/// <summary> /// Decode Persistent Key List PDU /// </summary> /// <param name="data">data to be parsed</param> /// <param name="decryptedUserData">decrypted user data to be parsed</param> /// <param name="type">security header type</param> /// <returns>decoded Control PDU</returns> public StackPacket DecodePersistentKeyListPDU( byte[] data, byte[] decryptedUserData, SecurityHeaderType type) { Client_Persistent_Key_List_Pdu pdu = new Client_Persistent_Key_List_Pdu(); // data index int dataIndex = 0; // FontMapPDU: commonHeader pdu.commonHeader = ParseMcsCommonHeader(data, ref dataIndex, type); // user data index int userDataIndex = 0; // FontMapPDU: fontMapPduData pdu.persistentKeyListPduData = ParseTsPersistentListPdu(decryptedUserData, ref userDataIndex); // ETW Provider Dump Message if (pdu.commonHeader.securityHeader != null) { // RDP Standard Security string messageName = "RDPBCGR:" + pdu.GetType().Name; ExtendedLogger.DumpMessage(messageName, RdpbcgrUtility.DumpLevel_Layer3, pdu.GetType().Name, decryptedUserData); } // Check if data length exceeded expectation VerifyDataLength(decryptedUserData.Length, userDataIndex, ConstValue.ERROR_MESSAGE_DATA_LENGTH_EXCEEDED); return pdu; }
/// <summary> /// 2.2.1.17 /// </summary> /// <param name="keyListPdu"></param> public void VerifyPdu(Client_Persistent_Key_List_Pdu keyListPdu) { if (serverConfig.encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_40BIT || serverConfig.encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_56BIT || serverConfig.encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_128BIT) { site.CaptureRequirementIfIsInstanceOfType(keyListPdu.commonHeader.securityHeader, typeof(TS_SECURITY_HEADER1), 785, @"In Client Persistent Key List PDU, securityHeader (variable): The securityHeader is a Non-FIPS Security Header" + @" (section 2.2.8.1.1.2.2) if the Encryption LevelMethod selected by the server (see sections 5.3.2 and 2.2.1.4.3)" + @" is ENCRYPTION_LEVEL_CLIENT_COMPATIBLE (2)METHOD_40BIT (0x00000001), ENCRYPTION_METHOD_56BIT (0x00000008), or " + @"ENCRYPTION_LEVEL_HIGH (3METHOD_128BIT (0x00000002)."); } else if (serverConfig.encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_FIPS) { site.CaptureRequirementIfIsInstanceOfType(keyListPdu.commonHeader.securityHeader, typeof(TS_SECURITY_HEADER2), 786, @"In Client Persistent Key List PDU, securityHeader (variable):The securityHeaderis a FIPS Security Header,if the" + @" Encryption LevelMethod selected by the server is ENCRYPTION_METHOD_FIPS (0x00000010)."); } else if (serverConfig.encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_NONE) { site.CaptureRequirementIfIsNull(keyListPdu.commonHeader.securityHeader, 787, @"In Client Persistent Key List PDU, if Enhanced RDP Security is in effect or the Encryption Method selected by " + @"the server is ENCRYPTION_METHOD_NONE (0), then the securityHeader MUST NOT be included in the Client" + @" Persistent Key List PDU."); } site.CaptureRequirementIfAreEqual<int>(7, (keyListPdu.persistentKeyListPduData.shareDataHeader.shareControlHeader.pduType.typeAndVersionLow & 0xf), 793, @"In Client Persistent Key List PDU, the type subfield of the pduType field of the Share Control Header of Client " + @"Persistent Key List PDU MUST be set to PDUTYPE_DATAPDU (7). "); site.CaptureRequirementIfAreEqual<pduType2_Values>(pduType2_Values.PDUTYPE2_BITMAPCACHE_PERSISTENT_LIST, keyListPdu.persistentKeyListPduData.shareDataHeader.pduType2, 794, @"In Client Persistent Key List PDU, the pduType2 field of the Share Data Header in Client Persistent Key List PDU" + @" MUST be set to PDUTYPE2_BITMAPCACHE_PERSISTENT_LIST (43)."); //2.22.17.1 //CaptureRequirement(keyListPdu.persistentKeyListPduData.numEntriesCache0 == keyListPdu.persistentKeyListPduData. }
/// <summary> /// Create an instance of the class that is identical to the current PDU. /// </summary> /// <returns>The new instance.</returns> public override StackPacket Clone() { Client_Persistent_Key_List_Pdu clonePesistentKeyPdu = new Client_Persistent_Key_List_Pdu(context); clonePesistentKeyPdu.commonHeader = commonHeader.Clone(); if (persistentKeyListPduData != null) { clonePesistentKeyPdu.persistentKeyListPduData = new TS_BITMAPCACHE_PERSISTENT_LIST_PDU(); clonePesistentKeyPdu.persistentKeyListPduData.shareDataHeader = persistentKeyListPduData.shareDataHeader; clonePesistentKeyPdu.persistentKeyListPduData.Pad2 = persistentKeyListPduData.Pad2; clonePesistentKeyPdu.persistentKeyListPduData.Pad3 = persistentKeyListPduData.Pad3; clonePesistentKeyPdu.persistentKeyListPduData.bBitMask = persistentKeyListPduData.bBitMask; clonePesistentKeyPdu.persistentKeyListPduData.numEntriesCache0 = persistentKeyListPduData.numEntriesCache0; clonePesistentKeyPdu.persistentKeyListPduData.numEntriesCache1 = persistentKeyListPduData.numEntriesCache1; clonePesistentKeyPdu.persistentKeyListPduData.numEntriesCache2 = persistentKeyListPduData.numEntriesCache2; clonePesistentKeyPdu.persistentKeyListPduData.numEntriesCache3 = persistentKeyListPduData.numEntriesCache3; clonePesistentKeyPdu.persistentKeyListPduData.numEntriesCache4 = persistentKeyListPduData.numEntriesCache4; clonePesistentKeyPdu.persistentKeyListPduData.totalEntriesCache0 = persistentKeyListPduData.totalEntriesCache0; clonePesistentKeyPdu.persistentKeyListPduData.totalEntriesCache1 = persistentKeyListPduData.totalEntriesCache1; clonePesistentKeyPdu.persistentKeyListPduData.totalEntriesCache2 = persistentKeyListPduData.totalEntriesCache2; clonePesistentKeyPdu.persistentKeyListPduData.totalEntriesCache3 = persistentKeyListPduData.totalEntriesCache3; clonePesistentKeyPdu.persistentKeyListPduData.totalEntriesCache4 = persistentKeyListPduData.totalEntriesCache4; if (persistentKeyListPduData.entries != null) { clonePesistentKeyPdu.persistentKeyListPduData.entries = new List<TS_BITMAPCACHE_PERSISTENT_LIST_ENTRY>(); clonePesistentKeyPdu.persistentKeyListPduData.entries.AddRange(persistentKeyListPduData.entries); } } return clonePesistentKeyPdu; }