FreeRDP
core/certificate.c File Reference
#include <freerdp/config.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <winpr/assert.h>
#include <winpr/wtypes.h>
#include <winpr/crt.h>
#include <winpr/file.h>
#include <winpr/crypto.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include "certificate.h"
#include "../crypto/crypto.h"
#include "../crypto/opensslcompat.h"

Macros

#define TAG   "com.freerdp.core"
 
#define TSSK_KEY_LENGTH   64
 

Functions

static void certificate_free_int (rdpCertificate *certificate)
 
static BOOL cert_clone_int (rdpCertificate *dst, const rdpCertificate *src)
 
static BOOL cert_info_create (rdpCertInfo *dst, const BIGNUM *rsa, const BIGNUM *rsa_e)
 
static BOOL cert_info_allocate (rdpCertInfo *info, size_t size)
 
static void cert_info_free (rdpCertInfo *info)
 
static BOOL cert_info_read_modulus (rdpCertInfo *info, size_t size, wStream *s)
 
static BOOL cert_info_read_exponent (rdpCertInfo *info, size_t size, wStream *s)
 
static BOOL cert_blob_copy (rdpCertBlob *dst, const rdpCertBlob *src)
 
static void cert_blob_free (rdpCertBlob *blob)
 
static BOOL cert_blob_write (const rdpCertBlob *blob, wStream *s)
 
static BOOL cert_blob_read (rdpCertBlob *blob, wStream *s)
 
static BOOL certificate_read_x509_certificate (rdpCertBlob *cert, rdpCertInfo *info)
 
static rdpX509CertChain certificate_new_x509_certificate_chain (UINT32 count)
 
static void certificate_free_x509_certificate_chain (rdpX509CertChain *x509_cert_chain)
 
static BOOL certificate_process_server_public_key (rdpCertificate *certificate, wStream *s, UINT32 length)
 
static BOOL certificate_process_server_public_signature (rdpCertificate *certificate, const BYTE *sigdata, size_t sigdatalen, wStream *s, UINT32 siglen)
 
static BOOL certificate_read_server_proprietary_certificate (rdpCertificate *certificate, wStream *s)
 
static BOOL cert_write_rsa_public_key (wStream *s, const rdpCertificate *cert)
 
static BOOL cert_write_rsa_signature (wStream *s, const void *sigData, size_t sigDataLen)
 
static BOOL cert_write_server_certificate_v1 (wStream *s, const rdpCertificate *certificate)
 
static BOOL cert_write_server_certificate_v2 (wStream *s, const rdpCertificate *certificate)
 
SSIZE_T certificate_write_server_certificate (const rdpCertificate *certificate, UINT32 dwVersion, wStream *s)
 
static BOOL certificate_read_server_x509_certificate_chain (rdpCertificate *certificate, wStream *s)
 
static BOOL certificate_write_server_x509_certificate_chain (const rdpCertificate *certificate, wStream *s)
 
BOOL certificate_read_server_certificate (rdpCertificate *certificate, const BYTE *server_cert, size_t length)
 
static BOOL read_bignum (BYTE **dst, UINT32 *length, const BIGNUM *num, BOOL alloc)
 
static BIO * bio_from_pem (const char *pem)
 
static RSA * rsa_from_private_pem (const char *pem)
 
static RSA * rsa_from_public_pem (const char *pem)
 
static BOOL key_read_private (rdpRsaKey *key, const char *pem, const char *keyfile)
 
static X509 * x509_from_pem (const char *pem)
 
static BOOL cert_read_public (rdpCertificate *cert, const char *pem, const char *keyfile)
 
rdpRsaKeykey_new_from_content (const char *keycontent, const char *keyfile)
 
rdpRsaKeykey_new (const char *keyfile)
 
rdpRsaKeykey_clone (const rdpRsaKey *key)
 
void key_free (rdpRsaKey *key)
 
static BOOL cert_info_clone (rdpCertInfo *dst, const rdpCertInfo *src)
 
static BOOL cert_x509_chain_copy (rdpX509CertChain *cert, const rdpX509CertChain *src)
 
rdpCertificate * certificate_clone (const rdpCertificate *certificate)
 
rdpCertificate * certificate_new (void)
 
void certificate_free (rdpCertificate *certificate)
 
rdpCertificate * certificate_new_from_file (const char *file)
 
rdpCertificate * certificate_new_from_pem (const char *pem)
 

Variables

static const char rsa_magic [4] = "RSA1"
 
static const char * certificate_read_errors []
 
static const BYTE initial_signature []
 
static BYTE tssk_modulus []
 
static BYTE tssk_privateExponent []
 
static const rdpRsaKey tssk
 

Macro Definition Documentation

◆ TAG

#define TAG   "com.freerdp.core"

FreeRDP: A Remote Desktop Protocol Implementation Certificate Handling

Copyright 2011 Jiten Pathy Copyright 2011 Marc-Andre Moreau marca.nosp@m.ndre.nosp@m..more.nosp@m.au@g.nosp@m.mail..nosp@m.com Copyright 2015 Thincast Technologies GmbH Copyright 2015 DI (FH) Martin Haimberger marti.nosp@m.n.ha.nosp@m.imber.nosp@m.ger@.nosp@m.thinc.nosp@m.ast..nosp@m.com

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

◆ TSSK_KEY_LENGTH

#define TSSK_KEY_LENGTH   64

Function Documentation

◆ bio_from_pem()

static BIO* bio_from_pem ( const char *  pem)
static
Here is the caller graph for this function:

◆ cert_blob_copy()

static BOOL cert_blob_copy ( rdpCertBlob *  dst,
const rdpCertBlob *  src 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ cert_blob_free()

void cert_blob_free ( rdpCertBlob *  blob)
static
Here is the caller graph for this function:

◆ cert_blob_read()

BOOL cert_blob_read ( rdpCertBlob *  blob,
wStream s 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ cert_blob_write()

BOOL cert_blob_write ( const rdpCertBlob *  blob,
wStream s 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ cert_clone_int()

BOOL cert_clone_int ( rdpCertificate *  dst,
const rdpCertificate *  src 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ cert_info_allocate()

BOOL cert_info_allocate ( rdpCertInfo *  info,
size_t  size 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ cert_info_clone()

static BOOL cert_info_clone ( rdpCertInfo *  dst,
const rdpCertInfo *  src 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ cert_info_create()

BOOL cert_info_create ( rdpCertInfo *  dst,
const BIGNUM *  rsa,
const BIGNUM *  rsa_e 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ cert_info_free()

void cert_info_free ( rdpCertInfo *  info)
static
Here is the caller graph for this function:

◆ cert_info_read_exponent()

BOOL cert_info_read_exponent ( rdpCertInfo *  info,
size_t  size,
wStream s 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ cert_info_read_modulus()

BOOL cert_info_read_modulus ( rdpCertInfo *  info,
size_t  size,
wStream s 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ cert_read_public()

static BOOL cert_read_public ( rdpCertificate *  cert,
const char *  pem,
const char *  keyfile 
)
static
Here is the call graph for this function:

◆ cert_write_rsa_public_key()

static BOOL cert_write_rsa_public_key ( wStream s,
const rdpCertificate *  cert 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ cert_write_rsa_signature()

static BOOL cert_write_rsa_signature ( wStream s,
const void *  sigData,
size_t  sigDataLen 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ cert_write_server_certificate_v1()

static BOOL cert_write_server_certificate_v1 ( wStream s,
const rdpCertificate *  certificate 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ cert_write_server_certificate_v2()

static BOOL cert_write_server_certificate_v2 ( wStream s,
const rdpCertificate *  certificate 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ cert_x509_chain_copy()

static BOOL cert_x509_chain_copy ( rdpX509CertChain *  cert,
const rdpX509CertChain *  src 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ certificate_clone()

rdpCertificate* certificate_clone ( const rdpCertificate *  certificate)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ certificate_free()

void certificate_free ( rdpCertificate *  certificate)

Free certificate module.

Parameters
certificatecertificate module to be freed
Here is the call graph for this function:
Here is the caller graph for this function:

◆ certificate_free_int()

void certificate_free_int ( rdpCertificate *  certificate)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ certificate_free_x509_certificate_chain()

static void certificate_free_x509_certificate_chain ( rdpX509CertChain *  x509_cert_chain)
static

Free X.509 Certificate Chain.

Parameters
x509_cert_chainX.509 certificate chain to be freed
Here is the call graph for this function:
Here is the caller graph for this function:

◆ certificate_new()

rdpCertificate* certificate_new ( void  )

Instantiate new certificate module.

Returns
new certificate module
Here is the caller graph for this function:

◆ certificate_new_from_file()

rdpCertificate* certificate_new_from_file ( const char *  file)
Here is the call graph for this function:

◆ certificate_new_from_pem()

rdpCertificate* certificate_new_from_pem ( const char *  pem)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ certificate_new_x509_certificate_chain()

static rdpX509CertChain certificate_new_x509_certificate_chain ( UINT32  count)
static

Instantiate new X.509 Certificate Chain.

Parameters
countcertificate chain count
Returns
new X.509 certificate chain
Here is the caller graph for this function:

◆ certificate_process_server_public_key()

static BOOL certificate_process_server_public_key ( rdpCertificate *  certificate,
wStream s,
UINT32  length 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ certificate_process_server_public_signature()

static BOOL certificate_process_server_public_signature ( rdpCertificate *  certificate,
const BYTE sigdata,
size_t  sigdatalen,
wStream s,
UINT32  siglen 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ certificate_read_server_certificate()

BOOL certificate_read_server_certificate ( rdpCertificate *  certificate,
const BYTE server_cert,
size_t  length 
)

Read a Server Certificate.

Parameters
certificatecertificate module
server_certserver certificate
lengthcertificate length
Here is the call graph for this function:
Here is the caller graph for this function:

◆ certificate_read_server_proprietary_certificate()

static BOOL certificate_read_server_proprietary_certificate ( rdpCertificate *  certificate,
wStream s 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ certificate_read_server_x509_certificate_chain()

static BOOL certificate_read_server_x509_certificate_chain ( rdpCertificate *  certificate,
wStream s 
)
static

Read an X.509 Certificate Chain.

Parameters
certificatecertificate module
sstream
Here is the call graph for this function:
Here is the caller graph for this function:

◆ certificate_read_x509_certificate()

static BOOL certificate_read_x509_certificate ( rdpCertBlob *  cert,
rdpCertInfo *  info 
)
static

Read X.509 Certificate

Here is the call graph for this function:
Here is the caller graph for this function:

◆ certificate_write_server_certificate()

SSIZE_T certificate_write_server_certificate ( const rdpCertificate *  certificate,
UINT32  dwVersion,
wStream s 
)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ certificate_write_server_x509_certificate_chain()

static BOOL certificate_write_server_x509_certificate_chain ( const rdpCertificate *  certificate,
wStream s 
)
static
Here is the call graph for this function:

◆ key_clone()

rdpRsaKey* key_clone ( const rdpRsaKey key)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ key_free()

void key_free ( rdpRsaKey key)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ key_new()

rdpRsaKey* key_new ( const char *  keyfile)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ key_new_from_content()

rdpRsaKey* key_new_from_content ( const char *  keycontent,
const char *  keyfile 
)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ key_read_private()

static BOOL key_read_private ( rdpRsaKey key,
const char *  pem,
const char *  keyfile 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ read_bignum()

static BOOL read_bignum ( BYTE **  dst,
UINT32 *  length,
const BIGNUM *  num,
BOOL  alloc 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ rsa_from_private_pem()

static RSA* rsa_from_private_pem ( const char *  pem)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ rsa_from_public_pem()

static RSA* rsa_from_public_pem ( const char *  pem)
static
Here is the call graph for this function:

◆ x509_from_pem()

static X509* x509_from_pem ( const char *  pem)
static
Here is the call graph for this function:
Here is the caller graph for this function:

Variable Documentation

◆ certificate_read_errors

const char* certificate_read_errors[]
static
Initial value:
= { "Certificate tag",
"TBSCertificate",
"Explicit Contextual Tag [0]",
"version",
"CertificateSerialNumber",
"AlgorithmIdentifier",
"Issuer Name",
"Validity",
"Subject Name",
"SubjectPublicKeyInfo Tag",
"subjectPublicKeyInfo::AlgorithmIdentifier",
"subjectPublicKeyInfo::subjectPublicKey",
"RSAPublicKey Tag",
"modulusLength",
"zero padding",
"modulusLength",
"modulus",
"publicExponent length",
"publicExponent" }

◆ initial_signature

const BYTE initial_signature[]
static
Initial value:
= {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01
}

◆ rsa_magic

const char rsa_magic[4] = "RSA1"
static

X.509 Certificate Structure

Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT_STRING }

TBSCertificate ::= SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, serialNumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo, issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, subjectUniqueId [2] IMPLICIT UniqueIdentifier OPTIONAL, extensions [3] EXPLICIT Extensions OPTIONAL }

Version ::= INTEGER { v1(0), v2(1), v3(2) }

CertificateSerialNumber ::= INTEGER

AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT_IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL }

Name ::= CHOICE { RDNSequence }

RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

RelativeDistinguishedName ::= SET OF AttributeTypeAndValue

AttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue }

AttributeType ::= OBJECT_IDENTIFIER

AttributeValue ::= ANY DEFINED BY AttributeType

Validity ::= SEQUENCE { notBefore Time, notAfter Time }

Time ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime }

UniqueIdentifier ::= BIT_STRING

SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT_STRING }

RSAPublicKey ::= SEQUENCE { modulus INTEGER publicExponent INTEGER }

Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension

Extension ::= SEQUENCE { extnID OBJECT_IDENTIFIER critical BOOLEAN DEFAULT FALSE, extnValue OCTET_STRING }

◆ tssk

const rdpRsaKey tssk
static
Initial value:
= { .PrivateExponent = tssk_privateExponent,
.PrivateExponentLength = sizeof(tssk_privateExponent),
.cert = { .Modulus = tssk_modulus,
.ModulusLength = sizeof(tssk_modulus) } }
static BYTE tssk_privateExponent[]
Definition: core/certificate.c:175
static BYTE tssk_modulus[]
Definition: core/certificate.c:168

◆ tssk_modulus

BYTE tssk_modulus[]
static
Initial value:
= { 0x3d, 0x3a, 0x5e, 0xbd, 0x72, 0x43, 0x3e, 0xc9, 0x4d, 0xbb, 0xc1,
0x1e, 0x4a, 0xba, 0x5f, 0xcb, 0x3e, 0x88, 0x20, 0x87, 0xef, 0xf5,
0xc1, 0xe2, 0xd7, 0xb7, 0x6b, 0x9a, 0xf2, 0x52, 0x45, 0x95, 0xce,
0x63, 0x65, 0x6b, 0x58, 0x3a, 0xfe, 0xef, 0x7c, 0xe7, 0xbf, 0xfe,
0x3d, 0xf6, 0x5c, 0x7d, 0x6c, 0x5e, 0x06, 0x09, 0x1a, 0xf5, 0x61,
0xbb, 0x20, 0x93, 0x09, 0x5f, 0x05, 0x6d, 0xea, 0x87 }

◆ tssk_privateExponent

BYTE tssk_privateExponent[]
static
Initial value:
= {
0x87, 0xa7, 0x19, 0x32, 0xda, 0x11, 0x87, 0x55, 0x58, 0x00, 0x16, 0x16, 0x25, 0x65, 0x68, 0xf8,
0x24, 0x3e, 0xe6, 0xfa, 0xe9, 0x67, 0x49, 0x94, 0xcf, 0x92, 0xcc, 0x33, 0x99, 0xe8, 0x08, 0x60,
0x17, 0x9a, 0x12, 0x9f, 0x24, 0xdd, 0xb1, 0x24, 0x99, 0xc7, 0x3a, 0xb8, 0x0a, 0x7b, 0x0d, 0xdd,
0x35, 0x07, 0x79, 0x17, 0x0b, 0x51, 0x9b, 0xb3, 0xc7, 0x10, 0x01, 0x13, 0xe7, 0x3f, 0xf3, 0x5f
}