First, thanks for writing this code. This is just an observation, no requests.
I work on MeshCentral and I am working on porting your NLA support from the Rust version to the NodeJS version. In working on that, I noticed this code in cssp.rs:
// now server respond normally with the original public key incremented by one
let r2 = &(link.read(0)?);
println!("READ: read_ts_validate {}", hex::encode(&r1));
let inc_pub_key = security_interface.gss_unwrapex(&(read_ts_validate(r2)?))?;
// Check possible man in the middle using cssp
if BigUint::from_bytes_le(&inc_pub_key) != BigUint::from_bytes_le(certificate.tbs_certificate.subject_pki.subject_public_key.data) + BigUint::new(vec![1]) {
return Err(Error::RdpError(RdpError::new(RdpErrorKind::PossibleMITM, "Man in the middle detected")))
}
Looking the the bits received, it seems like ASN1 encoded, not a BigUInt. I would send this challenge:
Only the first "type" changes from 16 to 17, everything else is the same. The BigUInt compare works, but instead, you could check that both prime and exponent are identical.
citronneur
commented
2 years ago
First, thanks for writing this code. This is just an observation, no requests.
I work on MeshCentral and I am working on porting your NLA support from the Rust version to the NodeJS version. In working on that, I noticed this code in cssp.rs:
Looking the the bits received, it seems like ASN1 encoded, not a BigUInt. I would send this challenge:
and get this as a response:
Only the first "type" changes from 16 to 17, everything else is the same. The BigUInt compare works, but instead, you could check that both prime and exponent are identical.