diff options
| author | Jay Sorg <jay.sorg@gmail.com> | 2014-02-20 00:41:53 -0800 |
|---|---|---|
| committer | Jay Sorg <jay.sorg@gmail.com> | 2014-02-20 00:41:53 -0800 |
| commit | b81bd005bf52dabf3ca054050a9be9a40929a8f3 (patch) | |
| tree | 596bb27ee1ff32237b33e8322c356f2cd6d00620 /libxrdp/xrdp_sec.c | |
| parent | c11afcd67292f7e394e6adc77d89770a6662212f (diff) | |
| download | xrdp-proprietary-b81bd005bf52dabf3ca054050a9be9a40929a8f3.tar.gz xrdp-proprietary-b81bd005bf52dabf3ca054050a9be9a40929a8f3.zip | |
libxrdp: started adding FIPS crypt
Diffstat (limited to 'libxrdp/xrdp_sec.c')
| -rw-r--r-- | libxrdp/xrdp_sec.c | 36 |
1 files changed, 19 insertions, 17 deletions
diff --git a/libxrdp/xrdp_sec.c b/libxrdp/xrdp_sec.c index d1bd49de..71cb513f 100644 --- a/libxrdp/xrdp_sec.c +++ b/libxrdp/xrdp_sec.c @@ -1,7 +1,7 @@ /** * xrdp: A Remote Desktop Protocol server. * - * Copyright (C) Jay Sorg 2004-2013 + * Copyright (C) Jay Sorg 2004-2014 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -145,22 +145,25 @@ xrdp_sec_create(struct xrdp_rdp *owner, struct trans *trans, int crypt_level, DEBUG((" in xrdp_sec_create")); self = (struct xrdp_sec *)g_malloc(sizeof(struct xrdp_sec), 1); self->rdp_layer = owner; - self->rc4_key_size = 1; /* 1 = 40 bit, 2 = 128 bit */ - self->crypt_level = 1; /* 1, 2, 3 = low, medium, high */ - + self->crypt_method = CRYPT_METHOD_40BIT; + self->crypt_level = CRYPT_LEVEL_LOW; switch (crypt_level) { - case 1: - self->rc4_key_size = 1; - self->crypt_level = 1; + case 1: /* low */ + self->crypt_method = CRYPT_METHOD_40BIT; + self->crypt_level = CRYPT_LEVEL_LOW; + break; + case 2: /* medium */ + self->crypt_method = CRYPT_METHOD_40BIT; + self->crypt_level = CRYPT_LEVEL_CLIENT_COMPATIBLE; break; - case 2: - self->rc4_key_size = 1; - self->crypt_level = 2; + case 3: /* high */ + self->crypt_method = CRYPT_METHOD_128BIT; + self->crypt_level = CRYPT_LEVEL_HIGH; break; - case 3: - self->rc4_key_size = 2; - self->crypt_level = 3; + case 4: /* fips */ + self->crypt_method = CRYPT_METHOD_FIPS; + self->crypt_level = CRYPT_LEVEL_FIPS; break; default: g_writeln("Fatal : Illegal crypt_level"); @@ -715,7 +718,7 @@ xrdp_sec_establish_keys(struct xrdp_sec *self) xrdp_sec_hash_16(self->decrypt_key, session_key + 32, self->client_random, self->server_random); - if (self->rc4_key_size == 1) + if (self->crypt_method == CRYPT_METHOD_40BIT) { xrdp_sec_make_40bit(self->sign_key); xrdp_sec_make_40bit(self->encrypt_key); @@ -1152,9 +1155,8 @@ xrdp_sec_out_mcs_data(struct xrdp_sec *self) out_uint16_le(s, SEC_TAG_SRV_CRYPT); out_uint16_le(s, 0x00ec); /* len is 236 */ - out_uint32_le(s, self->rc4_key_size); /* key len 1 = 40 bit 2 = 128 bit */ - out_uint32_le(s, self->crypt_level); /* crypt level 1 = low 2 = medium */ - /* 3 = high */ + out_uint32_le(s, self->crypt_method); + out_uint32_le(s, self->crypt_level); out_uint32_le(s, 32); /* 32 bytes random len */ out_uint32_le(s, 0xb8); /* 184 bytes rsa info(certificate) len */ out_uint8a(s, self->server_random, 32); |