mirrors
/
tigervnc
mirror of https://github.com/TigerVNC/tigervnc.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 37 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4725 Commits
15 Branches
Tree: 19df176862
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '19df176862'
${ noResults }
tigervnc/common/rfb/CSecurityDH.cxx

CSecurityDH.cxx 4.0KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149 
  1. /* 

  2.  * Copyright (C) 2022 Dinglan Peng

  3.  *    

  4.  * This is free software; you can redistribute it and/or modify

  5.  * it under the terms of the GNU General Public License as published by

  6.  * the Free Software Foundation; either version 2 of the License, or

  7.  * (at your option) any later version.

  8.  * 

  9.  * This software is distributed in the hope that it will be useful,

  10.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  11.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  12.  * GNU General Public License for more details.

  13.  * 

  14.  * You should have received a copy of the GNU General Public License

  15.  * along with this software; if not, write to the Free Software

  16.  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,

  17.  * USA.

  18.  */

  19. 

  20. #ifdef HAVE_CONFIG_H

  21. #include <config.h>

  22. #endif

  23. 

  24. #ifndef HAVE_NETTLE

  25. #error "This header should not be compiled without HAVE_NETTLE defined"

  26. #endif

  27. 

  28. #include <stdlib.h>

  29. #ifndef WIN32

  30. #include <unistd.h>

  31. #endif

  32. #include <assert.h>

  33. 

  34. #include <nettle/aes.h>

  35. #include <nettle/md5.h>

  36. #include <nettle/bignum.h>

  37. #include <rfb/CSecurityDH.h>

  38. #include <rfb/CConnection.h>

  39. #include <rdr/InStream.h>

  40. #include <rdr/OutStream.h>

  41. #include <rdr/RandomStream.h>

  42. #include <rfb/Exception.h>

  43. #include <os/os.h>

  44. 

  45. using namespace rfb;

  46. 

  47. const int MinKeyLength = 128;

  48. const int MaxKeyLength = 1024;

  49. 

  50. CSecurityDH::CSecurityDH(CConnection* cc)

  51.   : CSecurity(cc), keyLength(0)

  52. {

  53.   mpz_init(g);

  54.   mpz_init(p);

  55.   mpz_init(A);

  56.   mpz_init(b);

  57.   mpz_init(B);

  58.   mpz_init(k);

  59. }

  60. 

  61. CSecurityDH::~CSecurityDH()

  62. {

  63.   mpz_clear(g);

  64.   mpz_clear(p);

  65.   mpz_clear(A);

  66.   mpz_clear(b);

  67.   mpz_clear(B);

  68.   mpz_clear(k);

  69. }

  70. 

  71. bool CSecurityDH::processMsg()

  72. {

  73.   if (readKey()) {

  74.     writeCredentials();

  75.     return true;

  76.   }

  77.   return false;

  78. }

  79. 

  80. bool CSecurityDH::readKey()

  81. {

  82.   rdr::InStream* is = cc->getInStream();

  83.   if (!is->hasData(4))

  84.     return false;

  85.   is->setRestorePoint();

  86.   uint16_t gen = is->readU16();

  87.   keyLength = is->readU16();

  88.   if (keyLength < MinKeyLength)

  89.     throw AuthFailureException("DH key is too short");

  90.   if (keyLength > MaxKeyLength)

  91.     throw AuthFailureException("DH key is too long");

  92.   if (!is->hasDataOrRestore(keyLength * 2))

  93.     return false;

  94.   is->clearRestorePoint();

  95.   mpz_set_ui(g, gen);

  96.   std::vector<uint8_t> pBytes(keyLength);

  97.   std::vector<uint8_t> ABytes(keyLength);

  98.   is->readBytes(pBytes.data(), pBytes.size());

  99.   is->readBytes(ABytes.data(), ABytes.size());

  100.   nettle_mpz_set_str_256_u(p, pBytes.size(), pBytes.data());

  101.   nettle_mpz_set_str_256_u(A, ABytes.size(), ABytes.data());

  102.   return true;

  103. }

  104. 

  105. void CSecurityDH::writeCredentials()

  106. {

  107.   std::string username;

  108.   std::string password;

  109.   rdr::RandomStream rs;

  110. 

  111.   (CSecurity::upg)->getUserPasswd(isSecure(), &username, &password);

  112. 

  113.   std::vector<uint8_t> bBytes(keyLength);

  114.   if (!rs.hasData(keyLength))

  115.     throw ConnFailedException("failed to generate DH private key");

  116.   rs.readBytes(bBytes.data(), bBytes.size());

  117.   nettle_mpz_set_str_256_u(b, bBytes.size(), bBytes.data());

  118.   mpz_powm(k, A, b, p);

  119.   mpz_powm(B, g, b, p);

  120. 

  121.   std::vector<uint8_t> sharedSecret(keyLength);

  122.   std::vector<uint8_t> BBytes(keyLength);

  123.   nettle_mpz_get_str_256(sharedSecret.size(), sharedSecret.data(), k);

  124.   nettle_mpz_get_str_256(BBytes.size(), BBytes.data(), B);

  125.   uint8_t key[16];

  126.   struct md5_ctx md5Ctx;

  127.   md5_init(&md5Ctx);

  128.   md5_update(&md5Ctx, sharedSecret.size(), sharedSecret.data());

  129.   md5_digest(&md5Ctx, 16, key);

  130.   struct aes128_ctx aesCtx;

  131.   aes128_set_encrypt_key(&aesCtx, key);

  132. 

  133.   uint8_t buf[128];

  134.   if (!rs.hasData(128))

  135.     throw ConnFailedException("failed to generate random padding");

  136.   rs.readBytes(buf, 128);

  137.   if (username.size() >= 64)

  138.     throw AuthFailureException("username is too long");

  139.   memcpy(buf, username.c_str(), username.size() + 1);

  140.   if (password.size() >= 64)

  141.     throw AuthFailureException("password is too long");

  142.   memcpy(buf + 64, password.c_str(), password.size() + 1);

  143.   aes128_encrypt(&aesCtx, 128, buf, buf);

  144. 

  145.   rdr::OutStream* os = cc->getOutStream();

  146.   os->writeBytes(buf, 128);

  147.   os->writeBytes(BBytes.data(), BBytes.size());

  148.   os->flush();

  149. }