/* Process an authentication request packet */
static void
licence_process_authreq(STREAM s)
{
uint8 *in_token = NULL, *in_sig;
uint8 out_token[LICENCE_TOKEN_SIZE], decrypt_token[LICENCE_TOKEN_SIZE];
uint8 hwid[LICENCE_HWID_SIZE], crypt_hwid[LICENCE_HWID_SIZE];
uint8 sealed_buffer[LICENCE_TOKEN_SIZE + LICENCE_HWID_SIZE];
uint8 out_sig[LICENCE_SIGNATURE_SIZE];
void * crypt_key;
/* Parse incoming packet and save the encrypted token */
licence_parse_authreq(s, &in_token, &in_sig);
memcpy(out_token, in_token, LICENCE_TOKEN_SIZE);
/* Decrypt the token. It should read TEST in Unicode. */
crypt_key = ssl_rc4_info_create();
ssl_rc4_set_key(crypt_key, (char *)g_licence_key, 16);
ssl_rc4_crypt(crypt_key, (char *)in_token, (char *)decrypt_token, LICENCE_TOKEN_SIZE);
ssl_rc4_info_delete(crypt_key);
/* Generate a signature for a buffer of token and HWID */
licence_generate_hwid(hwid);
memcpy(sealed_buffer, decrypt_token, LICENCE_TOKEN_SIZE);
memcpy(sealed_buffer + LICENCE_TOKEN_SIZE, hwid, LICENCE_HWID_SIZE);
sec_sign(out_sig, 16, g_licence_sign_key, 16, sealed_buffer, sizeof(sealed_buffer));
/* Now encrypt the HWID */
crypt_key = ssl_rc4_info_create();
ssl_rc4_set_key(crypt_key, (char *)g_licence_key, 16);
ssl_rc4_crypt(crypt_key, (char *)hwid, (char *)crypt_hwid, LICENCE_HWID_SIZE);
ssl_rc4_info_delete(crypt_key);
licence_send_authresp(out_token, crypt_hwid, out_sig);
}
/* Process an authentication request packet */
static void
licence_process_authreq(RDPCLIENT * This, STREAM s)
{
uint8 *in_token, *in_sig;
uint8 out_token[LICENCE_TOKEN_SIZE], decrypt_token[LICENCE_TOKEN_SIZE];
uint8 hwid[LICENCE_HWID_SIZE], crypt_hwid[LICENCE_HWID_SIZE];
uint8 sealed_buffer[LICENCE_TOKEN_SIZE + LICENCE_HWID_SIZE];
uint8 out_sig[LICENCE_SIGNATURE_SIZE];
RC4_KEY crypt_key;
/* Parse incoming packet and save the encrypted token */
licence_parse_authreq(s, &in_token, &in_sig);
memcpy(out_token, in_token, LICENCE_TOKEN_SIZE);
/* Decrypt the token. It should read TEST in Unicode. */
RC4_set_key(&crypt_key, 16, This->licence.key);
RC4(&crypt_key, LICENCE_TOKEN_SIZE, in_token, decrypt_token);
/* Generate a signature for a buffer of token and HWID */
licence_generate_hwid(This, hwid);
memcpy(sealed_buffer, decrypt_token, LICENCE_TOKEN_SIZE);
memcpy(sealed_buffer + LICENCE_TOKEN_SIZE, hwid, LICENCE_HWID_SIZE);
sec_sign(out_sig, 16, This->licence.sign_key, 16, sealed_buffer, sizeof(sealed_buffer));
/* Now encrypt the HWID */
RC4_set_key(&crypt_key, 16, This->licence.key);
RC4(&crypt_key, LICENCE_HWID_SIZE, hwid, crypt_hwid);
licence_send_authresp(This, out_token, crypt_hwid, out_sig);
}
/* Process a Server Platform Challenge packet */
static void
licence_process_platform_challenge(rdpLicence * licence, STREAM s)
{
uint8 *in_token = NULL, *in_sig;
uint8 out_token[LICENCE_TOKEN_SIZE], decrypt_token[LICENCE_TOKEN_SIZE];
uint8 hwid[LICENCE_HWID_SIZE], crypt_hwid[LICENCE_HWID_SIZE];
uint8 sealed_buffer[LICENCE_TOKEN_SIZE + LICENCE_HWID_SIZE];
uint8 out_sig[LICENCE_SIGNATURE_SIZE];
CryptoRc4 crypt_key;
/* Parse incoming packet and save the encrypted token */
licence_parse_authreq(licence, s, &in_token, &in_sig);
memcpy(out_token, in_token, LICENCE_TOKEN_SIZE);
/* Decrypt the token. It should read TEST in Unicode. */
crypt_key = crypto_rc4_init(licence->licence_key, 16);
crypto_rc4(crypt_key, LICENCE_TOKEN_SIZE, in_token, decrypt_token);
crypto_rc4_free(crypt_key);
/* Generate a signature for a buffer of token and HWID */
licence_generate_hwid(licence, hwid);
memcpy(sealed_buffer, decrypt_token, LICENCE_TOKEN_SIZE);
memcpy(sealed_buffer + LICENCE_TOKEN_SIZE, hwid, LICENCE_HWID_SIZE);
sec_sign(out_sig, 16, licence->licence_sign_key, 16, sealed_buffer, sizeof(sealed_buffer));
/* Now encrypt the HWID */
crypt_key = crypto_rc4_init(licence->licence_key, 16);
crypto_rc4(crypt_key, LICENCE_HWID_SIZE, hwid, crypt_hwid);
crypto_rc4_free(crypt_key);
licence_send_authresp(licence, out_token, crypt_hwid, out_sig);
}
/* Process a platform challenge packet */
static void
licence_process_platform_challenge(STREAM s)
{
uint8 *in_token = NULL, *in_sig;
uint8 out_token[LICENCE_TOKEN_SIZE], decrypt_token[LICENCE_TOKEN_SIZE];
uint8 hwid[LICENCE_HWID_SIZE], crypt_hwid[LICENCE_HWID_SIZE];
uint8 sealed_buffer[LICENCE_TOKEN_SIZE + LICENCE_HWID_SIZE];
uint8 out_sig[LICENCE_SIGNATURE_SIZE];
RDSSL_RC4 crypt_key;
/* Parse incoming packet and save the encrypted token */
licence_parse_platform_challenge(s, &in_token, &in_sig);
memcpy(out_token, in_token, LICENCE_TOKEN_SIZE);
/* Decrypt the token. It should read TEST in Unicode. */
rdssl_rc4_set_key(&crypt_key, g_licence_key, 16);
rdssl_rc4_crypt(&crypt_key, in_token, decrypt_token, LICENCE_TOKEN_SIZE);
/* Generate a signature for a buffer of token and HWID */
licence_generate_hwid(hwid);
memcpy(sealed_buffer, decrypt_token, LICENCE_TOKEN_SIZE);
memcpy(sealed_buffer + LICENCE_TOKEN_SIZE, hwid, LICENCE_HWID_SIZE);
sec_sign(out_sig, 16, g_licence_sign_key, 16, sealed_buffer, sizeof(sealed_buffer));
/* Now encrypt the HWID */
rdssl_rc4_set_key(&crypt_key, g_licence_key, 16);
rdssl_rc4_crypt(&crypt_key, hwid, crypt_hwid, LICENCE_HWID_SIZE);
licence_send_platform_challenge_response(out_token, crypt_hwid, out_sig);
}
/* Process a licence request packet */
static void
licence_process_request(STREAM s)
{
uint8 null_data[SEC_MODULUS_SIZE];
uint8 *server_random;
uint8 signature[LICENCE_SIGNATURE_SIZE];
uint8 hwid[LICENCE_HWID_SIZE];
uint8 *licence_data;
int licence_size;
RDSSL_RC4 crypt_key;
/* Retrieve the server random from the incoming packet */
in_uint8p(s, server_random, SEC_RANDOM_SIZE);
/* We currently use null client keys. This is a bit naughty but, hey,
the security of licence negotiation isn't exactly paramount. */
memset(null_data, 0, sizeof(null_data));
licence_generate_keys(null_data, server_random, null_data);
licence_size = load_licence(&licence_data);
if (licence_size > 0)
{
/* Generate a signature for the HWID buffer */
licence_generate_hwid(hwid);
sec_sign(signature, 16, g_licence_sign_key, 16, hwid, sizeof(hwid));
/* Now encrypt the HWID */
rdssl_rc4_set_key(&crypt_key, g_licence_key, 16);
rdssl_rc4_crypt(&crypt_key, hwid, hwid, sizeof(hwid));
logger(Protocol, Debug,
"license_process_request(), sending licensing PDU (message type 0x%02x)",
LICENCE_TAG_LICENCE_INFO);
licence_info(null_data, null_data, licence_data, licence_size, hwid, signature);
xfree(licence_data);
return;
}
logger(Protocol, Debug,
"license_process_request(), sending licensing PDU (message type 0x%02x)",
LICENCE_TAG_NEW_LICENCE_REQUEST);
licence_send_new_licence_request(null_data, null_data, g_username, g_hostname);
}
/* Process a licence demand packet */
static BOOL
licence_process_demand(RDPCLIENT * This, STREAM s)
{
uint8 null_data[SEC_MODULUS_SIZE];
uint8 *server_random;
uint8 signature[LICENCE_SIGNATURE_SIZE];
uint8 hwid[LICENCE_HWID_SIZE];
uint8 *licence_data;
int licence_size;
RC4_KEY crypt_key;
/* Retrieve the server random from the incoming packet */
in_uint8p(s, server_random, SEC_RANDOM_SIZE);
/* We currently use null client keys. This is a bit naughty but, hey,
the security of licence negotiation isn't exactly paramount. */
memset(null_data, 0, sizeof(null_data));
licence_generate_keys(This, null_data, server_random, null_data);
licence_size = load_licence(This, &licence_data);
if (licence_size > 0)
{
/* Generate a signature for the HWID buffer */
licence_generate_hwid(This, hwid);
sec_sign(signature, 16, This->licence.sign_key, 16, hwid, sizeof(hwid));
/* Now encrypt the HWID */
RC4_set_key(&crypt_key, 16, This->licence.key);
RC4(&crypt_key, sizeof(hwid), hwid, hwid);
if(!licence_present(This, null_data, null_data, licence_data, licence_size, hwid, signature))
return False;
free(licence_data);
return True;
}
return licence_send_request(This, null_data, null_data, This->licence_username, This->licence_hostname);
}
/* Process a licence demand packet */
static void
licence_process_demand(STREAM s)
{
uint8 null_data[SEC_MODULUS_SIZE];
uint8 *server_random;
uint8 signature[LICENCE_SIGNATURE_SIZE];
uint8 hwid[LICENCE_HWID_SIZE];
uint8 *licence_data;
int licence_size;
void * crypt_key;
/* Retrieve the server random from the incoming packet */
in_uint8p(s, server_random, SEC_RANDOM_SIZE);
/* We currently use null client keys. This is a bit naughty but, hey,
the security of licence negotiation isn't exactly paramount. */
memset(null_data, 0, sizeof(null_data));
licence_generate_keys(null_data, server_random, null_data);
licence_size = load_licence(&licence_data);
if (licence_size > 0)
{
/* Generate a signature for the HWID buffer */
licence_generate_hwid(hwid);
sec_sign(signature, 16, g_licence_sign_key, 16, hwid, sizeof(hwid));
/* Now encrypt the HWID */
crypt_key = ssl_rc4_info_create();
ssl_rc4_set_key(crypt_key, (char *)g_licence_key, 16);
ssl_rc4_crypt(crypt_key, (char *)hwid, (char *)hwid, sizeof(hwid));
ssl_rc4_info_delete(crypt_key);
licence_present(null_data, null_data, licence_data, licence_size, hwid, signature);
xfree(licence_data);
return;
}
licence_send_request(null_data, null_data, g_username, g_hostname);
}
/* Process a licence demand packet */
static void
licence_process_demand(RDConnectionRef conn, RDStreamRef s)
{
uint8 null_data[SEC_MODULUS_SIZE];
uint8 *server_random;
uint8 signature[LICENCE_SIGNATURE_SIZE];
uint8 hwid[LICENCE_HWID_SIZE];
uint8 *licence_data;
int licence_size;
RC4_KEY crypt_key;
/* Retrieve the server random from the incoming packet */
in_uint8p(s, server_random, SEC_RANDOM_SIZE);
/* We currently use null client keys. This is a bit naughty but, hey,
the security of licence negotiation isn't exactly paramount. */
memset(null_data, 0, sizeof(null_data));
licence_generate_keys(conn, null_data, server_random, null_data);
licence_size = load_licence(&licence_data);
if (licence_size > 0)
{
/* Generate a signature for the HWID buffer */
licence_generate_hwid(conn, hwid);
sec_sign(signature, 16, conn->licenseSignKey, 16, hwid, sizeof(hwid));
/* Now encrypt the HWID */
RC4_set_key(&crypt_key, 16, conn->licenseKey);
RC4(&crypt_key, sizeof(hwid), hwid, hwid);
licence_present(conn, null_data, null_data, licence_data, licence_size, hwid, signature);
xfree(licence_data);
return;
}
licence_send_request(conn, null_data, null_data, conn->username, conn->hostname);
}
/* Process a Server License Request packet */
static void
licence_process_request(rdpLicence * licence, STREAM s)
{
uint8 null_data[SEC_MODULUS_SIZE];
uint8 *server_random;
uint32 dwVersion;
uint32 cbCompanyName;
uint32 cbProductId;
uint16 wBlobType, wBlobLen;
uint32 ScopeCount, i;
uint8 signature[LICENCE_SIGNATURE_SIZE];
uint8 hwid[LICENCE_HWID_SIZE];
uint8 *licence_data;
int licence_size;
CryptoRc4 crypt_key;
/* Retrieve the server random from the incoming packet */
in_uint8p(s, server_random, SEC_RANDOM_SIZE); /* ServerRandom */
/* ProductInfo: */
in_uint32_le(s, dwVersion);
in_uint32_le(s, cbCompanyName);
in_uint8s(s, cbCompanyName); /* pbCompanyName */
in_uint32_le(s, cbProductId);
in_uint8s(s, cbProductId); /* pbProductId - "A02"? */
/* KeyExchangeList */
in_uint16_le(s, wBlobType); /* BB_KEY_EXCHG_ALG_BLOB (0x000D) */
in_uint16_le(s, wBlobLen);
in_uint8s(s, wBlobLen); /* KEY_EXCHANGE_ALG_RSA 0x00000001 */
/* ServerCertificate */
in_uint16_le(s, wBlobType); /* BB_CERTIFICATE_BLOB (0x0003). */
in_uint16_le(s, wBlobLen);
in_uint8s(s, wBlobLen); /* cert to use for licensing instead of the one from MCS Connect Response */
/* ScopeList */
in_uint32_le(s, ScopeCount);
for (i=0; i<ScopeCount; i++)
{
in_uint16_le(s, wBlobType);
in_uint16_le(s, wBlobLen);
in_uint8s(s, wBlobLen);
}
/* We currently use null client keys. This is a bit naughty but, hey,
the security of licence negotiation isn't exactly paramount. */
memset(null_data, 0, sizeof(null_data));
licence_generate_keys(licence, null_data, server_random, null_data);
licence_size = load_licence(&licence_data);
if (licence_size > 0)
{
/* Generate a signature for the HWID buffer */
licence_generate_hwid(licence, hwid);
sec_sign(signature, 16, licence->licence_sign_key, 16, hwid, sizeof(hwid));
/* Now encrypt the HWID */
crypt_key = crypto_rc4_init(licence->licence_key, 16);
crypto_rc4(crypt_key, sizeof(hwid), hwid, hwid);
crypto_rc4_free(crypt_key);
licence_present(licence, null_data, null_data, licence_data, licence_size, hwid, signature);
xfree(licence_data);
return;
}
licence_send_request(licence, null_data, null_data,
licence->sec->rdp->settings->username,
licence->sec->rdp->settings->hostname);
}
