libfreerdp-core: started certificate parsing

libfreerdp-core/CMakeLists.txt

@@ -41,6 +41,8 @@ set(LIBFREERDP_CORE_SRCS
 	security.c
 	security.h
 	settings.c
+	certificate.c
+	certificate.h
 	connection.c
 	connection.h
 	redirection.c

libfreerdp-core/certificate.c

@@ -0,0 +1,154 @@
+/**
+ * FreeRDP: A Remote Desktop Protocol Client
+ * Certificate Handling
+ *
+ * Copyright 2011 Marc-Andre Moreau <marcandre.moreau@gmail.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "certificate.h"
+
+X509_CERT_CHAIN* certificate_new_x509_certificate_chain(uint32 count)
+{
+	X509_CERT_CHAIN* x509_cert_chain;
+
+	x509_cert_chain = (X509_CERT_CHAIN*) xmalloc(sizeof(X509_CERT_CHAIN));
+
+	x509_cert_chain->count = count;
+	x509_cert_chain->array = (CERT_BLOB*) xzalloc(sizeof(CERT_BLOB) * count);
+
+	return x509_cert_chain;
+}
+
+void certificate_free_x509_certificate_chain(X509_CERT_CHAIN* x509_cert_chain)
+{
+	int i;
+
+	if (x509_cert_chain == NULL)
+		return;
+
+	for (i = 0; i < x509_cert_chain->count; i++)
+	{
+		if (x509_cert_chain->array[i].data != NULL)
+			xfree(x509_cert_chain->array[i].data);
+	}
+
+	xfree(x509_cert_chain);
+}
+
+void certificate_read_server_proprietary_certificate(rdpCertificate* certificate, STREAM* s)
+{
+	printf("Server Proprietary Certificate\n");
+}
+
+void certificate_read_server_x509_certificate_chain(rdpCertificate* certificate, STREAM* s)
+{
+	int i;
+	uint32 certLength;
+	uint32 numCertBlobs;
+
+	printf("\nServer X.509 Certificate Chain\n");
+
+	stream_read_uint32(s, numCertBlobs); /* numCertBlobs */
+
+	certificate->x509_cert_chain = certificate_new_x509_certificate_chain(numCertBlobs);
+
+	for (i = 0; i < numCertBlobs; i++)
+	{
+		stream_read_uint32(s, certLength);
+
+		printf("\nX.509 Certificate #%d, length:%d", i + 1, certLength);
+
+		if (numCertBlobs - i == 2)
+			printf(", License Server Certificate\n");
+		else if (numCertBlobs - i == 1)
+			printf(", Terminal Server Certificate\n");
+		else
+			printf("\n");
+
+		certificate->x509_cert_chain->array[i].data = (uint8*) xmalloc(certLength);
+		stream_read(s, certificate->x509_cert_chain->array[i].data, certLength);
+		certificate->x509_cert_chain->array[i].length = certLength;
+
+		freerdp_hexdump(certificate->x509_cert_chain->array[i].data, certificate->x509_cert_chain->array[i].length);
+	}
+}
+
+void certificate_read_server_certificate(rdpCertificate* certificate, uint8* server_cert, int length)
+{
+	STREAM* s;
+	uint32 dwVersion;
+
+	s = stream_new(0);
+	s->p = s->data = server_cert;
+
+	if (length < 1)
+	{
+		printf("null server certificate\n");
+		return;
+	}
+
+	stream_read_uint32(s, dwVersion); /* dwVersion (4 bytes) */
+
+	switch (dwVersion & CERT_CHAIN_VERSION_MASK)
+	{
+		case CERT_CHAIN_VERSION_1:
+			certificate_read_server_proprietary_certificate(certificate, s);
+			break;
+
+		case CERT_CHAIN_VERSION_2:
+			certificate_read_server_x509_certificate_chain(certificate, s);
+			break;
+
+		default:
+			printf("invalid certificate chain version:%d\n", dwVersion & CERT_CHAIN_VERSION_MASK);
+			break;
+	}
+}
+
+/**
+ * Instantiate new certificate module.\n
+ * @param rdp RDP module
+ * @return new certificate module
+ */
+
+rdpCertificate* certificate_new(rdpRdp* rdp)
+{
+	rdpCertificate* certificate;
+
+	certificate = (rdpCertificate*) xzalloc(sizeof(rdpCertificate));
+
+	if (certificate != NULL)
+	{
+		certificate->rdp = rdp;
+		certificate->x509_cert_chain = NULL;
+	}
+
+	return certificate;
+}
+
+/**
+ * Free certificate module.
+ * @param certificate certificate module to be freed
+ */
+
+void certificate_free(rdpCertificate* certificate)
+{
+	if (certificate != NULL)
+	{
+		certificate_free_x509_certificate_chain(certificate->x509_cert_chain);
+		xfree(certificate);
+	}
+}
+

libfreerdp-core/certificate.h

@@ -0,0 +1,66 @@
+/**
+ * FreeRDP: A Remote Desktop Protocol Client
+ * Certificate Handling
+ *
+ * Copyright 2011 Marc-Andre Moreau <marcandre.moreau@gmail.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __CERTIFICATE_H
+#define __CERTIFICATE_H
+
+typedef struct rdp_certificate rdpCertificate;
+
+#include "rdp.h"
+#include "crypto.h"
+
+#include <freerdp/utils/stream.h>
+#include <freerdp/utils/hexdump.h>
+
+/* Certificate Version */
+#define CERT_CHAIN_VERSION_1		0x00000001
+#define CERT_CHAIN_VERSION_2		0x00000002
+#define CERT_CHAIN_VERSION_MASK		0x7FFFFFFF
+#define CERT_PERMANENTLY_ISSUED		0x00000000
+#define CERT_TEMPORARILY_ISSUED		0x80000000
+
+typedef struct
+{
+	uint32 length;
+	uint8* data;
+} CERT_BLOB;
+
+typedef struct
+{
+	uint32 count;
+	CERT_BLOB* array;
+} X509_CERT_CHAIN;
+
+struct rdp_certificate
+{
+	struct rdp_rdp* rdp;
+	X509_CERT_CHAIN* x509_cert_chain;
+};
+
+X509_CERT_CHAIN* certificate_new_x509_certificate_chain(uint32 count);
+void certificate_free_x509_certificate_chain(X509_CERT_CHAIN* x509_cert_chain);
+
+void certificate_read_server_proprietary_certificate(rdpCertificate* certificate, STREAM* s);
+void certificate_read_server_x509_certificate_chain(rdpCertificate* certificate, STREAM* s);
+void certificate_read_server_certificate(rdpCertificate* certificate, uint8* server_cert, int length);
+
+rdpCertificate* certificate_new(rdpRdp* rdp);
+void certificate_free(rdpCertificate* certificate);
+
+#endif /* __CERTIFICATE_H */

libfreerdp-core/license.c

@@ -404,6 +404,10 @@ void license_read_license_request_packet(rdpLicense* license, STREAM* s)
 
 	/* ScopeList */
 	license_read_scope_list(s, license->scope_list);
+
+	/* Parse Server Certificate */
+	certificate_read_server_certificate(license->certificate,
+			license->server_certificate->data, license->server_certificate->length);
 }
 
 /**
@@ -561,6 +565,7 @@ void license_send_platform_challenge_response_packet(rdpLicense* license)
 
 /**
  * Instantiate new license module.
+ * @param rdp RDP module
  * @return new license module
  */
 
@@ -573,6 +578,7 @@ rdpLicense* license_new(rdpRdp* rdp)
 	if (license != NULL)
 	{
 		license->rdp = rdp;
+		license->certificate = certificate_new(rdp);
 		license->product_info = license_new_product_info();
 		license->key_exchange_list = license_new_binary_blob(BB_KEY_EXCHG_ALG_BLOB);
 		license->server_certificate = license_new_binary_blob(BB_CERTIFICATE_BLOB);
@@ -594,6 +600,7 @@ void license_free(rdpLicense* license)
 {
 	if (license != NULL)
 	{
+		certificate_free(license->certificate);
 		license_free_product_info(license->product_info);
 		license_free_binary_blob(license->key_exchange_list);
 		license_free_binary_blob(license->server_certificate);

libfreerdp-core/license.h

@@ -24,6 +24,7 @@ typedef struct rdp_license rdpLicense;
 
 #include "rdp.h"
 #include "crypto.h"
+#include "certificate.h"
 
 #include <freerdp/freerdp.h>
 #include <freerdp/utils/debug.h>
@@ -104,6 +105,7 @@ typedef struct
 struct rdp_license
 {
 	struct rdp_rdp* rdp;
+	struct rdp_certificate* certificate;
 	uint8 hwid[HWID_LENGTH];
 	uint8 client_random[CLIENT_RANDOM_LENGTH];
 	uint8 server_random[SERVER_RANDOM_LENGTH];