move non settings security items out of settings

include/freerdp/settings.h

@@ -207,17 +207,6 @@ struct rdp_settings
 	rdpBlob server_certificate;
 	struct rdp_certificate* server_cert;
 
-	uint8 sign_key[16];
-	uint8 decrypt_key[16];
-	uint8 encrypt_key[16];
-	uint8 decrypt_update_key[16];
-	uint8 encrypt_update_key[16];
-	int rc4_key_len;
-
-	uint8 fips_sign_key[20];
-	uint8 fips_encrypt_key[24];
-	uint8 fips_decrypt_key[24];
-
 	boolean console_audio;
 	boolean console_session;
 	uint32 redirected_session_id;

libfreerdp-core/connection.c

@@ -193,7 +193,7 @@ static boolean rdp_establish_keys(rdpRdp* rdp)
 	}
 
 	/* now calculate encrypt / decrypt and upate keys */
-	if (!security_establish_keys(client_random, rdp->settings))
+	if (!security_establish_keys(client_random, rdp))
 	{
 		return False;
 	}
@@ -203,15 +203,15 @@ static boolean rdp_establish_keys(rdpRdp* rdp)
 	if (rdp->settings->encryption_method == ENCRYPTION_METHOD_FIPS)
 	{
 		uint8 fips_ivec[8] = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF };
-		rdp->fips_encrypt = crypto_des3_encrypt_init(rdp->settings->fips_encrypt_key, fips_ivec);
-		rdp->fips_decrypt = crypto_des3_decrypt_init(rdp->settings->fips_decrypt_key, fips_ivec);
+		rdp->fips_encrypt = crypto_des3_encrypt_init(rdp->fips_encrypt_key, fips_ivec);
+		rdp->fips_decrypt = crypto_des3_decrypt_init(rdp->fips_decrypt_key, fips_ivec);
 
 		rdp->fips_hmac = crypto_hmac_new();
 		return True;
 	}
 
-	rdp->rc4_decrypt_key = crypto_rc4_init(rdp->settings->decrypt_key, rdp->settings->rc4_key_len);
-	rdp->rc4_encrypt_key = crypto_rc4_init(rdp->settings->encrypt_key, rdp->settings->rc4_key_len);
+	rdp->rc4_decrypt_key = crypto_rc4_init(rdp->decrypt_key, rdp->rc4_key_len);
+	rdp->rc4_encrypt_key = crypto_rc4_init(rdp->encrypt_key, rdp->rc4_key_len);
 
 	return True;
 }

libfreerdp-core/rdp.c

@@ -1,4 +1,3 @@
-
 /**
  * FreeRDP: A Remote Desktop Protocol Client
  * RDP Core
@@ -312,8 +311,8 @@ static uint32 rdp_security_stream_out(rdpRdp* rdp, STREAM* s, int length)
 				data = s->p + 8;
 				length = length - (data - s->data);
 
-				mk = rdp->settings->sign_key;
-				ml = rdp->settings->rc4_key_len;
+				mk = rdp->sign_key;
+				ml = rdp->rc4_key_len;
 				security_mac_signature(mk, ml, data, length, s->p);
 				stream_seek(s, 8);
 				security_encrypt(s->p, length, rdp);
@@ -328,11 +327,13 @@ static uint32 rdp_get_sec_bytes(rdpRdp* rdp)
 {
 	uint32 sec_bytes;
 
-	if (rdp->sec_flags & SEC_ENCRYPT) {
+	if (rdp->sec_flags & SEC_ENCRYPT)
+	{
 		sec_bytes = 12;
 		if (rdp->settings->encryption_method == ENCRYPTION_METHOD_FIPS)
 			sec_bytes += 4;
-	} else if (rdp->sec_flags != 0)
+	}
+	else if (rdp->sec_flags != 0)
 		sec_bytes = 4;
 	else
 		sec_bytes = 0;

libfreerdp-core/rdp.h

@@ -137,6 +137,15 @@ struct rdp_rdp
 	struct crypto_hmac_struct* fips_hmac;
 	uint32 sec_flags;
 	boolean do_crypt;
+	uint8 sign_key[16];
+	uint8 decrypt_key[16];
+	uint8 encrypt_key[16];
+	uint8 decrypt_update_key[16];
+	uint8 encrypt_update_key[16];
+	int rc4_key_len;
+	uint8 fips_sign_key[20];
+	uint8 fips_encrypt_key[24];
+	uint8 fips_decrypt_key[24];
 };
 
 void rdp_read_security_header(STREAM* s, uint16* flags);

libfreerdp-core/security.c

@@ -298,15 +298,16 @@ fips_expand_key_bits(uint8 *in, uint8 *out)
 		out[i] = fips_oddparity_table[fips_reverse_table[out[i]]];
 }
 
-
-boolean security_establish_keys(uint8* client_random, rdpSettings* settings)
+boolean security_establish_keys(uint8* client_random, rdpRdp* rdp)
 {
 	uint8 pre_master_secret[48];
 	uint8 master_secret[48];
 	uint8 session_key_blob[48];
 	uint8* server_random;
 	uint8 salt40[] = { 0xD1, 0x26, 0x9E };
+	rdpSettings* settings;
 
+	settings = rdp->settings;
 	server_random = settings->server_random.data;
 
 	if (settings->encryption_method == ENCRYPTION_METHOD_FIPS)
@@ -322,7 +323,7 @@ boolean security_establish_keys(uint8* client_random, rdpSettings* settings)
 		crypto_sha1_final(sha1, client_encrypt_key_t);
 
 		client_encrypt_key_t[20] = client_encrypt_key_t[0];
-		fips_expand_key_bits(client_encrypt_key_t, settings->fips_encrypt_key);
+		fips_expand_key_bits(client_encrypt_key_t, rdp->fips_encrypt_key);
 
 		sha1 = crypto_sha1_init();
 		crypto_sha1_update(sha1, client_random, 16);
@@ -330,12 +331,12 @@ boolean security_establish_keys(uint8* client_random, rdpSettings* settings)
 		crypto_sha1_final(sha1, client_decrypt_key_t);
 
 		client_decrypt_key_t[20] = client_decrypt_key_t[0];
-		fips_expand_key_bits(client_decrypt_key_t, settings->fips_decrypt_key);
+		fips_expand_key_bits(client_decrypt_key_t, rdp->fips_decrypt_key);
 
 		sha1 = crypto_sha1_init();
 		crypto_sha1_update(sha1, client_decrypt_key_t, 20);
 		crypto_sha1_update(sha1, client_encrypt_key_t, 20);
-		crypto_sha1_final(sha1, settings->fips_sign_key);
+		crypto_sha1_final(sha1, rdp->fips_sign_key);
 	}
 
 	memcpy(pre_master_secret, client_random, 24);
@@ -344,25 +345,25 @@ boolean security_establish_keys(uint8* client_random, rdpSettings* settings)
 	security_A(pre_master_secret, client_random, server_random, master_secret);
 	security_X(master_secret, client_random, server_random, session_key_blob);
 
-	memcpy(settings->sign_key, session_key_blob, 16);
+	memcpy(rdp->sign_key, session_key_blob, 16);
 
-	security_md5_16_32_32(&session_key_blob[16], client_random, server_random, settings->decrypt_key);
-	security_md5_16_32_32(&session_key_blob[32], client_random, server_random, settings->encrypt_key);
+	security_md5_16_32_32(&session_key_blob[16], client_random, server_random, rdp->decrypt_key);
+	security_md5_16_32_32(&session_key_blob[32], client_random, server_random, rdp->encrypt_key);
 
 	if (settings->encryption_method == 1) /* 40 and 56 bit */
 	{
-		memcpy(settings->sign_key, salt40, 3); /* TODO 56 bit */
-		memcpy(settings->decrypt_key, salt40, 3); /* TODO 56 bit */
-		memcpy(settings->encrypt_key, salt40, 3); /* TODO 56 bit */
-		settings->rc4_key_len = 8;
+		memcpy(rdp->sign_key, salt40, 3); /* TODO 56 bit */
+		memcpy(rdp->decrypt_key, salt40, 3); /* TODO 56 bit */
+		memcpy(rdp->encrypt_key, salt40, 3); /* TODO 56 bit */
+		rdp->rc4_key_len = 8;
 	}
 	else if (settings->encryption_method == 2) /* 128 bit */
 	{
-		settings->rc4_key_len = 16;
+		rdp->rc4_key_len = 16;
 	}
 
-	memcpy(settings->decrypt_update_key, settings->decrypt_key, 16);
-	memcpy(settings->encrypt_update_key, settings->encrypt_key, 16);
+	memcpy(rdp->decrypt_update_key, rdp->decrypt_key, 16);
+	memcpy(rdp->encrypt_update_key, rdp->encrypt_key, 16);
 
 	return True;
 }
@@ -401,9 +402,9 @@ boolean security_encrypt(uint8* data, int length, rdpRdp* rdp)
 {
 	if (rdp->encrypt_use_count >= 4096)
 	{
-		security_key_update(rdp->settings->encrypt_key, rdp->settings->encrypt_update_key, rdp->settings->rc4_key_len);
+		security_key_update(rdp->encrypt_key, rdp->encrypt_update_key, rdp->rc4_key_len);
 		crypto_rc4_free(rdp->rc4_encrypt_key);
-		rdp->rc4_encrypt_key = crypto_rc4_init(rdp->settings->encrypt_key, rdp->settings->rc4_key_len);
+		rdp->rc4_encrypt_key = crypto_rc4_init(rdp->encrypt_key, rdp->rc4_key_len);
 		rdp->encrypt_use_count = 0;
 	}
 	crypto_rc4(rdp->rc4_encrypt_key, length, data, data);
@@ -415,9 +416,9 @@ boolean security_decrypt(uint8* data, int length, rdpRdp* rdp)
 {
 	if (rdp->decrypt_use_count >= 4096)
 	{
-		security_key_update(rdp->settings->decrypt_key, rdp->settings->decrypt_update_key, rdp->settings->rc4_key_len);
+		security_key_update(rdp->decrypt_key, rdp->decrypt_update_key, rdp->rc4_key_len);
 		crypto_rc4_free(rdp->rc4_decrypt_key);
-		rdp->rc4_decrypt_key = crypto_rc4_init(rdp->settings->decrypt_key, rdp->settings->rc4_key_len);
+		rdp->rc4_decrypt_key = crypto_rc4_init(rdp->decrypt_key, rdp->rc4_key_len);
 		rdp->decrypt_use_count = 0;
 	}
 	crypto_rc4(rdp->rc4_decrypt_key, length, data, data);
@@ -432,7 +433,7 @@ void security_hmac_signature(uint8* data, int length, uint8* output, rdpRdp* rdp
 
 	security_uint32_le(use_count_le, rdp->encrypt_use_count);
 
-	crypto_hmac_sha1_init(rdp->fips_hmac, rdp->settings->fips_sign_key, 20);
+	crypto_hmac_sha1_init(rdp->fips_hmac, rdp->fips_sign_key, 20);
 	crypto_hmac_update(rdp->fips_hmac, data, length);
 	crypto_hmac_update(rdp->fips_hmac, use_count_le, 4);
 	crypto_hmac_final(rdp->fips_hmac, buf, 20);
@@ -460,7 +461,7 @@ boolean security_fips_check_signature(uint8* data, int length, uint8* sig, rdpRd
 
 	security_uint32_le(use_count_le, rdp->decrypt_use_count);
 
-	crypto_hmac_sha1_init(rdp->fips_hmac, rdp->settings->fips_sign_key, 20);
+	crypto_hmac_sha1_init(rdp->fips_hmac, rdp->fips_sign_key, 20);
 	crypto_hmac_update(rdp->fips_hmac, data, length);
 	crypto_hmac_update(rdp->fips_hmac, use_count_le, 4);
 	crypto_hmac_final(rdp->fips_hmac, buf, 20);

libfreerdp-core/security.h

@@ -33,7 +33,7 @@ void security_licensing_encryption_key(uint8* session_key_blob, uint8* client_ra
 void security_mac_data(uint8* mac_salt_key, uint8* data, uint32 length, uint8* output);
 
 void security_mac_signature(uint8* mac_key, int mac_key_length, uint8* data, uint32 length, uint8* output);
-boolean security_establish_keys(uint8* client_random, rdpSettings* settings);
+boolean security_establish_keys(uint8* client_random, rdpRdp* rdp);
 
 boolean security_encrypt(uint8* data, int length, rdpRdp* rdp);
 boolean security_decrypt(uint8* data, int length, rdpRdp* rdp);