/src/FreeRDP/libfreerdp/core/fastpath.c
Line | Count | Source (jump to first uncovered line) |
1 | | /** |
2 | | * FreeRDP: A Remote Desktop Protocol Implementation |
3 | | * Fast Path |
4 | | * |
5 | | * Copyright 2011 Vic Lee |
6 | | * Copyright 2014 Norbert Federa <norbert.federa@thincast.com> |
7 | | * Copyright 2017 Armin Novak <armin.novak@thincast.com> |
8 | | * Copyright 2017 Thincast Technologies GmbH |
9 | | * |
10 | | * Licensed under the Apache License, Version 2.0 (the "License"); |
11 | | * you may not use this file except in compliance with the License. |
12 | | * You may obtain a copy of the License at |
13 | | * |
14 | | * http://www.apache.org/licenses/LICENSE-2.0 |
15 | | * |
16 | | * Unless required by applicable law or agreed to in writing, software |
17 | | * distributed under the License is distributed on an "AS IS" BASIS, |
18 | | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
19 | | * See the License for the specific language governing permissions and |
20 | | * limitations under the License. |
21 | | */ |
22 | | |
23 | | #include <freerdp/config.h> |
24 | | |
25 | | #include "settings.h" |
26 | | |
27 | | #include <stdio.h> |
28 | | #include <stdlib.h> |
29 | | #include <string.h> |
30 | | |
31 | | #include <winpr/crt.h> |
32 | | #include <winpr/assert.h> |
33 | | #include <winpr/stream.h> |
34 | | |
35 | | #include <freerdp/api.h> |
36 | | #include <freerdp/log.h> |
37 | | #include <freerdp/crypto/per.h> |
38 | | |
39 | | #include "orders.h" |
40 | | #include "update.h" |
41 | | #include "surface.h" |
42 | | #include "fastpath.h" |
43 | | #include "rdp.h" |
44 | | |
45 | | #include "../cache/pointer.h" |
46 | | #include "../cache/palette.h" |
47 | | #include "../cache/bitmap.h" |
48 | | |
49 | | #define TAG FREERDP_TAG("core.fastpath") |
50 | | |
51 | | enum FASTPATH_INPUT_ENCRYPTION_FLAGS |
52 | | { |
53 | | FASTPATH_INPUT_SECURE_CHECKSUM = 0x1, |
54 | | FASTPATH_INPUT_ENCRYPTED = 0x2 |
55 | | }; |
56 | | |
57 | | enum FASTPATH_OUTPUT_ENCRYPTION_FLAGS |
58 | | { |
59 | | FASTPATH_OUTPUT_SECURE_CHECKSUM = 0x1, |
60 | | FASTPATH_OUTPUT_ENCRYPTED = 0x2 |
61 | | }; |
62 | | |
63 | | struct rdp_fastpath |
64 | | { |
65 | | rdpRdp* rdp; |
66 | | wStream* fs; |
67 | | BYTE encryptionFlags; |
68 | | BYTE numberEvents; |
69 | | wStream* updateData; |
70 | | int fragmentation; |
71 | | }; |
72 | | |
73 | | /** |
74 | | * Fast-Path packet format is defined in [MS-RDPBCGR] 2.2.9.1.2, which revises |
75 | | * server output packets from the first byte with the goal of improving |
76 | | * bandwidth. |
77 | | * |
78 | | * Slow-Path packet always starts with TPKT header, which has the first |
79 | | * byte 0x03, while Fast-Path packet starts with 2 zero bits in the first |
80 | | * two less significant bits of the first byte. |
81 | | */ |
82 | | |
83 | | static const char* const FASTPATH_UPDATETYPE_STRINGS[] = { |
84 | | "Orders", /* 0x0 */ |
85 | | "Bitmap", /* 0x1 */ |
86 | | "Palette", /* 0x2 */ |
87 | | "Synchronize", /* 0x3 */ |
88 | | "Surface Commands", /* 0x4 */ |
89 | | "System Pointer Hidden", /* 0x5 */ |
90 | | "System Pointer Default", /* 0x6 */ |
91 | | "???", /* 0x7 */ |
92 | | "Pointer Position", /* 0x8 */ |
93 | | "Color Pointer", /* 0x9 */ |
94 | | "Cached Pointer", /* 0xA */ |
95 | | "New Pointer", /* 0xB */ |
96 | | }; |
97 | | |
98 | | static const char* fastpath_update_to_string(UINT8 update) |
99 | 0 | { |
100 | 0 | if (update >= ARRAYSIZE(FASTPATH_UPDATETYPE_STRINGS)) |
101 | 0 | return "UNKNOWN"; |
102 | | |
103 | 0 | return FASTPATH_UPDATETYPE_STRINGS[update]; |
104 | 0 | } |
105 | | |
106 | | static BOOL fastpath_read_update_header(wStream* s, BYTE* updateCode, BYTE* fragmentation, |
107 | | BYTE* compression) |
108 | 0 | { |
109 | 0 | BYTE updateHeader = 0; |
110 | |
|
111 | 0 | if (!s || !updateCode || !fragmentation || !compression) |
112 | 0 | return FALSE; |
113 | | |
114 | 0 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 1)) |
115 | 0 | return FALSE; |
116 | | |
117 | 0 | Stream_Read_UINT8(s, updateHeader); |
118 | 0 | *updateCode = updateHeader & 0x0F; |
119 | 0 | *fragmentation = (updateHeader >> 4) & 0x03; |
120 | 0 | *compression = (updateHeader >> 6) & 0x03; |
121 | 0 | return TRUE; |
122 | 0 | } |
123 | | |
124 | | static BOOL fastpath_write_update_header(wStream* s, const FASTPATH_UPDATE_HEADER* fpUpdateHeader) |
125 | 0 | { |
126 | 0 | BYTE updateHeader = 0; |
127 | 0 | WINPR_ASSERT(fpUpdateHeader); |
128 | | |
129 | 0 | updateHeader |= fpUpdateHeader->updateCode & 0x0F; |
130 | 0 | updateHeader |= (fpUpdateHeader->fragmentation & 0x03) << 4; |
131 | 0 | updateHeader |= (fpUpdateHeader->compression & 0x03) << 6; |
132 | |
|
133 | 0 | if (!Stream_CheckAndLogRequiredCapacity(TAG, s, 1)) |
134 | 0 | return FALSE; |
135 | 0 | Stream_Write_UINT8(s, updateHeader); |
136 | | |
137 | 0 | if (fpUpdateHeader->compression) |
138 | 0 | { |
139 | 0 | if (!Stream_CheckAndLogRequiredCapacity(TAG, s, 1)) |
140 | 0 | return FALSE; |
141 | | |
142 | 0 | Stream_Write_UINT8(s, fpUpdateHeader->compressionFlags); |
143 | 0 | } |
144 | | |
145 | 0 | if (!Stream_CheckAndLogRequiredCapacity(TAG, s, 2)) |
146 | 0 | return FALSE; |
147 | | |
148 | 0 | Stream_Write_UINT16(s, fpUpdateHeader->size); |
149 | 0 | return TRUE; |
150 | 0 | } |
151 | | |
152 | | static UINT32 fastpath_get_update_header_size(FASTPATH_UPDATE_HEADER* fpUpdateHeader) |
153 | 0 | { |
154 | 0 | WINPR_ASSERT(fpUpdateHeader); |
155 | 0 | return (fpUpdateHeader->compression) ? 4 : 3; |
156 | 0 | } |
157 | | |
158 | | static BOOL fastpath_write_update_pdu_header(wStream* s, |
159 | | const FASTPATH_UPDATE_PDU_HEADER* fpUpdatePduHeader, |
160 | | rdpRdp* rdp) |
161 | 0 | { |
162 | 0 | BYTE fpOutputHeader = 0; |
163 | 0 | WINPR_ASSERT(fpUpdatePduHeader); |
164 | 0 | WINPR_ASSERT(rdp); |
165 | | |
166 | 0 | if (!Stream_CheckAndLogRequiredCapacity(TAG, s, 3)) |
167 | 0 | return FALSE; |
168 | | |
169 | 0 | fpOutputHeader |= (fpUpdatePduHeader->action & 0x03); |
170 | 0 | fpOutputHeader |= (fpUpdatePduHeader->secFlags & 0x03) << 6; |
171 | 0 | Stream_Write_UINT8(s, fpOutputHeader); /* fpOutputHeader (1 byte) */ |
172 | 0 | Stream_Write_UINT8(s, 0x80 | (fpUpdatePduHeader->length >> 8)); /* length1 */ |
173 | 0 | Stream_Write_UINT8(s, fpUpdatePduHeader->length & 0xFF); /* length2 */ |
174 | | |
175 | 0 | if (fpUpdatePduHeader->secFlags) |
176 | 0 | { |
177 | 0 | WINPR_ASSERT(rdp->settings); |
178 | 0 | if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS) |
179 | 0 | { |
180 | 0 | if (!Stream_CheckAndLogRequiredCapacity(TAG, s, 4)) |
181 | 0 | return FALSE; |
182 | | |
183 | 0 | Stream_Write(s, fpUpdatePduHeader->fipsInformation, 4); |
184 | 0 | } |
185 | | |
186 | 0 | if (!Stream_CheckAndLogRequiredCapacity(TAG, s, 8)) |
187 | 0 | return FALSE; |
188 | | |
189 | 0 | Stream_Write(s, fpUpdatePduHeader->dataSignature, 8); |
190 | 0 | } |
191 | | |
192 | 0 | return TRUE; |
193 | 0 | } |
194 | | |
195 | | static UINT32 fastpath_get_update_pdu_header_size(FASTPATH_UPDATE_PDU_HEADER* fpUpdatePduHeader, |
196 | | rdpRdp* rdp) |
197 | 0 | { |
198 | 0 | UINT32 size = 3; /* fpUpdatePduHeader + length1 + length2 */ |
199 | |
|
200 | 0 | if (!fpUpdatePduHeader || !rdp) |
201 | 0 | return 0; |
202 | | |
203 | 0 | if (fpUpdatePduHeader->secFlags) |
204 | 0 | { |
205 | 0 | size += 8; /* dataSignature */ |
206 | |
|
207 | 0 | WINPR_ASSERT(rdp->settings); |
208 | 0 | if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS) |
209 | 0 | size += 4; /* fipsInformation */ |
210 | 0 | } |
211 | | |
212 | 0 | return size; |
213 | 0 | } |
214 | | |
215 | | BOOL fastpath_read_header_rdp(rdpFastPath* fastpath, wStream* s, UINT16* length) |
216 | 0 | { |
217 | 0 | BYTE header = 0; |
218 | |
|
219 | 0 | if (!s || !length) |
220 | 0 | return FALSE; |
221 | | |
222 | 0 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 1)) |
223 | 0 | return FALSE; |
224 | | |
225 | 0 | Stream_Read_UINT8(s, header); |
226 | |
|
227 | 0 | if (fastpath) |
228 | 0 | { |
229 | 0 | fastpath->encryptionFlags = (header & 0xC0) >> 6; |
230 | 0 | fastpath->numberEvents = (header & 0x3C) >> 2; |
231 | 0 | } |
232 | |
|
233 | 0 | if (!per_read_length(s, length)) |
234 | 0 | return FALSE; |
235 | | |
236 | 0 | const size_t pos = Stream_GetPosition(s); |
237 | 0 | if (pos > *length) |
238 | 0 | return FALSE; |
239 | | |
240 | 0 | *length = *length - (UINT16)pos; |
241 | 0 | return TRUE; |
242 | 0 | } |
243 | | |
244 | | static BOOL fastpath_recv_orders(rdpFastPath* fastpath, wStream* s) |
245 | 0 | { |
246 | 0 | rdpUpdate* update = NULL; |
247 | 0 | UINT16 numberOrders = 0; |
248 | |
|
249 | 0 | if (!fastpath || !fastpath->rdp || !s) |
250 | 0 | { |
251 | 0 | WLog_ERR(TAG, "Invalid arguments"); |
252 | 0 | return FALSE; |
253 | 0 | } |
254 | | |
255 | 0 | update = fastpath->rdp->update; |
256 | |
|
257 | 0 | if (!update) |
258 | 0 | { |
259 | 0 | WLog_ERR(TAG, "Invalid configuration"); |
260 | 0 | return FALSE; |
261 | 0 | } |
262 | | |
263 | 0 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 2)) |
264 | 0 | return FALSE; |
265 | | |
266 | 0 | Stream_Read_UINT16(s, numberOrders); /* numberOrders (2 bytes) */ |
267 | |
|
268 | 0 | while (numberOrders > 0) |
269 | 0 | { |
270 | 0 | if (!update_recv_order(update, s)) |
271 | 0 | return FALSE; |
272 | | |
273 | 0 | numberOrders--; |
274 | 0 | } |
275 | | |
276 | 0 | return TRUE; |
277 | 0 | } |
278 | | |
279 | | static BOOL fastpath_recv_update_common(rdpFastPath* fastpath, wStream* s) |
280 | 0 | { |
281 | 0 | BOOL rc = FALSE; |
282 | 0 | UINT16 updateType = 0; |
283 | 0 | rdpUpdate* update = NULL; |
284 | 0 | rdpContext* context = NULL; |
285 | 0 | BOOL defaultReturn = 0; |
286 | |
|
287 | 0 | if (!fastpath || !s || !fastpath->rdp) |
288 | 0 | return FALSE; |
289 | | |
290 | 0 | update = fastpath->rdp->update; |
291 | |
|
292 | 0 | if (!update || !update->context) |
293 | 0 | return FALSE; |
294 | | |
295 | 0 | context = update->context; |
296 | |
|
297 | 0 | defaultReturn = freerdp_settings_get_bool(context->settings, FreeRDP_DeactivateClientDecoding); |
298 | |
|
299 | 0 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 2)) |
300 | 0 | return FALSE; |
301 | | |
302 | 0 | Stream_Read_UINT16(s, updateType); /* updateType (2 bytes) */ |
303 | 0 | switch (updateType) |
304 | 0 | { |
305 | 0 | case UPDATE_TYPE_BITMAP: |
306 | 0 | { |
307 | 0 | BITMAP_UPDATE* bitmap_update = update_read_bitmap_update(update, s); |
308 | |
|
309 | 0 | if (!bitmap_update) |
310 | 0 | return FALSE; |
311 | | |
312 | 0 | rc = IFCALLRESULT(defaultReturn, update->BitmapUpdate, context, bitmap_update); |
313 | 0 | free_bitmap_update(context, bitmap_update); |
314 | 0 | } |
315 | 0 | break; |
316 | | |
317 | 0 | case UPDATE_TYPE_PALETTE: |
318 | 0 | { |
319 | 0 | PALETTE_UPDATE* palette_update = update_read_palette(update, s); |
320 | |
|
321 | 0 | if (!palette_update) |
322 | 0 | return FALSE; |
323 | | |
324 | 0 | rc = IFCALLRESULT(defaultReturn, update->Palette, context, palette_update); |
325 | 0 | free_palette_update(context, palette_update); |
326 | 0 | } |
327 | 0 | break; |
328 | | |
329 | 0 | default: |
330 | 0 | break; |
331 | 0 | } |
332 | | |
333 | 0 | return rc; |
334 | 0 | } |
335 | | |
336 | | static BOOL fastpath_recv_update_synchronize(WINPR_ATTR_UNUSED rdpFastPath* fastpath, wStream* s) |
337 | 0 | { |
338 | | /* server 2008 can send invalid synchronize packet with missing padding, |
339 | | so don't return FALSE even if the packet is invalid */ |
340 | 0 | WINPR_ASSERT(fastpath); |
341 | 0 | WINPR_ASSERT(s); |
342 | | |
343 | 0 | const size_t len = Stream_GetRemainingLength(s); |
344 | 0 | const size_t skip = MIN(2, len); |
345 | 0 | return Stream_SafeSeek(s, skip); /* size (2 bytes), MUST be set to zero */ |
346 | 0 | } |
347 | | |
348 | | static int fastpath_recv_update(rdpFastPath* fastpath, BYTE updateCode, wStream* s) |
349 | 0 | { |
350 | 0 | BOOL rc = FALSE; |
351 | 0 | int status = 0; |
352 | |
|
353 | 0 | if (!fastpath || !fastpath->rdp || !s) |
354 | 0 | return -1; |
355 | | |
356 | 0 | Stream_SealLength(s); |
357 | 0 | Stream_SetPosition(s, 0); |
358 | |
|
359 | 0 | rdpUpdate* update = fastpath->rdp->update; |
360 | |
|
361 | 0 | if (!update || !update->pointer || !update->context) |
362 | 0 | return -1; |
363 | | |
364 | 0 | rdpContext* context = update->context; |
365 | 0 | WINPR_ASSERT(context); |
366 | | |
367 | 0 | rdpPointerUpdate* pointer = update->pointer; |
368 | 0 | WINPR_ASSERT(pointer); |
369 | | |
370 | | #ifdef WITH_DEBUG_RDP |
371 | | DEBUG_RDP(fastpath->rdp, "recv Fast-Path %s Update (0x%02" PRIX8 "), length:%" PRIuz "", |
372 | | fastpath_update_to_string(updateCode), updateCode, Stream_GetRemainingLength(s)); |
373 | | #endif |
374 | | |
375 | 0 | const BOOL defaultReturn = |
376 | 0 | freerdp_settings_get_bool(context->settings, FreeRDP_DeactivateClientDecoding); |
377 | 0 | switch (updateCode) |
378 | 0 | { |
379 | 0 | case FASTPATH_UPDATETYPE_ORDERS: |
380 | 0 | rc = fastpath_recv_orders(fastpath, s); |
381 | 0 | break; |
382 | | |
383 | 0 | case FASTPATH_UPDATETYPE_BITMAP: |
384 | 0 | case FASTPATH_UPDATETYPE_PALETTE: |
385 | 0 | rc = fastpath_recv_update_common(fastpath, s); |
386 | 0 | break; |
387 | | |
388 | 0 | case FASTPATH_UPDATETYPE_SYNCHRONIZE: |
389 | 0 | if (!fastpath_recv_update_synchronize(fastpath, s)) |
390 | 0 | WLog_ERR(TAG, "fastpath_recv_update_synchronize failure but we continue"); |
391 | 0 | else |
392 | 0 | rc = IFCALLRESULT(TRUE, update->Synchronize, context); |
393 | |
|
394 | 0 | break; |
395 | | |
396 | 0 | case FASTPATH_UPDATETYPE_SURFCMDS: |
397 | 0 | status = update_recv_surfcmds(update, s); |
398 | 0 | rc = (status < 0) ? FALSE : TRUE; |
399 | 0 | break; |
400 | | |
401 | 0 | case FASTPATH_UPDATETYPE_PTR_NULL: |
402 | 0 | { |
403 | 0 | POINTER_SYSTEM_UPDATE pointer_system = { 0 }; |
404 | 0 | pointer_system.type = SYSPTR_NULL; |
405 | 0 | rc = IFCALLRESULT(defaultReturn, pointer->PointerSystem, context, &pointer_system); |
406 | 0 | } |
407 | 0 | break; |
408 | | |
409 | 0 | case FASTPATH_UPDATETYPE_PTR_DEFAULT: |
410 | 0 | { |
411 | 0 | POINTER_SYSTEM_UPDATE pointer_system = { 0 }; |
412 | 0 | pointer_system.type = SYSPTR_DEFAULT; |
413 | 0 | rc = IFCALLRESULT(defaultReturn, pointer->PointerSystem, context, &pointer_system); |
414 | 0 | } |
415 | 0 | break; |
416 | | |
417 | 0 | case FASTPATH_UPDATETYPE_PTR_POSITION: |
418 | 0 | { |
419 | 0 | POINTER_POSITION_UPDATE* pointer_position = update_read_pointer_position(update, s); |
420 | |
|
421 | 0 | if (pointer_position) |
422 | 0 | { |
423 | 0 | rc = IFCALLRESULT(defaultReturn, pointer->PointerPosition, context, |
424 | 0 | pointer_position); |
425 | 0 | free_pointer_position_update(context, pointer_position); |
426 | 0 | } |
427 | 0 | } |
428 | 0 | break; |
429 | | |
430 | 0 | case FASTPATH_UPDATETYPE_COLOR: |
431 | 0 | { |
432 | 0 | POINTER_COLOR_UPDATE* pointer_color = update_read_pointer_color(update, s, 24); |
433 | |
|
434 | 0 | if (pointer_color) |
435 | 0 | { |
436 | 0 | rc = IFCALLRESULT(defaultReturn, pointer->PointerColor, context, pointer_color); |
437 | 0 | free_pointer_color_update(context, pointer_color); |
438 | 0 | } |
439 | 0 | } |
440 | 0 | break; |
441 | | |
442 | 0 | case FASTPATH_UPDATETYPE_CACHED: |
443 | 0 | { |
444 | 0 | POINTER_CACHED_UPDATE* pointer_cached = update_read_pointer_cached(update, s); |
445 | |
|
446 | 0 | if (pointer_cached) |
447 | 0 | { |
448 | 0 | rc = IFCALLRESULT(defaultReturn, pointer->PointerCached, context, pointer_cached); |
449 | 0 | free_pointer_cached_update(context, pointer_cached); |
450 | 0 | } |
451 | 0 | } |
452 | 0 | break; |
453 | | |
454 | 0 | case FASTPATH_UPDATETYPE_POINTER: |
455 | 0 | { |
456 | 0 | POINTER_NEW_UPDATE* pointer_new = update_read_pointer_new(update, s); |
457 | |
|
458 | 0 | if (pointer_new) |
459 | 0 | { |
460 | 0 | rc = IFCALLRESULT(defaultReturn, pointer->PointerNew, context, pointer_new); |
461 | 0 | free_pointer_new_update(context, pointer_new); |
462 | 0 | } |
463 | 0 | } |
464 | 0 | break; |
465 | | |
466 | 0 | case FASTPATH_UPDATETYPE_LARGE_POINTER: |
467 | 0 | { |
468 | 0 | POINTER_LARGE_UPDATE* pointer_large = update_read_pointer_large(update, s); |
469 | |
|
470 | 0 | if (pointer_large) |
471 | 0 | { |
472 | 0 | rc = IFCALLRESULT(defaultReturn, pointer->PointerLarge, context, pointer_large); |
473 | 0 | free_pointer_large_update(context, pointer_large); |
474 | 0 | } |
475 | 0 | } |
476 | 0 | break; |
477 | 0 | default: |
478 | 0 | break; |
479 | 0 | } |
480 | | |
481 | 0 | Stream_SetPosition(s, 0); |
482 | 0 | if (!rc) |
483 | 0 | { |
484 | 0 | WLog_ERR(TAG, "Fastpath update %s [%" PRIx8 "] failed, status %d", |
485 | 0 | fastpath_update_to_string(updateCode), updateCode, status); |
486 | 0 | return -1; |
487 | 0 | } |
488 | | |
489 | 0 | return status; |
490 | 0 | } |
491 | | |
492 | | static int fastpath_recv_update_data(rdpFastPath* fastpath, wStream* s) |
493 | 0 | { |
494 | 0 | int status = 0; |
495 | 0 | UINT16 size = 0; |
496 | 0 | BYTE updateCode = 0; |
497 | 0 | BYTE fragmentation = 0; |
498 | 0 | BYTE compression = 0; |
499 | 0 | BYTE compressionFlags = 0; |
500 | 0 | UINT32 DstSize = 0; |
501 | 0 | const BYTE* pDstData = NULL; |
502 | |
|
503 | 0 | if (!fastpath || !s) |
504 | 0 | return -1; |
505 | | |
506 | 0 | rdpRdp* rdp = fastpath->rdp; |
507 | |
|
508 | 0 | if (!rdp) |
509 | 0 | return -1; |
510 | | |
511 | 0 | rdpTransport* transport = rdp->transport; |
512 | |
|
513 | 0 | if (!transport) |
514 | 0 | return -1; |
515 | | |
516 | 0 | if (!fastpath_read_update_header(s, &updateCode, &fragmentation, &compression)) |
517 | 0 | return -1; |
518 | | |
519 | 0 | if (compression == FASTPATH_OUTPUT_COMPRESSION_USED) |
520 | 0 | { |
521 | 0 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 1)) |
522 | 0 | return -1; |
523 | | |
524 | 0 | Stream_Read_UINT8(s, compressionFlags); |
525 | 0 | } |
526 | 0 | else |
527 | 0 | compressionFlags = 0; |
528 | | |
529 | 0 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 2)) |
530 | 0 | return -1; |
531 | | |
532 | 0 | Stream_Read_UINT16(s, size); |
533 | |
|
534 | 0 | if (!Stream_CheckAndLogRequiredLength(TAG, s, size)) |
535 | 0 | return -1; |
536 | | |
537 | 0 | const int bulkStatus = |
538 | 0 | bulk_decompress(rdp->bulk, Stream_Pointer(s), size, &pDstData, &DstSize, compressionFlags); |
539 | 0 | Stream_Seek(s, size); |
540 | |
|
541 | 0 | if (bulkStatus < 0) |
542 | 0 | { |
543 | 0 | WLog_ERR(TAG, "bulk_decompress() failed"); |
544 | 0 | return -1; |
545 | 0 | } |
546 | | |
547 | 0 | if (!Stream_EnsureRemainingCapacity(fastpath->updateData, DstSize)) |
548 | 0 | return -1; |
549 | | |
550 | 0 | Stream_Write(fastpath->updateData, pDstData, DstSize); |
551 | |
|
552 | 0 | if (fragmentation == FASTPATH_FRAGMENT_SINGLE) |
553 | 0 | { |
554 | 0 | if (fastpath->fragmentation != -1) |
555 | 0 | { |
556 | 0 | WLog_ERR(TAG, "Unexpected FASTPATH_FRAGMENT_SINGLE"); |
557 | 0 | goto out_fail; |
558 | 0 | } |
559 | | |
560 | 0 | status = fastpath_recv_update(fastpath, updateCode, fastpath->updateData); |
561 | |
|
562 | 0 | if (status < 0) |
563 | 0 | { |
564 | 0 | WLog_ERR(TAG, "fastpath_recv_update() - %i", status); |
565 | 0 | goto out_fail; |
566 | 0 | } |
567 | 0 | } |
568 | 0 | else |
569 | 0 | { |
570 | 0 | rdpContext* context = NULL; |
571 | 0 | const size_t totalSize = Stream_GetPosition(fastpath->updateData); |
572 | |
|
573 | 0 | context = transport_get_context(transport); |
574 | 0 | WINPR_ASSERT(context); |
575 | 0 | WINPR_ASSERT(context->settings); |
576 | | |
577 | 0 | if (totalSize > context->settings->MultifragMaxRequestSize) |
578 | 0 | { |
579 | 0 | WLog_ERR(TAG, "Total size (%" PRIuz ") exceeds MultifragMaxRequestSize (%" PRIu32 ")", |
580 | 0 | totalSize, context->settings->MultifragMaxRequestSize); |
581 | 0 | goto out_fail; |
582 | 0 | } |
583 | | |
584 | 0 | if (fragmentation == FASTPATH_FRAGMENT_FIRST) |
585 | 0 | { |
586 | 0 | if (fastpath->fragmentation != -1) |
587 | 0 | { |
588 | 0 | WLog_ERR(TAG, "fastpath_recv_update_data: Unexpected FASTPATH_FRAGMENT_FIRST"); |
589 | 0 | goto out_fail; |
590 | 0 | } |
591 | | |
592 | 0 | fastpath->fragmentation = FASTPATH_FRAGMENT_FIRST; |
593 | 0 | } |
594 | 0 | else if (fragmentation == FASTPATH_FRAGMENT_NEXT) |
595 | 0 | { |
596 | 0 | if ((fastpath->fragmentation != FASTPATH_FRAGMENT_FIRST) && |
597 | 0 | (fastpath->fragmentation != FASTPATH_FRAGMENT_NEXT)) |
598 | 0 | { |
599 | 0 | WLog_ERR(TAG, "fastpath_recv_update_data: Unexpected FASTPATH_FRAGMENT_NEXT"); |
600 | 0 | goto out_fail; |
601 | 0 | } |
602 | | |
603 | 0 | fastpath->fragmentation = FASTPATH_FRAGMENT_NEXT; |
604 | 0 | } |
605 | 0 | else if (fragmentation == FASTPATH_FRAGMENT_LAST) |
606 | 0 | { |
607 | 0 | if ((fastpath->fragmentation != FASTPATH_FRAGMENT_FIRST) && |
608 | 0 | (fastpath->fragmentation != FASTPATH_FRAGMENT_NEXT)) |
609 | 0 | { |
610 | 0 | WLog_ERR(TAG, "fastpath_recv_update_data: Unexpected FASTPATH_FRAGMENT_LAST"); |
611 | 0 | goto out_fail; |
612 | 0 | } |
613 | | |
614 | 0 | fastpath->fragmentation = -1; |
615 | 0 | status = fastpath_recv_update(fastpath, updateCode, fastpath->updateData); |
616 | |
|
617 | 0 | if (status < 0) |
618 | 0 | { |
619 | 0 | WLog_ERR(TAG, "fastpath_recv_update_data: fastpath_recv_update() - %i", status); |
620 | 0 | goto out_fail; |
621 | 0 | } |
622 | 0 | } |
623 | 0 | } |
624 | | |
625 | 0 | return status; |
626 | 0 | out_fail: |
627 | 0 | return -1; |
628 | 0 | } |
629 | | |
630 | | state_run_t fastpath_recv_updates(rdpFastPath* fastpath, wStream* s) |
631 | 0 | { |
632 | 0 | state_run_t rc = STATE_RUN_FAILED; |
633 | |
|
634 | 0 | WINPR_ASSERT(s); |
635 | 0 | WINPR_ASSERT(fastpath); |
636 | 0 | WINPR_ASSERT(fastpath->rdp); |
637 | | |
638 | 0 | rdpUpdate* update = fastpath->rdp->update; |
639 | 0 | WINPR_ASSERT(update); |
640 | | |
641 | 0 | if (!update_begin_paint(update)) |
642 | 0 | goto fail; |
643 | | |
644 | 0 | while (Stream_GetRemainingLength(s) >= 3) |
645 | 0 | { |
646 | 0 | if (fastpath_recv_update_data(fastpath, s) < 0) |
647 | 0 | { |
648 | 0 | WLog_ERR(TAG, "fastpath_recv_update_data() fail"); |
649 | 0 | rc = STATE_RUN_FAILED; |
650 | 0 | goto fail; |
651 | 0 | } |
652 | 0 | } |
653 | | |
654 | 0 | rc = STATE_RUN_SUCCESS; |
655 | 0 | fail: |
656 | |
|
657 | 0 | if (!update_end_paint(update)) |
658 | 0 | return STATE_RUN_FAILED; |
659 | | |
660 | 0 | return rc; |
661 | 0 | } |
662 | | |
663 | | static BOOL fastpath_read_input_event_header(wStream* s, BYTE* eventFlags, BYTE* eventCode) |
664 | 0 | { |
665 | 0 | BYTE eventHeader = 0; |
666 | |
|
667 | 0 | WINPR_ASSERT(s); |
668 | 0 | WINPR_ASSERT(eventFlags); |
669 | 0 | WINPR_ASSERT(eventCode); |
670 | | |
671 | 0 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 1)) |
672 | 0 | return FALSE; |
673 | | |
674 | 0 | Stream_Read_UINT8(s, eventHeader); /* eventHeader (1 byte) */ |
675 | 0 | *eventFlags = (eventHeader & 0x1F); |
676 | 0 | *eventCode = (eventHeader >> 5); |
677 | 0 | return TRUE; |
678 | 0 | } |
679 | | |
680 | | static BOOL fastpath_recv_input_event_scancode(rdpFastPath* fastpath, wStream* s, BYTE eventFlags) |
681 | 0 | { |
682 | 0 | WINPR_ASSERT(fastpath); |
683 | 0 | WINPR_ASSERT(fastpath->rdp); |
684 | 0 | WINPR_ASSERT(fastpath->rdp->input); |
685 | 0 | WINPR_ASSERT(s); |
686 | | |
687 | 0 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 1)) |
688 | 0 | return FALSE; |
689 | | |
690 | 0 | rdpInput* input = fastpath->rdp->input; |
691 | |
|
692 | 0 | const UINT8 code = Stream_Get_UINT8(s); /* keyCode (1 byte) */ |
693 | |
|
694 | 0 | UINT16 flags = 0; |
695 | 0 | if ((eventFlags & FASTPATH_INPUT_KBDFLAGS_RELEASE)) |
696 | 0 | flags |= KBD_FLAGS_RELEASE; |
697 | |
|
698 | 0 | if ((eventFlags & FASTPATH_INPUT_KBDFLAGS_EXTENDED)) |
699 | 0 | flags |= KBD_FLAGS_EXTENDED; |
700 | |
|
701 | 0 | if ((eventFlags & FASTPATH_INPUT_KBDFLAGS_PREFIX_E1)) |
702 | 0 | flags |= KBD_FLAGS_EXTENDED1; |
703 | |
|
704 | 0 | return IFCALLRESULT(TRUE, input->KeyboardEvent, input, flags, code); |
705 | 0 | } |
706 | | |
707 | | static BOOL fastpath_recv_input_event_mouse(rdpFastPath* fastpath, wStream* s, |
708 | | WINPR_ATTR_UNUSED BYTE eventFlags) |
709 | 0 | { |
710 | 0 | rdpInput* input = NULL; |
711 | 0 | UINT16 pointerFlags = 0; |
712 | 0 | UINT16 xPos = 0; |
713 | 0 | UINT16 yPos = 0; |
714 | 0 | WINPR_ASSERT(fastpath); |
715 | 0 | WINPR_ASSERT(fastpath->rdp); |
716 | 0 | WINPR_ASSERT(fastpath->rdp->input); |
717 | 0 | WINPR_ASSERT(s); |
718 | | |
719 | 0 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 6)) |
720 | 0 | return FALSE; |
721 | | |
722 | 0 | input = fastpath->rdp->input; |
723 | |
|
724 | 0 | Stream_Read_UINT16(s, pointerFlags); /* pointerFlags (2 bytes) */ |
725 | 0 | Stream_Read_UINT16(s, xPos); /* xPos (2 bytes) */ |
726 | 0 | Stream_Read_UINT16(s, yPos); /* yPos (2 bytes) */ |
727 | 0 | return IFCALLRESULT(TRUE, input->MouseEvent, input, pointerFlags, xPos, yPos); |
728 | 0 | } |
729 | | |
730 | | static BOOL fastpath_recv_input_event_relmouse(rdpFastPath* fastpath, wStream* s, |
731 | | WINPR_ATTR_UNUSED BYTE eventFlags) |
732 | 0 | { |
733 | 0 | rdpInput* input = NULL; |
734 | 0 | UINT16 pointerFlags = 0; |
735 | 0 | INT16 xDelta = 0; |
736 | 0 | INT16 yDelta = 0; |
737 | 0 | WINPR_ASSERT(fastpath); |
738 | 0 | WINPR_ASSERT(fastpath->rdp); |
739 | 0 | WINPR_ASSERT(fastpath->rdp->context); |
740 | 0 | WINPR_ASSERT(fastpath->rdp->input); |
741 | 0 | WINPR_ASSERT(s); |
742 | | |
743 | 0 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 6)) |
744 | 0 | return FALSE; |
745 | | |
746 | 0 | input = fastpath->rdp->input; |
747 | |
|
748 | 0 | Stream_Read_UINT16(s, pointerFlags); /* pointerFlags (2 bytes) */ |
749 | 0 | Stream_Read_INT16(s, xDelta); /* xDelta (2 bytes) */ |
750 | 0 | Stream_Read_INT16(s, yDelta); /* yDelta (2 bytes) */ |
751 | |
|
752 | 0 | if (!freerdp_settings_get_bool(input->context->settings, FreeRDP_HasRelativeMouseEvent)) |
753 | 0 | { |
754 | 0 | WLog_ERR(TAG, |
755 | 0 | "Received relative mouse event(flags=0x%04" PRIx16 ", xPos=%" PRId16 |
756 | 0 | ", yPos=%" PRId16 "), but we did not announce support for that", |
757 | 0 | pointerFlags, xDelta, yDelta); |
758 | 0 | return FALSE; |
759 | 0 | } |
760 | | |
761 | 0 | return IFCALLRESULT(TRUE, input->RelMouseEvent, input, pointerFlags, xDelta, yDelta); |
762 | 0 | } |
763 | | |
764 | | static BOOL fastpath_recv_input_event_qoe(rdpFastPath* fastpath, wStream* s, |
765 | | WINPR_ATTR_UNUSED BYTE eventFlags) |
766 | 0 | { |
767 | 0 | WINPR_ASSERT(fastpath); |
768 | 0 | WINPR_ASSERT(fastpath->rdp); |
769 | 0 | WINPR_ASSERT(fastpath->rdp->context); |
770 | 0 | WINPR_ASSERT(fastpath->rdp->input); |
771 | 0 | WINPR_ASSERT(s); |
772 | | |
773 | 0 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 4)) |
774 | 0 | return FALSE; |
775 | | |
776 | 0 | rdpInput* input = fastpath->rdp->input; |
777 | |
|
778 | 0 | UINT32 timestampMS = 0; |
779 | 0 | Stream_Read_UINT32(s, timestampMS); /* timestamp (4 bytes) */ |
780 | |
|
781 | 0 | if (!freerdp_settings_get_bool(input->context->settings, FreeRDP_HasQoeEvent)) |
782 | 0 | { |
783 | 0 | WLog_ERR(TAG, |
784 | 0 | "Received qoe event(timestamp=%" PRIu32 |
785 | 0 | "ms), but we did not announce support for that", |
786 | 0 | timestampMS); |
787 | 0 | return FALSE; |
788 | 0 | } |
789 | | |
790 | 0 | return IFCALLRESULT(TRUE, input->QoEEvent, input, timestampMS); |
791 | 0 | } |
792 | | |
793 | | static BOOL fastpath_recv_input_event_mousex(rdpFastPath* fastpath, wStream* s, |
794 | | WINPR_ATTR_UNUSED BYTE eventFlags) |
795 | 0 | { |
796 | 0 | rdpInput* input = NULL; |
797 | 0 | UINT16 pointerFlags = 0; |
798 | 0 | UINT16 xPos = 0; |
799 | 0 | UINT16 yPos = 0; |
800 | |
|
801 | 0 | WINPR_ASSERT(fastpath); |
802 | 0 | WINPR_ASSERT(fastpath->rdp); |
803 | 0 | WINPR_ASSERT(fastpath->rdp->context); |
804 | 0 | WINPR_ASSERT(fastpath->rdp->input); |
805 | 0 | WINPR_ASSERT(s); |
806 | | |
807 | 0 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 6)) |
808 | 0 | return FALSE; |
809 | | |
810 | 0 | input = fastpath->rdp->input; |
811 | |
|
812 | 0 | Stream_Read_UINT16(s, pointerFlags); /* pointerFlags (2 bytes) */ |
813 | 0 | Stream_Read_UINT16(s, xPos); /* xPos (2 bytes) */ |
814 | 0 | Stream_Read_UINT16(s, yPos); /* yPos (2 bytes) */ |
815 | |
|
816 | 0 | if (!freerdp_settings_get_bool(input->context->settings, FreeRDP_HasExtendedMouseEvent)) |
817 | 0 | { |
818 | 0 | WLog_ERR(TAG, |
819 | 0 | "Received extended mouse event(flags=0x%04" PRIx16 ", xPos=%" PRIu16 |
820 | 0 | ", yPos=%" PRIu16 "), but we did not announce support for that", |
821 | 0 | pointerFlags, xPos, yPos); |
822 | 0 | return FALSE; |
823 | 0 | } |
824 | | |
825 | 0 | return IFCALLRESULT(TRUE, input->ExtendedMouseEvent, input, pointerFlags, xPos, yPos); |
826 | 0 | } |
827 | | |
828 | | static BOOL fastpath_recv_input_event_sync(rdpFastPath* fastpath, WINPR_ATTR_UNUSED wStream* s, |
829 | | BYTE eventFlags) |
830 | 0 | { |
831 | 0 | rdpInput* input = NULL; |
832 | |
|
833 | 0 | WINPR_ASSERT(fastpath); |
834 | 0 | WINPR_ASSERT(fastpath->rdp); |
835 | 0 | WINPR_ASSERT(fastpath->rdp->input); |
836 | 0 | WINPR_ASSERT(s); |
837 | | |
838 | 0 | input = fastpath->rdp->input; |
839 | 0 | return IFCALLRESULT(TRUE, input->SynchronizeEvent, input, eventFlags); |
840 | 0 | } |
841 | | |
842 | | static BOOL fastpath_recv_input_event_unicode(rdpFastPath* fastpath, wStream* s, BYTE eventFlags) |
843 | 0 | { |
844 | 0 | UINT16 unicodeCode = 0; |
845 | 0 | UINT16 flags = 0; |
846 | |
|
847 | 0 | WINPR_ASSERT(fastpath); |
848 | 0 | WINPR_ASSERT(s); |
849 | | |
850 | 0 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 2)) |
851 | 0 | return FALSE; |
852 | | |
853 | 0 | Stream_Read_UINT16(s, unicodeCode); /* unicodeCode (2 bytes) */ |
854 | 0 | flags = 0; |
855 | |
|
856 | 0 | if ((eventFlags & FASTPATH_INPUT_KBDFLAGS_RELEASE)) |
857 | 0 | flags |= KBD_FLAGS_RELEASE; |
858 | |
|
859 | 0 | WINPR_ASSERT(fastpath->rdp); |
860 | 0 | WINPR_ASSERT(fastpath->rdp); |
861 | 0 | WINPR_ASSERT(fastpath->rdp->input); |
862 | 0 | return IFCALLRESULT(FALSE, fastpath->rdp->input->UnicodeKeyboardEvent, fastpath->rdp->input, |
863 | 0 | flags, unicodeCode); |
864 | 0 | } |
865 | | |
866 | | static BOOL fastpath_recv_input_event(rdpFastPath* fastpath, wStream* s) |
867 | 0 | { |
868 | 0 | BYTE eventFlags = 0; |
869 | 0 | BYTE eventCode = 0; |
870 | |
|
871 | 0 | WINPR_ASSERT(fastpath); |
872 | 0 | WINPR_ASSERT(s); |
873 | | |
874 | 0 | if (!fastpath_read_input_event_header(s, &eventFlags, &eventCode)) |
875 | 0 | return FALSE; |
876 | | |
877 | 0 | switch (eventCode) |
878 | 0 | { |
879 | 0 | case FASTPATH_INPUT_EVENT_SCANCODE: |
880 | 0 | if (!fastpath_recv_input_event_scancode(fastpath, s, eventFlags)) |
881 | 0 | return FALSE; |
882 | | |
883 | 0 | break; |
884 | | |
885 | 0 | case FASTPATH_INPUT_EVENT_MOUSE: |
886 | 0 | if (!fastpath_recv_input_event_mouse(fastpath, s, eventFlags)) |
887 | 0 | return FALSE; |
888 | | |
889 | 0 | break; |
890 | | |
891 | 0 | case FASTPATH_INPUT_EVENT_MOUSEX: |
892 | 0 | if (!fastpath_recv_input_event_mousex(fastpath, s, eventFlags)) |
893 | 0 | return FALSE; |
894 | | |
895 | 0 | break; |
896 | | |
897 | 0 | case FASTPATH_INPUT_EVENT_SYNC: |
898 | 0 | if (!fastpath_recv_input_event_sync(fastpath, s, eventFlags)) |
899 | 0 | return FALSE; |
900 | | |
901 | 0 | break; |
902 | | |
903 | 0 | case FASTPATH_INPUT_EVENT_UNICODE: |
904 | 0 | if (!fastpath_recv_input_event_unicode(fastpath, s, eventFlags)) |
905 | 0 | return FALSE; |
906 | | |
907 | 0 | break; |
908 | | |
909 | 0 | case TS_FP_RELPOINTER_EVENT: |
910 | 0 | if (!fastpath_recv_input_event_relmouse(fastpath, s, eventFlags)) |
911 | 0 | return FALSE; |
912 | | |
913 | 0 | break; |
914 | | |
915 | 0 | case TS_FP_QOETIMESTAMP_EVENT: |
916 | 0 | if (!fastpath_recv_input_event_qoe(fastpath, s, eventFlags)) |
917 | 0 | return FALSE; |
918 | 0 | break; |
919 | | |
920 | 0 | default: |
921 | 0 | WLog_ERR(TAG, "Unknown eventCode %" PRIu8 "", eventCode); |
922 | 0 | break; |
923 | 0 | } |
924 | | |
925 | 0 | return TRUE; |
926 | 0 | } |
927 | | |
928 | | state_run_t fastpath_recv_inputs(rdpFastPath* fastpath, wStream* s) |
929 | 0 | { |
930 | 0 | WINPR_ASSERT(fastpath); |
931 | 0 | WINPR_ASSERT(s); |
932 | | |
933 | 0 | if (fastpath->numberEvents == 0) |
934 | 0 | { |
935 | | /** |
936 | | * If numberEvents is not provided in fpInputHeader, it will be provided |
937 | | * as one additional byte here. |
938 | | */ |
939 | 0 | if (!Stream_CheckAndLogRequiredLength(TAG, s, 1)) |
940 | 0 | return STATE_RUN_FAILED; |
941 | | |
942 | 0 | Stream_Read_UINT8(s, fastpath->numberEvents); /* eventHeader (1 byte) */ |
943 | 0 | } |
944 | | |
945 | 0 | for (BYTE i = 0; i < fastpath->numberEvents; i++) |
946 | 0 | { |
947 | 0 | if (!fastpath_recv_input_event(fastpath, s)) |
948 | 0 | return STATE_RUN_FAILED; |
949 | 0 | } |
950 | | |
951 | 0 | return STATE_RUN_SUCCESS; |
952 | 0 | } |
953 | | |
954 | | static UINT32 fastpath_get_sec_bytes(rdpRdp* rdp) |
955 | 0 | { |
956 | 0 | UINT32 sec_bytes = 0; |
957 | 0 | sec_bytes = 0; |
958 | |
|
959 | 0 | if (!rdp) |
960 | 0 | return 0; |
961 | | |
962 | 0 | if (rdp->do_crypt) |
963 | 0 | { |
964 | 0 | sec_bytes = 8; |
965 | |
|
966 | 0 | if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS) |
967 | 0 | sec_bytes += 4; |
968 | 0 | } |
969 | |
|
970 | 0 | return sec_bytes; |
971 | 0 | } |
972 | | |
973 | | wStream* fastpath_input_pdu_init_header(rdpFastPath* fastpath, UINT16* sec_flags) |
974 | 0 | { |
975 | 0 | if (!fastpath || !fastpath->rdp) |
976 | 0 | return NULL; |
977 | | |
978 | 0 | rdpRdp* rdp = fastpath->rdp; |
979 | 0 | wStream* s = transport_send_stream_init(rdp->transport, 256); |
980 | |
|
981 | 0 | if (!s) |
982 | 0 | return NULL; |
983 | | |
984 | 0 | Stream_Seek(s, 3); /* fpInputHeader, length1 and length2 */ |
985 | |
|
986 | 0 | if (rdp->do_crypt) |
987 | 0 | { |
988 | 0 | *sec_flags |= SEC_ENCRYPT; |
989 | |
|
990 | 0 | if (rdp->do_secure_checksum) |
991 | 0 | *sec_flags |= SEC_SECURE_CHECKSUM; |
992 | 0 | } |
993 | |
|
994 | 0 | Stream_Seek(s, fastpath_get_sec_bytes(rdp)); |
995 | 0 | return s; |
996 | 0 | } |
997 | | |
998 | | wStream* fastpath_input_pdu_init(rdpFastPath* fastpath, BYTE eventFlags, BYTE eventCode, |
999 | | UINT16* sec_flags) |
1000 | 0 | { |
1001 | 0 | wStream* s = NULL; |
1002 | 0 | s = fastpath_input_pdu_init_header(fastpath, sec_flags); |
1003 | |
|
1004 | 0 | if (!s) |
1005 | 0 | return NULL; |
1006 | | |
1007 | 0 | WINPR_ASSERT(eventCode < 8); |
1008 | 0 | WINPR_ASSERT(eventFlags < 0x20); |
1009 | 0 | Stream_Write_UINT8(s, (UINT8)(eventFlags | (eventCode << 5))); /* eventHeader (1 byte) */ |
1010 | 0 | return s; |
1011 | 0 | } |
1012 | | |
1013 | | BOOL fastpath_send_multiple_input_pdu(rdpFastPath* fastpath, wStream* s, size_t iNumEvents, |
1014 | | UINT16 sec_flags) |
1015 | 0 | { |
1016 | 0 | BOOL rc = FALSE; |
1017 | 0 | BYTE eventHeader = 0; |
1018 | 0 | BOOL should_unlock = FALSE; |
1019 | 0 | rdpRdp* rdp = NULL; |
1020 | |
|
1021 | 0 | WINPR_ASSERT(iNumEvents > 0); |
1022 | 0 | if (!s) |
1023 | 0 | return FALSE; |
1024 | | |
1025 | 0 | if (!fastpath) |
1026 | 0 | goto fail; |
1027 | | |
1028 | 0 | rdp = fastpath->rdp; |
1029 | 0 | WINPR_ASSERT(rdp); |
1030 | | |
1031 | 0 | CONNECTION_STATE state = rdp_get_state(rdp); |
1032 | 0 | if (!rdp_is_active_state(rdp)) |
1033 | 0 | { |
1034 | 0 | WLog_WARN(TAG, "called before activation [%s]", rdp_state_string(state)); |
1035 | 0 | goto fail; |
1036 | 0 | } |
1037 | | |
1038 | | /* |
1039 | | * A maximum of 15 events are allowed per request |
1040 | | * if the optional numEvents field isn't used |
1041 | | * see MS-RDPBCGR 2.2.8.1.2 for details |
1042 | | */ |
1043 | 0 | if (iNumEvents > 15) |
1044 | 0 | goto fail; |
1045 | | |
1046 | 0 | size_t length = Stream_GetPosition(s); |
1047 | |
|
1048 | 0 | if (length >= (2 << 14)) |
1049 | 0 | { |
1050 | 0 | WLog_ERR(TAG, "Maximum FastPath PDU length is 32767"); |
1051 | 0 | goto fail; |
1052 | 0 | } |
1053 | | |
1054 | 0 | eventHeader = FASTPATH_INPUT_ACTION_FASTPATH; |
1055 | 0 | eventHeader |= (iNumEvents << 2); /* numberEvents */ |
1056 | |
|
1057 | 0 | if (sec_flags & SEC_ENCRYPT) |
1058 | 0 | eventHeader |= (FASTPATH_INPUT_ENCRYPTED << 6); |
1059 | |
|
1060 | 0 | if (sec_flags & SEC_SECURE_CHECKSUM) |
1061 | 0 | eventHeader |= (FASTPATH_INPUT_SECURE_CHECKSUM << 6); |
1062 | |
|
1063 | 0 | Stream_SetPosition(s, 0); |
1064 | 0 | Stream_Write_UINT8(s, eventHeader); |
1065 | | /* Write length later, RDP encryption might add a padding */ |
1066 | 0 | Stream_Seek(s, 2); |
1067 | |
|
1068 | 0 | if (sec_flags & SEC_ENCRYPT) |
1069 | 0 | { |
1070 | 0 | if (!security_lock(rdp)) |
1071 | 0 | goto fail; |
1072 | 0 | should_unlock = TRUE; |
1073 | |
|
1074 | 0 | const size_t sec_bytes = fastpath_get_sec_bytes(fastpath->rdp); |
1075 | 0 | if (sec_bytes + 3ULL > length) |
1076 | 0 | goto fail; |
1077 | | |
1078 | 0 | BYTE* fpInputEvents = Stream_PointerAs(s, BYTE) + sec_bytes; |
1079 | 0 | const UINT16 fpInputEvents_length = (UINT16)(length - 3 - sec_bytes); |
1080 | |
|
1081 | 0 | WINPR_ASSERT(rdp->settings); |
1082 | 0 | if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS) |
1083 | 0 | { |
1084 | 0 | BYTE pad = 0; |
1085 | |
|
1086 | 0 | if ((pad = 8 - (fpInputEvents_length % 8)) == 8) |
1087 | 0 | pad = 0; |
1088 | |
|
1089 | 0 | Stream_Write_UINT16(s, 0x10); /* length */ |
1090 | 0 | Stream_Write_UINT8(s, 0x1); /* TSFIPS_VERSION 1*/ |
1091 | 0 | Stream_Write_UINT8(s, pad); /* padding */ |
1092 | | |
1093 | 0 | if (!Stream_CheckAndLogRequiredCapacity(TAG, s, 8)) |
1094 | 0 | goto fail; |
1095 | | |
1096 | 0 | if (!security_hmac_signature(fpInputEvents, fpInputEvents_length, Stream_Pointer(s), 8, |
1097 | 0 | rdp)) |
1098 | 0 | goto fail; |
1099 | | |
1100 | 0 | if (pad) |
1101 | 0 | memset(fpInputEvents + fpInputEvents_length, 0, pad); |
1102 | |
|
1103 | 0 | if (!security_fips_encrypt(fpInputEvents, fpInputEvents_length + pad, rdp)) |
1104 | 0 | goto fail; |
1105 | | |
1106 | 0 | length += pad; |
1107 | 0 | } |
1108 | 0 | else |
1109 | 0 | { |
1110 | 0 | BOOL res = 0; |
1111 | 0 | if (!Stream_CheckAndLogRequiredCapacity(TAG, s, 8)) |
1112 | 0 | goto fail; |
1113 | 0 | if (sec_flags & SEC_SECURE_CHECKSUM) |
1114 | 0 | res = security_salted_mac_signature(rdp, fpInputEvents, fpInputEvents_length, TRUE, |
1115 | 0 | Stream_Pointer(s), 8); |
1116 | 0 | else |
1117 | 0 | res = security_mac_signature(rdp, fpInputEvents, fpInputEvents_length, |
1118 | 0 | Stream_Pointer(s), 8); |
1119 | |
|
1120 | 0 | if (!res || !security_encrypt(fpInputEvents, fpInputEvents_length, rdp)) |
1121 | 0 | goto fail; |
1122 | 0 | } |
1123 | 0 | } |
1124 | | |
1125 | | /* |
1126 | | * We always encode length in two bytes, even though we could use |
1127 | | * only one byte if length <= 0x7F. It is just easier that way, |
1128 | | * because we can leave room for fixed-length header, store all |
1129 | | * the data first and then store the header. |
1130 | | */ |
1131 | 0 | WINPR_ASSERT(length < UINT16_MAX); |
1132 | 0 | Stream_SetPosition(s, 1); |
1133 | 0 | Stream_Write_UINT16_BE(s, 0x8000 | (UINT16)length); |
1134 | 0 | Stream_SetPosition(s, length); |
1135 | 0 | Stream_SealLength(s); |
1136 | |
|
1137 | 0 | if (transport_write(rdp->transport, s) < 0) |
1138 | 0 | goto fail; |
1139 | | |
1140 | 0 | rc = TRUE; |
1141 | 0 | fail: |
1142 | 0 | if (should_unlock && !security_unlock(rdp)) |
1143 | 0 | rc = FALSE; |
1144 | 0 | Stream_Release(s); |
1145 | 0 | return rc; |
1146 | 0 | } |
1147 | | |
1148 | | BOOL fastpath_send_input_pdu(rdpFastPath* fastpath, wStream* s, UINT16 sec_flags) |
1149 | 0 | { |
1150 | 0 | return fastpath_send_multiple_input_pdu(fastpath, s, 1, sec_flags); |
1151 | 0 | } |
1152 | | |
1153 | | wStream* fastpath_update_pdu_init(rdpFastPath* fastpath) |
1154 | 0 | { |
1155 | 0 | return transport_send_stream_init(fastpath->rdp->transport, FASTPATH_MAX_PACKET_SIZE); |
1156 | 0 | } |
1157 | | |
1158 | | wStream* fastpath_update_pdu_init_new(WINPR_ATTR_UNUSED rdpFastPath* fastpath) |
1159 | 0 | { |
1160 | 0 | wStream* s = NULL; |
1161 | 0 | s = Stream_New(NULL, FASTPATH_MAX_PACKET_SIZE); |
1162 | 0 | return s; |
1163 | 0 | } |
1164 | | |
1165 | | BOOL fastpath_send_update_pdu(rdpFastPath* fastpath, BYTE updateCode, wStream* s, |
1166 | | BOOL skipCompression) |
1167 | 0 | { |
1168 | 0 | BOOL status = TRUE; |
1169 | 0 | wStream* fs = NULL; |
1170 | 0 | rdpSettings* settings = NULL; |
1171 | 0 | rdpRdp* rdp = NULL; |
1172 | 0 | UINT32 fpHeaderSize = 6; |
1173 | 0 | UINT32 fpUpdatePduHeaderSize = 0; |
1174 | 0 | UINT32 fpUpdateHeaderSize = 0; |
1175 | 0 | FASTPATH_UPDATE_PDU_HEADER fpUpdatePduHeader = { 0 }; |
1176 | 0 | FASTPATH_UPDATE_HEADER fpUpdateHeader = { 0 }; |
1177 | 0 | UINT16 sec_flags = 0; |
1178 | |
|
1179 | 0 | if (!fastpath || !fastpath->rdp || !fastpath->fs || !s) |
1180 | 0 | return FALSE; |
1181 | | |
1182 | 0 | rdp = fastpath->rdp; |
1183 | 0 | fs = fastpath->fs; |
1184 | 0 | settings = rdp->settings; |
1185 | |
|
1186 | 0 | if (!settings) |
1187 | 0 | return FALSE; |
1188 | | |
1189 | 0 | UINT16 maxLength = FASTPATH_MAX_PACKET_SIZE - 20; |
1190 | |
|
1191 | 0 | if (settings->CompressionEnabled && !skipCompression) |
1192 | 0 | { |
1193 | 0 | const UINT16 CompressionMaxSize = bulk_compression_max_size(rdp->bulk); |
1194 | 0 | maxLength = (maxLength < CompressionMaxSize) ? maxLength : CompressionMaxSize; |
1195 | 0 | maxLength -= 20; |
1196 | 0 | } |
1197 | |
|
1198 | 0 | size_t totalLength = Stream_GetPosition(s); |
1199 | 0 | Stream_SetPosition(s, 0); |
1200 | | |
1201 | | /* check if fast path output is possible */ |
1202 | 0 | if (!settings->FastPathOutput) |
1203 | 0 | { |
1204 | 0 | WLog_ERR(TAG, "client does not support fast path output"); |
1205 | 0 | return FALSE; |
1206 | 0 | } |
1207 | | |
1208 | | /* check if the client's fast path pdu buffer is large enough */ |
1209 | 0 | if (totalLength > settings->MultifragMaxRequestSize) |
1210 | 0 | { |
1211 | 0 | WLog_ERR(TAG, |
1212 | 0 | "fast path update size (%" PRIuz |
1213 | 0 | ") exceeds the client's maximum request size (%" PRIu32 ")", |
1214 | 0 | totalLength, settings->MultifragMaxRequestSize); |
1215 | 0 | return FALSE; |
1216 | 0 | } |
1217 | | |
1218 | 0 | if (rdp->do_crypt) |
1219 | 0 | { |
1220 | 0 | sec_flags |= SEC_ENCRYPT; |
1221 | |
|
1222 | 0 | if (rdp->do_secure_checksum) |
1223 | 0 | sec_flags |= SEC_SECURE_CHECKSUM; |
1224 | 0 | } |
1225 | |
|
1226 | 0 | for (int fragment = 0; (totalLength > 0) || (fragment == 0); fragment++) |
1227 | 0 | { |
1228 | 0 | UINT32 DstSize = 0; |
1229 | 0 | const BYTE* pDstData = NULL; |
1230 | 0 | UINT32 compressionFlags = 0; |
1231 | 0 | BYTE pad = 0; |
1232 | 0 | BYTE* pSignature = NULL; |
1233 | 0 | fpUpdatePduHeader.action = 0; |
1234 | 0 | fpUpdatePduHeader.secFlags = 0; |
1235 | 0 | fpUpdateHeader.compression = 0; |
1236 | 0 | fpUpdateHeader.compressionFlags = 0; |
1237 | 0 | fpUpdateHeader.updateCode = updateCode; |
1238 | 0 | fpUpdateHeader.size = (UINT16)(totalLength > maxLength) ? maxLength : (UINT16)totalLength; |
1239 | 0 | const BYTE* pSrcData = Stream_Pointer(s); |
1240 | 0 | UINT32 SrcSize = DstSize = fpUpdateHeader.size; |
1241 | 0 | BOOL should_unlock = FALSE; |
1242 | |
|
1243 | 0 | if (sec_flags & SEC_ENCRYPT) |
1244 | 0 | fpUpdatePduHeader.secFlags |= FASTPATH_OUTPUT_ENCRYPTED; |
1245 | |
|
1246 | 0 | if (sec_flags & SEC_SECURE_CHECKSUM) |
1247 | 0 | fpUpdatePduHeader.secFlags |= FASTPATH_OUTPUT_SECURE_CHECKSUM; |
1248 | |
|
1249 | 0 | if (settings->CompressionEnabled && !skipCompression) |
1250 | 0 | { |
1251 | 0 | if (bulk_compress(rdp->bulk, pSrcData, SrcSize, &pDstData, &DstSize, |
1252 | 0 | &compressionFlags) >= 0) |
1253 | 0 | { |
1254 | 0 | if (compressionFlags) |
1255 | 0 | { |
1256 | 0 | WINPR_ASSERT(compressionFlags <= UINT8_MAX); |
1257 | 0 | fpUpdateHeader.compressionFlags = (UINT8)compressionFlags; |
1258 | 0 | fpUpdateHeader.compression = FASTPATH_OUTPUT_COMPRESSION_USED; |
1259 | 0 | } |
1260 | 0 | } |
1261 | 0 | } |
1262 | | |
1263 | 0 | if (!fpUpdateHeader.compression) |
1264 | 0 | { |
1265 | 0 | pDstData = Stream_Pointer(s); |
1266 | 0 | DstSize = fpUpdateHeader.size; |
1267 | 0 | } |
1268 | |
|
1269 | 0 | if (DstSize > UINT16_MAX) |
1270 | 0 | return FALSE; |
1271 | 0 | fpUpdateHeader.size = (UINT16)DstSize; |
1272 | 0 | totalLength -= SrcSize; |
1273 | |
|
1274 | 0 | if (totalLength == 0) |
1275 | 0 | fpUpdateHeader.fragmentation = |
1276 | 0 | (fragment == 0) ? FASTPATH_FRAGMENT_SINGLE : FASTPATH_FRAGMENT_LAST; |
1277 | 0 | else |
1278 | 0 | fpUpdateHeader.fragmentation = |
1279 | 0 | (fragment == 0) ? FASTPATH_FRAGMENT_FIRST : FASTPATH_FRAGMENT_NEXT; |
1280 | |
|
1281 | 0 | fpUpdateHeaderSize = fastpath_get_update_header_size(&fpUpdateHeader); |
1282 | 0 | fpUpdatePduHeaderSize = fastpath_get_update_pdu_header_size(&fpUpdatePduHeader, rdp); |
1283 | 0 | fpHeaderSize = fpUpdateHeaderSize + fpUpdatePduHeaderSize; |
1284 | |
|
1285 | 0 | if (sec_flags & SEC_ENCRYPT) |
1286 | 0 | { |
1287 | 0 | pSignature = Stream_Buffer(fs) + 3; |
1288 | |
|
1289 | 0 | if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS) |
1290 | 0 | { |
1291 | 0 | pSignature += 4; |
1292 | |
|
1293 | 0 | if ((pad = 8 - ((DstSize + fpUpdateHeaderSize) % 8)) == 8) |
1294 | 0 | pad = 0; |
1295 | |
|
1296 | 0 | fpUpdatePduHeader.fipsInformation[0] = 0x10; |
1297 | 0 | fpUpdatePduHeader.fipsInformation[1] = 0x00; |
1298 | 0 | fpUpdatePduHeader.fipsInformation[2] = 0x01; |
1299 | 0 | fpUpdatePduHeader.fipsInformation[3] = pad; |
1300 | 0 | } |
1301 | 0 | } |
1302 | |
|
1303 | 0 | const size_t len = fpUpdateHeader.size + fpHeaderSize + pad; |
1304 | 0 | if (len > UINT16_MAX) |
1305 | 0 | return FALSE; |
1306 | | |
1307 | 0 | fpUpdatePduHeader.length = (UINT16)len; |
1308 | 0 | Stream_SetPosition(fs, 0); |
1309 | 0 | if (!fastpath_write_update_pdu_header(fs, &fpUpdatePduHeader, rdp)) |
1310 | 0 | return FALSE; |
1311 | 0 | if (!fastpath_write_update_header(fs, &fpUpdateHeader)) |
1312 | 0 | return FALSE; |
1313 | | |
1314 | 0 | if (!Stream_CheckAndLogRequiredCapacity(TAG, (fs), (size_t)DstSize + pad)) |
1315 | 0 | return FALSE; |
1316 | 0 | Stream_Write(fs, pDstData, DstSize); |
1317 | |
|
1318 | 0 | if (pad) |
1319 | 0 | Stream_Zero(fs, pad); |
1320 | |
|
1321 | 0 | BOOL res = FALSE; |
1322 | 0 | if (sec_flags & SEC_ENCRYPT) |
1323 | 0 | { |
1324 | 0 | if (!security_lock(rdp)) |
1325 | 0 | return FALSE; |
1326 | 0 | should_unlock = TRUE; |
1327 | 0 | UINT32 dataSize = fpUpdateHeaderSize + DstSize + pad; |
1328 | 0 | BYTE* data = Stream_PointerAs(fs, BYTE) - dataSize; |
1329 | |
|
1330 | 0 | if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS) |
1331 | 0 | { |
1332 | | // TODO: Ensure stream capacity |
1333 | 0 | if (!security_hmac_signature(data, dataSize - pad, pSignature, 8, rdp)) |
1334 | 0 | goto unlock; |
1335 | | |
1336 | 0 | if (!security_fips_encrypt(data, dataSize, rdp)) |
1337 | 0 | goto unlock; |
1338 | 0 | } |
1339 | 0 | else |
1340 | 0 | { |
1341 | | // TODO: Ensure stream capacity |
1342 | 0 | if (sec_flags & SEC_SECURE_CHECKSUM) |
1343 | 0 | status = |
1344 | 0 | security_salted_mac_signature(rdp, data, dataSize, TRUE, pSignature, 8); |
1345 | 0 | else |
1346 | 0 | status = security_mac_signature(rdp, data, dataSize, pSignature, 8); |
1347 | |
|
1348 | 0 | if (!status || !security_encrypt(data, dataSize, rdp)) |
1349 | 0 | goto unlock; |
1350 | 0 | } |
1351 | 0 | } |
1352 | 0 | res = TRUE; |
1353 | |
|
1354 | 0 | Stream_SealLength(fs); |
1355 | |
|
1356 | 0 | if (transport_write(rdp->transport, fs) < 0) |
1357 | 0 | { |
1358 | 0 | status = FALSE; |
1359 | 0 | } |
1360 | |
|
1361 | 0 | unlock: |
1362 | 0 | if (should_unlock && !security_unlock(rdp)) |
1363 | 0 | return FALSE; |
1364 | | |
1365 | 0 | if (!res || !status) |
1366 | 0 | return FALSE; |
1367 | | |
1368 | 0 | Stream_Seek(s, SrcSize); |
1369 | 0 | } |
1370 | | |
1371 | 0 | return status; |
1372 | 0 | } |
1373 | | |
1374 | | rdpFastPath* fastpath_new(rdpRdp* rdp) |
1375 | 0 | { |
1376 | 0 | rdpFastPath* fastpath = NULL; |
1377 | |
|
1378 | 0 | WINPR_ASSERT(rdp); |
1379 | | |
1380 | 0 | fastpath = (rdpFastPath*)calloc(1, sizeof(rdpFastPath)); |
1381 | |
|
1382 | 0 | if (!fastpath) |
1383 | 0 | return NULL; |
1384 | | |
1385 | 0 | fastpath->rdp = rdp; |
1386 | 0 | fastpath->fragmentation = -1; |
1387 | 0 | fastpath->fs = Stream_New(NULL, FASTPATH_MAX_PACKET_SIZE); |
1388 | 0 | fastpath->updateData = Stream_New(NULL, FASTPATH_MAX_PACKET_SIZE); |
1389 | |
|
1390 | 0 | if (!fastpath->fs || !fastpath->updateData) |
1391 | 0 | goto out_free; |
1392 | | |
1393 | 0 | return fastpath; |
1394 | 0 | out_free: |
1395 | 0 | fastpath_free(fastpath); |
1396 | 0 | return NULL; |
1397 | 0 | } |
1398 | | |
1399 | | void fastpath_free(rdpFastPath* fastpath) |
1400 | 0 | { |
1401 | 0 | if (fastpath) |
1402 | 0 | { |
1403 | 0 | Stream_Free(fastpath->updateData, TRUE); |
1404 | 0 | Stream_Free(fastpath->fs, TRUE); |
1405 | 0 | free(fastpath); |
1406 | 0 | } |
1407 | 0 | } |
1408 | | |
1409 | | BYTE fastpath_get_encryption_flags(rdpFastPath* fastpath) |
1410 | 0 | { |
1411 | 0 | WINPR_ASSERT(fastpath); |
1412 | 0 | return fastpath->encryptionFlags; |
1413 | 0 | } |
1414 | | |
1415 | | BOOL fastpath_decrypt(rdpFastPath* fastpath, wStream* s, UINT16* length) |
1416 | 0 | { |
1417 | 0 | WINPR_ASSERT(fastpath); |
1418 | 0 | if (fastpath_get_encryption_flags(fastpath) & FASTPATH_OUTPUT_ENCRYPTED) |
1419 | 0 | { |
1420 | 0 | const UINT16 flags = |
1421 | 0 | (fastpath_get_encryption_flags(fastpath) & FASTPATH_OUTPUT_SECURE_CHECKSUM) |
1422 | 0 | ? SEC_SECURE_CHECKSUM |
1423 | 0 | : 0; |
1424 | |
|
1425 | 0 | if (!rdp_decrypt(fastpath->rdp, s, length, flags)) |
1426 | 0 | return FALSE; |
1427 | 0 | } |
1428 | | |
1429 | 0 | return TRUE; |
1430 | 0 | } |