private ServerDecrypt ( byte originalData, byte dataSignature, bool isSalted, byte &decryptedData ) : bool | ||
originalData | byte | Data to be decrypted. This argument can be null. |
dataSignature | byte | The data signature to be validated. This argument can be null. |
isSalted | bool | Specify if data signature generated with salted MAC. |
decryptedData | byte | The decrypted data. |
Результат | bool |
/// <summary> /// Decrypt Send Data Request /// </summary> /// <param name="userData">user data</param> /// <param name="securityHeaderType">security header type</param> /// <returns>decrypted user data</returns> private byte[] DecryptSendDataRequest(RdpbcgrServerSessionContext serverSessionContext, byte[] userData, SecurityHeaderType securityHeaderType) { // Parse security header int index = 0; TS_SECURITY_HEADER header = ParseTsSecurityHeader(userData, ref index, securityHeaderType); // If header is absent, data is not encrypted, return directly if (null == header) { return userData; } // Get remain data with security header removed int remainLength = userData.Length - index; byte[] remainData = GetBytes(userData, ref index, remainLength); // Header is present, but still data is not encrypted, return directly bool isEncryptFlagExist = IsFlagExist((UInt16)header.flags, (UInt16)TS_SECURITY_HEADER_flags_Values.SEC_ENCRYPT); bool isRedirectFlagExist = IsFlagExist((UInt16)header.flags, (UInt16)TS_SECURITY_HEADER_flags_Values.SEC_REDIRECTION_PKT); if ((!isEncryptFlagExist) && (!isRedirectFlagExist)) { return remainData; } // Get data signature (Fips/NonFips only) byte[] signature = null; switch (securityHeaderType) { case SecurityHeaderType.NonFips: TS_SECURITY_HEADER1 nonFipsHeader = (TS_SECURITY_HEADER1)header; signature = nonFipsHeader.dataSignature; break; case SecurityHeaderType.Fips: TS_SECURITY_HEADER2 fipsHeader = (TS_SECURITY_HEADER2)header; signature = fipsHeader.dataSignature; break; case SecurityHeaderType.None: signature = null; break; case SecurityHeaderType.Basic: signature = null; break; default: throw new FormatException(ConstValue.ERROR_MESSAGE_ENUM_UNRECOGNIZED); } // Check if "Salted MAC Generation" was used in PDU generation bool isSalted = IsFlagExist((UInt16)header.flags, (UInt16)TS_SECURITY_HEADER_flags_Values.SEC_SECURE_CHECKSUM); // Decryption byte[] decryptedData = null; if (!serverSessionContext.ServerDecrypt(remainData, signature, isSalted, out decryptedData)) { // If decryption failed throw new FormatException(ConstValue.ERROR_MESSAGE_DECRYPTION_FAILED); } return decryptedData; }
/// <summary> /// Decrypt Fast-path Update Data /// </summary> /// <param name="remainData">data to be decrypted</param> /// <param name="signatureData">signature data</param> /// <param name="isSalted">if the MAC signature was created by "salted MAC generation"</param> /// <returns>decrypted Fast-path Update Data</returns> private byte[] DecryptFastPathInputData(RdpbcgrServerSessionContext serverSessionContext, byte[] remainData, byte[] signatureData, bool isSalted) { if (null == signatureData) { // No need to decrypt, return directly return remainData; } else { // Decryption byte[] decryptedData = null; if (!serverSessionContext.ServerDecrypt(remainData, signatureData, isSalted, out decryptedData)) { // Decryptioin failed throw new FormatException(ConstValue.ERROR_MESSAGE_DECRYPTION_FAILED); } return decryptedData; } }