CERT_COMPARE_SUBJECT_INFO_ACCESS << CERT_COMPARE_SHIFT)
#define CERT_FIND_HASH_STR (CERT_COMPARE_HASH_STR << CERT_COMPARE_SHIFT)
#define CERT_FIND_HAS_PRIVATE_KEY (CERT_COMPARE_HAS_PRIVATE_KEY << CERT_COMPARE_SHIFT)
#define CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG 0x1
#define CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG 0x2
#define CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG 0x4
#define CERT_FIND_NO_ENHKEY_USAGE_FLAG 0x8
#define CERT_FIND_OR_ENHKEY_USAGE_FLAG 0x10
#define CERT_FIND_VALID_ENHKEY_USAGE_FLAG 0x20
#define CERT_FIND_OPTIONAL_CTL_USAGE_FLAG CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG
#define CERT_FIND_EXT_ONLY_CTL_USAGE_FLAG CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG
#define CERT_FIND_PROP_ONLY_CTL_USAGE_FLAG CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG
#define CERT_FIND_NO_CTL_USAGE_FLAG CERT_FIND_NO_ENHKEY_USAGE_FLAG
#define CERT_FIND_OR_CTL_USAGE_FLAG CERT_FIND_OR_ENHKEY_USAGE_FLAG
#define CERT_FIND_VALID_CTL_USAGE_FLAG CERT_FIND_VALID_ENHKEY_USAGE_FLAG
#define CERT_NAME_EMAIL_TYPE 1
#define CERT_NAME_RDN_TYPE 2
#define CERT_NAME_ATTR_TYPE 3
#define CERT_NAME_SIMPLE_DISPLAY_TYPE 4
#define CERT_NAME_FRIENDLY_DISPLAY_TYPE 5
#define CERT_NAME_DNS_TYPE 6
#define CERT_NAME_URL_TYPE 7
#define CERT_NAME_UPN_TYPE 8
#define CERT_NAME_ISSUER_FLAG 0x1
#define CERT_NAME_DISABLE_IE4_UTF8_FLAG 0x00010000
#define CERT_NAME_SEARCH_ALL_NAMES_FLAG 0x2
#define CERT_STORE_PROV_MSG ((LPCSTR)1)
#define CERT_STORE_PROV_MEMORY ((LPCSTR)2)
#define CERT_STORE_PROV_FILE ((LPCSTR)3)
#define CERT_STORE_PROV_REG ((LPCSTR)4)
#define CERT_STORE_PROV_PKCS7 ((LPCSTR)5)
#define CERT_STORE_PROV_SERIALIZED ((LPCSTR)6)
#define CERT_STORE_PROV_FILENAME_A ((LPCSTR)7)
#define CERT_STORE_PROV_FILENAME_W ((LPCSTR)8)
#define CERT_STORE_PROV_FILENAME CERT_STORE_PROV_FILENAME_W
#define CERT_STORE_PROV_SYSTEM_A ((LPCSTR)9)
#define CERT_STORE_PROV_SYSTEM_W ((LPCSTR)10)
#define CERT_STORE_PROV_SYSTEM CERT_STORE_PROV_SYSTEM_W
#define CERT_STORE_PROV_COLLECTION ((LPCSTR)11)
#define CERT_STORE_PROV_SYSTEM_REGISTRY_A ((LPCSTR)12)
#define CERT_STORE_PROV_SYSTEM_REGISTRY_W ((LPCSTR)13)
#define CERT_STORE_PROV_SYSTEM_REGISTRY CERT_STORE_PROV_SYSTEM_REGISTRY_W
#define CERT_STORE_PROV_PHYSICAL_W ((LPCSTR)14)
#define CERT_STORE_PROV_PHYSICAL CERT_STORE_PROV_PHYSICAL_W
#define CERT_STORE_PROV_SMART_CARD_W ((LPCSTR)15)
#define CERT_STORE_PROV_SMART_CARD CERT_STORE_PROV_SMART_CARD_W
#define CERT_STORE_PROV_LDAP_W ((LPCSTR)16)
#define CERT_STORE_PROV_LDAP CERT_STORE_PROV_LDAP_W
#define CERT_STORE_PROV_PKCS12 ((LPCSTR)17)
#define sz_CERT_STORE_PROV_MEMORY "Memory"
#define sz_CERT_STORE_PROV_FILENAME_W "File"
#define sz_CERT_STORE_PROV_FILENAME sz_CERT_STORE_PROV_FILENAME_W
#define sz_CERT_STORE_PROV_SYSTEM_W "System"
#define sz_CERT_STORE_PROV_SYSTEM sz_CERT_STORE_PROV_SYSTEM_W
#define sz_CERT_STORE_PROV_PKCS7 "PKCS7"
#define sz_CERT_STORE_PROV_PKCS12 "PKCS12"
#define sz_CERT_STORE_PROV_SERIALIZED "Serialized"
#define sz_CERT_STORE_PROV_COLLECTION "Collection"
#define sz_CERT_STORE_PROV_SYSTEM_REGISTRY_W "SystemRegistry"
#define sz_CERT_STORE_PROV_SYSTEM_REGISTRY sz_CERT_STORE_PROV_SYSTEM_REGISTRY_W
#define sz_CERT_STORE_PROV_PHYSICAL_W "Physical"
#define sz_CERT_STORE_PROV_PHYSICAL sz_CERT_STORE_PROV_PHYSICAL_W
#define sz_CERT_STORE_PROV_SMART_CARD_W "SmartCard"
#define sz_CERT_STORE_PROV_SMART_CARD sz_CERT_STORE_PROV_SMART_CARD_W
#define sz_CERT_STORE_PROV_LDAP_W "Ldap"
#define sz_CERT_STORE_PROV_LDAP sz_CERT_STORE_PROV_LDAP_W
#define CERT_STORE_SIGNATURE_FLAG 0x00000001
#define CERT_STORE_TIME_VALIDITY_FLAG 0x00000002
#define CERT_STORE_REVOCATION_FLAG 0x00000004
#define CERT_STORE_NO_CRL_FLAG 0x00010000
#define CERT_STORE_NO_ISSUER_FLAG 0x00020000
#define CERT_STORE_BASE_CRL_FLAG 0x00000100
#define CERT_STORE_DELTA_CRL_FLAG 0x00000200
#define CERT_STORE_NO_CRYPT_RELEASE_FLAG 0x00000001
#define CERT_STORE_SET_LOCALIZED_NAME_FLAG 0x00000002
#define CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG 0x00000004
#define CERT_STORE_DELETE_FLAG 0x00000010
#define CERT_STORE_UNSAFE_PHYSICAL_FLAG 0x00000020
#define CERT_STORE_SHARE_STORE_FLAG 0x00000040
#define CERT_STORE_SHARE_CONTEXT_FLAG 0x00000080
#define CERT_STORE_MANIFOLD_FLAG 0x00000100
#define CERT_STORE_ENUM_ARCHIVED_FLAG 0x00000200
#define CERT_STORE_UPDATE_KEYID_FLAG 0x00000400
#define CERT_STORE_BACKUP_RESTORE_FLAG 0x00000800
#define CERT_STORE_READONLY_FLAG 0x00008000
#define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000
#define CERT_STORE_CREATE_NEW_FLAG 0x00002000
#define CERT_STORE_MAXIMUM_ALLOWED_FLAG 0x00001000
#define CERT_SYSTEM_STORE_MASK 0xFFFF0000
#define CERT_SYSTEM_STORE_RELOCATE_FLAG 0x80000000
#define CERT_SYSTEM_STORE_UNPROTECTED_FLAG 0x40000000
#define CERT_SYSTEM_STORE_DEFER_READ_FLAG 0x20000000
#define CERT_SYSTEM_STORE_LOCATION_MASK 0x00FF0000
#define CERT_SYSTEM_STORE_LOCATION_SHIFT 16
#define CERT_SYSTEM_STORE_CURRENT_USER_ID 1
#define CERT_SYSTEM_STORE_LOCAL_MACHINE_ID 2
#define CERT_SYSTEM_STORE_CURRENT_SERVICE_ID 4
#define CERT_SYSTEM_STORE_SERVICES_ID 5
#define CERT_SYSTEM_STORE_USERS_ID 6
#define CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY_ID 7
#define CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY_ID 8
#define CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE_ID 9
#define CERT_SYSTEM_STORE_CURRENT_USER \
(CERT_SYSTEM_STORE_CURRENT_USER_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT)
#define CERT_SYSTEM_STORE_LOCAL_MACHINE \
(CERT_SYSTEM_STORE_LOCAL_MACHINE_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT)
#define CERT_SYSTEM_STORE_CURRENT_SERVICE \
(CERT_SYSTEM_STORE_CURRENT_SERVICE_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT)
#define CERT_SYSTEM_STORE_SERVICES \
(CERT_SYSTEM_STORE_SERVICES_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT)
#define CERT_SYSTEM_STORE_USERS (CERT_SYSTEM_STORE_USERS_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT)
#define CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY \
(CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT)
#define CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY \
(CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT)
#define CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE \
(CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT)
WINPR_API HCERTSTORE CertOpenStore(LPCSTR lpszStoreProvider, DWORD dwMsgAndCertEncodingType,
HCRYPTPROV_LEGACY hCryptProv, DWORD dwFlags, const void* pvPara);
WINPR_API HCERTSTORE CertOpenSystemStoreW(HCRYPTPROV_LEGACY hProv, LPCWSTR szSubsystemProtocol);
WINPR_API HCERTSTORE CertOpenSystemStoreA(HCRYPTPROV_LEGACY hProv, LPCSTR szSubsystemProtocol);
WINPR_API BOOL CertCloseStore(HCERTSTORE hCertStore, DWORD dwFlags);
#ifdef UNICODE
#define CertOpenSystemStore CertOpenSystemStoreW
#else
#define CertOpenSystemStore CertOpenSystemStoreA
#endif
#ifdef __cplusplus
extern "C"
{
#endif
WINPR_API PCCERT_CONTEXT CertFindCertificateInStore(HCERTSTORE hCertStore,
DWORD dwCertEncodingType, DWORD dwFindFlags,
DWORD dwFindType, const void* pvFindPara,
PCCERT_CONTEXT pPrevCertContext);
WINPR_API PCCERT_CONTEXT CertEnumCertificatesInStore(HCERTSTORE hCertStore,
PCCERT_CONTEXT pPrevCertContext);
WINPR_API DWORD CertGetNameStringW(PCCERT_CONTEXT pCertContext, DWORD dwType, DWORD dwFlags,
void* pvTypePara, LPWSTR pszNameString, DWORD cchNameString);
WINPR_API DWORD CertGetNameStringA(PCCERT_CONTEXT pCertContext, DWORD dwType, DWORD dwFlags,
void* pvTypePara, LPSTR pszNameString, DWORD cchNameString);
#ifdef __cplusplus
}
#endif
#ifdef UNICODE
#define CertGetNameString CertGetNameStringW
#else
#define CertGetNameString CertGetNameStringA
#endif
/**
* Data Protection API (DPAPI)
*/
#define CRYPTPROTECTMEMORY_BLOCK_SIZE 16
#define CRYPTPROTECTMEMORY_SAME_PROCESS 0x00000000
#define CRYPTPROTECTMEMORY_CROSS_PROCESS 0x00000001
#define CRYPTPROTECTMEMORY_SAME_LOGON 0x00000002
#define CRYPTPROTECT_PROMPT_ON_UNPROTECT 0x00000001
#define CRYPTPROTECT_PROMPT_ON_PROTECT 0x00000002
#define CRYPTPROTECT_PROMPT_RESERVED 0x00000004
#define CRYPTPROTECT_PROMPT_STRONG 0x00000008
#define CRYPTPROTECT_PROMPT_REQUIRE_STRONG 0x00000010
#define CRYPTPROTECT_UI_FORBIDDEN 0x1
#define CRYPTPROTECT_LOCAL_MACHINE 0x4
#define CRYPTPROTECT_CRED_SYNC 0x8
#define CRYPTPROTECT_AUDIT 0x10
#define CRYPTPROTECT_NO_RECOVERY 0x20
#define CRYPTPROTECT_VERIFY_PROTECTION 0x40
#define CRYPTPROTECT_CRED_REGENERATE 0x80
#define CRYPTPROTECT_FIRST_RESERVED_FLAGVAL 0x0FFFFFFF
#define CRYPTPROTECT_LAST_RESERVED_FLAGVAL 0xFFFFFFFF
typedef struct _CRYPTPROTECT_PROMPTSTRUCT
{
DWORD cbSize;
DWORD dwPromptFlags;
HWND hwndApp;
LPCWSTR szPrompt;
} CRYPTPROTECT_PROMPTSTRUCT, *PCRYPTPROTECT_PROMPTSTRUCT;
#define CRYPTPROTECT_DEFAULT_PROVIDER \
{ \
0xdf9d8cd0, 0x1501, 0x11d1, \
{ \
0x8c, 0x7a, 0x00, 0xc0, 0x4f, 0xc2, 0x97, 0xeb \
} \
}
#ifdef __cplusplus
extern "C"
{
#endif
WINPR_API BOOL CryptProtectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags);
WINPR_API BOOL CryptUnprotectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags);
WINPR_API BOOL CryptProtectData(DATA_BLOB* pDataIn, LPCWSTR szDataDescr,
DATA_BLOB* pOptionalEntropy, PVOID pvReserved,
CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct, DWORD dwFlags,
DATA_BLOB* pDataOut);
WINPR_API BOOL CryptUnprotectData(DATA_BLOB* pDataIn, LPWSTR* ppszDataDescr,
DATA_BLOB* pOptionalEntropy, PVOID pvReserved,
CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct, DWORD dwFlags,
DATA_BLOB* pDataOut);
#ifdef __cplusplus
}
#endif
#define CRYPT_STRING_BASE64HEADER 0x00000000
#define CRYPT_STRING_BASE64 0x00000001
#define CRYPT_STRING_BINARY 0x00000002
#define CRYPT_STRING_BASE64REQUESTHEADER 0x00000003
#define CRYPT_STRING_HEX 0x00000004
#define CRYPT_STRING_HEXASCII 0x00000005
#define CRYPT_STRING_BASE64_ANY 0x00000006
#define CRYPT_STRING_ANY 0x00000007
#define CRYPT_STRING_HEX_ANY 0x00000008
#define CRYPT_STRING_BASE64X509CRLHEADER 0x00000009
#define CRYPT_STRING_HEXADDR 0x0000000A
#define CRYPT_STRING_HEXASCIIADDR 0x0000000B
#define CRYPT_STRING_HEXRAW 0x0000000C
#define CRYPT_STRING_HASHDATA 0x10000000
#define CRYPT_STRING_STRICT 0x20000000
#define CRYPT_STRING_NOCRLF 0x40000000
#define CRYPT_STRING_NOCR 0x80000000
WINPR_API BOOL CryptStringToBinaryW(LPCWSTR pszString, DWORD cchString, DWORD dwFlags,
BYTE* pbBinary, DWORD* pcbBinary, DWORD* pdwSkip,
DWORD* pdwFlags);
WINPR_API BOOL CryptStringToBinaryA(LPCSTR pszString, DWORD cchString, DWORD dwFlags,
BYTE* pbBinary, DWORD* pcbBinary, DWORD* pdwSkip,
DWORD* pdwFlags);
WINPR_API BOOL CryptBinaryToStringW(CONST BYTE* pbBinary, DWORD cbBinary, DWORD dwFlags,
LPWSTR pszString, DWORD* pcchString);
WINPR_API BOOL CryptBinaryToStringA(CONST BYTE* pbBinary, DWORD cbBinary, DWORD dwFlags,
LPSTR pszString, DWORD* pcchString);
#ifdef UNICODE
#define CryptStringToBinary CryptStringToBinaryW
#define CryptBinaryToString CryptBinaryToStringW
#else
#define CryptStringToBinary CryptStringToBinaryA
#define CryptBinaryToString CryptBinaryToStringA
#endif
#endif
#ifndef ALG_SID_ECSDA
#define ALG_SID_ECDSA 3
#define CALG_ECDSA (ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_ECDSA)
#endif
/**
* Custom Crypto API Abstraction Layer
*/
#define WINPR_MD4_DIGEST_LENGTH 16
#define WINPR_MD5_DIGEST_LENGTH 16
#define WINPR_SHA1_DIGEST_LENGTH 20
#define WINPR_SHA224_DIGEST_LENGTH 28
#define WINPR_SHA256_DIGEST_LENGTH 32
#define WINPR_SHA384_DIGEST_LENGTH 48
#define WINPR_SHA512_DIGEST_LENGTH 64
#define WINPR_RIPEMD160_DIGEST_LENGTH 20
#define WINPR_SHA3_224_DIGEST_LENGTH 28
#define WINPR_SHA3_256_DIGEST_LENGTH 32
#define WINPR_SHA3_384_DIGEST_LENGTH 48
#define WINPR_SHA3_512_DIGEST_LENGTH 64
#define WINPR_SHAKE128_DIGEST_LENGTH 16
#define WINPR_SHAKE256_DIGEST_LENGTH 32
/**
* HMAC
*/
typedef enum
{
WINPR_MD_NONE = 0,
WINPR_MD_MD2 = 1,
WINPR_MD_MD4 = 2,
WINPR_MD_MD5 = 3,
WINPR_MD_SHA1 = 4,
WINPR_MD_SHA224 = 5,
WINPR_MD_SHA256 = 6,
WINPR_MD_SHA384 = 7,
WINPR_MD_SHA512 = 8,
WINPR_MD_RIPEMD160 = 9,
WINPR_MD_SHA3_224 = 10,
WINPR_MD_SHA3_256 = 11,
WINPR_MD_SHA3_384 = 12,
WINPR_MD_SHA3_512 = 13,
WINPR_MD_SHAKE128 = 14,
WINPR_MD_SHAKE256 = 15
} WINPR_MD_TYPE;
typedef struct _winpr_hmac_ctx_private_st WINPR_HMAC_CTX;
#ifdef __cplusplus
extern "C"
{
#endif
WINPR_API WINPR_MD_TYPE winpr_md_type_from_string(const char* name);
WINPR_API const char* winpr_md_type_to_string(WINPR_MD_TYPE md);
WINPR_API WINPR_HMAC_CTX* winpr_HMAC_New(void);
WINPR_API BOOL winpr_HMAC_Init(WINPR_HMAC_CTX* ctx, WINPR_MD_TYPE md, const BYTE* key,
size_t keylen);
WINPR_API BOOL winpr_HMAC_Update(WINPR_HMAC_CTX* ctx, const BYTE* input, size_t ilen);
WINPR_API BOOL winpr_HMAC_Final(WINPR_HMAC_CTX* ctx, BYTE* output, size_t ilen);
WINPR_API void winpr_HMAC_Free(WINPR_HMAC_CTX* ctx);
WINPR_API BOOL winpr_HMAC(WINPR_MD_TYPE md, const BYTE* key, size_t keylen, const BYTE* input,
size_t ilen, BYTE* output, size_t olen);
#ifdef __cplusplus
}
#endif
/**
* Generic Digest API
*/
typedef struct _winpr_digest_ctx_private_st WINPR_DIGEST_CTX;
#ifdef __cplusplus
extern "C"
{
#endif
WINPR_API WINPR_DIGEST_CTX* winpr_Digest_New(void);
WINPR_API BOOL winpr_Digest_Init_Allow_FIPS(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md);
WINPR_API BOOL winpr_Digest_Init(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md);
WINPR_API BOOL winpr_Digest_Update(WINPR_DIGEST_CTX* ctx, const BYTE* input, size_t ilen);
WINPR_API BOOL winpr_Digest_Final(WINPR_DIGEST_CTX* ctx, BYTE* output, size_t ilen);
WINPR_API void winpr_Digest_Free(WINPR_DIGEST_CTX* ctx);
WINPR_API BOOL winpr_Digest_Allow_FIPS(WINPR_MD_TYPE md, const BYTE* input, size_t ilen,
BYTE* output, size_t olen);
WINPR_API BOOL winpr_Digest(WINPR_MD_TYPE md, const BYTE* input, size_t ilen, BYTE* output,
size_t olen);
#ifdef __cplusplus
}
#endif
/**
* Random Number Generation
*/
#ifdef __cplusplus
extern "C"
{
#endif
WINPR_API int winpr_RAND(BYTE* output, size_t len);
WINPR_API int winpr_RAND_pseudo(BYTE* output, size_t len);
#ifdef __cplusplus
}
#endif
/**
* RC4
*/
typedef struct _winpr_rc4_ctx_private_st WINPR_RC4_CTX;
#ifdef __cplusplus
extern "C"
{
#endif
WINPR_API WINPR_RC4_CTX* winpr_RC4_New_Allow_FIPS(const BYTE* key, size_t keylen);
WINPR_API WINPR_RC4_CTX* winpr_RC4_New(const BYTE* key, size_t keylen);
WINPR_API BOOL winpr_RC4_Update(WINPR_RC4_CTX* ctx, size_t length, const BYTE* input,
BYTE* output);
WINPR_API void winpr_RC4_Free(WINPR_RC4_CTX* ctx);
#ifdef __cplusplus
}
#endif
/**
* Generic Cipher API
*/
#define WINPR_AES_BLOCK_SIZE 16
/* cipher operation types */
#define WINPR_ENCRYPT 0
#define WINPR_DECRYPT 1
/* cipher types */
#define WINPR_CIPHER_NONE 0
#define WINPR_CIPHER_NULL 1
#define WINPR_CIPHER_AES_128_ECB 2
#define WINPR_CIPHER_AES_192_ECB 3
#define WINPR_CIPHER_AES_256_ECB 4
#define WINPR_CIPHER_AES_128_CBC 5
#define WINPR_CIPHER_AES_192_CBC 6
#define WINPR_CIPHER_AES_256_CBC 7
#define WINPR_CIPHER_AES_128_CFB128 8
#define WINPR_CIPHER_AES_192_CFB128 9
#define WINPR_CIPHER_AES_256_CFB128 10
#define WINPR_CIPHER_AES_128_CTR 11
#define WINPR_CIPHER_AES_192_CTR 12
#define WINPR_CIPHER_AES_256_CTR 13
#define WINPR_CIPHER_AES_128_GCM 14
#define WINPR_CIPHER_AES_192_GCM 15
#define WINPR_CIPHER_AES_256_GCM 16
#define WINPR_CIPHER_CAMELLIA_128_ECB 17
#define WINPR_CIPHER_CAMELLIA_192_ECB 18
#define WINPR_CIPHER_CAMELLIA_256_ECB 19
#define WINPR_CIPHER_CAMELLIA_128_CBC 20
#define WINPR_CIPHER_CAMELLIA_192_CBC 21
#define WINPR_CIPHER_CAMELLIA_256_CBC 22
#define WINPR_CIPHER_CAMELLIA_128_CFB128 23
#define WINPR_CIPHER_CAMELLIA_192_CFB128 24
#define WINPR_CIPHER_CAMELLIA_256_CFB128 25
#define WINPR_CIPHER_CAMELLIA_128_CTR 26
#define WINPR_CIPHER_CAMELLIA_192_CTR 27
#define WINPR_CIPHER_CAMELLIA_256_CTR 28
#define WINPR_CIPHER_CAMELLIA_128_GCM 29
#define WINPR_CIPHER_CAMELLIA_192_GCM 30
#define WINPR_CIPHER_CAMELLIA_256_GCM 31
#define WINPR_CIPHER_DES_ECB 32
#define WINPR_CIPHER_DES_CBC 33
#define WINPR_CIPHER_DES_EDE_ECB 34
#define WINPR_CIPHER_DES_EDE_CBC 35
#define WINPR_CIPHER_DES_EDE3_ECB 36
#define WINPR_CIPHER_DES_EDE3_CBC 37
#define WINPR_CIPHER_BLOWFISH_ECB 38
#define WINPR_CIPHER_BLOWFISH_CBC 39
#define WINPR_CIPHER_BLOWFISH_CFB64 40
#define WINPR_CIPHER_BLOWFISH_CTR 41
#define WINPR_CIPHER_ARC4_128 42
#define WINPR_CIPHER_AES_128_CCM 43
#define WINPR_CIPHER_AES_192_CCM 44
#define WINPR_CIPHER_AES_256_CCM 45
#define WINPR_CIPHER_CAMELLIA_128_CCM 46
#define WINPR_CIPHER_CAMELLIA_192_CCM 47
#define WINPR_CIPHER_CAMELLIA_256_CCM 48
typedef struct _winpr_cipher_ctx_private_st WINPR_CIPHER_CTX;
#ifdef __cplusplus
extern "C"
{
#endif
WINPR_API WINPR_CIPHER_CTX* winpr_Cipher_New(int cipher, int op, const BYTE* key,
const BYTE* iv);
WINPR_API BOOL winpr_Cipher_Update(WINPR_CIPHER_CTX* ctx, const BYTE* input, size_t ilen,
BYTE* output, size_t* olen);
WINPR_API BOOL winpr_Cipher_Final(WINPR_CIPHER_CTX* ctx, BYTE* output, size_t* olen);
WINPR_API void winpr_Cipher_Free(WINPR_CIPHER_CTX* ctx);
#ifdef __cplusplus
}
#endif
/**
* Key Generation
*/
#ifdef __cplusplus
extern "C"
{
#endif
WINPR_API int winpr_Cipher_BytesToKey(int cipher, int md, const BYTE* salt, const BYTE* data,
int datal, int count, BYTE* key, BYTE* iv);
#ifdef __cplusplus
}
#endif
#include <winpr/custom-crypto.h>
#include <winpr/wincrypt.h>
#endif /* WINPR_CRYPTO_H */

251
winpr/include/winpr/custom-crypto.h Normal file
View File

@ -0,0 +1,251 @@
/**
* WinPR: Windows Portable Runtime
* Cryptography API (CryptoAPI)
*
* Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef WINPR_CUSTOM_CRYPTO_H
#define WINPR_CUSTOM_CRYPTO_H
#include <winpr/winpr.h>
#include <winpr/wtypes.h>
#include <winpr/error.h>
/**
* Custom Crypto API Abstraction Layer
*/
#define WINPR_MD4_DIGEST_LENGTH 16
#define WINPR_MD5_DIGEST_LENGTH 16
#define WINPR_SHA1_DIGEST_LENGTH 20
#define WINPR_SHA224_DIGEST_LENGTH 28
#define WINPR_SHA256_DIGEST_LENGTH 32
#define WINPR_SHA384_DIGEST_LENGTH 48
#define WINPR_SHA512_DIGEST_LENGTH 64
#define WINPR_RIPEMD160_DIGEST_LENGTH 20
#define WINPR_SHA3_224_DIGEST_LENGTH 28
#define WINPR_SHA3_256_DIGEST_LENGTH 32
#define WINPR_SHA3_384_DIGEST_LENGTH 48
#define WINPR_SHA3_512_DIGEST_LENGTH 64
#define WINPR_SHAKE128_DIGEST_LENGTH 16
#define WINPR_SHAKE256_DIGEST_LENGTH 32
/**
* HMAC
*/
typedef enum
{
WINPR_MD_NONE = 0,
WINPR_MD_MD2 = 1,
WINPR_MD_MD4 = 2,
WINPR_MD_MD5 = 3,
WINPR_MD_SHA1 = 4,
WINPR_MD_SHA224 = 5,
WINPR_MD_SHA256 = 6,
WINPR_MD_SHA384 = 7,
WINPR_MD_SHA512 = 8,
WINPR_MD_RIPEMD160 = 9,
WINPR_MD_SHA3_224 = 10,
WINPR_MD_SHA3_256 = 11,
WINPR_MD_SHA3_384 = 12,
WINPR_MD_SHA3_512 = 13,
WINPR_MD_SHAKE128 = 14,
WINPR_MD_SHAKE256 = 15
} WINPR_MD_TYPE;
typedef struct _winpr_hmac_ctx_private_st WINPR_HMAC_CTX;
#ifdef __cplusplus
extern "C"
{
#endif
WINPR_API WINPR_MD_TYPE winpr_md_type_from_string(const char* name);
WINPR_API const char* winpr_md_type_to_string(WINPR_MD_TYPE md);
WINPR_API WINPR_HMAC_CTX* winpr_HMAC_New(void);
WINPR_API BOOL winpr_HMAC_Init(WINPR_HMAC_CTX* ctx, WINPR_MD_TYPE md, const BYTE* key,
size_t keylen);
WINPR_API BOOL winpr_HMAC_Update(WINPR_HMAC_CTX* ctx, const BYTE* input, size_t ilen);
WINPR_API BOOL winpr_HMAC_Final(WINPR_HMAC_CTX* ctx, BYTE* output, size_t ilen);
WINPR_API void winpr_HMAC_Free(WINPR_HMAC_CTX* ctx);
WINPR_API BOOL winpr_HMAC(WINPR_MD_TYPE md, const BYTE* key, size_t keylen, const BYTE* input,
size_t ilen, BYTE* output, size_t olen);
#ifdef __cplusplus
}
#endif
/**
* Generic Digest API
*/
typedef struct _winpr_digest_ctx_private_st WINPR_DIGEST_CTX;
#ifdef __cplusplus
extern "C"
{
#endif
WINPR_API WINPR_DIGEST_CTX* winpr_Digest_New(void);
WINPR_API BOOL winpr_Digest_Init_Allow_FIPS(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md);
WINPR_API BOOL winpr_Digest_Init(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md);
WINPR_API BOOL winpr_Digest_Update(WINPR_DIGEST_CTX* ctx, const BYTE* input, size_t ilen);
WINPR_API BOOL winpr_Digest_Final(WINPR_DIGEST_CTX* ctx, BYTE* output, size_t ilen);
WINPR_API void winpr_Digest_Free(WINPR_DIGEST_CTX* ctx);
WINPR_API BOOL winpr_Digest_Allow_FIPS(WINPR_MD_TYPE md, const BYTE* input, size_t ilen,
BYTE* output, size_t olen);
WINPR_API BOOL winpr_Digest(WINPR_MD_TYPE md, const BYTE* input, size_t ilen, BYTE* output,
size_t olen);
#ifdef __cplusplus
}
#endif
/**
* Random Number Generation
*/
#ifdef __cplusplus
extern "C"
{
#endif
WINPR_API int winpr_RAND(BYTE* output, size_t len);
WINPR_API int winpr_RAND_pseudo(BYTE* output, size_t len);
#ifdef __cplusplus
}
#endif
/**
* RC4
*/
typedef struct _winpr_rc4_ctx_private_st WINPR_RC4_CTX;
#ifdef __cplusplus
extern "C"
{
#endif
WINPR_API WINPR_RC4_CTX* winpr_RC4_New_Allow_FIPS(const BYTE* key, size_t keylen);
WINPR_API WINPR_RC4_CTX* winpr_RC4_New(const BYTE* key, size_t keylen);
WINPR_API BOOL winpr_RC4_Update(WINPR_RC4_CTX* ctx, size_t length, const BYTE* input,
BYTE* output);
WINPR_API void winpr_RC4_Free(WINPR_RC4_CTX* ctx);
#ifdef __cplusplus
}
#endif
/**
* Generic Cipher API
*/
#define WINPR_AES_BLOCK_SIZE 16
/* cipher operation types */
#define WINPR_ENCRYPT 0
#define WINPR_DECRYPT 1
/* cipher types */
#define WINPR_CIPHER_NONE 0
#define WINPR_CIPHER_NULL 1
#define WINPR_CIPHER_AES_128_ECB 2
#define WINPR_CIPHER_AES_192_ECB 3
#define WINPR_CIPHER_AES_256_ECB 4
#define WINPR_CIPHER_AES_128_CBC 5
#define WINPR_CIPHER_AES_192_CBC 6
#define WINPR_CIPHER_AES_256_CBC 7
#define WINPR_CIPHER_AES_128_CFB128 8
#define WINPR_CIPHER_AES_192_CFB128 9
#define WINPR_CIPHER_AES_256_CFB128 10
#define WINPR_CIPHER_AES_128_CTR 11
#define WINPR_CIPHER_AES_192_CTR 12
#define WINPR_CIPHER_AES_256_CTR 13
#define WINPR_CIPHER_AES_128_GCM 14
#define WINPR_CIPHER_AES_192_GCM 15
#define WINPR_CIPHER_AES_256_GCM 16
#define WINPR_CIPHER_CAMELLIA_128_ECB 17
#define WINPR_CIPHER_CAMELLIA_192_ECB 18
#define WINPR_CIPHER_CAMELLIA_256_ECB 19
#define WINPR_CIPHER_CAMELLIA_128_CBC 20
#define WINPR_CIPHER_CAMELLIA_192_CBC 21
#define WINPR_CIPHER_CAMELLIA_256_CBC 22
#define WINPR_CIPHER_CAMELLIA_128_CFB128 23
#define WINPR_CIPHER_CAMELLIA_192_CFB128 24
#define WINPR_CIPHER_CAMELLIA_256_CFB128 25
#define WINPR_CIPHER_CAMELLIA_128_CTR 26
#define WINPR_CIPHER_CAMELLIA_192_CTR 27
#define WINPR_CIPHER_CAMELLIA_256_CTR 28
#define WINPR_CIPHER_CAMELLIA_128_GCM 29
#define WINPR_CIPHER_CAMELLIA_192_GCM 30
#define WINPR_CIPHER_CAMELLIA_256_GCM 31
#define WINPR_CIPHER_DES_ECB 32
#define WINPR_CIPHER_DES_CBC 33
#define WINPR_CIPHER_DES_EDE_ECB 34
#define WINPR_CIPHER_DES_EDE_CBC 35
#define WINPR_CIPHER_DES_EDE3_ECB 36
#define WINPR_CIPHER_DES_EDE3_CBC 37
#define WINPR_CIPHER_BLOWFISH_ECB 38
#define WINPR_CIPHER_BLOWFISH_CBC 39
#define WINPR_CIPHER_BLOWFISH_CFB64 40
#define WINPR_CIPHER_BLOWFISH_CTR 41
#define WINPR_CIPHER_ARC4_128 42
#define WINPR_CIPHER_AES_128_CCM 43
#define WINPR_CIPHER_AES_192_CCM 44
#define WINPR_CIPHER_AES_256_CCM 45
#define WINPR_CIPHER_CAMELLIA_128_CCM 46
#define WINPR_CIPHER_CAMELLIA_192_CCM 47
#define WINPR_CIPHER_CAMELLIA_256_CCM 48
typedef struct _winpr_cipher_ctx_private_st WINPR_CIPHER_CTX;
#ifdef __cplusplus
extern "C"
{
#endif
WINPR_API WINPR_CIPHER_CTX* winpr_Cipher_New(int cipher, int op, const BYTE* key,
const BYTE* iv);
WINPR_API BOOL winpr_Cipher_Update(WINPR_CIPHER_CTX* ctx, const BYTE* input, size_t ilen,
BYTE* output, size_t* olen);
WINPR_API BOOL winpr_Cipher_Final(WINPR_CIPHER_CTX* ctx, BYTE* output, size_t* olen);
WINPR_API void winpr_Cipher_Free(WINPR_CIPHER_CTX* ctx);
#ifdef __cplusplus
}
#endif
/**
* Key Generation
*/
#ifdef __cplusplus
extern "C"
{
#endif
WINPR_API int winpr_Cipher_BytesToKey(int cipher, int md, const BYTE* salt, const BYTE* data,
int datal, int count, BYTE* key, BYTE* iv);
#ifdef __cplusplus
}
#endif
#endif /* WINPR_CUSTOM_CRYPTO_H */

637
winpr/include/winpr/wincrypt.h Normal file
View File

@ -0,0 +1,637 @@
/**
* WinPR: Windows Portable Runtime
* Cryptography API (CryptoAPI)
*
* Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef WINPR_WINCRYPT_H
#define WINPR_WINCRYPT_H
#include <winpr/winpr.h>
#include <winpr/wtypes.h>
#include <winpr/error.h>
#ifdef _WIN32
#include <wincrypt.h>
#endif
#ifndef ALG_TYPE_RESERVED7
#define ALG_TYPE_RESERVED7 (7 << 9)
#endif
#if !defined(NTDDI_VERSION) || (NTDDI_VERSION <= 0x05010200)
#define ALG_SID_SHA_256 12
#define ALG_SID_SHA_384 13
#define ALG_SID_SHA_512 14
#define CALG_SHA_256 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256)
#define CALG_SHA_384 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384)
#define CALG_SHA_512 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512)
#endif
#ifndef _WIN32
/* ncrypt.h */
typedef ULONG_PTR NCRYPT_HANDLE;
typedef ULONG_PTR NCRYPT_PROV_HANDLE;
typedef ULONG_PTR NCRYPT_KEY_HANDLE;
typedef ULONG_PTR NCRYPT_HASH_HANDLE;
typedef ULONG_PTR NCRYPT_SECRET_HANDLE;
/* wincrypt.h */
#define GET_ALG_CLASS(x) (x & (7 << 13))
#define GET_ALG_TYPE(x) (x & (15 << 9))
#define GET_ALG_SID(x) (x & (511))
#define ALG_CLASS_ANY (0)
#define ALG_CLASS_SIGNATURE (1 << 13)
#define ALG_CLASS_MSG_ENCRYPT (2 << 13)
#define ALG_CLASS_DATA_ENCRYPT (3 << 13)
#define ALG_CLASS_HASH (4 << 13)
#define ALG_CLASS_KEY_EXCHANGE (5 << 13)
#define ALG_CLASS_ALL (7 << 13)
#define ALG_TYPE_ANY (0)
#define ALG_TYPE_DSS (1 << 9)
#define ALG_TYPE_RSA (2 << 9)
#define ALG_TYPE_BLOCK (3 << 9)
#define ALG_TYPE_STREAM (4 << 9)
#define ALG_TYPE_DH (5 << 9)
#define ALG_TYPE_SECURECHANNEL (6 << 9)
#define ALG_SID_ANY (0)
#define ALG_SID_RSA_ANY 0
#define ALG_SID_RSA_PKCS 1
#define ALG_SID_RSA_MSATWORK 2
#define ALG_SID_RSA_ENTRUST 3
#define ALG_SID_RSA_PGP 4
#define ALG_SID_DSS_ANY 0
#define ALG_SID_DSS_PKCS 1
#define ALG_SID_DSS_DMS 2
#define ALG_SID_DES 1
#define ALG_SID_3DES 3
#define ALG_SID_DESX 4
#define ALG_SID_IDEA 5
#define ALG_SID_CAST 6
#define ALG_SID_SAFERSK64 7
#define ALG_SID_SAFERSK128 8
#define ALG_SID_3DES_112 9
#define ALG_SID_CYLINK_MEK 12
#define ALG_SID_RC5 13
#define ALG_SID_AES_128 14
#define ALG_SID_AES_192 15
#define ALG_SID_AES_256 16
#define ALG_SID_AES 17
#define ALG_SID_SKIPJACK 10
#define ALG_SID_TEK 11
#define CRYPT_MODE_CBCI 6
#define CRYPT_MODE_CFBP 7
#define CRYPT_MODE_OFBP 8
#define CRYPT_MODE_CBCOFM 9
#define CRYPT_MODE_CBCOFMI 10
#define ALG_SID_RC2 2
#define ALG_SID_RC4 1
#define ALG_SID_SEAL 2
#define ALG_SID_DH_SANDF 1
#define ALG_SID_DH_EPHEM 2
#define ALG_SID_AGREED_KEY_ANY 3
#define ALG_SID_KEA 4
#define ALG_SID_ECDH 5
#define ALG_SID_MD2 1
#define ALG_SID_MD4 2
#define ALG_SID_MD5 3
#define ALG_SID_SHA 4
#define ALG_SID_SHA1 4
#define ALG_SID_MAC 5
#define ALG_SID_RIPEMD 6
#define ALG_SID_RIPEMD160 7
#define ALG_SID_SSL3SHAMD5 8
#define ALG_SID_HMAC 9
#define ALG_SID_TLS1PRF 10
#define ALG_SID_HASH_REPLACE_OWF 11
#define ALG_SID_SHA_256 12
#define ALG_SID_SHA_384 13
#define ALG_SID_SHA_512 14
#define ALG_SID_SSL3_MASTER 1
#define ALG_SID_SCHANNEL_MASTER_HASH 2
#define ALG_SID_SCHANNEL_MAC_KEY 3
#define ALG_SID_PCT1_MASTER 4
#define ALG_SID_SSL2_MASTER 5
#define ALG_SID_TLS1_MASTER 6
#define ALG_SID_SCHANNEL_ENC_KEY 7
#define ALG_SID_ECMQV 1
#define CALG_MD2 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD2)
#define CALG_MD4 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD4)
#define CALG_MD5 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD5)
#define CALG_SHA (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA)
#define CALG_SHA1 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA1)
#define CALG_MAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MAC)
#define CALG_RSA_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_RSA | ALG_SID_RSA_ANY)
#define CALG_DSS_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_DSS_ANY)
#define CALG_NO_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_ANY | ALG_SID_ANY)
#define CALG_RSA_KEYX (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_RSA | ALG_SID_RSA_ANY)
#define CALG_DES (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_DES)
#define CALG_3DES_112 (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_3DES_112)
#define CALG_3DES (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_3DES)
#define CALG_DESX (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_DESX)
#define CALG_RC2 (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_RC2)
#define CALG_RC4 (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_STREAM | ALG_SID_RC4)
#define CALG_SEAL (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_STREAM | ALG_SID_SEAL)
#define CALG_DH_SF (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_DH_SANDF)
#define CALG_DH_EPHEM (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_DH_EPHEM)
#define CALG_AGREEDKEY_ANY (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_AGREED_KEY_ANY)
#define CALG_KEA_KEYX (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_KEA)
#define CALG_HUGHES_MD5 (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_ANY | ALG_SID_MD5)
#define CALG_SKIPJACK (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_SKIPJACK)
#define CALG_TEK (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_TEK)
#define CALG_CYLINK_MEK (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_CYLINK_MEK)
#define CALG_SSL3_SHAMD5 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SSL3SHAMD5)
#define CALG_SSL3_MASTER (ALG_CLASS_MSG_ENCRYPT | ALG_TYPE_SECURECHANNEL | ALG_SID_SSL3_MASTER)
#define CALG_SCHANNEL_MASTER_HASH \
(ALG_CLASS_MSG_ENCRYPT | ALG_TYPE_SECURECHANNEL | ALG_SID_SCHANNEL_MASTER_HASH)
#define CALG_SCHANNEL_MAC_KEY \
(ALG_CLASS_MSG_ENCRYPT | ALG_TYPE_SECURECHANNEL | ALG_SID_SCHANNEL_MAC_KEY)
#define CALG_SCHANNEL_ENC_KEY \
(ALG_CLASS_MSG_ENCRYPT | ALG_TYPE_SECURECHANNEL | ALG_SID_SCHANNEL_ENC_KEY)
#define CALG_PCT1_MASTER (ALG_CLASS_MSG_ENCRYPT | ALG_TYPE_SECURECHANNEL | ALG_SID_PCT1_MASTER)
#define CALG_SSL2_MASTER (ALG_CLASS_MSG_ENCRYPT | ALG_TYPE_SECURECHANNEL | ALG_SID_SSL2_MASTER)
#define CALG_TLS1_MASTER (ALG_CLASS_MSG_ENCRYPT | ALG_TYPE_SECURECHANNEL | ALG_SID_TLS1_MASTER)
#define CALG_RC5 (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_RC5)
#define CALG_HMAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HMAC)
#define CALG_TLS1PRF (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_TLS1PRF)
#define CALG_HASH_REPLACE_OWF (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HASH_REPLACE_OWF)
#define CALG_AES_128 (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_AES_128)
#define CALG_AES_192 (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_AES_192)
#define CALG_AES_256 (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_AES_256)
#define CALG_AES (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_AES)
#define CALG_SHA_256 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256)
#define CALG_SHA_384 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384)
#define CALG_SHA_512 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512)
#define CALG_ECDH (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_ECDH)
#define CALG_ECMQV (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_ANY | ALG_SID_ECMQV)
typedef struct
{
DWORD cbData;
BYTE* pbData;
} CRYPT_INTEGER_BLOB, *PCRYPT_INTEGER_BLOB, CRYPT_UINT_BLOB, *PCRYPT_UINT_BLOB, CRYPT_OBJID_BLOB,
*PCRYPT_OBJID_BLOB, CERT_NAME_BLOB, *PCERT_NAME_BLOB, CERT_RDN_VALUE_BLOB,
*PCERT_RDN_VALUE_BLOB, CERT_BLOB, *PCERT_BLOB, CRL_BLOB, *PCRL_BLOB, DATA_BLOB, *PDATA_BLOB,
CRYPT_DATA_BLOB, *PCRYPT_DATA_BLOB, CRYPT_HASH_BLOB, *PCRYPT_HASH_BLOB, CRYPT_DIGEST_BLOB,
*PCRYPT_DIGEST_BLOB, CRYPT_DER_BLOB, *PCRYPT_DER_BLOB, CRYPT_ATTR_BLOB, *PCRYPT_ATTR_BLOB;
typedef struct
{
LPSTR pszObjId;
CRYPT_OBJID_BLOB Parameters;
} CRYPT_ALGORITHM_IDENTIFIER, *PCRYPT_ALGORITHM_IDENTIFIER;
typedef struct
{
DWORD cbData;
BYTE* pbData;
DWORD cUnusedBits;
} CRYPT_BIT_BLOB, *PCRYPT_BIT_BLOB;
typedef struct
{
CRYPT_ALGORITHM_IDENTIFIER Algorithm;
CRYPT_BIT_BLOB PublicKey;
} CERT_PUBLIC_KEY_INFO, *PCERT_PUBLIC_KEY_INFO;
typedef struct
{
LPSTR pszObjId;
BOOL fCritical;
CRYPT_OBJID_BLOB Value;
} CERT_EXTENSION, *PCERT_EXTENSION;
typedef const CERT_EXTENSION* PCCERT_EXTENSION;
typedef struct
{
DWORD dwVersion;
CRYPT_INTEGER_BLOB SerialNumber;
CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
CERT_NAME_BLOB Issuer;
FILETIME NotBefore;
FILETIME NotAfter;
CERT_NAME_BLOB Subject;
CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;
CRYPT_BIT_BLOB IssuerUniqueId;
CRYPT_BIT_BLOB SubjectUniqueId;
DWORD cExtension;
PCERT_EXTENSION rgExtension;
} CERT_INFO, *PCERT_INFO;
typedef void* HCERTSTORE;
typedef ULONG_PTR HCRYPTPROV;
typedef ULONG_PTR HCRYPTPROV_LEGACY;
typedef struct
{
DWORD dwCertEncodingType;
BYTE* pbCertEncoded;
DWORD cbCertEncoded;
PCERT_INFO pCertInfo;
HCERTSTORE hCertStore;
} CERT_CONTEXT, *PCERT_CONTEXT;
typedef const CERT_CONTEXT* PCCERT_CONTEXT;
#if !defined(AT_KEYEXCHANGE)
#define AT_KEYEXCHANGE (1)
#endif
#if !defined(AT_SIGNATURE)
#define AT_SIGNATURE (2)
#endif
#if !defined(AT_AUTHENTICATE)
#define AT_AUTHENTICATE (3)
#endif
#define CERT_ENCODING_TYPE_MASK 0x0000FFFF
#define CMSG_ENCODING_TYPE_MASK 0xFFFF0000
#define GET_CERT_ENCODING_TYPE(x) (x & CERT_ENCODING_TYPE_MASK)
#define GET_CMSG_ENCODING_TYPE(x) (x & CMSG_ENCODING_TYPE_MASK)
#define CRYPT_ASN_ENCODING 0x00000001
#define CRYPT_NDR_ENCODING 0x00000002
#define X509_ASN_ENCODING 0x00000001
#define X509_NDR_ENCODING 0x00000002
#define PKCS_7_ASN_ENCODING 0x00010000
#define PKCS_7_NDR_ENCODING 0x00020000
#define CERT_COMPARE_MASK 0xFFFF
#define CERT_COMPARE_SHIFT 16
#define CERT_COMPARE_ANY 0
#define CERT_COMPARE_SHA1_HASH 1
#define CERT_COMPARE_NAME 2
#define CERT_COMPARE_ATTR 3
#define CERT_COMPARE_MD5_HASH 4
#define CERT_COMPARE_PROPERTY 5
#define CERT_COMPARE_PUBLIC_KEY 6
#define CERT_COMPARE_HASH CERT_COMPARE_SHA1_HASH
#define CERT_COMPARE_NAME_STR_A 7
#define CERT_COMPARE_NAME_STR_W 8
#define CERT_COMPARE_KEY_SPEC 9
#define CERT_COMPARE_ENHKEY_USAGE 10
#define CERT_COMPARE_CTL_USAGE CERT_COMPARE_ENHKEY_USAGE
#define CERT_COMPARE_SUBJECT_CERT 11
#define CERT_COMPARE_ISSUER_OF 12
#define CERT_COMPARE_EXISTING 13
#define CERT_COMPARE_SIGNATURE_HASH 14
#define CERT_COMPARE_KEY_IDENTIFIER 15
#define CERT_COMPARE_CERT_ID 16
#define CERT_COMPARE_CROSS_CERT_DIST_POINTS 17
#define CERT_COMPARE_PUBKEY_MD5_HASH 18
#define CERT_COMPARE_SUBJECT_INFO_ACCESS 19
#define CERT_COMPARE_HASH_STR 20
#define CERT_COMPARE_HAS_PRIVATE_KEY 21
#define CERT_FIND_ANY (CERT_COMPARE_ANY << CERT_COMPARE_SHIFT)
#define CERT_FIND_SHA1_HASH (CERT_COMPARE_SHA1_HASH << CERT_COMPARE_SHIFT)
#define CERT_FIND_MD5_HASH (CERT_COMPARE_MD5_HASH << CERT_COMPARE_SHIFT)
#define CERT_FIND_SIGNATURE_HASH (CERT_COMPARE_SIGNATURE_HASH << CERT_COMPARE_SHIFT)
#define CERT_FIND_KEY_IDENTIFIER (CERT_COMPARE_KEY_IDENTIFIER << CERT_COMPARE_SHIFT)
#define CERT_FIND_HASH CERT_FIND_SHA1_HASH
#define CERT_FIND_PROPERTY (CERT_COMPARE_PROPERTY << CERT_COMPARE_SHIFT)
#define CERT_FIND_PUBLIC_KEY (CERT_COMPARE_PUBLIC_KEY << CERT_COMPARE_SHIFT)
#define CERT_FIND_SUBJECT_NAME (CERT_COMPARE_NAME << CERT_COMPARE_SHIFT | CERT_INFO_SUBJECT_FLAG)
#define CERT_FIND_SUBJECT_ATTR (CERT_COMPARE_ATTR << CERT_COMPARE_SHIFT | CERT_INFO_SUBJECT_FLAG)
#define CERT_FIND_ISSUER_NAME (CERT_COMPARE_NAME << CERT_COMPARE_SHIFT | CERT_INFO_ISSUER_FLAG)
#define CERT_FIND_ISSUER_ATTR (CERT_COMPARE_ATTR << CERT_COMPARE_SHIFT | CERT_INFO_ISSUER_FLAG)
#define CERT_FIND_SUBJECT_STR_A \
(CERT_COMPARE_NAME_STR_A << CERT_COMPARE_SHIFT | CERT_INFO_SUBJECT_FLAG)
#define CERT_FIND_SUBJECT_STR_W \
(CERT_COMPARE_NAME_STR_W << CERT_COMPARE_SHIFT | CERT_INFO_SUBJECT_FLAG)
#define CERT_FIND_SUBJECT_STR CERT_FIND_SUBJECT_STR_W
#define CERT_FIND_ISSUER_STR_A \
(CERT_COMPARE_NAME_STR_A << CERT_COMPARE_SHIFT | CERT_INFO_ISSUER_FLAG)
#define CERT_FIND_ISSUER_STR_W \
(CERT_COMPARE_NAME_STR_W << CERT_COMPARE_SHIFT | CERT_INFO_ISSUER_FLAG)
#define CERT_FIND_ISSUER_STR CERT_FIND_ISSUER_STR_W
#define CERT_FIND_KEY_SPEC (CERT_COMPARE_KEY_SPEC << CERT_COMPARE_SHIFT)
#define CERT_FIND_ENHKEY_USAGE (CERT_COMPARE_ENHKEY_USAGE << CERT_COMPARE_SHIFT)
#define CERT_FIND_CTL_USAGE CERT_FIND_ENHKEY_USAGE
#define CERT_FIND_SUBJECT_CERT (CERT_COMPARE_SUBJECT_CERT << CERT_COMPARE_SHIFT)
#define CERT_FIND_ISSUER_OF (CERT_COMPARE_ISSUER_OF << CERT_COMPARE_SHIFT)
#define CERT_FIND_EXISTING (CERT_COMPARE_EXISTING << CERT_COMPARE_SHIFT)
#define CERT_FIND_CERT_ID (CERT_COMPARE_CERT_ID << CERT_COMPARE_SHIFT)
#define CERT_FIND_CROSS_CERT_DIST_POINTS (CERT_COMPARE_CROSS_CERT_DIST_POINTS << CERT_COMPARE_SHIFT)
#define CERT_FIND_PUBKEY_MD5_HASH (CERT_COMPARE_PUBKEY_MD5_HASH << CERT_COMPARE_SHIFT)
#define CERT_FIND_SUBJECT_INFO_ACCESS (CERT_COMPARE_SUBJECT_INFO_ACCESS << CERT_COMPARE_SHIFT)
#define CERT_FIND_HASH_STR (CERT_COMPARE_HASH_STR << CERT_COMPARE_SHIFT)
#define CERT_FIND_HAS_PRIVATE_KEY (CERT_COMPARE_HAS_PRIVATE_KEY << CERT_COMPARE_SHIFT)
#define CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG 0x1
#define CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG 0x2
#define CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG 0x4
#define CERT_FIND_NO_ENHKEY_USAGE_FLAG 0x8
#define CERT_FIND_OR_ENHKEY_USAGE_FLAG 0x10
#define CERT_FIND_VALID_ENHKEY_USAGE_FLAG 0x20
#define CERT_FIND_OPTIONAL_CTL_USAGE_FLAG CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG
#define CERT_FIND_EXT_ONLY_CTL_USAGE_FLAG CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG
#define CERT_FIND_PROP_ONLY_CTL_USAGE_FLAG CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG
#define CERT_FIND_NO_CTL_USAGE_FLAG CERT_FIND_NO_ENHKEY_USAGE_FLAG
#define CERT_FIND_OR_CTL_USAGE_FLAG CERT_FIND_OR_ENHKEY_USAGE_FLAG
#define CERT_FIND_VALID_CTL_USAGE_FLAG CERT_FIND_VALID_ENHKEY_USAGE_FLAG
#define CERT_NAME_EMAIL_TYPE 1
#define CERT_NAME_RDN_TYPE 2
#define CERT_NAME_ATTR_TYPE 3
#define CERT_NAME_SIMPLE_DISPLAY_TYPE 4
#define CERT_NAME_FRIENDLY_DISPLAY_TYPE 5
#define CERT_NAME_DNS_TYPE 6
#define CERT_NAME_URL_TYPE 7
#define CERT_NAME_UPN_TYPE 8
#define CERT_NAME_ISSUER_FLAG 0x1
#define CERT_NAME_DISABLE_IE4_UTF8_FLAG 0x00010000
#define CERT_NAME_SEARCH_ALL_NAMES_FLAG 0x2
#define CERT_STORE_PROV_MSG ((LPCSTR)1)
#define CERT_STORE_PROV_MEMORY ((LPCSTR)2)
#define CERT_STORE_PROV_FILE ((LPCSTR)3)
#define CERT_STORE_PROV_REG ((LPCSTR)4)
#define CERT_STORE_PROV_PKCS7 ((LPCSTR)5)
#define CERT_STORE_PROV_SERIALIZED ((LPCSTR)6)
#define CERT_STORE_PROV_FILENAME_A ((LPCSTR)7)
#define CERT_STORE_PROV_FILENAME_W ((LPCSTR)8)
#define CERT_STORE_PROV_FILENAME CERT_STORE_PROV_FILENAME_W
#define CERT_STORE_PROV_SYSTEM_A ((LPCSTR)9)
#define CERT_STORE_PROV_SYSTEM_W ((LPCSTR)10)
#define CERT_STORE_PROV_SYSTEM CERT_STORE_PROV_SYSTEM_W
#define CERT_STORE_PROV_COLLECTION ((LPCSTR)11)
#define CERT_STORE_PROV_SYSTEM_REGISTRY_A ((LPCSTR)12)
#define CERT_STORE_PROV_SYSTEM_REGISTRY_W ((LPCSTR)13)
#define CERT_STORE_PROV_SYSTEM_REGISTRY CERT_STORE_PROV_SYSTEM_REGISTRY_W
#define CERT_STORE_PROV_PHYSICAL_W ((LPCSTR)14)
#define CERT_STORE_PROV_PHYSICAL CERT_STORE_PROV_PHYSICAL_W
#define CERT_STORE_PROV_SMART_CARD_W ((LPCSTR)15)
#define CERT_STORE_PROV_SMART_CARD CERT_STORE_PROV_SMART_CARD_W
#define CERT_STORE_PROV_LDAP_W ((LPCSTR)16)
#define CERT_STORE_PROV_LDAP CERT_STORE_PROV_LDAP_W
#define CERT_STORE_PROV_PKCS12 ((LPCSTR)17)
#define sz_CERT_STORE_PROV_MEMORY "Memory"
#define sz_CERT_STORE_PROV_FILENAME_W "File"
#define sz_CERT_STORE_PROV_FILENAME sz_CERT_STORE_PROV_FILENAME_W
#define sz_CERT_STORE_PROV_SYSTEM_W "System"
#define sz_CERT_STORE_PROV_SYSTEM sz_CERT_STORE_PROV_SYSTEM_W
#define sz_CERT_STORE_PROV_PKCS7 "PKCS7"
#define sz_CERT_STORE_PROV_PKCS12 "PKCS12"
#define sz_CERT_STORE_PROV_SERIALIZED "Serialized"
#define sz_CERT_STORE_PROV_COLLECTION "Collection"
#define sz_CERT_STORE_PROV_SYSTEM_REGISTRY_W "SystemRegistry"
#define sz_CERT_STORE_PROV_SYSTEM_REGISTRY sz_CERT_STORE_PROV_SYSTEM_REGISTRY_W
#define sz_CERT_STORE_PROV_PHYSICAL_W "Physical"
#define sz_CERT_STORE_PROV_PHYSICAL sz_CERT_STORE_PROV_PHYSICAL_W
#define sz_CERT_STORE_PROV_SMART_CARD_W "SmartCard"
#define sz_CERT_STORE_PROV_SMART_CARD sz_CERT_STORE_PROV_SMART_CARD_W
#define sz_CERT_STORE_PROV_LDAP_W "Ldap"
#define sz_CERT_STORE_PROV_LDAP sz_CERT_STORE_PROV_LDAP_W
#define CERT_STORE_SIGNATURE_FLAG 0x00000001
#define CERT_STORE_TIME_VALIDITY_FLAG 0x00000002
#define CERT_STORE_REVOCATION_FLAG 0x00000004
#define CERT_STORE_NO_CRL_FLAG 0x00010000
#define CERT_STORE_NO_ISSUER_FLAG 0x00020000
#define CERT_STORE_BASE_CRL_FLAG 0x00000100
#define CERT_STORE_DELTA_CRL_FLAG 0x00000200
#define CERT_STORE_NO_CRYPT_RELEASE_FLAG 0x00000001
#define CERT_STORE_SET_LOCALIZED_NAME_FLAG 0x00000002
#define CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG 0x00000004
#define CERT_STORE_DELETE_FLAG 0x00000010
#define CERT_STORE_UNSAFE_PHYSICAL_FLAG 0x00000020
#define CERT_STORE_SHARE_STORE_FLAG 0x00000040
#define CERT_STORE_SHARE_CONTEXT_FLAG 0x00000080
#define CERT_STORE_MANIFOLD_FLAG 0x00000100
#define CERT_STORE_ENUM_ARCHIVED_FLAG 0x00000200
#define CERT_STORE_UPDATE_KEYID_FLAG 0x00000400
#define CERT_STORE_BACKUP_RESTORE_FLAG 0x00000800
#define CERT_STORE_READONLY_FLAG 0x00008000
#define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000
#define CERT_STORE_CREATE_NEW_FLAG 0x00002000
#define CERT_STORE_MAXIMUM_ALLOWED_FLAG 0x00001000
#define CERT_SYSTEM_STORE_MASK 0xFFFF0000
#define CERT_SYSTEM_STORE_RELOCATE_FLAG 0x80000000
#define CERT_SYSTEM_STORE_UNPROTECTED_FLAG 0x40000000
#define CERT_SYSTEM_STORE_DEFER_READ_FLAG 0x20000000
#define CERT_SYSTEM_STORE_LOCATION_MASK 0x00FF0000
#define CERT_SYSTEM_STORE_LOCATION_SHIFT 16
#define CERT_SYSTEM_STORE_CURRENT_USER_ID 1
#define CERT_SYSTEM_STORE_LOCAL_MACHINE_ID 2
#define CERT_SYSTEM_STORE_CURRENT_SERVICE_ID 4
#define CERT_SYSTEM_STORE_SERVICES_ID 5
#define CERT_SYSTEM_STORE_USERS_ID 6
#define CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY_ID 7
#define CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY_ID 8
#define CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE_ID 9
#define CERT_SYSTEM_STORE_CURRENT_USER \
(CERT_SYSTEM_STORE_CURRENT_USER_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT)
#define CERT_SYSTEM_STORE_LOCAL_MACHINE \
(CERT_SYSTEM_STORE_LOCAL_MACHINE_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT)
#define CERT_SYSTEM_STORE_CURRENT_SERVICE \
(CERT_SYSTEM_STORE_CURRENT_SERVICE_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT)
#define CERT_SYSTEM_STORE_SERVICES \
(CERT_SYSTEM_STORE_SERVICES_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT)
#define CERT_SYSTEM_STORE_USERS (CERT_SYSTEM_STORE_USERS_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT)
#define CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY \
(CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT)
#define CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY \
(CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT)
#define CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE \
(CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT)
WINPR_API HCERTSTORE CertOpenStore(LPCSTR lpszStoreProvider, DWORD dwMsgAndCertEncodingType,
HCRYPTPROV_LEGACY hCryptProv, DWORD dwFlags, const void* pvPara);
WINPR_API HCERTSTORE CertOpenSystemStoreW(HCRYPTPROV_LEGACY hProv, LPCWSTR szSubsystemProtocol);
WINPR_API HCERTSTORE CertOpenSystemStoreA(HCRYPTPROV_LEGACY hProv, LPCSTR szSubsystemProtocol);
WINPR_API BOOL CertCloseStore(HCERTSTORE hCertStore, DWORD dwFlags);
#ifdef UNICODE
#define CertOpenSystemStore CertOpenSystemStoreW
#else
#define CertOpenSystemStore CertOpenSystemStoreA
#endif
#ifdef __cplusplus
extern "C"
{
#endif
WINPR_API PCCERT_CONTEXT CertFindCertificateInStore(HCERTSTORE hCertStore,
DWORD dwCertEncodingType, DWORD dwFindFlags,
DWORD dwFindType, const void* pvFindPara,
PCCERT_CONTEXT pPrevCertContext);
WINPR_API PCCERT_CONTEXT CertEnumCertificatesInStore(HCERTSTORE hCertStore,
PCCERT_CONTEXT pPrevCertContext);
WINPR_API DWORD CertGetNameStringW(PCCERT_CONTEXT pCertContext, DWORD dwType, DWORD dwFlags,
void* pvTypePara, LPWSTR pszNameString, DWORD cchNameString);
WINPR_API DWORD CertGetNameStringA(PCCERT_CONTEXT pCertContext, DWORD dwType, DWORD dwFlags,
void* pvTypePara, LPSTR pszNameString, DWORD cchNameString);
#ifdef __cplusplus
}
#endif
#ifdef UNICODE
#define CertGetNameString CertGetNameStringW
#else
#define CertGetNameString CertGetNameStringA
#endif
/**
* Data Protection API (DPAPI)
*/
#define CRYPTPROTECTMEMORY_BLOCK_SIZE 16
#define CRYPTPROTECTMEMORY_SAME_PROCESS 0x00000000
#define CRYPTPROTECTMEMORY_CROSS_PROCESS 0x00000001
#define CRYPTPROTECTMEMORY_SAME_LOGON 0x00000002
#define CRYPTPROTECT_PROMPT_ON_UNPROTECT 0x00000001
#define CRYPTPROTECT_PROMPT_ON_PROTECT 0x00000002
#define CRYPTPROTECT_PROMPT_RESERVED 0x00000004
#define CRYPTPROTECT_PROMPT_STRONG 0x00000008
#define CRYPTPROTECT_PROMPT_REQUIRE_STRONG 0x00000010
#define CRYPTPROTECT_UI_FORBIDDEN 0x1
#define CRYPTPROTECT_LOCAL_MACHINE 0x4
#define CRYPTPROTECT_CRED_SYNC 0x8
#define CRYPTPROTECT_AUDIT 0x10
#define CRYPTPROTECT_NO_RECOVERY 0x20
#define CRYPTPROTECT_VERIFY_PROTECTION 0x40
#define CRYPTPROTECT_CRED_REGENERATE 0x80
#define CRYPTPROTECT_FIRST_RESERVED_FLAGVAL 0x0FFFFFFF
#define CRYPTPROTECT_LAST_RESERVED_FLAGVAL 0xFFFFFFFF
typedef struct
{
DWORD cbSize;
DWORD dwPromptFlags;
HWND hwndApp;
LPCWSTR szPrompt;
} CRYPTPROTECT_PROMPTSTRUCT, *PCRYPTPROTECT_PROMPTSTRUCT;
#define CRYPTPROTECT_DEFAULT_PROVIDER \
{ \
0xdf9d8cd0, 0x1501, 0x11d1, \
{ \
0x8c, 0x7a, 0x00, 0xc0, 0x4f, 0xc2, 0x97, 0xeb \
} \
}
#ifdef __cplusplus
extern "C"
{
#endif
WINPR_API BOOL CryptProtectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags);
WINPR_API BOOL CryptUnprotectMemory(LPVOID pData, DWORD cbData, DWORD dwFlags);
WINPR_API BOOL CryptProtectData(DATA_BLOB* pDataIn, LPCWSTR szDataDescr,
DATA_BLOB* pOptionalEntropy, PVOID pvReserved,
CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct, DWORD dwFlags,
DATA_BLOB* pDataOut);
WINPR_API BOOL CryptUnprotectData(DATA_BLOB* pDataIn, LPWSTR* ppszDataDescr,
DATA_BLOB* pOptionalEntropy, PVOID pvReserved,
CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct, DWORD dwFlags,
DATA_BLOB* pDataOut);
#ifdef __cplusplus
}
#endif
#define CRYPT_STRING_BASE64HEADER 0x00000000
#define CRYPT_STRING_BASE64 0x00000001
#define CRYPT_STRING_BINARY 0x00000002
#define CRYPT_STRING_BASE64REQUESTHEADER 0x00000003
#define CRYPT_STRING_HEX 0x00000004
#define CRYPT_STRING_HEXASCII 0x00000005
#define CRYPT_STRING_BASE64_ANY 0x00000006
#define CRYPT_STRING_ANY 0x00000007
#define CRYPT_STRING_HEX_ANY 0x00000008
#define CRYPT_STRING_BASE64X509CRLHEADER 0x00000009
#define CRYPT_STRING_HEXADDR 0x0000000A
#define CRYPT_STRING_HEXASCIIADDR 0x0000000B
#define CRYPT_STRING_HEXRAW 0x0000000C
#define CRYPT_STRING_HASHDATA 0x10000000
#define CRYPT_STRING_STRICT 0x20000000
#define CRYPT_STRING_NOCRLF 0x40000000
#define CRYPT_STRING_NOCR 0x80000000
WINPR_API BOOL CryptStringToBinaryW(LPCWSTR pszString, DWORD cchString, DWORD dwFlags,
BYTE* pbBinary, DWORD* pcbBinary, DWORD* pdwSkip,
DWORD* pdwFlags);
WINPR_API BOOL CryptStringToBinaryA(LPCSTR pszString, DWORD cchString, DWORD dwFlags,
BYTE* pbBinary, DWORD* pcbBinary, DWORD* pdwSkip,
DWORD* pdwFlags);
WINPR_API BOOL CryptBinaryToStringW(CONST BYTE* pbBinary, DWORD cbBinary, DWORD dwFlags,
LPWSTR pszString, DWORD* pcchString);
WINPR_API BOOL CryptBinaryToStringA(CONST BYTE* pbBinary, DWORD cbBinary, DWORD dwFlags,
LPSTR pszString, DWORD* pcchString);
#ifdef UNICODE
#define CryptStringToBinary CryptStringToBinaryW
#define CryptBinaryToString CryptBinaryToStringW
#else
#define CryptStringToBinary CryptStringToBinaryA
#define CryptBinaryToString CryptBinaryToStringA
#endif
#endif
#ifndef ALG_SID_ECSDA
#define ALG_SID_ECDSA 3
#define CALG_ECDSA (ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_ECDSA)
#endif
#endif /* WINPR_WINCRYPT_H */

1
winpr/libwinpr/crypto/cert.c
View File

@ -151,6 +151,7 @@
*/
#include <winpr/crt.h>
#include <winpr/wincrypt.h>
#ifndef _WIN32

51
winpr/libwinpr/utils/ntlm.c
View File

@ -48,16 +48,15 @@ BOOL NTOWFv1A(LPSTR Password, UINT32 PasswordLength, BYTE* NtHash)
{
LPWSTR PasswordW = NULL;
BOOL result = FALSE;
int PasswordLengthW = 0;
if (!NtHash)
return FALSE;
if (!(PasswordW = (LPWSTR)calloc(PasswordLength, 2)))
return FALSE;
MultiByteToWideChar(CP_ACP, 0, Password, PasswordLength, PasswordW, PasswordLength);
if (!NTOWFv1W(PasswordW, PasswordLength * 2, NtHash))
PasswordLengthW = ConvertToUnicode(CP_ACP, 0, Password, PasswordLength, &PasswordW, 0);
if (PasswordLengthW < 0)
goto out_fail;
if (!NTOWFv1W(PasswordW, PasswordLengthW * sizeof(WCHAR), NtHash))
goto out_fail;
result = TRUE;
@ -94,23 +93,26 @@ BOOL NTOWFv2A(LPSTR Password, UINT32 PasswordLength, LPSTR User, UINT32 UserLeng
LPWSTR DomainW = NULL;
LPWSTR PasswordW = NULL;
BOOL result = FALSE;
int UserLengthW = 0;
int DomainLengthW = 0;
int PasswordLengthW = 0;
if (!NtHash)
return FALSE;
UserW = (LPWSTR)calloc(UserLength, 2);
DomainW = (LPWSTR)calloc(DomainLength, 2);
PasswordW = (LPWSTR)calloc(PasswordLength, 2);
UserLengthW = ConvertToUnicode(CP_ACP, 0, User, UserLength, &UserW, 0);
DomainLengthW = ConvertToUnicode(CP_ACP, 0, Domain, DomainLength, &DomainW, 0);
PasswordLengthW = ConvertToUnicode(CP_ACP, 0, Password, PasswordLength, &PasswordW, 0);
if (!UserW || !DomainW || !PasswordW)
if (UserLengthW < 0)
goto out_fail;
if (DomainLengthW < 0)
goto out_fail;
if (PasswordLengthW < 0)
goto out_fail;
MultiByteToWideChar(CP_ACP, 0, User, UserLength, UserW, UserLength);
MultiByteToWideChar(CP_ACP, 0, Domain, DomainLength, DomainW, DomainLength);
MultiByteToWideChar(CP_ACP, 0, Password, PasswordLength, PasswordW, PasswordLength);
if (!NTOWFv2W(PasswordW, PasswordLength * 2, UserW, UserLength * 2, DomainW, DomainLength * 2,
NtHash))
if (!NTOWFv2W(PasswordW, PasswordLengthW * sizeof(WCHAR), UserW, UserLengthW * sizeof(WCHAR),
DomainW, DomainLengthW * sizeof(WCHAR), NtHash))
goto out_fail;
result = TRUE;
@ -160,20 +162,21 @@ BOOL NTOWFv2FromHashA(BYTE* NtHashV1, LPSTR User, UINT32 UserLength, LPSTR Domai
LPWSTR UserW = NULL;
LPWSTR DomainW = NULL;
BOOL result = FALSE;
int UserLengthW = 0;
int DomainLengthW = 0;
if (!NtHash)
return FALSE;
UserW = (LPWSTR)calloc(UserLength, 2);
DomainW = (LPWSTR)calloc(DomainLength, 2);
if (!UserW || !DomainW)
UserLengthW = ConvertToUnicode(CP_ACP, 0, User, UserLength, &UserW, 0);
DomainLengthW = ConvertToUnicode(CP_ACP, 0, Domain, DomainLength, &DomainW, 0);
if (UserLengthW < 0)
goto out_fail;
if (DomainLengthW < 0)
goto out_fail;
MultiByteToWideChar(CP_ACP, 0, User, UserLength, UserW, UserLength);
MultiByteToWideChar(CP_ACP, 0, Domain, DomainLength, DomainW, DomainLength);
if (!NTOWFv2FromHashW(NtHashV1, UserW, UserLength * 2, DomainW, DomainLength * 2, NtHash))
if (!NTOWFv2FromHashW(NtHashV1, UserW, UserLength * sizeof(WCHAR), DomainW,
DomainLength * sizeof(WCHAR), NtHash))
goto out_fail;
result = TRUE;

6
winpr/libwinpr/utils/sam.c
View File

@ -59,9 +59,11 @@ static WINPR_SAM_ENTRY* SamEntryFromDataA(LPCSTR User, DWORD UserLength, LPCSTR
WINPR_SAM_ENTRY* entry = calloc(1, sizeof(WINPR_SAM_ENTRY));
if (!entry)
return NULL;
entry->User = _strdup(User);
if (User && (UserLength > 0))
entry->User = _strdup(User);
entry->UserLength = UserLength;
entry->Domain = _strdup(Domain);
if (Domain && (DomainLength > 0))
entry->Domain = _strdup(Domain);
entry->DomainLength = DomainLength;
return entry;
}