Esempio n. 1
0
void ntlm_rc4k(BYTE* key, int length, BYTE* plaintext, BYTE* ciphertext)
{
    WINPR_RC4_CTX rc4;
    winpr_RC4_Init(&rc4, (void*) key, 16);
    winpr_RC4_Update(&rc4, length, (void*) plaintext, (void*) ciphertext);
    winpr_RC4_Final(&rc4);
}
Esempio n. 2
0
void ntlm_rc4k(BYTE* key, int length, BYTE* plaintext, BYTE* ciphertext)
{
	WINPR_RC4_CTX* rc4 = winpr_RC4_New(key, 16);
	if (rc4)
	{
		winpr_RC4_Update(rc4, length, plaintext, ciphertext);
		winpr_RC4_Free(rc4);
	}
}
Esempio n. 3
0
BOOL license_send_platform_challenge_response_packet(rdpLicense* license)
{
    wStream* s;
    int length;
    BYTE* buffer;
    WINPR_RC4_CTX* rc4;
    BYTE mac_data[16];
    BOOL status;

    DEBUG_LICENSE("Sending Platform Challenge Response Packet");
    s = license_send_stream_init(license);
    license->EncryptedPlatformChallenge->type = BB_DATA_BLOB;
    length = license->PlatformChallenge->length + HWID_LENGTH;

    buffer = (BYTE*) malloc(length);
    if (!buffer)
        return FALSE;

    CopyMemory(buffer, license->PlatformChallenge->data, license->PlatformChallenge->length);
    CopyMemory(&buffer[license->PlatformChallenge->length], license->HardwareId, HWID_LENGTH);
    status = security_mac_data(license->MacSaltKey, buffer, length, mac_data);
    free(buffer);

    if (!status)
        return FALSE;

    rc4 = winpr_RC4_New(license->LicensingEncryptionKey,
                        LICENSING_ENCRYPTION_KEY_LENGTH);
    if (!rc4)
        return FALSE;

    buffer = (BYTE*) malloc(HWID_LENGTH);
    if (!buffer)
        return FALSE;

    status = winpr_RC4_Update(rc4, HWID_LENGTH, license->HardwareId, buffer);
    winpr_RC4_Free(rc4);
    if (!status)
    {
        free(buffer);
        return FALSE;
    }

    license->EncryptedHardwareId->type = BB_DATA_BLOB;
    license->EncryptedHardwareId->data = buffer;
    license->EncryptedHardwareId->length = HWID_LENGTH;
#ifdef WITH_DEBUG_LICENSE
    WLog_DBG(TAG, "LicensingEncryptionKey:");
    winpr_HexDump(TAG, WLOG_DEBUG, license->LicensingEncryptionKey, 16);
    WLog_DBG(TAG, "HardwareId:");
    winpr_HexDump(TAG, WLOG_DEBUG, license->HardwareId, HWID_LENGTH);
    WLog_DBG(TAG, "EncryptedHardwareId:");
    winpr_HexDump(TAG, WLOG_DEBUG, license->EncryptedHardwareId->data, HWID_LENGTH);
#endif
    return license_write_platform_challenge_response_packet(license, s, mac_data) &&
           license_send(license, s, PLATFORM_CHALLENGE_RESPONSE);
}
Esempio n. 4
0
BOOL license_decrypt_platform_challenge(rdpLicense* license)
{
    BOOL rc;
    WINPR_RC4_CTX* rc4;

    license->PlatformChallenge->data = (BYTE *)malloc(license->EncryptedPlatformChallenge->length);
    if (!license->PlatformChallenge->data)
        return FALSE;
    license->PlatformChallenge->length = license->EncryptedPlatformChallenge->length;

    if ((rc4 = winpr_RC4_New(license->LicensingEncryptionKey,
                             LICENSING_ENCRYPTION_KEY_LENGTH)) == NULL)
        return FALSE;
    rc = winpr_RC4_Update(rc4, license->EncryptedPlatformChallenge->length,
                          license->EncryptedPlatformChallenge->data,
                          license->PlatformChallenge->data);

    winpr_RC4_Free(rc4);
    return rc;
}
Esempio n. 5
0
SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, ULONG fQOP,
        PSecBufferDesc pMessage, ULONG MessageSeqNo)
{
	int index;
	int length;
	void* data;
	UINT32 SeqNo;
	UINT32 value;
	BYTE digest[WINPR_MD5_DIGEST_LENGTH];
	BYTE checksum[8];
	BYTE* signature;
	ULONG version = 1;
	WINPR_HMAC_CTX* hmac;
	NTLM_CONTEXT* context;
	PSecBuffer data_buffer = NULL;
	PSecBuffer signature_buffer = NULL;
	SeqNo = MessageSeqNo;
	context = (NTLM_CONTEXT*) sspi_SecureHandleGetLowerPointer(phContext);

	for (index = 0; index < (int) pMessage->cBuffers; index++)
	{
		if (pMessage->pBuffers[index].BufferType == SECBUFFER_DATA)
			data_buffer = &pMessage->pBuffers[index];
		else if (pMessage->pBuffers[index].BufferType == SECBUFFER_TOKEN)
			signature_buffer = &pMessage->pBuffers[index];
	}

	if (!data_buffer)
		return SEC_E_INVALID_TOKEN;

	if (!signature_buffer)
		return SEC_E_INVALID_TOKEN;

	/* Copy original data buffer */
	length = data_buffer->cbBuffer;
	data = malloc(length);

	if (!data)
		return SEC_E_INSUFFICIENT_MEMORY;

	CopyMemory(data, data_buffer->pvBuffer, length);
	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */
	hmac = winpr_HMAC_New();

	if (hmac && winpr_HMAC_Init(hmac, WINPR_MD_MD5, context->SendSigningKey, WINPR_MD5_DIGEST_LENGTH))
	{
		Data_Write_UINT32(&value, SeqNo);
		winpr_HMAC_Update(hmac, (void*) &value, 4);
		winpr_HMAC_Update(hmac, (void*) data, length);
		winpr_HMAC_Final(hmac, digest, WINPR_MD5_DIGEST_LENGTH);
		winpr_HMAC_Free(hmac);
	}
	else
	{
		winpr_HMAC_Free(hmac);
		free(data);
		return SEC_E_INSUFFICIENT_MEMORY;
	}

	/* Encrypt message using with RC4, result overwrites original buffer */

	if (context->confidentiality)
		winpr_RC4_Update(context->SendRc4Seal, length, (BYTE*) data, (BYTE*) data_buffer->pvBuffer);
	else
		CopyMemory(data_buffer->pvBuffer, data, length);

#ifdef WITH_DEBUG_NTLM
	WLog_DBG(TAG, "Data Buffer (length = %d)", length);
	winpr_HexDump(TAG, WLOG_DEBUG, data, length);
	WLog_DBG(TAG, "Encrypted Data Buffer (length = %"PRIu32")", data_buffer->cbBuffer);
	winpr_HexDump(TAG, WLOG_DEBUG, data_buffer->pvBuffer, data_buffer->cbBuffer);
#endif
	free(data);
	/* RC4-encrypt first 8 bytes of digest */
	winpr_RC4_Update(context->SendRc4Seal, 8, digest, checksum);
	signature = (BYTE*) signature_buffer->pvBuffer;
	/* Concatenate version, ciphertext and sequence number to build signature */
	Data_Write_UINT32(signature, version);
	CopyMemory(&signature[4], (void*) checksum, 8);
	Data_Write_UINT32(&signature[12], SeqNo);
	context->SendSeqNum++;
#ifdef WITH_DEBUG_NTLM
	WLog_DBG(TAG, "Signature (length = %"PRIu32")", signature_buffer->cbBuffer);
	winpr_HexDump(TAG, WLOG_DEBUG, signature_buffer->pvBuffer, signature_buffer->cbBuffer);
#endif
	return SEC_E_OK;
}