none
Who knows how KH generated in Windows Desktop Sharing(WDS) RRS feed

  • Question

  • I have two demo programs, a desktop viewer and a desktop sharer.

    The sharer create a invite file by CreateInvitation in Windows Desktop Sharing API. This will export a xml file like: <E><A KH="FX+4vCuia/HYMb8yfl3uMDY1umE=" ID="WinPresenter"/><C><T ID="1" SID="3109826666"><L P="51378" N="172.21.98.189"/></T></C></E>

    I want to know how the KH was caculated? How it was used to auth in WDS connect sequence?

    Thursday, January 23, 2014 9:35 AM

Answers

  • Andy,

    The novice (server) generates KH attribute of the Auth String Node <A> in Remote Assistance Connection String 2 [MS-RAI]. The expert (client) validates the value of KH during the RDP connection sequence.

    The KH value is a SHA1 hash of the server certificate’s public key. I have logged a request to get this clarified in a future release of the specification.

    During connection sequence, if encryption is selected for the RDP session, i.e. a non-zero encryptionMethod in TS_UD_SC_SEC1, the client will validate the public key of the server certificate contained in the Server Security Data (TS_UD_SC_SEC1).

    On receiving the TS_UD_SC_SEC1 from the server, the client calculates the SHA1 hash of the public key, and compares against the value of the KH parameter. The validation is successful if they are an exact match. Otherwise, if the validation fails, the server certificate is considered invalid and the client disconnects the session.

    [MS-RAI] 2.2.2 Remote Assistance Connection String 2

    http://msdn.microsoft.com/en-us/library/cc240132.aspx

    [MS-RDPBCGR] 2.2.1.4.3 Server Security Data (TS_UD_SC_SEC1)

    http://msdn.microsoft.com/en-us/library/cc240518.aspx

    From interface standpoint, the client control event that initiates the validation is the IMsTscAxEvents::OnReceivedTSPublicKey method.

    http://msdn.microsoft.com/en-us/library/aa382691.aspx

    Thanks,

    Edgar

    Friday, February 7, 2014 9:51 PM
    Moderator

All replies

  • Hi Andy,

    Thank you for your question. A member of the Protocol Documentation support team will respond to you soon.

    Regards,
    Vilmos Foltenyi - MSFT

    Thursday, January 23, 2014 6:41 PM
  • Hi Andy,

    I am reviewing this and will follow-up.

    Thanks,

    Edgar

    Friday, January 24, 2014 4:35 AM
    Moderator
  • Wwo, Thanks
    Monday, January 27, 2014 3:38 AM
  • Andy,

    The novice (server) generates KH attribute of the Auth String Node <A> in Remote Assistance Connection String 2 [MS-RAI]. The expert (client) validates the value of KH during the RDP connection sequence.

    The KH value is a SHA1 hash of the server certificate’s public key. I have logged a request to get this clarified in a future release of the specification.

    During connection sequence, if encryption is selected for the RDP session, i.e. a non-zero encryptionMethod in TS_UD_SC_SEC1, the client will validate the public key of the server certificate contained in the Server Security Data (TS_UD_SC_SEC1).

    On receiving the TS_UD_SC_SEC1 from the server, the client calculates the SHA1 hash of the public key, and compares against the value of the KH parameter. The validation is successful if they are an exact match. Otherwise, if the validation fails, the server certificate is considered invalid and the client disconnects the session.

    [MS-RAI] 2.2.2 Remote Assistance Connection String 2

    http://msdn.microsoft.com/en-us/library/cc240132.aspx

    [MS-RDPBCGR] 2.2.1.4.3 Server Security Data (TS_UD_SC_SEC1)

    http://msdn.microsoft.com/en-us/library/cc240518.aspx

    From interface standpoint, the client control event that initiates the validation is the IMsTscAxEvents::OnReceivedTSPublicKey method.

    http://msdn.microsoft.com/en-us/library/aa382691.aspx

    Thanks,

    Edgar

    Friday, February 7, 2014 9:51 PM
    Moderator
  • Hi Edgar,

    Thanks for your help!

    I've captured the connection data includes a serverSecurityData, which contains serverCertificate.

    I extracted the Server Proprietary Certificate(public key data) from serverSecurityData as below:

    01:00:00:00:  dwVersion
    01:00:00:00:  dwSigAlgId
    01:00:00:00:  dwKeyAlgId
    06:00:  public keyBlobType
    1c:01:  public keyBlobLen
    52:53:41:31:   magic
    08:01:00:00:   keylen
    00:08:00:00:   bitlen
    ff:00:00:00:   datalen
    01:00:01:00:   pub Exp
    47:87:bb:9d:92:9f:6f:88:1c:5a:1b:02:65:30:fe:8d:
    fb:62:12:0f:74:11:99:d9:7d:26:a7:1b:db:3a:2c:b8:
    e0:b0:cc:be:fd:34:cb:7e:4b:94:ae:b9:9a:42:d8:d3:
    a6:74:fa:d3:7a:f8:03:83:08:f0:18:cb:37:d3:46:14:
    6b:63:ba:ac:cd:6c:bc:a0:b0:69:7a:65:18:f6:04:11:
    71:12:e1:c5:55:37:3d:8f:7c:c5:f0:65:11:22:ee:16:
    c5:ce:6b:a5:48:d5:42:4b:ec:d7:fb:56:13:e1:38:f9:
    ec:ca:35:36:85:b1:df:ba:8d:94:dc:ec:3f:39:05:42:
    af:09:43:96:e7:a6:bf:d8:ee:f5:c4:08:65:85:4e:f0:
    e0:30:33:0a:d0:ea:00:af:26:2c:86:76:60:f2:7a:3b:
    e6:2f:d4:26:cf:e9:ca:2b:cb:e5:29:df:25:de:0d:c7:
    2c:2e:ca:56:b4:65:46:23:78:3a:5d:47:6f:53:e4:97:
    51:5b:09:88:92:05:00:ab:24:a2:68:6f:60:26:bc:7f:
    0a:0a:0f:ed:e4:c9:d0:86:af:c6:51:04:72:95:fd:bf:
    19:d8:87:b1:5a:f8:e6:da:da:56:8f:1b:95:e7:ba:fe:
    73:61:d9:56:92:31:63:eb:3c:eb:44:34:5a:be:84:e8:
    00:00:00:00:00:00:00:00:                         modulus

    08:00:48:00:38:79:64:0e:1c:34:81:cd:ee:3d:91:d2:
    06:5b:16:3a:0d:a5:b0:f2:78:9a:ac:25:c2:3d:cb:f8:
    13:e9:bf:ed:bb:ff:56:97:13:0b:71:e9:04:bc:f6:da:
    32:06:ac:1c:1a:c4:56:a4:35:1c:6c:99:76:e2:66:d7:
    c7:eb:ca:5f:00:00:00:00:00:00:00:00

    I used byte series of pair (pubExp, modulus) to try to calculate the SHA1, and do base64 encoding, but I can't get the correct result. (KH="FX+4vCuia/HYMb8yfl3uMDY1umE=")

    Do you know the correct person could help on this?

    Thanks,

    Andy

    Monday, February 10, 2014 7:25 AM
  • Andy,Just a quick ping here that you posted the same question on another thread that I will be answering.

    http://social.msdn.microsoft.com/Forums/en-US/21bf23f0-b85f-4e4a-b07d-2408d75df1c2/kh-caculation-in-wds-connection-string-2?forum=os_windowsprotocols

    Thanks,

    Edgar

    Tuesday, February 11, 2014 3:50 PM
    Moderator