Man-in-the-middle detection using BigUInt compare in cssp.rs

[Ylianst]

First, thanks for writing this code. This is just an observation, no requests.

I work on MeshCentral and I am working on porting your NLA support from the Rust version to the NodeJS version. In working on that, I noticed this code in cssp.rs:

    // now server respond normally with the original public key incremented by one
	let r2 = &(link.read(0)?);
	println!("READ: read_ts_validate {}", hex::encode(&r1));
    let inc_pub_key = security_interface.gss_unwrapex(&(read_ts_validate(r2)?))?;

    // Check possible man in the middle using cssp
    if BigUint::from_bytes_le(&inc_pub_key) != BigUint::from_bytes_le(certificate.tbs_certificate.subject_pki.subject_public_key.data) + BigUint::new(vec![1]) {
        return Err(Error::RdpError(RdpError::new(RdpErrorKind::PossibleMITM, "Man in the middle detected")))
    }

Looking the the bits received, it seems like ASN1 encoded, not a BigUInt. I would send this challenge:

{
  tagClass: 0,
  type: 16,
  constructed: true,
  composed: true,
  value: [
    {
      tagClass: 0,
      type: 2,
      constructed: false,
      composed: false,
      value: '..........'
    },
    {
      tagClass: 0,
      type: 2,
      constructed: false,
      composed: false,
      value: '.....'
    }
  ]
}

and get this as a response:

{
  tagClass: 0,
  type: 17,
  constructed: true,
  composed: true,
  value: [
    {
      tagClass: 0,
      type: 2,
      constructed: false,
      composed: false,
      value: '..........'
    },
    {
      tagClass: 0,
      type: 2,
      constructed: false,
      composed: false,
      value: '.....'
    }
  ]
}

Only the first "type" changes from 16 to 17, everything else is the same. The BigUInt compare works, but instead, you could check that both prime and exponent are identical.

[citronneur]

Thanks i will!