MeshCentral-Dokploy/rdp/protocol/pdu/sec.js

/*
 * Copyright (c) 2014-2015 Sylvain Peyrefitte
 *
 * This file is part of node-rdpjs.
 *
 * node-rdpjs is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

var inherits = require('util').inherits;
var crypto = require('crypto');
var events = require('events');
var type = require('../../core').type;
var error = require('../../core').error;
var log = require('../../core').log;
var gcc = require('../t125/gcc');
var lic = require('./lic');
var cert = require('../cert');
var rsa = require('../../security').rsa;

/**
 * @see http://msdn.microsoft.com/en-us/library/cc240579.aspx
 */
var SecurityFlag = {
    SEC_EXCHANGE_PKT : 0x0001,
    SEC_TRANSPORT_REQ : 0x0002,
    RDP_SEC_TRANSPORT_RSP : 0x0004,
    SEC_ENCRYPT : 0x0008,
    SEC_RESET_SEQNO : 0x0010,
    SEC_IGNORE_SEQNO : 0x0020,
    SEC_INFO_PKT : 0x0040,
    SEC_LICENSE_PKT : 0x0080,
    SEC_LICENSE_ENCRYPT_CS : 0x0200,
    SEC_LICENSE_ENCRYPT_SC : 0x0200,
    SEC_REDIRECTION_PKT : 0x0400,
    SEC_SECURE_CHECKSUM : 0x0800,
    SEC_AUTODETECT_REQ : 0x1000,
    SEC_AUTODETECT_RSP : 0x2000,
    SEC_HEARTBEAT : 0x4000,
    SEC_FLAGSHI_VALID : 0x8000
};

/**
 * @see https://msdn.microsoft.com/en-us/library/cc240475.aspx
 */
var InfoFlag = {
    INFO_MOUSE : 0x00000001,
    INFO_DISABLECTRLALTDEL : 0x00000002,
    INFO_AUTOLOGON : 0x00000008,
    INFO_UNICODE : 0x00000010,
    INFO_MAXIMIZESHELL : 0x00000020,
    INFO_LOGONNOTIFY : 0x00000040,
    INFO_COMPRESSION : 0x00000080,
    INFO_ENABLEWINDOWSKEY : 0x00000100,
    INFO_REMOTECONSOLEAUDIO : 0x00002000,
    INFO_FORCE_ENCRYPTED_CS_PDU : 0x00004000,
    INFO_RAIL : 0x00008000,
    INFO_LOGONERRORS : 0x00010000,
    INFO_MOUSE_HAS_WHEEL : 0x00020000,
    INFO_PASSWORD_IS_SC_PIN : 0x00040000,
    INFO_NOAUDIOPLAYBACK : 0x00080000,
    INFO_USING_SAVED_CREDS : 0x00100000,
    INFO_AUDIOCAPTURE : 0x00200000,
    INFO_VIDEO_DISABLE : 0x00400000,
    INFO_CompressionTypeMask : 0x00001E00
};

/**
 * @see https://msdn.microsoft.com/en-us/library/cc240476.aspx
 */
var AfInet = {
    AfInet : 0x00002,
    AF_INET6 : 0x0017
};

/**
 * @see https://msdn.microsoft.com/en-us/library/cc240476.aspx
 */
var PerfFlag = {
    PERF_DISABLE_WALLPAPER : 0x00000001,
    PERF_DISABLE_FULLWINDOWDRAG : 0x00000002,
    PERF_DISABLE_MENUANIMATIONS : 0x00000004,
    PERF_DISABLE_THEMING : 0x00000008,
    PERF_DISABLE_CURSOR_SHADOW : 0x00000020,
    PERF_DISABLE_CURSORSETTINGS : 0x00000040,
    PERF_ENABLE_FONT_SMOOTHING : 0x00000080,
    PERF_ENABLE_DESKTOP_COMPOSITION : 0x00000100
};

/**
 * @see http://msdn.microsoft.com/en-us/library/cc241992.aspx
 * @param input {Buffer} Binary data
 * @param salt {Buffer} salt for context call
 * @param salt1 {Buffer} another salt (ex : client random)
 * @param salt2 {Buffer} another salt (ex : server random)
 * @return {Buffer}
 */
function saltedHash(input, salt, salt1, salt2) {
	var sha1Digest = crypto.createHash('sha1');
	sha1Digest.update(input);
	sha1Digest.update(salt.slice(0, 48));
	sha1Digest.update(salt1);
	sha1Digest.update(salt2);
	
	var sha1Sig = sha1Digest.digest();
	
	var md5Digest = crypto.createHash('md5');
	md5Digest.update(salt.slice(0, 48));
	md5Digest.update(sha1Sig);
	return md5Digest.digest();
}

/**
 * @param key {Buffer} secret
 * @param random1 {Buffer} client random
 * @param random2 {Buffer} server random
 * @returns {Buffer}
 */
function finalHash (key, random1, random2) {
	var md5Digest = crypto.createHash('md5');
	md5Digest.update(key);
	md5Digest.update(random1);
	md5Digest.update(random2);
	return md5Digest.digest();
}

/**
 * @see http://msdn.microsoft.com/en-us/library/cc241992.aspx
 * @param secret {Buffer} secret
 * @param random1 {Buffer} client random
 * @param random2 {Buffer} server random
 * @returns {Buffer}
 */
function masterSecret (secret, random1, random2) {
	var sh1 = saltedHash(Buffer.from('A'), secret, random1, random2);
	var sh2 = saltedHash(Buffer.from('BB'), secret, random1, random2);
	var sh3 = saltedHash(Buffer.from('CCC'), secret, random1, random2);
	
	var ms = Buffer.alloc(sh1.length + sh2.length + sh3.length);
	sh1.copy(ms);
	sh2.copy(ms, sh1.length);
	sh3.copy(ms, sh1.length + sh2.length);
	return ms;
}

/**
 * @see http://msdn.microsoft.com/en-us/library/cc241995.aspx
 * @param macSaltKey {Buffer} key
 * @param data {Buffer} data
 * @returns {Buffer}
 */
function macData(macSaltKey, data) {
	var salt1 = Buffer.alloc(40);
	salt1.fill(0x36);
	
	var salt2 = Buffer.alloc(48);
	salt2.fill(0x5c);

	var dataLength = new type.UInt32Le(data.length).toStream().buffer;
	
	var sha1 = crypto.createHash('sha1');
	sha1.update(macSaltKey);
	sha1.update(salt1);
	sha1.update(dataLength);
	sha1.update(data);
	var sha1Digest = sha1.digest();
	
	var md5 = crypto.createHash('md5');
	md5.update(macSaltKey);
	md5.update(salt2);
	md5.update(sha1Digest);
	
	return md5.digest();
}

/**
 * RDP client informations
 * @param extendedInfoConditional {boolean} true if RDP5+
 * @returns {type.Component}
 */
function rdpInfos(extendedInfoConditional) {
	var self = {
		codePage : new type.UInt32Le(),
        flag : new type.UInt32Le(InfoFlag.INFO_MOUSE | InfoFlag.INFO_UNICODE | InfoFlag.INFO_LOGONNOTIFY | InfoFlag.INFO_LOGONERRORS | InfoFlag.INFO_DISABLECTRLALTDEL | InfoFlag.INFO_ENABLEWINDOWSKEY),
        cbDomain : new type.UInt16Le(function() {
        	return self.domain.size() - 2;
        }),
        cbUserName : new type.UInt16Le(function() {
        	return self.userName.size() - 2;
        }),
        cbPassword : new type.UInt16Le(function() {
        	return self.password.size() - 2;
        }),
        cbAlternateShell : new type.UInt16Le(function() {
        	return self.alternateShell.size() - 2;
        }),
        cbWorkingDir : new type.UInt16Le(function() {
        	return self.workingDir.size() - 2;
        }),
        domain : new type.BinaryString(Buffer.from('\x00', 'ucs2'),{ readLength : new type.CallableValue(function() {
        	return self.cbDomain.value + 2;
        })}),
        userName : new type.BinaryString(Buffer.from('\x00', 'ucs2'), { readLength : new type.CallableValue(function() {
        	return self.cbUserName.value + 2;
        })}),
        password : new type.BinaryString(Buffer.from('\x00', 'ucs2'), { readLength : new type.CallableValue(function () {
        	return self.cbPassword.value + 2;
        })}),
        alternateShell : new type.BinaryString(Buffer.from('\x00', 'ucs2'), { readLength : new type.CallableValue(function() {
        	return self.cbAlternateShell.value + 2;
        })}),
        workingDir : new type.BinaryString(Buffer.from('\x00', 'ucs2'), { readLength : new type.CallableValue(function() {
        	return self.cbWorkingDir.value + 2;
        })}),
        extendedInfo : rdpExtendedInfos({ conditional : extendedInfoConditional })
	};
	
	return new type.Component(self);
}

/**
 * RDP client extended informations present in RDP5+
 * @param opt
 * @returns {type.Component}
 */
function rdpExtendedInfos(opt) {
	var self = {
		clientAddressFamily : new type.UInt16Le(AfInet.AfInet),
	    cbClientAddress : new type.UInt16Le(function() {
        	return self.clientAddress.size();
        }),
	    clientAddress : new type.BinaryString(Buffer.from('\x00', 'ucs2'),{ readLength : new type.CallableValue(function() {
	    	return self.cbClientAddress;
	    }) }),
	    cbClientDir : new type.UInt16Le(function() {
        	return self.clientDir.size();
        }),
	    clientDir : new type.BinaryString(Buffer.from('\x00', 'ucs2'), { readLength : new type.CallableValue(function() {
	    	return self.cbClientDir;
	    }) }),
	    clientTimeZone : new type.BinaryString(Buffer.from(Array(172 + 1).join("\x00"))),
	    clientSessionId : new type.UInt32Le(),
	    performanceFlags : new type.UInt32Le()
	};
	return new type.Component(self, opt);
}

/**
 * Header of security header
 * @returns {type.Component}
 */
function securityHeader() {
	var self = {
		securityFlag : new type.UInt16Le(),
		securityFlagHi : new type.UInt16Le()
	};
	
	return new type.Component(self);
}

/**
 * Security layer
 * @param transport {events.EventEmitter}
 */
function Sec(transport, fastPathTransport) {
	this.transport = transport;
	this.fastPathTransport = fastPathTransport;
	// init at connect event from transport layer
	this.gccClient = null;
	this.gccServer = null;
	var self = this;
	this.infos = rdpInfos(function() {
		return self.gccClient.core.rdpVersion.value === gcc.VERSION.RDP_VERSION_5_PLUS;
	});
	this.machineName = '';
	
	
	// basic encryption
	this.enableEncryption = false;
	
	if (this.fastPathTransport) {
		this.fastPathTransport.on('fastPathData', function (secFlag, s) {
			self.recvFastPath(secFlag, s);
		});
	}
};

//inherit from Layer
inherits(Sec, events.EventEmitter);

/**
 * Send message with security header
 * @param flag {integer} security flag
 * @param data {type.*} message
 */
Sec.prototype.sendFlagged = function(flag, data) {
    this.transport.send('global', new type.Component([
	    new type.UInt16Le(flag), 
	    new type.UInt16Le(), 
	    data
	]));
};

/**
 * Main send function
 * @param message {type.*} message to send
 */
Sec.prototype.send = function(message) {
	if (this.enableEncryption) {
		throw new error.FatalError('NODE_RDP_PROTOCOL_PDU_SEC_ENCRYPT_NOT_IMPLEMENTED');
	}
	this.transport.send('global', message);
};

/**
 * Main receive function
 * @param s {type.Stream}
 */
Sec.prototype.recv = function(s) {
	if (this.enableEncryption) {
		throw new error.FatalError('NODE_RDP_PROTOCOL_PDU_SEC_ENCRYPT_NOT_IMPLEMENTED');
	}
	// not support yet basic RDP security layer
	this.emit('data', s);
};

/**
 * Receive fast path data
 * @param secFlag {integer} security flag
 * @param s {type.Stream}
 */
Sec.prototype.recvFastPath = function (secFlag, s) {
	// transparent because basic RDP security layer not implemented
	this.emit('fastPathData', secFlag, s);
};

/**
 * Client security layer
 * @param transport {events.EventEmitter}
 */
function Client(transport, fastPathTransport) {
	Sec.call(this, transport, fastPathTransport);
	// for basic RDP layer (in futur)
	this.enableSecureCheckSum = false;
	var self = this;
	this.transport.on('connect', function(gccClient, gccServer, userId, channels) {
		self.connect(gccClient, gccServer, userId, channels);
	}).on('close', function() {
		self.emit('close');
	}).on('error', function (err) {
		self.emit('error', err);
	});
};

//inherit from Layer
inherits(Client, Sec);

/**
 * Connect event
 */
Client.prototype.connect = function(gccClient, gccServer, userId, channels) {
	//init gcc information
	this.gccClient = gccClient;
	this.gccServer = gccServer;
	this.userId = userId;
	this.channelId = channels.find(function(e) {
		if(e.name === 'global') return true;
	}).id;
	this.sendInfoPkt();
};

/**
 * close stack
 */
Client.prototype.close = function() {
	this.transport.close();
};

/**
 * Send main information packet
 * VIP (very important packet) because contain credentials
 */
Client.prototype.sendInfoPkt = function() {
	this.sendFlagged(SecurityFlag.SEC_INFO_PKT, this.infos);
	var self = this;
	this.transport.once('global', function(s) {
		self.recvLicense(s);
	});
};

function reverse(buffer) {
	var result = Buffer.alloc(buffer.length);
	for(var i = 0; i < buffer.length; i++) {
		result.writeUInt8(buffer.readUInt8(buffer.length - 1 - i), i);
	}
	return result;
}

/**
 * Send a valid license request
 * @param licenseRequest {object(lic.serverLicenseRequest)} license requets infos
 */
Client.prototype.sendClientNewLicenseRequest = function(licenseRequest) {
	log.debug('new license request');
	var serverRandom = licenseRequest.serverRandom.value;
	
	// read server certificate
	var s = new type.Stream(licenseRequest.serverCertificate.obj.blobData.value);
	var certificate = cert.certificate().read(s).obj;
	var publicKey = certificate.certData.obj.getPublicKey();
	
	var clientRandom = crypto.randomBytes(32);
	var preMasterSecret = crypto.randomBytes(48);
	var mSecret = masterSecret(preMasterSecret, clientRandom, serverRandom);
	var sessionKeyBlob = masterSecret(mSecret, serverRandom, clientRandom);
	
	this.licenseMacSalt = sessionKeyBlob.slice(0, 16)
	this.licenseKey = finalHash(sessionKeyBlob.slice(16, 32), clientRandom, serverRandom);
	
	var request = lic.clientNewLicenseRequest();
	request.obj.clientRandom.value = clientRandom;
	
	var preMasterSecretEncrypted = reverse(rsa.encrypt(reverse(preMasterSecret), publicKey));
	var preMasterSecretEncryptedPadded = Buffer.alloc(preMasterSecretEncrypted.length + 8);
	preMasterSecretEncryptedPadded.fill(0);
	preMasterSecretEncrypted.copy(preMasterSecretEncryptedPadded);
	request.obj.encryptedPreMasterSecret.obj.blobData.value = preMasterSecretEncryptedPadded;
	
	request.obj.ClientMachineName.obj.blobData.value = this.infos.obj.userName.value;
	request.obj.ClientUserName.obj.blobData.value = Buffer.from(this.machineName + '\x00');
	
	this.sendFlagged(SecurityFlag.SEC_LICENSE_PKT, lic.licensePacket(request));
};

/**
 * Send a valid license request
 * @param platformChallenge {object(lic.serverPlatformChallenge)} platform challenge
 */
Client.prototype.sendClientChallengeResponse = function(platformChallenge) {
	log.debug('challenge license');
	var serverEncryptedChallenge = platformChallenge.encryptedPlatformChallenge.obj.blobData.value;
	var serverChallenge = crypto.createDecipheriv('rc4', this.licenseKey, '').update(serverEncryptedChallenge);
	if (serverChallenge.toString('ucs2') !== 'TEST\x00') {
		throw new error.ProtocolError('NODE_RDP_PROTOCOL_PDU_SEC_INVALID_LICENSE_CHALLENGE');
	}
	
	var hwid = new type.Component([new type.UInt32Le(2), new type.BinaryString(crypto.randomBytes(16))]).toStream().buffer;
	
	var response = lic.clientPLatformChallengeResponse();
	response.obj.encryptedPlatformChallengeResponse.obj.blobData.value = serverEncryptedChallenge;
	response.obj.encryptedHWID.obj.blobData.value = crypto.createCipheriv('rc4', this.licenseKey, '').update(hwid);
	
	var sig = Buffer.alloc(serverChallenge.length + hwid.length);
	serverChallenge.copy(sig);
	hwid.copy(sig, serverChallenge.length);
	response.obj.MACData.value = macData(this.licenseMacSalt, sig);
	
	this.sendFlagged(SecurityFlag.SEC_LICENSE_PKT, lic.licensePacket(response));
};

/**
 * Receive license informations
 * @param s {type.Stream}
 */
Sec.prototype.recvLicense = function(s) {
    var header = securityHeader().read(s).obj;
    if (!(header.securityFlag.value & SecurityFlag.SEC_LICENSE_PKT)) {
    	throw new error.ProtocolError('NODE_RDP_PROTOCOL_PDU_SEC_BAD_LICENSE_HEADER');
    }
    
    var message = lic.licensePacket().read(s).obj;
    // i'm accepted
    if (message.bMsgtype.value === lic.MessageType.NEW_LICENSE || 
    		(message.bMsgtype.value === lic.MessageType.ERROR_ALERT
    		&& message.licensingMessage.obj.dwErrorCode.value === lic.ErrorCode.STATUS_VALID_CLIENT
    		&& message.licensingMessage.obj.dwStateTransition.value === lic.StateTransition.ST_NO_TRANSITION)) {
    	this.emit('connect', this.gccClient.core, this.userId, this.channelId);
    	var self = this;
    	this.transport.on('global', function(s) {
    		self.recv(s);
    	});
    	return;
    }
    
    // server ask license request
    if (message.bMsgtype.value === lic.MessageType.LICENSE_REQUEST) {
    	this.sendClientNewLicenseRequest(message.licensingMessage.obj);
    }
    
    // server send challenge
    if (message.bMsgtype.value === lic.MessageType.PLATFORM_CHALLENGE) {
    	this.sendClientChallengeResponse(message.licensingMessage.obj);
    }
    
    var self = this;
    this.emit('connect', this.gccClient.core);
    this.transport.once('global', function (s) {
		self.recvLicense(s);
	});
};

/**
 * Module exports
 */
module.exports = {
		PerfFlag : PerfFlag,
		InfoFlag : InfoFlag,
		Client : Client
};