void ntlm_rc4k(BYTE* key, int length, BYTE* plaintext, BYTE* ciphertext) { WINPR_RC4_CTX rc4; winpr_RC4_Init(&rc4, (void*) key, 16); winpr_RC4_Update(&rc4, length, (void*) plaintext, (void*) ciphertext); winpr_RC4_Final(&rc4); }
void ntlm_rc4k(BYTE* key, int length, BYTE* plaintext, BYTE* ciphertext) { WINPR_RC4_CTX* rc4 = winpr_RC4_New(key, 16); if (rc4) { winpr_RC4_Update(rc4, length, plaintext, ciphertext); winpr_RC4_Free(rc4); } }
BOOL license_send_platform_challenge_response_packet(rdpLicense* license) { wStream* s; int length; BYTE* buffer; WINPR_RC4_CTX* rc4; BYTE mac_data[16]; BOOL status; DEBUG_LICENSE("Sending Platform Challenge Response Packet"); s = license_send_stream_init(license); license->EncryptedPlatformChallenge->type = BB_DATA_BLOB; length = license->PlatformChallenge->length + HWID_LENGTH; buffer = (BYTE*) malloc(length); if (!buffer) return FALSE; CopyMemory(buffer, license->PlatformChallenge->data, license->PlatformChallenge->length); CopyMemory(&buffer[license->PlatformChallenge->length], license->HardwareId, HWID_LENGTH); status = security_mac_data(license->MacSaltKey, buffer, length, mac_data); free(buffer); if (!status) return FALSE; rc4 = winpr_RC4_New(license->LicensingEncryptionKey, LICENSING_ENCRYPTION_KEY_LENGTH); if (!rc4) return FALSE; buffer = (BYTE*) malloc(HWID_LENGTH); if (!buffer) return FALSE; status = winpr_RC4_Update(rc4, HWID_LENGTH, license->HardwareId, buffer); winpr_RC4_Free(rc4); if (!status) { free(buffer); return FALSE; } license->EncryptedHardwareId->type = BB_DATA_BLOB; license->EncryptedHardwareId->data = buffer; license->EncryptedHardwareId->length = HWID_LENGTH; #ifdef WITH_DEBUG_LICENSE WLog_DBG(TAG, "LicensingEncryptionKey:"); winpr_HexDump(TAG, WLOG_DEBUG, license->LicensingEncryptionKey, 16); WLog_DBG(TAG, "HardwareId:"); winpr_HexDump(TAG, WLOG_DEBUG, license->HardwareId, HWID_LENGTH); WLog_DBG(TAG, "EncryptedHardwareId:"); winpr_HexDump(TAG, WLOG_DEBUG, license->EncryptedHardwareId->data, HWID_LENGTH); #endif return license_write_platform_challenge_response_packet(license, s, mac_data) && license_send(license, s, PLATFORM_CHALLENGE_RESPONSE); }
BOOL license_decrypt_platform_challenge(rdpLicense* license) { BOOL rc; WINPR_RC4_CTX* rc4; license->PlatformChallenge->data = (BYTE *)malloc(license->EncryptedPlatformChallenge->length); if (!license->PlatformChallenge->data) return FALSE; license->PlatformChallenge->length = license->EncryptedPlatformChallenge->length; if ((rc4 = winpr_RC4_New(license->LicensingEncryptionKey, LICENSING_ENCRYPTION_KEY_LENGTH)) == NULL) return FALSE; rc = winpr_RC4_Update(rc4, license->EncryptedPlatformChallenge->length, license->EncryptedPlatformChallenge->data, license->PlatformChallenge->data); winpr_RC4_Free(rc4); return rc; }
SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo) { int index; int length; void* data; UINT32 SeqNo; UINT32 value; BYTE digest[WINPR_MD5_DIGEST_LENGTH]; BYTE checksum[8]; BYTE* signature; ULONG version = 1; WINPR_HMAC_CTX* hmac; NTLM_CONTEXT* context; PSecBuffer data_buffer = NULL; PSecBuffer signature_buffer = NULL; SeqNo = MessageSeqNo; context = (NTLM_CONTEXT*) sspi_SecureHandleGetLowerPointer(phContext); for (index = 0; index < (int) pMessage->cBuffers; index++) { if (pMessage->pBuffers[index].BufferType == SECBUFFER_DATA) data_buffer = &pMessage->pBuffers[index]; else if (pMessage->pBuffers[index].BufferType == SECBUFFER_TOKEN) signature_buffer = &pMessage->pBuffers[index]; } if (!data_buffer) return SEC_E_INVALID_TOKEN; if (!signature_buffer) return SEC_E_INVALID_TOKEN; /* Copy original data buffer */ length = data_buffer->cbBuffer; data = malloc(length); if (!data) return SEC_E_INSUFFICIENT_MEMORY; CopyMemory(data, data_buffer->pvBuffer, length); /* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */ hmac = winpr_HMAC_New(); if (hmac && winpr_HMAC_Init(hmac, WINPR_MD_MD5, context->SendSigningKey, WINPR_MD5_DIGEST_LENGTH)) { Data_Write_UINT32(&value, SeqNo); winpr_HMAC_Update(hmac, (void*) &value, 4); winpr_HMAC_Update(hmac, (void*) data, length); winpr_HMAC_Final(hmac, digest, WINPR_MD5_DIGEST_LENGTH); winpr_HMAC_Free(hmac); } else { winpr_HMAC_Free(hmac); free(data); return SEC_E_INSUFFICIENT_MEMORY; } /* Encrypt message using with RC4, result overwrites original buffer */ if (context->confidentiality) winpr_RC4_Update(context->SendRc4Seal, length, (BYTE*) data, (BYTE*) data_buffer->pvBuffer); else CopyMemory(data_buffer->pvBuffer, data, length); #ifdef WITH_DEBUG_NTLM WLog_DBG(TAG, "Data Buffer (length = %d)", length); winpr_HexDump(TAG, WLOG_DEBUG, data, length); WLog_DBG(TAG, "Encrypted Data Buffer (length = %"PRIu32")", data_buffer->cbBuffer); winpr_HexDump(TAG, WLOG_DEBUG, data_buffer->pvBuffer, data_buffer->cbBuffer); #endif free(data); /* RC4-encrypt first 8 bytes of digest */ winpr_RC4_Update(context->SendRc4Seal, 8, digest, checksum); signature = (BYTE*) signature_buffer->pvBuffer; /* Concatenate version, ciphertext and sequence number to build signature */ Data_Write_UINT32(signature, version); CopyMemory(&signature[4], (void*) checksum, 8); Data_Write_UINT32(&signature[12], SeqNo); context->SendSeqNum++; #ifdef WITH_DEBUG_NTLM WLog_DBG(TAG, "Signature (length = %"PRIu32")", signature_buffer->cbBuffer); winpr_HexDump(TAG, WLOG_DEBUG, signature_buffer->pvBuffer, signature_buffer->cbBuffer); #endif return SEC_E_OK; }