2 * FreeRDP: A Remote Desktop Protocol Client
3 * Credential Security Support Provider (CredSSP)
5 * Copyright 2010 Marc-Andre Moreau <marcandre.moreau@gmail.com>
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
29 * TSRequest ::= SEQUENCE {
30 * version [0] INTEGER,
31 * negoTokens [1] NegoData OPTIONAL,
32 * authInfo [2] OCTET STRING OPTIONAL,
33 * pubKeyAuth [3] OCTET STRING OPTIONAL
36 * NegoData ::= SEQUENCE OF NegoDataItem
38 * NegoDataItem ::= SEQUENCE {
39 * negoToken [0] OCTET STRING
42 * TSCredentials ::= SEQUENCE {
43 * credType [0] INTEGER,
44 * credentials [1] OCTET STRING
47 * TSPasswordCreds ::= SEQUENCE {
48 * domainName [0] OCTET STRING,
49 * userName [1] OCTET STRING,
50 * password [2] OCTET STRING
53 * TSSmartCardCreds ::= SEQUENCE {
54 * pin [0] OCTET STRING,
55 * cspData [1] TSCspDataDetail,
56 * userHint [2] OCTET STRING OPTIONAL,
57 * domainHint [3] OCTET STRING OPTIONAL
60 * TSCspDataDetail ::= SEQUENCE {
61 * keySpec [0] INTEGER,
62 * cardName [1] OCTET STRING OPTIONAL,
63 * readerName [2] OCTET STRING OPTIONAL,
64 * containerName [3] OCTET STRING OPTIONAL,
65 * cspName [4] OCTET STRING OPTIONAL
71 * Initialize NTLMSSP authentication module.
75 int credssp_ntlmssp_init(rdpCredssp* credssp)
78 NTLMSSP* ntlmssp = credssp->ntlmssp;
79 rdpSettings* settings = credssp->transport->settings;
80 instance = (freerdp*) settings->instance;
82 if ((settings->password == NULL) || (settings->username == NULL))
84 if(instance->Authenticate)
86 boolean proceed = instance->Authenticate(instance,
87 &settings->username, &settings->password, &settings->domain);
93 if (settings->ntlm_version == 2)
96 ntlmssp_set_password(ntlmssp, settings->password);
97 ntlmssp_set_username(ntlmssp, settings->username);
101 ntlmssp_set_workstation(ntlmssp, "WORKSTATION");
104 if (settings->domain != NULL)
106 if (strlen(settings->domain) > 0)
107 ntlmssp_set_domain(ntlmssp, settings->domain);
111 ntlmssp_set_domain(ntlmssp, NULL);
114 ntlmssp_generate_client_challenge(ntlmssp);
115 ntlmssp_generate_random_session_key(ntlmssp);
116 ntlmssp_generate_exported_session_key(ntlmssp);
122 * Get TLS public key.
126 int credssp_get_public_key(rdpCredssp* credssp)
131 cert = tls_get_certificate(credssp->transport->tls);
135 printf("credssp_get_public_key: tls_get_certificate failed to return the server certificate.\n");
139 if (!tls_verify_certificate(credssp->transport->tls, cert, credssp->transport->settings->hostname))
140 tls_disconnect(credssp->transport->tls);
142 status = crypto_cert_get_public_key(cert, &credssp->public_key);
143 crypto_cert_free(cert);
149 * Authenticate with server using CredSSP.
151 * @return 1 if authentication is successful
154 int credssp_authenticate(rdpCredssp* credssp)
156 NTLMSSP* ntlmssp = credssp->ntlmssp;
157 STREAM* s = stream_new(0);
158 uint8* negoTokenBuffer = (uint8*) xmalloc(2048);
160 if (credssp_ntlmssp_init(credssp) == 0)
163 if (credssp_get_public_key(credssp) == 0)
166 /* NTLMSSP NEGOTIATE MESSAGE */
167 stream_attach(s, negoTokenBuffer, 2048);
168 ntlmssp_send(ntlmssp, s);
169 credssp->negoToken.data = stream_get_head(s);
170 credssp->negoToken.length = stream_get_length(s);
171 credssp_send(credssp, &credssp->negoToken, NULL, NULL);
173 /* NTLMSSP CHALLENGE MESSAGE */
174 if (credssp_recv(credssp, &credssp->negoToken, NULL, NULL) < 0)
177 stream_attach(s, credssp->negoToken.data, credssp->negoToken.length);
178 ntlmssp_recv(ntlmssp, s);
180 freerdp_blob_free(&credssp->negoToken);
182 /* NTLMSSP AUTHENTICATE MESSAGE */
183 stream_attach(s, negoTokenBuffer, 2048);
184 ntlmssp_send(ntlmssp, s);
186 /* The last NTLMSSP message is sent with the encrypted public key */
187 credssp->negoToken.data = stream_get_head(s);
188 credssp->negoToken.length = stream_get_length(s);
189 credssp_encrypt_public_key(credssp, &credssp->pubKeyAuth);
190 credssp_send(credssp, &credssp->negoToken, NULL, &credssp->pubKeyAuth);
191 freerdp_blob_free(&credssp->pubKeyAuth);
193 /* Encrypted Public Key +1 */
194 if (credssp_recv(credssp, &credssp->negoToken, NULL, &credssp->pubKeyAuth) < 0)
197 if (credssp_verify_public_key(credssp, &credssp->pubKeyAuth) == 0)
199 /* Failed to verify server public key echo */
200 return 0; /* DO NOT SEND CREDENTIALS! */
203 freerdp_blob_free(&credssp->negoToken);
204 freerdp_blob_free(&credssp->pubKeyAuth);
206 /* Send encrypted credentials */
207 credssp_encode_ts_credentials(credssp);
208 credssp_encrypt_ts_credentials(credssp, &credssp->authInfo);
209 credssp_send(credssp, NULL, &credssp->authInfo, NULL);
210 freerdp_blob_free(&credssp->authInfo);
218 * Encrypt TLS public key using CredSSP.
223 void credssp_encrypt_public_key(rdpCredssp* credssp, rdpBlob* d)
227 rdpBlob encrypted_public_key;
228 NTLMSSP *ntlmssp = credssp->ntlmssp;
230 freerdp_blob_alloc(d, credssp->public_key.length + 16);
231 ntlmssp_encrypt_message(ntlmssp, &credssp->public_key, &encrypted_public_key, signature);
233 #ifdef WITH_DEBUG_NLA
234 printf("Public Key (length = %d)\n", credssp->public_key.length);
235 freerdp_hexdump(credssp->public_key.data, credssp->public_key.length);
238 printf("Encrypted Public Key (length = %d)\n", encrypted_public_key.length);
239 freerdp_hexdump(encrypted_public_key.data, encrypted_public_key.length);
242 printf("Signature\n");
243 freerdp_hexdump(signature, 16);
247 p = (uint8*) d->data;
248 memcpy(p, signature, 16); /* Message Signature */
249 memcpy(&p[16], encrypted_public_key.data, encrypted_public_key.length); /* Encrypted Public Key */
251 freerdp_blob_free(&encrypted_public_key);
255 * Verify TLS public key using CredSSP.
258 * @return 1 if verification is successful, 0 otherwise
261 int credssp_verify_public_key(rdpCredssp* credssp, rdpBlob* d)
266 rdpBlob encrypted_public_key;
269 encrypted_public_key.data = (void*) (signature + 16);
270 encrypted_public_key.length = d->length - 16;
272 ntlmssp_decrypt_message(credssp->ntlmssp, &encrypted_public_key, &public_key, signature);
274 p1 = (uint8*) credssp->public_key.data;
275 p2 = (uint8*) public_key.data;
279 if (memcmp(p1, p2, public_key.length) != 0)
281 printf("Could not verify server's public key echo\n");
286 freerdp_blob_free(&public_key);
291 * Encrypt and sign TSCredentials structure.
296 void credssp_encrypt_ts_credentials(rdpCredssp* credssp, rdpBlob* d)
300 rdpBlob encrypted_ts_credentials;
301 NTLMSSP* ntlmssp = credssp->ntlmssp;
303 freerdp_blob_alloc(d, credssp->ts_credentials.length + 16);
304 ntlmssp_encrypt_message(ntlmssp, &credssp->ts_credentials, &encrypted_ts_credentials, signature);
306 #ifdef WITH_DEBUG_NLA
307 printf("TSCredentials (length = %d)\n", credssp->ts_credentials.length);
308 freerdp_hexdump(credssp->ts_credentials.data, credssp->ts_credentials.length);
311 printf("Encrypted TSCredentials (length = %d)\n", encrypted_ts_credentials.length);
312 freerdp_hexdump(encrypted_ts_credentials.data, encrypted_ts_credentials.length);
315 printf("Signature\n");
316 freerdp_hexdump(signature, 16);
320 p = (uint8*) d->data;
321 memcpy(p, signature, 16); /* Message Signature */
322 memcpy(&p[16], encrypted_ts_credentials.data, encrypted_ts_credentials.length); /* Encrypted TSCredentials */
324 freerdp_blob_free(&encrypted_ts_credentials);
327 int credssp_skip_ts_password_creds(rdpCredssp* credssp)
330 int ts_password_creds_length = 0;
332 length = ber_skip_octet_string(credssp->ntlmssp->domain.length);
333 length += ber_skip_contextual_tag(length);
334 ts_password_creds_length += length;
336 length = ber_skip_octet_string(credssp->ntlmssp->username.length);
337 length += ber_skip_contextual_tag(length);
338 ts_password_creds_length += length;
340 length = ber_skip_octet_string(credssp->ntlmssp->password.length);
341 length += ber_skip_contextual_tag(length);
342 ts_password_creds_length += length;
344 length = ber_skip_sequence(ts_password_creds_length);
349 void credssp_write_ts_password_creds(rdpCredssp* credssp, STREAM* s)
353 length = credssp_skip_ts_password_creds(credssp);
355 /* TSPasswordCreds (SEQUENCE) */
356 length = ber_get_content_length(length);
357 ber_write_sequence_tag(s, length);
359 /* [0] domainName (OCTET STRING) */
360 ber_write_contextual_tag(s, 0, credssp->ntlmssp->domain.length + 2, true);
361 ber_write_octet_string(s, credssp->ntlmssp->domain.data, credssp->ntlmssp->domain.length);
363 /* [1] userName (OCTET STRING) */
364 ber_write_contextual_tag(s, 1, credssp->ntlmssp->username.length + 2, true);
365 ber_write_octet_string(s, credssp->ntlmssp->username.data, credssp->ntlmssp->username.length);
367 /* [2] password (OCTET STRING) */
368 ber_write_contextual_tag(s, 2, credssp->ntlmssp->password.length + 2, true);
369 ber_write_octet_string(s, credssp->ntlmssp->password.data, credssp->ntlmssp->password.length);
372 int credssp_skip_ts_credentials(rdpCredssp* credssp)
375 int ts_password_creds_length;
376 int ts_credentials_length = 0;
378 length = ber_skip_integer(0);
379 length += ber_skip_contextual_tag(length);
380 ts_credentials_length += length;
382 ts_password_creds_length = credssp_skip_ts_password_creds(credssp);
383 length = ber_skip_octet_string(ts_password_creds_length);
384 length += ber_skip_contextual_tag(length);
385 ts_credentials_length += length;
387 length = ber_skip_sequence(ts_credentials_length);
392 void credssp_write_ts_credentials(rdpCredssp* credssp, STREAM* s)
395 int ts_password_creds_length;
397 length = credssp_skip_ts_credentials(credssp);
398 ts_password_creds_length = credssp_skip_ts_password_creds(credssp);
400 /* TSCredentials (SEQUENCE) */
401 length = ber_get_content_length(length);
402 length -= ber_write_sequence_tag(s, length);
404 /* [0] credType (INTEGER) */
405 length -= ber_write_contextual_tag(s, 0, 3, true);
406 length -= ber_write_integer(s, 1);
408 /* [1] credentials (OCTET STRING) */
410 length -= ber_write_contextual_tag(s, 1, length, true);
411 length -= ber_write_octet_string_tag(s, ts_password_creds_length);
413 credssp_write_ts_password_creds(credssp, s);
417 * Encode TSCredentials structure.
421 void credssp_encode_ts_credentials(rdpCredssp* credssp)
427 length = credssp_skip_ts_credentials(credssp);
428 freerdp_blob_alloc(&credssp->ts_credentials, length);
429 stream_attach(s, credssp->ts_credentials.data, length);
431 credssp_write_ts_credentials(credssp, s);
436 int credssp_skip_nego_token(int length)
438 length = ber_skip_octet_string(length);
439 length += ber_skip_contextual_tag(length);
443 int credssp_skip_nego_tokens(int length)
445 length = credssp_skip_nego_token(length);
446 length += ber_skip_sequence_tag(length);
447 length += ber_skip_sequence_tag(length);
448 length += ber_skip_contextual_tag(length);
452 int credssp_skip_pub_key_auth(int length)
454 length = ber_skip_octet_string(length);
455 length += ber_skip_contextual_tag(length);
459 int credssp_skip_auth_info(int length)
461 length = ber_skip_octet_string(length);
462 length += ber_skip_contextual_tag(length);
466 int credssp_skip_ts_request(int length)
468 length += ber_skip_integer(2);
469 length += ber_skip_contextual_tag(3);
470 length += ber_skip_sequence_tag(length);
475 * Send CredSSP message.
482 void credssp_send(rdpCredssp* credssp, rdpBlob* negoToken, rdpBlob* authInfo, rdpBlob* pubKeyAuth)
486 int ts_request_length;
487 int nego_tokens_length;
488 int pub_key_auth_length;
489 int auth_info_length;
491 nego_tokens_length = (negoToken != NULL) ? credssp_skip_nego_tokens(negoToken->length) : 0;
492 pub_key_auth_length = (pubKeyAuth != NULL) ? credssp_skip_pub_key_auth(pubKeyAuth->length) : 0;
493 auth_info_length = (authInfo != NULL) ? credssp_skip_auth_info(authInfo->length) : 0;
495 length = nego_tokens_length + pub_key_auth_length + auth_info_length;
496 ts_request_length = credssp_skip_ts_request(length);
498 s = stream_new(ts_request_length);
501 length = ber_get_content_length(ts_request_length);
502 ber_write_sequence_tag(s, length); /* SEQUENCE */
503 ber_write_contextual_tag(s, 0, 3, true); /* [0] version */
504 ber_write_integer(s, 2); /* INTEGER */
506 /* [1] negoTokens (NegoData) */
507 if (nego_tokens_length > 0)
509 length = ber_get_content_length(nego_tokens_length);
510 length -= ber_write_contextual_tag(s, 1, length, true); /* NegoData */
511 length -= ber_write_sequence_tag(s, length); /* SEQUENCE OF NegoDataItem */
512 length -= ber_write_sequence_tag(s, length); /* NegoDataItem */
513 length -= ber_write_contextual_tag(s, 0, length, true); /* [0] negoToken */
514 ber_write_octet_string(s, negoToken->data, length); /* OCTET STRING */
517 /* [2] authInfo (OCTET STRING) */
518 if (auth_info_length > 0)
520 length = ber_get_content_length(auth_info_length);
521 length -= ber_write_contextual_tag(s, 2, length, true);
522 ber_write_octet_string(s, authInfo->data, authInfo->length);
525 /* [3] pubKeyAuth (OCTET STRING) */
526 if (pub_key_auth_length > 0)
528 length = ber_get_content_length(pub_key_auth_length);
529 length -= ber_write_contextual_tag(s, 3, length, true);
530 ber_write_octet_string(s, pubKeyAuth->data, length);
533 transport_write(credssp->transport, s);
538 * Receive CredSSP message.
546 int credssp_recv(rdpCredssp* credssp, rdpBlob* negoToken, rdpBlob* authInfo, rdpBlob* pubKeyAuth)
553 s = transport_recv_stream_init(credssp->transport, 2048);
554 status = transport_read(credssp->transport, s);
560 ber_read_sequence_tag(s, &length);
561 ber_read_contextual_tag(s, 0, &length, true);
562 ber_read_integer(s, &version);
564 /* [1] negoTokens (NegoData) */
565 if (ber_read_contextual_tag(s, 1, &length, true) != false)
567 ber_read_sequence_tag(s, &length); /* SEQUENCE OF NegoDataItem */
568 ber_read_sequence_tag(s, &length); /* NegoDataItem */
569 ber_read_contextual_tag(s, 0, &length, true); /* [0] negoToken */
570 ber_read_octet_string(s, &length); /* OCTET STRING */
571 freerdp_blob_alloc(negoToken, length);
572 stream_read(s, negoToken->data, length);
575 /* [2] authInfo (OCTET STRING) */
576 if (ber_read_contextual_tag(s, 2, &length, true) != false)
578 ber_read_octet_string(s, &length); /* OCTET STRING */
579 freerdp_blob_alloc(authInfo, length);
580 stream_read(s, authInfo->data, length);
583 /* [3] pubKeyAuth (OCTET STRING) */
584 if (ber_read_contextual_tag(s, 3, &length, true) != false)
586 ber_read_octet_string(s, &length); /* OCTET STRING */
587 freerdp_blob_alloc(pubKeyAuth, length);
588 stream_read(s, pubKeyAuth->data, length);
595 * Encrypt the given plain text using RC4 and the given key.
597 * @param length text length
598 * @param plaintext plain text
599 * @param ciphertext cipher text
602 void credssp_rc4k(uint8* key, int length, uint8* plaintext, uint8* ciphertext)
606 /* Initialize RC4 cipher with key */
607 rc4 = crypto_rc4_init((void*) key, 16);
609 /* Encrypt plaintext with key */
610 crypto_rc4(rc4, length, (void*) plaintext, (void*) ciphertext);
612 /* Free RC4 Cipher */
613 crypto_rc4_free(rc4);
617 * Get current time, in tenths of microseconds since midnight of January 1, 1601.
618 * @param[out] timestamp 64-bit little-endian timestamp
621 void credssp_current_time(uint8* timestamp)
625 /* Timestamp (8 bytes), represented as the number of tenths of microseconds since midnight of January 1, 1601 */
626 time64 = time(NULL) + 11644473600LL; /* Seconds since January 1, 1601 */
627 time64 *= 10000000; /* Convert timestamp to tenths of a microsecond */
629 memcpy(timestamp, &time64, 8); /* Copy into timestamp in little-endian */
633 * Create new CredSSP state machine.
635 * @return new CredSSP state machine.
638 rdpCredssp* credssp_new(rdpTransport* transport)
642 self = (rdpCredssp*) xzalloc(sizeof(rdpCredssp));
646 self->transport = transport;
647 self->send_seq_num = 0;
648 self->ntlmssp = ntlmssp_new();
649 self->settings = transport->settings;
656 * Free CredSSP state machine.
660 void credssp_free(rdpCredssp* credssp)
664 freerdp_blob_free(&credssp->public_key);
665 freerdp_blob_free(&credssp->ts_credentials);
667 ntlmssp_free(credssp->ntlmssp);