5 files changed, 442 insertions, 442 deletions

diff --git a/common/rfb/CSecurityDH.cxx b/common/rfb/CSecurityDH.cxx
index b6d9cce4..d9b09bfb 100644
--- a/common/rfb/CSecurityDH.cxx
+++ b/common/rfb/CSecurityDH.cxx
@@ -1,150 +1,150 @@
-/* 

- * Copyright (C) 2022 Dinglan Peng

- *    

- * This is free software; you can redistribute it and/or modify

- * it under the terms of the GNU General Public License as published by

- * the Free Software Foundation; either version 2 of the License, or

- * (at your option) any later version.

- * 

- * This software is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU General Public License for more details.

- * 

- * You should have received a copy of the GNU General Public License

- * along with this software; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,

- * USA.

- */

-

-#ifdef HAVE_CONFIG_H

-#include <config.h>

-#endif

-

-#ifndef HAVE_NETTLE

-#error "This header should not be compiled without HAVE_NETTLE defined"

-#endif

-

-#include <stdlib.h>

-#ifndef WIN32

-#include <unistd.h>

-#endif

-#include <assert.h>

-

-#include <nettle/aes.h>

-#include <nettle/md5.h>

-#include <nettle/bignum.h>

-#include <rfb/CSecurityDH.h>

-#include <rfb/CConnection.h>

-#include <rdr/InStream.h>

-#include <rdr/OutStream.h>

-#include <rdr/RandomStream.h>

-#include <rfb/Exception.h>

-#include <os/os.h>

-

-using namespace rfb;

-

-const int MinKeyLength = 128;

-const int MaxKeyLength = 1024;

-

-CSecurityDH::CSecurityDH(CConnection* cc)

-  : CSecurity(cc), keyLength(0)

-{

-  mpz_init(g);

-  mpz_init(p);

-  mpz_init(A);

-  mpz_init(b);

-  mpz_init(B);

-  mpz_init(k);

-}

-

-CSecurityDH::~CSecurityDH()

-{

-  mpz_clear(g);

-  mpz_clear(p);

-  mpz_clear(A);

-  mpz_clear(b);

-  mpz_clear(B);

-  mpz_clear(k);

-}

-

-bool CSecurityDH::processMsg()

-{

-  if (readKey()) {

-    writeCredentials();

-    return true;

-  }

-  return false;

-}

-

-bool CSecurityDH::readKey()

-{

-  rdr::InStream* is = cc->getInStream();

-  if (!is->hasData(4))

-    return false;

-  is->setRestorePoint();

-  rdr::U16 gen = is->readU16();

-  keyLength = is->readU16();

-  if (keyLength < MinKeyLength)

-    throw AuthFailureException("DH key is too short");

-  if (keyLength > MaxKeyLength)

-    throw AuthFailureException("DH key is too long");

-  if (!is->hasDataOrRestore(keyLength * 2))

-    return false;

-  is->clearRestorePoint();

-  mpz_set_ui(g, gen);

-  rdr::U8Array pBytes(keyLength);

-  rdr::U8Array ABytes(keyLength);

-  is->readBytes(pBytes.buf, keyLength);

-  is->readBytes(ABytes.buf, keyLength);

-  nettle_mpz_set_str_256_u(p, keyLength, pBytes.buf);

-  nettle_mpz_set_str_256_u(A, keyLength, ABytes.buf);

-  return true;

-}

-

-void CSecurityDH::writeCredentials()

-{

-  CharArray username;

-  CharArray password;

-  rdr::RandomStream rs;

-

-  (CSecurity::upg)->getUserPasswd(isSecure(), &username.buf, &password.buf);

-  rdr::U8Array bBytes(keyLength);

-  if (!rs.hasData(keyLength))

-    throw ConnFailedException("failed to generate DH private key");

-  rs.readBytes(bBytes.buf, keyLength);

-  nettle_mpz_set_str_256_u(b, keyLength, bBytes.buf);

-  mpz_powm(k, A, b, p);

-  mpz_powm(B, g, b, p);

-

-  rdr::U8Array sharedSecret(keyLength);

-  rdr::U8Array BBytes(keyLength);

-  nettle_mpz_get_str_256(keyLength, sharedSecret.buf, k);

-  nettle_mpz_get_str_256(keyLength, BBytes.buf, B);

-  rdr::U8 key[16];

-  struct md5_ctx md5Ctx;

-  md5_init(&md5Ctx);

-  md5_update(&md5Ctx, keyLength, sharedSecret.buf);

-  md5_digest(&md5Ctx, 16, key);

-  struct aes128_ctx aesCtx;

-  aes128_set_encrypt_key(&aesCtx, key);

-

-  char buf[128];

-  if (!rs.hasData(128))

-    throw ConnFailedException("failed to generate random padding");

-  rs.readBytes(buf, 128);

-  size_t len = strlen(username.buf);

-  if (len >= 64)

-    throw AuthFailureException("username is too long");

-  memcpy(buf, username.buf, len + 1);

-  len = strlen(password.buf);

-  if (len >= 64)

-    throw AuthFailureException("password is too long");

-  memcpy(buf + 64, password.buf, len + 1);

-  aes128_encrypt(&aesCtx, 128, (rdr::U8 *)buf, (rdr::U8 *)buf);

-

-  rdr::OutStream* os = cc->getOutStream();

-  os->writeBytes(buf, 128);

-  os->writeBytes(BBytes.buf, keyLength);

-  os->flush();

-}

+/* 
+ * Copyright (C) 2022 Dinglan Peng
+ *    
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
+ * USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifndef HAVE_NETTLE
+#error "This header should not be compiled without HAVE_NETTLE defined"
+#endif
+
+#include <stdlib.h>
+#ifndef WIN32
+#include <unistd.h>
+#endif
+#include <assert.h>
+
+#include <nettle/aes.h>
+#include <nettle/md5.h>
+#include <nettle/bignum.h>
+#include <rfb/CSecurityDH.h>
+#include <rfb/CConnection.h>
+#include <rdr/InStream.h>
+#include <rdr/OutStream.h>
+#include <rdr/RandomStream.h>
+#include <rfb/Exception.h>
+#include <os/os.h>
+
+using namespace rfb;
+
+const int MinKeyLength = 128;
+const int MaxKeyLength = 1024;
+
+CSecurityDH::CSecurityDH(CConnection* cc)
+  : CSecurity(cc), keyLength(0)
+{
+  mpz_init(g);
+  mpz_init(p);
+  mpz_init(A);
+  mpz_init(b);
+  mpz_init(B);
+  mpz_init(k);
+}
+
+CSecurityDH::~CSecurityDH()
+{
+  mpz_clear(g);
+  mpz_clear(p);
+  mpz_clear(A);
+  mpz_clear(b);
+  mpz_clear(B);
+  mpz_clear(k);
+}
+
+bool CSecurityDH::processMsg()
+{
+  if (readKey()) {
+    writeCredentials();
+    return true;
+  }
+  return false;
+}
+
+bool CSecurityDH::readKey()
+{
+  rdr::InStream* is = cc->getInStream();
+  if (!is->hasData(4))
+    return false;
+  is->setRestorePoint();
+  rdr::U16 gen = is->readU16();
+  keyLength = is->readU16();
+  if (keyLength < MinKeyLength)
+    throw AuthFailureException("DH key is too short");
+  if (keyLength > MaxKeyLength)
+    throw AuthFailureException("DH key is too long");
+  if (!is->hasDataOrRestore(keyLength * 2))
+    return false;
+  is->clearRestorePoint();
+  mpz_set_ui(g, gen);
+  rdr::U8Array pBytes(keyLength);
+  rdr::U8Array ABytes(keyLength);
+  is->readBytes(pBytes.buf, keyLength);
+  is->readBytes(ABytes.buf, keyLength);
+  nettle_mpz_set_str_256_u(p, keyLength, pBytes.buf);
+  nettle_mpz_set_str_256_u(A, keyLength, ABytes.buf);
+  return true;
+}
+
+void CSecurityDH::writeCredentials()
+{
+  CharArray username;
+  CharArray password;
+  rdr::RandomStream rs;
+
+  (CSecurity::upg)->getUserPasswd(isSecure(), &username.buf, &password.buf);
+  rdr::U8Array bBytes(keyLength);
+  if (!rs.hasData(keyLength))
+    throw ConnFailedException("failed to generate DH private key");
+  rs.readBytes(bBytes.buf, keyLength);
+  nettle_mpz_set_str_256_u(b, keyLength, bBytes.buf);
+  mpz_powm(k, A, b, p);
+  mpz_powm(B, g, b, p);
+
+  rdr::U8Array sharedSecret(keyLength);
+  rdr::U8Array BBytes(keyLength);
+  nettle_mpz_get_str_256(keyLength, sharedSecret.buf, k);
+  nettle_mpz_get_str_256(keyLength, BBytes.buf, B);
+  rdr::U8 key[16];
+  struct md5_ctx md5Ctx;
+  md5_init(&md5Ctx);
+  md5_update(&md5Ctx, keyLength, sharedSecret.buf);
+  md5_digest(&md5Ctx, 16, key);
+  struct aes128_ctx aesCtx;
+  aes128_set_encrypt_key(&aesCtx, key);
+
+  char buf[128];
+  if (!rs.hasData(128))
+    throw ConnFailedException("failed to generate random padding");
+  rs.readBytes(buf, 128);
+  size_t len = strlen(username.buf);
+  if (len >= 64)
+    throw AuthFailureException("username is too long");
+  memcpy(buf, username.buf, len + 1);
+  len = strlen(password.buf);
+  if (len >= 64)
+    throw AuthFailureException("password is too long");
+  memcpy(buf + 64, password.buf, len + 1);
+  aes128_encrypt(&aesCtx, 128, (rdr::U8 *)buf, (rdr::U8 *)buf);
+
+  rdr::OutStream* os = cc->getOutStream();
+  os->writeBytes(buf, 128);
+  os->writeBytes(BBytes.buf, keyLength);
+  os->flush();
+}
diff --git a/common/rfb/CSecurityDH.h b/common/rfb/CSecurityDH.h
index af1ec1f5..d0e5e894 100644
--- a/common/rfb/CSecurityDH.h
+++ b/common/rfb/CSecurityDH.h
@@ -1,49 +1,49 @@
-/* 

- * Copyright (C) 2022 Dinglan Peng

- *    

- * This is free software; you can redistribute it and/or modify

- * it under the terms of the GNU General Public License as published by

- * the Free Software Foundation; either version 2 of the License, or

- * (at your option) any later version.

- * 

- * This software is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU General Public License for more details.

- * 

- * You should have received a copy of the GNU General Public License

- * along with this software; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,

- * USA.

- */

-

-#ifndef __C_SECURITY_DH_H__

-#define __C_SECURITY_DH_H__

-

-#ifndef HAVE_NETTLE

-#error "This header should not be compiled without HAVE_NETTLE defined"

-#endif

-

-#include <nettle/bignum.h>

-#include <rfb/CSecurity.h>

-#include <rfb/Security.h>

-

-namespace rfb {

-  class CSecurityDH : public CSecurity {

-  public:

-    CSecurityDH(CConnection* cc);

-    virtual ~CSecurityDH();

-    virtual bool processMsg();

-    virtual int getType() const { return secTypeDH; }

-    virtual bool isSecure() const { return false; }

-

-  private:

-    bool readKey();

-    void writeCredentials();

-

-    int keyLength;

-    mpz_t g, p, A, b, B, k;

-  };

-}

-

-#endif

+/* 
+ * Copyright (C) 2022 Dinglan Peng
+ *    
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
+ * USA.
+ */
+
+#ifndef __C_SECURITY_DH_H__
+#define __C_SECURITY_DH_H__
+
+#ifndef HAVE_NETTLE
+#error "This header should not be compiled without HAVE_NETTLE defined"
+#endif
+
+#include <nettle/bignum.h>
+#include <rfb/CSecurity.h>
+#include <rfb/Security.h>
+
+namespace rfb {
+  class CSecurityDH : public CSecurity {
+  public:
+    CSecurityDH(CConnection* cc);
+    virtual ~CSecurityDH();
+    virtual bool processMsg();
+    virtual int getType() const { return secTypeDH; }
+    virtual bool isSecure() const { return false; }
+
+  private:
+    bool readKey();
+    void writeCredentials();
+
+    int keyLength;
+    mpz_t g, p, A, b, B, k;
+  };
+}
+
+#endif
diff --git a/common/rfb/CSecurityMSLogonII.cxx b/common/rfb/CSecurityMSLogonII.cxx
index e9b7d621..a1faab85 100644
--- a/common/rfb/CSecurityMSLogonII.cxx
+++ b/common/rfb/CSecurityMSLogonII.cxx
@@ -1,151 +1,151 @@
-/* 

- * Copyright (C) 2022 Dinglan Peng

- *    

- * This is free software; you can redistribute it and/or modify

- * it under the terms of the GNU General Public License as published by

- * the Free Software Foundation; either version 2 of the License, or

- * (at your option) any later version.

- * 

- * This software is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU General Public License for more details.

- * 

- * You should have received a copy of the GNU General Public License

- * along with this software; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,

- * USA.

- */

-

-#ifdef HAVE_CONFIG_H

-#include <config.h>

-#endif

-

-#ifndef HAVE_NETTLE

-#error "This header should not be compiled without HAVE_NETTLE defined"

-#endif

-

-#include <stdlib.h>

-#ifndef WIN32

-#include <unistd.h>

-#endif

-#include <assert.h>

-

-#include <nettle/des.h>

-#include <nettle/cbc.h>

-#include <nettle/bignum.h>

-#include <rfb/CSecurityMSLogonII.h>

-#include <rfb/CConnection.h>

-#include <rdr/InStream.h>

-#include <rdr/OutStream.h>

-#include <rdr/RandomStream.h>

-#include <rfb/Exception.h>

-#include <os/os.h>

-

-using namespace rfb;

-

-CSecurityMSLogonII::CSecurityMSLogonII(CConnection* cc)

-  : CSecurity(cc)

-{

-  mpz_init(g);

-  mpz_init(p);

-  mpz_init(A);

-  mpz_init(b);

-  mpz_init(B);

-  mpz_init(k);

-}

-

-CSecurityMSLogonII::~CSecurityMSLogonII()

-{

-  mpz_clear(g);

-  mpz_clear(p);

-  mpz_clear(A);

-  mpz_clear(b);

-  mpz_clear(B);

-  mpz_clear(k);

-}

-

-bool CSecurityMSLogonII::processMsg()

-{

-  if (readKey()) {

-    writeCredentials();

-    return true;

-  }

-  return false;

-}

-

-bool CSecurityMSLogonII::readKey()

-{

-  rdr::InStream* is = cc->getInStream();

-  if (!is->hasData(24))

-    return false;

-  rdr::U8 gBytes[8];

-  rdr::U8 pBytes[8];

-  rdr::U8 ABytes[8];

-  is->readBytes(gBytes, 8);

-  is->readBytes(pBytes, 8);

-  is->readBytes(ABytes, 8);

-  nettle_mpz_set_str_256_u(g, 8, gBytes);

-  nettle_mpz_set_str_256_u(p, 8, pBytes);

-  nettle_mpz_set_str_256_u(A, 8, ABytes);

-  return true;

-}

-

-void CSecurityMSLogonII::writeCredentials()

-{

-  CharArray username;

-  CharArray password;

-  rdr::RandomStream rs;

-

-  (CSecurity::upg)->getUserPasswd(isSecure(), &username.buf, &password.buf);

-  rdr::U8Array bBytes(8);

-  if (!rs.hasData(8))

-    throw ConnFailedException("failed to generate DH private key");

-  rs.readBytes(bBytes.buf, 8);

-  nettle_mpz_set_str_256_u(b, 8, bBytes.buf);

-  mpz_powm(k, A, b, p);

-  mpz_powm(B, g, b, p);

-

-  rdr::U8 key[8];

-  rdr::U8 reversedKey[8];

-  rdr::U8 BBytes[8];

-  rdr::U8 user[256];

-  rdr::U8 pass[64];

-  nettle_mpz_get_str_256(8, key, k);

-  nettle_mpz_get_str_256(8, BBytes, B);

-  for (int i = 0; i < 8; ++i) {

-    rdr::U8 x = 0;

-    for (int j = 0; j < 8; ++j) {

-      x |= ((key[i] >> j) & 1) << (7 - j);

-    }

-    reversedKey[i] = x;

-  }

-

-  if (!rs.hasData(256 + 64))

-    throw ConnFailedException("failed to generate random padding");

-  rs.readBytes(user, 256);

-  rs.readBytes(pass, 64);

-  size_t len = strlen(username.buf);

-  if (len >= 256)

-    throw AuthFailureException("username is too long");

-  memcpy(user, username.buf, len + 1);

-  len = strlen(password.buf);

-  if (len >= 64)

-    throw AuthFailureException("password is too long");

-  memcpy(pass, password.buf, len + 1);

-

-  // DES-CBC with the original key as IV, and the reversed one as the DES key

-  struct CBC_CTX(struct des_ctx, DES_BLOCK_SIZE) ctx;

-  des_fix_parity(8, reversedKey, reversedKey);

-  des_set_key(&ctx.ctx, reversedKey);

-  CBC_SET_IV(&ctx, key);

-  CBC_ENCRYPT(&ctx, des_encrypt, 256, user, user);

-  CBC_SET_IV(&ctx, key);

-  CBC_ENCRYPT(&ctx, des_encrypt, 64, pass, pass);

-

-  rdr::OutStream* os = cc->getOutStream();

-  os->writeBytes(BBytes, 8);

-  os->writeBytes(user, 256);

-  os->writeBytes(pass, 64);

-  os->flush();

-}

+/* 
+ * Copyright (C) 2022 Dinglan Peng
+ *    
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
+ * USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifndef HAVE_NETTLE
+#error "This header should not be compiled without HAVE_NETTLE defined"
+#endif
+
+#include <stdlib.h>
+#ifndef WIN32
+#include <unistd.h>
+#endif
+#include <assert.h>
+
+#include <nettle/des.h>
+#include <nettle/cbc.h>
+#include <nettle/bignum.h>
+#include <rfb/CSecurityMSLogonII.h>
+#include <rfb/CConnection.h>
+#include <rdr/InStream.h>
+#include <rdr/OutStream.h>
+#include <rdr/RandomStream.h>
+#include <rfb/Exception.h>
+#include <os/os.h>
+
+using namespace rfb;
+
+CSecurityMSLogonII::CSecurityMSLogonII(CConnection* cc)
+  : CSecurity(cc)
+{
+  mpz_init(g);
+  mpz_init(p);
+  mpz_init(A);
+  mpz_init(b);
+  mpz_init(B);
+  mpz_init(k);
+}
+
+CSecurityMSLogonII::~CSecurityMSLogonII()
+{
+  mpz_clear(g);
+  mpz_clear(p);
+  mpz_clear(A);
+  mpz_clear(b);
+  mpz_clear(B);
+  mpz_clear(k);
+}
+
+bool CSecurityMSLogonII::processMsg()
+{
+  if (readKey()) {
+    writeCredentials();
+    return true;
+  }
+  return false;
+}
+
+bool CSecurityMSLogonII::readKey()
+{
+  rdr::InStream* is = cc->getInStream();
+  if (!is->hasData(24))
+    return false;
+  rdr::U8 gBytes[8];
+  rdr::U8 pBytes[8];
+  rdr::U8 ABytes[8];
+  is->readBytes(gBytes, 8);
+  is->readBytes(pBytes, 8);
+  is->readBytes(ABytes, 8);
+  nettle_mpz_set_str_256_u(g, 8, gBytes);
+  nettle_mpz_set_str_256_u(p, 8, pBytes);
+  nettle_mpz_set_str_256_u(A, 8, ABytes);
+  return true;
+}
+
+void CSecurityMSLogonII::writeCredentials()
+{
+  CharArray username;
+  CharArray password;
+  rdr::RandomStream rs;
+
+  (CSecurity::upg)->getUserPasswd(isSecure(), &username.buf, &password.buf);
+  rdr::U8Array bBytes(8);
+  if (!rs.hasData(8))
+    throw ConnFailedException("failed to generate DH private key");
+  rs.readBytes(bBytes.buf, 8);
+  nettle_mpz_set_str_256_u(b, 8, bBytes.buf);
+  mpz_powm(k, A, b, p);
+  mpz_powm(B, g, b, p);
+
+  rdr::U8 key[8];
+  rdr::U8 reversedKey[8];
+  rdr::U8 BBytes[8];
+  rdr::U8 user[256];
+  rdr::U8 pass[64];
+  nettle_mpz_get_str_256(8, key, k);
+  nettle_mpz_get_str_256(8, BBytes, B);
+  for (int i = 0; i < 8; ++i) {
+    rdr::U8 x = 0;
+    for (int j = 0; j < 8; ++j) {
+      x |= ((key[i] >> j) & 1) << (7 - j);
+    }
+    reversedKey[i] = x;
+  }
+
+  if (!rs.hasData(256 + 64))
+    throw ConnFailedException("failed to generate random padding");
+  rs.readBytes(user, 256);
+  rs.readBytes(pass, 64);
+  size_t len = strlen(username.buf);
+  if (len >= 256)
+    throw AuthFailureException("username is too long");
+  memcpy(user, username.buf, len + 1);
+  len = strlen(password.buf);
+  if (len >= 64)
+    throw AuthFailureException("password is too long");
+  memcpy(pass, password.buf, len + 1);
+
+  // DES-CBC with the original key as IV, and the reversed one as the DES key
+  struct CBC_CTX(struct des_ctx, DES_BLOCK_SIZE) ctx;
+  des_fix_parity(8, reversedKey, reversedKey);
+  des_set_key(&ctx.ctx, reversedKey);
+  CBC_SET_IV(&ctx, key);
+  CBC_ENCRYPT(&ctx, des_encrypt, 256, user, user);
+  CBC_SET_IV(&ctx, key);
+  CBC_ENCRYPT(&ctx, des_encrypt, 64, pass, pass);
+
+  rdr::OutStream* os = cc->getOutStream();
+  os->writeBytes(BBytes, 8);
+  os->writeBytes(user, 256);
+  os->writeBytes(pass, 64);
+  os->flush();
+}
diff --git a/common/rfb/CSecurityMSLogonII.h b/common/rfb/CSecurityMSLogonII.h
index 28f0c752..f7c83a3e 100644
--- a/common/rfb/CSecurityMSLogonII.h
+++ b/common/rfb/CSecurityMSLogonII.h
@@ -1,48 +1,48 @@
-/* 

- * Copyright (C) 2022 Dinglan Peng

- *    

- * This is free software; you can redistribute it and/or modify

- * it under the terms of the GNU General Public License as published by

- * the Free Software Foundation; either version 2 of the License, or

- * (at your option) any later version.

- * 

- * This software is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU General Public License for more details.

- * 

- * You should have received a copy of the GNU General Public License

- * along with this software; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,

- * USA.

- */

-

-#ifndef __C_SECURITY_MSLOGONII_H__

-#define __C_SECURITY_MSLOGONII_H__

-

-#ifndef HAVE_NETTLE

-#error "This header should not be compiled without HAVE_NETTLE defined"

-#endif

-

-#include <nettle/bignum.h>

-#include <rfb/CSecurity.h>

-#include <rfb/Security.h>

-

-namespace rfb {

-  class CSecurityMSLogonII : public CSecurity {

-  public:

-    CSecurityMSLogonII(CConnection* cc);

-    virtual ~CSecurityMSLogonII();

-    virtual bool processMsg();

-    virtual int getType() const { return secTypeMSLogonII; }

-    virtual bool isSecure() const { return false; }

-

-  private:

-    bool readKey();

-    void writeCredentials();

-

-    mpz_t g, p, A, b, B, k;

-  };

-}

-

-#endif

+/* 
+ * Copyright (C) 2022 Dinglan Peng
+ *    
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
+ * USA.
+ */
+
+#ifndef __C_SECURITY_MSLOGONII_H__
+#define __C_SECURITY_MSLOGONII_H__
+
+#ifndef HAVE_NETTLE
+#error "This header should not be compiled without HAVE_NETTLE defined"
+#endif
+
+#include <nettle/bignum.h>
+#include <rfb/CSecurity.h>
+#include <rfb/Security.h>
+
+namespace rfb {
+  class CSecurityMSLogonII : public CSecurity {
+  public:
+    CSecurityMSLogonII(CConnection* cc);
+    virtual ~CSecurityMSLogonII();
+    virtual bool processMsg();
+    virtual int getType() const { return secTypeMSLogonII; }
+    virtual bool isSecure() const { return false; }
+
+  private:
+    bool readKey();
+    void writeCredentials();
+
+    mpz_t g, p, A, b, B, k;
+  };
+}
+
+#endif
diff --git a/java/com/jcraft/jzlib/ZStreamException.java b/java/com/jcraft/jzlib/ZStreamException.java
index 424b74b7..308bb8a1 100644
--- a/java/com/jcraft/jzlib/ZStreamException.java
+++ b/java/com/jcraft/jzlib/ZStreamException.java
@@ -1,44 +1,44 @@
-/* -*-mode:java; c-basic-offset:2; -*- */

-/*

-Copyright (c) 2000,2001,2002,2003 ymnk, JCraft,Inc. All rights reserved.

-

-Redistribution and use in source and binary forms, with or without

-modification, are permitted provided that the following conditions are met:

-

-  1. Redistributions of source code must retain the above copyright notice,

-     this list of conditions and the following disclaimer.

-

-  2. Redistributions in binary form must reproduce the above copyright 

-     notice, this list of conditions and the following disclaimer in 

-     the documentation and/or other materials provided with the distribution.

-

-  3. The names of the authors may not be used to endorse or promote products

-     derived from this software without specific prior written permission.

-

-THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,

-INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND

-FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JCRAFT,

-INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,

-INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,

-OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

-LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,

-EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

- */

-/*

- * This program is based on zlib-1.1.3, so all credit should go authors

- * Jean-loup Gailly(jloup@gzip.org) and Mark Adler(madler@alumni.caltech.edu)

- * and contributors of zlib.

- */

-

-package com.jcraft.jzlib;

-

-public class ZStreamException extends java.io.IOException {

-  public ZStreamException() {

-    super();

-  }

-  public ZStreamException(String s) {

-    super(s);

-  }

-}

+/* -*-mode:java; c-basic-offset:2; -*- */
+/*
+Copyright (c) 2000,2001,2002,2003 ymnk, JCraft,Inc. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+  1. Redistributions of source code must retain the above copyright notice,
+     this list of conditions and the following disclaimer.
+
+  2. Redistributions in binary form must reproduce the above copyright 
+     notice, this list of conditions and the following disclaimer in 
+     the documentation and/or other materials provided with the distribution.
+
+  3. The names of the authors may not be used to endorse or promote products
+     derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JCRAFT,
+INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+/*
+ * This program is based on zlib-1.1.3, so all credit should go authors
+ * Jean-loup Gailly(jloup@gzip.org) and Mark Adler(madler@alumni.caltech.edu)
+ * and contributors of zlib.
+ */
+
+package com.jcraft.jzlib;
+
+public class ZStreamException extends java.io.IOException {
+  public ZStreamException() {
+    super();
+  }
+  public ZStreamException(String s) {
+    super(s);
+  }
+}