void rdp_free(rdpRdp* rdp)
{
if (rdp)
{
crypto_rc4_free(rdp->rc4_decrypt_key);
crypto_rc4_free(rdp->rc4_encrypt_key);
crypto_des3_free(rdp->fips_encrypt);
crypto_des3_free(rdp->fips_decrypt);
crypto_hmac_free(rdp->fips_hmac);
freerdp_settings_free(rdp->settings);
freerdp_settings_free(rdp->settingsCopy);
transport_free(rdp->transport);
license_free(rdp->license);
input_free(rdp->input);
update_free(rdp->update);
fastpath_free(rdp->fastpath);
nego_free(rdp->nego);
mcs_free(rdp->mcs);
redirection_free(rdp->redirection);
autodetect_free(rdp->autodetect);
heartbeat_free(rdp->heartbeat);
multitransport_free(rdp->multitransport);
bulk_free(rdp->bulk);
free(rdp);
}
}
/* Process a Server Platform Challenge packet */
static void
licence_process_platform_challenge(rdpLicence * licence, STREAM s)
{
uint8 *in_token = NULL, *in_sig;
uint8 out_token[LICENCE_TOKEN_SIZE], decrypt_token[LICENCE_TOKEN_SIZE];
uint8 hwid[LICENCE_HWID_SIZE], crypt_hwid[LICENCE_HWID_SIZE];
uint8 sealed_buffer[LICENCE_TOKEN_SIZE + LICENCE_HWID_SIZE];
uint8 out_sig[LICENCE_SIGNATURE_SIZE];
CryptoRc4 crypt_key;
/* Parse incoming packet and save the encrypted token */
licence_parse_authreq(licence, s, &in_token, &in_sig);
memcpy(out_token, in_token, LICENCE_TOKEN_SIZE);
/* Decrypt the token. It should read TEST in Unicode. */
crypt_key = crypto_rc4_init(licence->licence_key, 16);
crypto_rc4(crypt_key, LICENCE_TOKEN_SIZE, in_token, decrypt_token);
crypto_rc4_free(crypt_key);
/* Generate a signature for a buffer of token and HWID */
licence_generate_hwid(licence, hwid);
memcpy(sealed_buffer, decrypt_token, LICENCE_TOKEN_SIZE);
memcpy(sealed_buffer + LICENCE_TOKEN_SIZE, hwid, LICENCE_HWID_SIZE);
sec_sign(out_sig, 16, licence->licence_sign_key, 16, sealed_buffer, sizeof(sealed_buffer));
/* Now encrypt the HWID */
crypt_key = crypto_rc4_init(licence->licence_key, 16);
crypto_rc4(crypt_key, LICENCE_HWID_SIZE, hwid, crypt_hwid);
crypto_rc4_free(crypt_key);
licence_send_authresp(licence, out_token, crypt_hwid, out_sig);
}
rdpBlob* crypto_kdcmsg_encrypt_rc4(rdpBlob* msg, uint8* key, uint32 msgtype)
{
rdpBlob* encmsg;
uint8* K1;
uint8* K3;
uint32 len;
krbEdata* edata;
CryptoRc4 rc4;
K1 = xzalloc(16);
K3 = xzalloc(16);
len = ((msg->length > 16) ? msg->length : 16);
len += sizeof(krbEdata);
edata = xzalloc(len);
encmsg = xnew(rdpBlob);
freerdp_blob_alloc(encmsg, len);
HMAC(EVP_md5(), (void*) key, 16, (uint8*)&msgtype, 4, (void*) K1, NULL);
crypto_nonce((uint8*)(edata->Confounder), 8);
memcpy(&(edata->data[0]), msg->data, msg->length);
HMAC(EVP_md5(), (void*) K1, 16, (uint8*)edata->Confounder, len - 16, (void*)&(edata->Checksum), NULL);
HMAC(EVP_md5(), (void*) K1, 16, (uint8*)&(edata->Checksum), 16, (void*)K3, NULL);
memcpy(encmsg->data, &(edata->Checksum), 16);
rc4 = crypto_rc4_init(K3, 16);
crypto_rc4(rc4, len - 16, (uint8*) edata->Confounder, (uint8*)(((uint8*) encmsg->data) + 16));
crypto_rc4_free(rc4);
xfree(K1);
xfree(K3);
xfree(edata);
return encmsg;
}
void license_decrypt_platform_challenge(rdpLicense* license)
{
CryptoRc4 rc4;
license->platform_challenge->data =
(uint8*) xmalloc(license->encrypted_platform_challenge->length);
license->platform_challenge->length =
license->encrypted_platform_challenge->length;
rc4 = crypto_rc4_init(license->licensing_encryption_key, LICENSING_ENCRYPTION_KEY_LENGTH);
crypto_rc4(rc4, license->encrypted_platform_challenge->length,
license->encrypted_platform_challenge->data,
license->platform_challenge->data);
#ifdef WITH_DEBUG_LICENSE
printf("encrypted_platform challenge:\n");
freerdp_hexdump(license->encrypted_platform_challenge->data,
license->encrypted_platform_challenge->length);
printf("platform challenge:\n");
freerdp_hexdump(license->platform_challenge->data, license->platform_challenge->length);
#endif
crypto_rc4_free(rc4);
}
rdpBlob* crypto_kdcmsg_decrypt_rc4(rdpBlob* msg, uint8* key, uint32 msgtype)
{
rdpBlob* decmsg;
uint8* K1;
uint8* K3;
uint32 len;
krbEdata* edata;
CryptoRc4 rc4;
K1 = xzalloc(16);
K3 = xzalloc(16);
len = msg->length;
edata = xzalloc(len);
HMAC(EVP_md5(), (void*) key, 16, (uint8*) &msgtype, 4, (void*) K1, NULL);
HMAC(EVP_md5(), (void*) K1, 16, (uint8*) msg->data , 16, (void*) K3, NULL);
rc4 = crypto_rc4_init(K3, 16);
crypto_rc4(rc4, len - 16, (uint8*)(((uint8*) msg->data) + 16), (uint8*) edata->Confounder);
crypto_rc4_free(rc4);
HMAC(EVP_md5(), (void*) K1, 16, (uint8*)edata->Confounder, len - 16, (void*)&(edata->Checksum), NULL);
if(memcmp(msg->data, &edata->Checksum, 16))
{
xfree(edata) ;
xfree(K1) ;
xfree(K3) ;
return NULL;
}
decmsg = xnew(rdpBlob);
freerdp_blob_alloc(decmsg, len);
memcpy(decmsg->data, edata, len);
xfree(K1);
xfree(K3);
xfree(edata);
return decmsg;
}
BOOL license_decrypt_platform_challenge(rdpLicense* license)
{
CryptoRc4 rc4;
license->PlatformChallenge->data = (BYTE *)malloc(license->EncryptedPlatformChallenge->length);
if (!license->PlatformChallenge->data)
return FALSE;
license->PlatformChallenge->length = license->EncryptedPlatformChallenge->length;
rc4 = crypto_rc4_init(license->LicensingEncryptionKey, LICENSING_ENCRYPTION_KEY_LENGTH);
if (!rc4)
{
WLog_ERR(TAG, "unable to allocate a rc4");
free(license->PlatformChallenge->data);
license->PlatformChallenge->data = NULL;
return FALSE;
}
crypto_rc4(rc4, license->EncryptedPlatformChallenge->length,
license->EncryptedPlatformChallenge->data,
license->PlatformChallenge->data);
crypto_rc4_free(rc4);
return TRUE;
}
void license_send_platform_challenge_response_packet(rdpLicense* license)
{
wStream* s;
int length;
BYTE* buffer;
CryptoRc4 rc4;
BYTE mac_data[16];
DEBUG_LICENSE("Sending Platform Challenge Response Packet");
s = license_send_stream_init(license);
license->EncryptedPlatformChallenge->type = BB_DATA_BLOB;
length = license->PlatformChallenge->length + HWID_LENGTH;
buffer = (BYTE*) malloc(length);
CopyMemory(buffer, license->PlatformChallenge->data, license->PlatformChallenge->length);
CopyMemory(&buffer[license->PlatformChallenge->length], license->HardwareId, HWID_LENGTH);
security_mac_data(license->MacSaltKey, buffer, length, mac_data);
free(buffer);
buffer = (BYTE*) malloc(HWID_LENGTH);
rc4 = crypto_rc4_init(license->LicensingEncryptionKey, LICENSING_ENCRYPTION_KEY_LENGTH);
if (!rc4)
{
fprintf(stderr, "%s: unable to allocate a rc4\n", __FUNCTION__);
return;
}
crypto_rc4(rc4, HWID_LENGTH, license->HardwareId, buffer);
crypto_rc4_free(rc4);
license->EncryptedHardwareId->type = BB_DATA_BLOB;
license->EncryptedHardwareId->data = buffer;
license->EncryptedHardwareId->length = HWID_LENGTH;
#ifdef WITH_DEBUG_LICENSE
fprintf(stderr, "LicensingEncryptionKey:\n");
winpr_HexDump(license->LicensingEncryptionKey, 16);
fprintf(stderr, "\n");
fprintf(stderr, "HardwareId:\n");
winpr_HexDump(license->HardwareId, HWID_LENGTH);
fprintf(stderr, "\n");
fprintf(stderr, "EncryptedHardwareId:\n");
winpr_HexDump(license->EncryptedHardwareId->data, HWID_LENGTH);
fprintf(stderr, "\n");
#endif
license_write_platform_challenge_response_packet(license, s, mac_data);
license_send(license, s, PLATFORM_CHALLENGE_RESPONSE);
}
BOOL license_send_platform_challenge_response_packet(rdpLicense* license)
{
wStream* s;
int length;
BYTE* buffer;
CryptoRc4 rc4;
BYTE mac_data[16];
BOOL status;
DEBUG_LICENSE("Sending Platform Challenge Response Packet");
s = license_send_stream_init(license);
license->EncryptedPlatformChallenge->type = BB_DATA_BLOB;
length = license->PlatformChallenge->length + HWID_LENGTH;
buffer = (BYTE*) malloc(length);
if (!buffer)
return FALSE;
CopyMemory(buffer, license->PlatformChallenge->data, license->PlatformChallenge->length);
CopyMemory(&buffer[license->PlatformChallenge->length], license->HardwareId, HWID_LENGTH);
status = security_mac_data(license->MacSaltKey, buffer, length, mac_data);
free(buffer);
if (!status)
return FALSE;
rc4 = crypto_rc4_init(license->LicensingEncryptionKey, LICENSING_ENCRYPTION_KEY_LENGTH);
if (!rc4)
{
WLog_ERR(TAG, "unable to allocate a rc4");
return FALSE;
}
buffer = (BYTE*) malloc(HWID_LENGTH);
if (!buffer)
return FALSE;
crypto_rc4(rc4, HWID_LENGTH, license->HardwareId, buffer);
crypto_rc4_free(rc4);
license->EncryptedHardwareId->type = BB_DATA_BLOB;
license->EncryptedHardwareId->data = buffer;
license->EncryptedHardwareId->length = HWID_LENGTH;
#ifdef WITH_DEBUG_LICENSE
WLog_DBG(TAG, "LicensingEncryptionKey:");
winpr_HexDump(TAG, WLOG_DEBUG, license->LicensingEncryptionKey, 16);
WLog_DBG(TAG, "HardwareId:");
winpr_HexDump(TAG, WLOG_DEBUG, license->HardwareId, HWID_LENGTH);
WLog_DBG(TAG, "EncryptedHardwareId:");
winpr_HexDump(TAG, WLOG_DEBUG, license->EncryptedHardwareId->data, HWID_LENGTH);
#endif
return license_write_platform_challenge_response_packet(license, s, mac_data) &&
license_send(license, s, PLATFORM_CHALLENGE_RESPONSE);
}
void rdp_free(rdpRdp* rdp)
{
if (rdp != NULL)
{
crypto_rc4_free(rdp->rc4_decrypt_key);
crypto_rc4_free(rdp->rc4_encrypt_key);
crypto_des3_free(rdp->fips_encrypt);
crypto_des3_free(rdp->fips_decrypt);
crypto_hmac_free(rdp->fips_hmac);
settings_free(rdp->settings);
transport_free(rdp->transport);
license_free(rdp->license);
// input_free(rdp->input);
// update_free(rdp->update);
fastpath_free(rdp->fastpath);
nego_free(rdp->nego);
mcs_free(rdp->mcs);
redirection_free(rdp->redirection);
mppc_free(rdp);
xfree(rdp);
}
}
void credssp_rc4k(uint8* key, int length, uint8* plaintext, uint8* ciphertext)
{
CryptoRc4 rc4;
/* Initialize RC4 cipher with key */
rc4 = crypto_rc4_init((void*) key, 16);
/* Encrypt plaintext with key */
crypto_rc4(rc4, length, (void*) plaintext, (void*) ciphertext);
/* Free RC4 Cipher */
crypto_rc4_free(rc4);
}
void rdp_reset(rdpRdp* rdp)
{
rdpSettings* settings;
settings = rdp->settings;
bulk_reset(rdp->bulk);
crypto_rc4_free(rdp->rc4_decrypt_key);
rdp->rc4_decrypt_key = NULL;
crypto_rc4_free(rdp->rc4_encrypt_key);
rdp->rc4_encrypt_key = NULL;
crypto_des3_free(rdp->fips_encrypt);
rdp->fips_encrypt = NULL;
crypto_des3_free(rdp->fips_decrypt);
rdp->fips_decrypt = NULL;
crypto_hmac_free(rdp->fips_hmac);
rdp->fips_hmac = NULL;
mcs_free(rdp->mcs);
nego_free(rdp->nego);
license_free(rdp->license);
transport_free(rdp->transport);
free(settings->ServerRandom);
settings->ServerRandom = NULL;
free(settings->ServerCertificate);
settings->ServerCertificate = NULL;
free(settings->ClientAddress);
settings->ClientAddress = NULL;
rdp->transport = transport_new(rdp->settings);
rdp->transport->rdp = rdp;
rdp->license = license_new(rdp);
rdp->nego = nego_new(rdp->transport);
rdp->mcs = mcs_new(rdp->transport);
rdp->transport->layer = TRANSPORT_LAYER_TCP;
}
void ntlm_ContextFree(NTLM_CONTEXT* context)
{
if (!context)
return;
freerdp_uniconv_free(context->uniconv);
crypto_rc4_free(context->SendRc4Seal);
crypto_rc4_free(context->RecvRc4Seal);
sspi_SecBufferFree(&context->NegotiateMessage);
sspi_SecBufferFree(&context->ChallengeMessage);
sspi_SecBufferFree(&context->AuthenticateMessage);
sspi_SecBufferFree(&context->TargetInfo);
sspi_SecBufferFree(&context->TargetName);
sspi_SecBufferFree(&context->NtChallengeResponse);
sspi_SecBufferFree(&context->LmChallengeResponse);
xfree(context->identity.User);
xfree(context->identity.Password);
xfree(context->identity.Domain);
xfree(context->Workstation);
xfree(context->av_pairs->Timestamp.value);
xfree(context->av_pairs);
xfree(context);
}
void license_decrypt_platform_challenge(rdpLicense* license)
{
CryptoRc4 rc4;
license->PlatformChallenge->data = (BYTE*) malloc(license->EncryptedPlatformChallenge->length);
license->PlatformChallenge->length = license->EncryptedPlatformChallenge->length;
rc4 = crypto_rc4_init(license->LicensingEncryptionKey, LICENSING_ENCRYPTION_KEY_LENGTH);
crypto_rc4(rc4, license->EncryptedPlatformChallenge->length,
license->EncryptedPlatformChallenge->data,
license->PlatformChallenge->data);
crypto_rc4_free(rc4);
}
void license_send_platform_challenge_response_packet(rdpLicense* license)
{
STREAM* s;
int length;
uint8* buffer;
CryptoRc4 rc4;
uint8 mac_data[16];
s = license_send_stream_init(license);
DEBUG_LICENSE("Sending Platform Challenge Response Packet");
license->encrypted_platform_challenge->type = BB_DATA_BLOB;
length = license->platform_challenge->length + HWID_LENGTH;
buffer = (uint8*) xmalloc(length);
memcpy(buffer, license->platform_challenge->data, license->platform_challenge->length);
memcpy(&buffer[license->platform_challenge->length], license->hwid, HWID_LENGTH);
security_mac_data(license->mac_salt_key, buffer, length, mac_data);
xfree(buffer);
buffer = (uint8*) xmalloc(HWID_LENGTH);
rc4 = crypto_rc4_init(license->licensing_encryption_key, LICENSING_ENCRYPTION_KEY_LENGTH);
crypto_rc4(rc4, HWID_LENGTH, license->hwid, buffer);
crypto_rc4_free(rc4);
#ifdef WITH_DEBUG_LICENSE
printf("Licensing Encryption Key:\n");
freerdp_hexdump(license->licensing_encryption_key, 16);
printf("HardwareID:\n");
freerdp_hexdump(license->hwid, 20);
printf("Encrypted HardwareID:\n");
freerdp_hexdump(buffer, 20);
#endif
license->encrypted_hwid->type = BB_DATA_BLOB;
license->encrypted_hwid->data = buffer;
license->encrypted_hwid->length = HWID_LENGTH;
license_write_platform_challenge_response_packet(license, s, mac_data);
license_send(license, s, PLATFORM_CHALLENGE_RESPONSE);
}
void license_decrypt_platform_challenge(rdpLicense* license)
{
CryptoRc4 rc4;
license->PlatformChallenge->data = (BYTE*) malloc(license->EncryptedPlatformChallenge->length);
license->PlatformChallenge->length = license->EncryptedPlatformChallenge->length;
rc4 = crypto_rc4_init(license->LicensingEncryptionKey, LICENSING_ENCRYPTION_KEY_LENGTH);
if (!rc4)
{
fprintf(stderr, "%s: unable to allocate a rc4\n", __FUNCTION__);
return;
}
crypto_rc4(rc4, license->EncryptedPlatformChallenge->length,
license->EncryptedPlatformChallenge->data,
license->PlatformChallenge->data);
crypto_rc4_free(rc4);
}
/* Process a Server New (or Upgrade) License packet */
static void
licence_process_new_license(rdpLicence * licence, STREAM s)
{
int i;
uint32 length;
uint32 os_major;
uint32 os_minor;
CryptoRc4 crypt_key;
/* Licensing Binary BLOB with EncryptedLicenseInfo: */
in_uint8s(s, 2); /* wBlobType should be 0x0009 (BB_ENCRYPTED_DATA_BLOB) */
in_uint16_le(s, length); /* wBlobLen */
/* RC4-encrypted New License Information */
if (!s_check_rem(s, length))
return;
crypt_key = crypto_rc4_init(licence->licence_key, 16);
crypto_rc4(crypt_key, length, s->p, s->p); /* decrypt in place */
crypto_rc4_free(crypt_key);
/* dwVersion */
in_uint16_le(s, os_major); /* OS major version */
in_uint16_le(s, os_minor); /* OS minor version */
/* Skip Scope, CompanyName and ProductId */
for (i = 0; i < 3; i++)
{
in_uint32_le(s, length);
if (!s_check_rem(s, length))
return;
in_uint8s(s, length);
}
/* LicenseInfo - CAL from license server */
in_uint32_le(s, length);
if (!s_check_rem(s, length))
return;
licence->licence_issued = True;
save_licence(s->p, length);
}
boolean rdp_client_redirect(rdpRdp* rdp)
{
rdpSettings* settings = rdp->settings;
rdpRedirection* redirection = rdp->redirection;
rdp_client_disconnect(rdp);
/* FIXME: this is a subset of rdp_free */
crypto_rc4_free(rdp->rc4_decrypt_key);
crypto_rc4_free(rdp->rc4_encrypt_key);
crypto_des3_free(rdp->fips_encrypt);
crypto_des3_free(rdp->fips_decrypt);
crypto_hmac_free(rdp->fips_hmac);
mcs_free(rdp->mcs);
nego_free(rdp->nego);
license_free(rdp->license);
transport_free(rdp->transport);
/* FIXME: this is a subset of settings_free */
freerdp_blob_free(settings->server_random);
freerdp_blob_free(settings->server_certificate);
xfree(settings->ip_address);
rdp->transport = transport_new(settings);
rdp->license = license_new(rdp);
rdp->nego = nego_new(rdp->transport);
rdp->mcs = mcs_new(rdp->transport);
rdp->transport->layer = TRANSPORT_LAYER_TCP;
settings->redirected_session_id = redirection->sessionID;
if (redirection->flags & LB_LOAD_BALANCE_INFO)
{
nego_set_routing_token(rdp->nego, &redirection->loadBalanceInfo);
}
else
{
if (redirection->flags & LB_TARGET_NET_ADDRESS)
{
xfree(settings->hostname);
settings->hostname = xstrdup(redirection->targetNetAddress.ascii);
}
else if (redirection->flags & LB_TARGET_FQDN)
{
xfree(settings->hostname);
settings->hostname = xstrdup(redirection->targetFQDN.ascii);
}
else if (redirection->flags & LB_TARGET_NETBIOS_NAME)
{
xfree(settings->hostname);
settings->hostname = xstrdup(redirection->targetNetBiosName.ascii);
}
}
if (redirection->flags & LB_USERNAME)
{
xfree(settings->username);
settings->username = xstrdup(redirection->username.ascii);
}
if (redirection->flags & LB_DOMAIN)
{
xfree(settings->domain);
settings->domain = xstrdup(redirection->domain.ascii);
}
if (redirection->flags & LB_PASSWORD)
{
settings->password_cookie = &redirection->password_cookie;
}
return rdp_client_connect(rdp);
}
BOOL rdp_client_redirect(rdpRdp* rdp)
{
rdpSettings* settings = rdp->settings;
rdpRedirection* redirection = rdp->redirection;
rdp_client_disconnect(rdp);
/* FIXME: this is a subset of rdp_free */
crypto_rc4_free(rdp->rc4_decrypt_key);
crypto_rc4_free(rdp->rc4_encrypt_key);
crypto_des3_free(rdp->fips_encrypt);
crypto_des3_free(rdp->fips_decrypt);
crypto_hmac_free(rdp->fips_hmac);
mcs_free(rdp->mcs);
nego_free(rdp->nego);
license_free(rdp->license);
transport_free(rdp->transport);
free(settings->ServerRandom);
free(settings->ServerCertificate);
free(settings->ClientAddress);
rdp->transport = transport_new(settings);
rdp->license = license_new(rdp);
rdp->nego = nego_new(rdp->transport);
rdp->mcs = mcs_new(rdp->transport);
rdp->transport->layer = TRANSPORT_LAYER_TCP;
settings->RedirectedSessionId = redirection->sessionID;
if (redirection->flags & LB_LOAD_BALANCE_INFO)
{
nego_set_routing_token(rdp->nego, redirection->LoadBalanceInfo, redirection->LoadBalanceInfoLength);
}
else
{
if (redirection->flags & LB_TARGET_NET_ADDRESS)
{
free(settings->ServerHostname);
settings->ServerHostname = _strdup(redirection->targetNetAddress.ascii);
}
else if (redirection->flags & LB_TARGET_FQDN)
{
free(settings->ServerHostname);
settings->ServerHostname = _strdup(redirection->targetFQDN.ascii);
}
else if (redirection->flags & LB_TARGET_NETBIOS_NAME)
{
free(settings->ServerHostname);
settings->ServerHostname = _strdup(redirection->targetNetBiosName.ascii);
}
}
if (redirection->flags & LB_USERNAME)
{
free(settings->Username);
settings->Username = _strdup(redirection->username.ascii);
}
if (redirection->flags & LB_DOMAIN)
{
free(settings->Domain);
settings->Domain = _strdup(redirection->domain.ascii);
}
if (redirection->flags & LB_PASSWORD)
{
settings->RedirectionPassword = redirection->PasswordCookie;
settings->RedirectionPasswordLength = redirection->PasswordCookieLength;
}
return rdp_client_connect(rdp);
}
/* Process a Server License Request packet */
static void
licence_process_request(rdpLicence * licence, STREAM s)
{
uint8 null_data[SEC_MODULUS_SIZE];
uint8 *server_random;
uint32 dwVersion;
uint32 cbCompanyName;
uint32 cbProductId;
uint16 wBlobType, wBlobLen;
uint32 ScopeCount, i;
uint8 signature[LICENCE_SIGNATURE_SIZE];
uint8 hwid[LICENCE_HWID_SIZE];
uint8 *licence_data;
int licence_size;
CryptoRc4 crypt_key;
/* Retrieve the server random from the incoming packet */
in_uint8p(s, server_random, SEC_RANDOM_SIZE); /* ServerRandom */
/* ProductInfo: */
in_uint32_le(s, dwVersion);
in_uint32_le(s, cbCompanyName);
in_uint8s(s, cbCompanyName); /* pbCompanyName */
in_uint32_le(s, cbProductId);
in_uint8s(s, cbProductId); /* pbProductId - "A02"? */
/* KeyExchangeList */
in_uint16_le(s, wBlobType); /* BB_KEY_EXCHG_ALG_BLOB (0x000D) */
in_uint16_le(s, wBlobLen);
in_uint8s(s, wBlobLen); /* KEY_EXCHANGE_ALG_RSA 0x00000001 */
/* ServerCertificate */
in_uint16_le(s, wBlobType); /* BB_CERTIFICATE_BLOB (0x0003). */
in_uint16_le(s, wBlobLen);
in_uint8s(s, wBlobLen); /* cert to use for licensing instead of the one from MCS Connect Response */
/* ScopeList */
in_uint32_le(s, ScopeCount);
for (i=0; i<ScopeCount; i++)
{
in_uint16_le(s, wBlobType);
in_uint16_le(s, wBlobLen);
in_uint8s(s, wBlobLen);
}
/* We currently use null client keys. This is a bit naughty but, hey,
the security of licence negotiation isn't exactly paramount. */
memset(null_data, 0, sizeof(null_data));
licence_generate_keys(licence, null_data, server_random, null_data);
licence_size = load_licence(&licence_data);
if (licence_size > 0)
{
/* Generate a signature for the HWID buffer */
licence_generate_hwid(licence, hwid);
sec_sign(signature, 16, licence->licence_sign_key, 16, hwid, sizeof(hwid));
/* Now encrypt the HWID */
crypt_key = crypto_rc4_init(licence->licence_key, 16);
crypto_rc4(crypt_key, sizeof(hwid), hwid, hwid);
crypto_rc4_free(crypt_key);
licence_present(licence, null_data, null_data, licence_data, licence_size, hwid, signature);
xfree(licence_data);
return;
}
licence_send_request(licence, null_data, null_data,
licence->sec->rdp->settings->username,
licence->sec->rdp->settings->hostname);
}
