| private ServerDecrypt ( byte originalData, byte dataSignature, bool isSalted, byte &decryptedData ) : bool | ||
| originalData | byte | Data to be decrypted. This argument can be null. |
| dataSignature | byte | The data signature to be validated. This argument can be null. |
| isSalted | bool | Specify if data signature generated with salted MAC. |
| decryptedData | byte | The decrypted data. |
| return | bool | |
/// <summary>
/// Decrypt Send Data Request
/// </summary>
/// <param name="userData">user data</param>
/// <param name="securityHeaderType">security header type</param>
/// <returns>decrypted user data</returns>
private byte[] DecryptSendDataRequest(RdpbcgrServerSessionContext serverSessionContext, byte[] userData, SecurityHeaderType securityHeaderType)
{
// Parse security header
int index = 0;
TS_SECURITY_HEADER header = ParseTsSecurityHeader(userData, ref index, securityHeaderType);
// If header is absent, data is not encrypted, return directly
if (null == header)
{
return userData;
}
// Get remain data with security header removed
int remainLength = userData.Length - index;
byte[] remainData = GetBytes(userData, ref index, remainLength);
// Header is present, but still data is not encrypted, return directly
bool isEncryptFlagExist = IsFlagExist((UInt16)header.flags,
(UInt16)TS_SECURITY_HEADER_flags_Values.SEC_ENCRYPT);
bool isRedirectFlagExist = IsFlagExist((UInt16)header.flags,
(UInt16)TS_SECURITY_HEADER_flags_Values.SEC_REDIRECTION_PKT);
if ((!isEncryptFlagExist) && (!isRedirectFlagExist))
{
return remainData;
}
// Get data signature (Fips/NonFips only)
byte[] signature = null;
switch (securityHeaderType)
{
case SecurityHeaderType.NonFips:
TS_SECURITY_HEADER1 nonFipsHeader = (TS_SECURITY_HEADER1)header;
signature = nonFipsHeader.dataSignature;
break;
case SecurityHeaderType.Fips:
TS_SECURITY_HEADER2 fipsHeader = (TS_SECURITY_HEADER2)header;
signature = fipsHeader.dataSignature;
break;
case SecurityHeaderType.None:
signature = null;
break;
case SecurityHeaderType.Basic:
signature = null;
break;
default:
throw new FormatException(ConstValue.ERROR_MESSAGE_ENUM_UNRECOGNIZED);
}
// Check if "Salted MAC Generation" was used in PDU generation
bool isSalted = IsFlagExist((UInt16)header.flags,
(UInt16)TS_SECURITY_HEADER_flags_Values.SEC_SECURE_CHECKSUM);
// Decryption
byte[] decryptedData = null;
if (!serverSessionContext.ServerDecrypt(remainData, signature, isSalted, out decryptedData))
{
// If decryption failed
throw new FormatException(ConstValue.ERROR_MESSAGE_DECRYPTION_FAILED);
}
return decryptedData;
}
/// <summary>
/// Decrypt Fast-path Update Data
/// </summary>
/// <param name="remainData">data to be decrypted</param>
/// <param name="signatureData">signature data</param>
/// <param name="isSalted">if the MAC signature was created by "salted MAC generation"</param>
/// <returns>decrypted Fast-path Update Data</returns>
private byte[] DecryptFastPathInputData(RdpbcgrServerSessionContext serverSessionContext, byte[] remainData, byte[] signatureData, bool isSalted)
{
if (null == signatureData)
{
// No need to decrypt, return directly
return remainData;
}
else
{
// Decryption
byte[] decryptedData = null;
if (!serverSessionContext.ServerDecrypt(remainData, signatureData, isSalted, out decryptedData))
{
// Decryptioin failed
throw new FormatException(ConstValue.ERROR_MESSAGE_DECRYPTION_FAILED);
}
return decryptedData;
}
}
