/// <summary> /// Decode Synchronize PDU /// </summary> /// <param name="data">data to be parsed</param> /// <param name="decryptedUserData">decrypted user data to be parsed</param> /// <param name="type">security header type</param> /// <returns>decoded Synchronize PDU</returns> public StackPacket DecodeSynchronizePDU( byte[] data, byte[] decryptedUserData, SecurityHeaderType type) { Client_Synchronize_Pdu pdu = new Client_Synchronize_Pdu(); // data index int dataIndex = 0; // SynchronizePDU: commonHeader pdu.commonHeader = ParseMcsCommonHeader(data, ref dataIndex, type); // user data index int userDataIndex = 0; // SynchronizePDU: synchronizePduData pdu.synchronizePduData = ParseTsSynchronizePdu(decryptedUserData, ref userDataIndex); // ETW Provider Dump Message if (pdu.commonHeader.securityHeader != null) { // RDP Standard Security string messageName = "RDPBCGR:" + pdu.GetType().Name; ExtendedLogger.DumpMessage(messageName, RdpbcgrUtility.DumpLevel_Layer3, pdu.GetType().Name, decryptedUserData); } // Check if data length exceeded expectation VerifyDataLength(decryptedUserData.Length, userDataIndex, ConstValue.ERROR_MESSAGE_DATA_LENGTH_EXCEEDED); return pdu; }
/// <summary> /// 2.2.1.14 /// </summary> /// <param name="clientSyncPdu"></param> public void VerifyPdu(Client_Synchronize_Pdu clientSyncPdu) { if (serverConfig.encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_40BIT || serverConfig.encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_56BIT || serverConfig.encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_128BIT) { site.CaptureRequirementIfIsInstanceOfType(clientSyncPdu.commonHeader.securityHeader, typeof(TS_SECURITY_HEADER1), 730, @"In Client Synchronize PDU, securityHeader (variable): The securityHeader in Server" + @" Demand Active PDU is a Non-FIPS Security Header (section 2.2.8.1.1.2.2) if the " + @"Encryption LevelMethod selected by the server (see sections 5.3.2 and 2.2.1.4.3) is" + @" ENCRYPTION_METHOD_40BIT (0x00000001), ENCRYPTION_METHOD_56BIT (0x00000008), " + @"ENCRYPTIONMETHOD_128BIT (0x00000002)"); } else if (serverConfig.encryptionMethod == EncryptionMethods.ENCRYPTION_METHOD_FIPS) { site.CaptureRequirementIfIsInstanceOfType(clientSyncPdu.commonHeader.securityHeader, typeof(TS_SECURITY_HEADER2), 731, @"In Client Synchronize PDU, securityHeader (variable):The securityHeader in Server Demand" + @" Active PDU is a FIPS Security Header,if the Encryption LevelMethod selected by the server" + @" is ENCRYPTION_METHOD_FIPS (0x00000010)."); } site.CaptureRequirementIfAreEqual<int>(7, (clientSyncPdu.synchronizePduData.shareDataHeader.shareControlHeader.pduType.typeAndVersionLow & 0xf), 736, @"In TS_SYNCHONIZE_PDU the type subfield of the pduType field of the Share Control Header " + @"MUST be set to PDUTYPE_DATAPDU (7)."); site.CaptureRequirementIfAreEqual<pduType2_Values>(pduType2_Values.PDUTYPE2_SYNCHRONIZE, clientSyncPdu.synchronizePduData.shareDataHeader.pduType2, 737, @"In TS_SYNCHONIZE_PDU the type subfield of the pduType2 field of the Share Data Header MUST" + @" be set to PDUTYPE2_SYNCHRONIZE (31)."); site.CaptureRequirementIfAreEqual<messageType_Values>(messageType_Values.V1, clientSyncPdu.synchronizePduData.messageType, 739, @"In TS_SYNCHONIZE_PDU, the messageType field MUST be set to SYNCMSGTYPE_SYNC (1)."); }
/// <summary> /// Create an instance of the class that is identical to the current PDU. /// </summary> /// <returns>The new instance.</returns> public override StackPacket Clone() { Client_Synchronize_Pdu cloneSychronizePdu = new Client_Synchronize_Pdu(context); cloneSychronizePdu.commonHeader = commonHeader.Clone(); cloneSychronizePdu.synchronizePduData = synchronizePduData; return cloneSychronizePdu; }