diff --git a/libfreerdp/core/fastpath.c b/libfreerdp/core/fastpath.c index a6805e240..83f1c5ce8 100644 --- a/libfreerdp/core/fastpath.c +++ b/libfreerdp/core/fastpath.c @@ -46,6 +46,18 @@ #define TAG FREERDP_TAG("core.fastpath") +enum FASTPATH_INPUT_ENCRYPTION_FLAGS +{ + FASTPATH_INPUT_SECURE_CHECKSUM = 0x1, + FASTPATH_INPUT_ENCRYPTED = 0x2 +}; + +enum FASTPATH_OUTPUT_ENCRYPTION_FLAGS +{ + FASTPATH_OUTPUT_SECURE_CHECKSUM = 0x1, + FASTPATH_OUTPUT_ENCRYPTED = 0x2 +}; + struct rdp_fastpath { rdpRdp* rdp; @@ -1195,8 +1207,10 @@ BOOL fastpath_send_update_pdu(rdpFastPath* fastpath, BYTE updateCode, wStream* s fpUpdatePduHeader.length = fpUpdateHeader.size + fpHeaderSize + pad; Stream_SetPosition(fs, 0); - fastpath_write_update_pdu_header(fs, &fpUpdatePduHeader, rdp); - fastpath_write_update_header(fs, &fpUpdateHeader); + if (!fastpath_write_update_pdu_header(fs, &fpUpdatePduHeader, rdp)) + return FALSE; + if (!fastpath_write_update_header(fs, &fpUpdateHeader)) + return FALSE; if (!Stream_CheckAndLogRequiredCapacity(TAG, (fs), (size_t)DstSize + pad)) return FALSE; @@ -1284,3 +1298,20 @@ BYTE fastpath_get_encryption_flags(rdpFastPath* fastpath) WINPR_ASSERT(fastpath); return fastpath->encryptionFlags; } + +BOOL fastpath_decrypt(rdpFastPath* fastpath, wStream* s, UINT16* length) +{ + WINPR_ASSERT(fastpath); + if (fastpath_get_encryption_flags(fastpath) & FASTPATH_OUTPUT_ENCRYPTED) + { + const UINT16 flags = + (fastpath_get_encryption_flags(fastpath) & FASTPATH_OUTPUT_SECURE_CHECKSUM) + ? SEC_SECURE_CHECKSUM + : 0; + + if (!rdp_decrypt(fastpath->rdp, s, length, flags)) + return FALSE; + } + + return TRUE; +} diff --git a/libfreerdp/core/fastpath.h b/libfreerdp/core/fastpath.h index 8f396f093..d2d01aab3 100644 --- a/libfreerdp/core/fastpath.h +++ b/libfreerdp/core/fastpath.h @@ -55,18 +55,6 @@ enum FASTPATH_OUTPUT_ACTION_TYPE FASTPATH_OUTPUT_ACTION_X224 = 0x3 }; -enum FASTPATH_INPUT_ENCRYPTION_FLAGS -{ - FASTPATH_INPUT_SECURE_CHECKSUM = 0x1, - FASTPATH_INPUT_ENCRYPTED = 0x2 -}; - -enum FASTPATH_OUTPUT_ENCRYPTION_FLAGS -{ - FASTPATH_OUTPUT_SECURE_CHECKSUM = 0x1, - FASTPATH_OUTPUT_ENCRYPTED = 0x2 -}; - enum FASTPATH_UPDATETYPE { FASTPATH_UPDATETYPE_ORDERS = 0x0, @@ -142,6 +130,8 @@ FREERDP_LOCAL BOOL fastpath_read_header_rdp(rdpFastPath* fastpath, wStream* s, U FREERDP_LOCAL int fastpath_recv_updates(rdpFastPath* fastpath, wStream* s); FREERDP_LOCAL int fastpath_recv_inputs(rdpFastPath* fastpath, wStream* s); +FREERDP_LOCAL BOOL fastpath_decrypt(rdpFastPath* fastpath, wStream* s, UINT16* length); + FREERDP_LOCAL wStream* fastpath_input_pdu_init_header(rdpFastPath* fastpath); FREERDP_LOCAL wStream* fastpath_input_pdu_init(rdpFastPath* fastpath, BYTE eventFlags, BYTE eventCode); diff --git a/libfreerdp/core/peer.c b/libfreerdp/core/peer.c index 692d89ac4..f04eb869b 100644 --- a/libfreerdp/core/peer.c +++ b/libfreerdp/core/peer.c @@ -676,14 +676,8 @@ static state_run_t peer_recv_fastpath_pdu(freerdp_peer* client, wStream* s) if (!Stream_CheckAndLogRequiredLength(TAG, s, length)) return STATE_RUN_FAILED; - if (fastpath_get_encryption_flags(fastpath) & FASTPATH_OUTPUT_ENCRYPTED) - { - if (!rdp_decrypt(rdp, s, &length, - (fastpath_get_encryption_flags(fastpath) & FASTPATH_OUTPUT_SECURE_CHECKSUM) - ? SEC_SECURE_CHECKSUM - : 0)) - return STATE_RUN_FAILED; - } + if (!fastpath_decrypt(fastpath, s, &length)) + return STATE_RUN_FAILED; rdp->inPackets++; diff --git a/libfreerdp/core/rdp.c b/libfreerdp/core/rdp.c index 78ba49326..1c1ffdb29 100644 --- a/libfreerdp/core/rdp.c +++ b/libfreerdp/core/rdp.c @@ -1619,18 +1619,8 @@ static state_run_t rdp_recv_fastpath_pdu(rdpRdp* rdp, wStream* s) rdp->autodetect->bandwidthMeasureByteCount += length; } - if (fastpath_get_encryption_flags(fastpath) & FASTPATH_OUTPUT_ENCRYPTED) - { - UINT16 flags = (fastpath_get_encryption_flags(fastpath) & FASTPATH_OUTPUT_SECURE_CHECKSUM) - ? SEC_SECURE_CHECKSUM - : 0; - - if (!rdp_decrypt(rdp, s, &length, flags)) - { - WLog_ERR(TAG, "rdp_recv_fastpath_pdu: rdp_decrypt() fail"); - return STATE_RUN_FAILED; - } - } + if (!fastpath_decrypt(fastpath, s, &length)) + return STATE_RUN_FAILED; return fastpath_recv_updates(rdp->fastpath, s); }