BOOL certificate_read_server_x509_certificate_chain(rdpCertificate* certificate, wStream* s) { int i; UINT32 certLength; UINT32 numCertBlobs; BOOL ret; DEBUG_CERTIFICATE("Server X.509 Certificate Chain"); if (Stream_GetRemainingLength(s) < 4) return FALSE; Stream_Read_UINT32(s, numCertBlobs); /* numCertBlobs */ certificate->x509_cert_chain = certificate_new_x509_certificate_chain(numCertBlobs); if (!certificate->x509_cert_chain) return FALSE; for (i = 0; i < (int) numCertBlobs; i++) { if (Stream_GetRemainingLength(s) < 4) return FALSE; Stream_Read_UINT32(s, certLength); if (Stream_GetRemainingLength(s) < certLength) return FALSE; DEBUG_CERTIFICATE("\nX.509 Certificate #%d, length:%d", i + 1, certLength); certificate->x509_cert_chain->array[i].data = (BYTE*) malloc(certLength); if (!certificate->x509_cert_chain->array[i].data) return FALSE; Stream_Read(s, certificate->x509_cert_chain->array[i].data, certLength); certificate->x509_cert_chain->array[i].length = certLength; if (numCertBlobs - i == 2) { rdpCertInfo cert_info; DEBUG_CERTIFICATE("License Server Certificate"); ret = certificate_read_x509_certificate(&certificate->x509_cert_chain->array[i], &cert_info); DEBUG_LICENSE("modulus length:%d", (int) cert_info.ModulusLength); if (cert_info.Modulus) free(cert_info.Modulus); if (!ret) { fprintf(stderr, "failed to read License Server, content follows:\n"); winpr_HexDump(certificate->x509_cert_chain->array[i].data, certificate->x509_cert_chain->array[i].length); return FALSE; } } else if (numCertBlobs - i == 1) { DEBUG_CERTIFICATE("Terminal Server Certificate"); if (!certificate_read_x509_certificate(&certificate->x509_cert_chain->array[i], &certificate->cert_info)) return FALSE; DEBUG_CERTIFICATE("modulus length:%d", (int) certificate->cert_info.ModulusLength); } } return TRUE; }
BOOL license_send_new_license_request_packet(rdpLicense* license) { wStream* s; char* username; DEBUG_LICENSE("Sending New License Packet"); s = license_send_stream_init(license); if (!s) return FALSE; if (license->rdp->settings->Username != NULL) username = license->rdp->settings->Username; else username = "******"; license->ClientUserName->data = (BYTE*) username; license->ClientUserName->length = strlen(username) + 1; license->ClientMachineName->data = (BYTE*) license->rdp->settings->ClientHostname; license->ClientMachineName->length = strlen(license->rdp->settings->ClientHostname) + 1; if (!license_write_new_license_request_packet(license, s) || !license_send(license, s, NEW_LICENSE_REQUEST)) { return FALSE; } license->ClientUserName->data = NULL; license->ClientUserName->length = 0; license->ClientMachineName->data = NULL; license->ClientMachineName->length = 0; return TRUE; }
boolean license_send(rdpLicense* license, STREAM* s, uint8 type) { int length; uint8 flags; uint16 wMsgSize; uint16 sec_flags; DEBUG_LICENSE("Sending %s Packet", LICENSE_MESSAGE_STRINGS[type & 0x1F]); length = stream_get_length(s); stream_set_pos(s, 0); sec_flags = SEC_LICENSE_PKT; wMsgSize = length - LICENSE_PACKET_HEADER_MAX_LENGTH + 4; /** * Using EXTENDED_ERROR_MSG_SUPPORTED here would cause mstsc to crash when * running in server mode! This flag seems to be incorrectly documented. */ flags = PREAMBLE_VERSION_3_0; rdp_write_header(license->rdp, s, length, MCS_GLOBAL_CHANNEL_ID); rdp_write_security_header(s, sec_flags); license_write_preamble(s, type, flags, wMsgSize); #ifdef WITH_DEBUG_LICENSE printf("Sending %s Packet, length %d\n", LICENSE_MESSAGE_STRINGS[type & 0x1F], wMsgSize); freerdp_hexdump(s->p - 4, wMsgSize); #endif stream_set_pos(s, length); if (transport_write(license->rdp->transport, s) < 0) return false; return true; }
BOOL license_send(rdpLicense* license, wStream* s, BYTE type) { int length; BYTE flags; UINT16 wMsgSize; rdpRdp* rdp = license->rdp; DEBUG_LICENSE("Sending %s Packet", LICENSE_MESSAGE_STRINGS[type & 0x1F]); length = Stream_GetPosition(s); wMsgSize = length - license->PacketHeaderLength; Stream_SetPosition(s, license->PacketHeaderLength); flags = PREAMBLE_VERSION_3_0; /** * Using EXTENDED_ERROR_MSG_SUPPORTED here would cause mstsc to crash when * running in server mode! This flag seems to be incorrectly documented. */ if (!rdp->settings->ServerMode) flags |= EXTENDED_ERROR_MSG_SUPPORTED; license_write_preamble(s, type, flags, wMsgSize); #ifdef WITH_DEBUG_LICENSE WLog_DBG(TAG, "Sending %s Packet, length %d", LICENSE_MESSAGE_STRINGS[type & 0x1F], wMsgSize); winpr_HexDump(TAG, WLOG_DEBUG, Stream_Pointer(s) - LICENSE_PREAMBLE_LENGTH, wMsgSize); #endif Stream_SetPosition(s, length); rdp_send(rdp, s, MCS_GLOBAL_CHANNEL_ID); rdp->sec_flags = 0; return TRUE; }
BOOL license_read_platform_challenge_packet(rdpLicense* license, wStream* s) { BYTE MacData[16]; UINT32 ConnectFlags = 0; DEBUG_LICENSE("Receiving Platform Challenge Packet"); if (Stream_GetRemainingLength(s) < 4) return FALSE; Stream_Read_UINT32(s, ConnectFlags); /* ConnectFlags, Reserved (4 bytes) */ /* EncryptedPlatformChallenge */ license->EncryptedPlatformChallenge->type = BB_ANY_BLOB; license_read_binary_blob(s, license->EncryptedPlatformChallenge); license->EncryptedPlatformChallenge->type = BB_ENCRYPTED_DATA_BLOB; if (Stream_GetRemainingLength(s) < 16) return FALSE; Stream_Read(s, MacData, 16); /* MACData (16 bytes) */ if (!license_decrypt_platform_challenge(license)) return FALSE; #ifdef WITH_DEBUG_LICENSE WLog_DBG(TAG, "ConnectFlags: 0x%08X", ConnectFlags); WLog_DBG(TAG, "EncryptedPlatformChallenge:"); winpr_HexDump(TAG, WLOG_DEBUG, license->EncryptedPlatformChallenge->data, license->EncryptedPlatformChallenge->length); WLog_DBG(TAG, "PlatformChallenge:"); winpr_HexDump(TAG, WLOG_DEBUG, license->PlatformChallenge->data, license->PlatformChallenge->length); WLog_DBG(TAG, "MacData:"); winpr_HexDump(TAG, WLOG_DEBUG, MacData, 16); #endif return TRUE; }
BOOL license_send_platform_challenge_response_packet(rdpLicense* license) { wStream* s; int length; BYTE* buffer; WINPR_RC4_CTX* rc4; BYTE mac_data[16]; BOOL status; DEBUG_LICENSE("Sending Platform Challenge Response Packet"); s = license_send_stream_init(license); license->EncryptedPlatformChallenge->type = BB_DATA_BLOB; length = license->PlatformChallenge->length + HWID_LENGTH; buffer = (BYTE*) malloc(length); if (!buffer) return FALSE; CopyMemory(buffer, license->PlatformChallenge->data, license->PlatformChallenge->length); CopyMemory(&buffer[license->PlatformChallenge->length], license->HardwareId, HWID_LENGTH); status = security_mac_data(license->MacSaltKey, buffer, length, mac_data); free(buffer); if (!status) return FALSE; rc4 = winpr_RC4_New(license->LicensingEncryptionKey, LICENSING_ENCRYPTION_KEY_LENGTH); if (!rc4) return FALSE; buffer = (BYTE*) malloc(HWID_LENGTH); if (!buffer) return FALSE; status = winpr_RC4_Update(rc4, HWID_LENGTH, license->HardwareId, buffer); winpr_RC4_Free(rc4); if (!status) { free(buffer); return FALSE; } license->EncryptedHardwareId->type = BB_DATA_BLOB; license->EncryptedHardwareId->data = buffer; license->EncryptedHardwareId->length = HWID_LENGTH; #ifdef WITH_DEBUG_LICENSE WLog_DBG(TAG, "LicensingEncryptionKey:"); winpr_HexDump(TAG, WLOG_DEBUG, license->LicensingEncryptionKey, 16); WLog_DBG(TAG, "HardwareId:"); winpr_HexDump(TAG, WLOG_DEBUG, license->HardwareId, HWID_LENGTH); WLog_DBG(TAG, "EncryptedHardwareId:"); winpr_HexDump(TAG, WLOG_DEBUG, license->EncryptedHardwareId->data, HWID_LENGTH); #endif return license_write_platform_challenge_response_packet(license, s, mac_data) && license_send(license, s, PLATFORM_CHALLENGE_RESPONSE); }
BOOL license_send_valid_client_error_packet(rdpLicense* license) { wStream* s; s = license_send_stream_init(license); DEBUG_LICENSE("Sending Error Alert Packet"); Stream_Write_UINT32(s, STATUS_VALID_CLIENT); /* dwErrorCode */ Stream_Write_UINT32(s, ST_NO_TRANSITION); /* dwStateTransition */ license_write_binary_blob(s, license->ErrorInfo); return license_send(license, s, ERROR_ALERT); }
void license_send_platform_challenge_response_packet(rdpLicense* license) { wStream* s; int length; BYTE* buffer; CryptoRc4 rc4; BYTE mac_data[16]; DEBUG_LICENSE("Sending Platform Challenge Response Packet"); s = license_send_stream_init(license); license->EncryptedPlatformChallenge->type = BB_DATA_BLOB; length = license->PlatformChallenge->length + HWID_LENGTH; buffer = (BYTE*) malloc(length); CopyMemory(buffer, license->PlatformChallenge->data, license->PlatformChallenge->length); CopyMemory(&buffer[license->PlatformChallenge->length], license->HardwareId, HWID_LENGTH); security_mac_data(license->MacSaltKey, buffer, length, mac_data); free(buffer); buffer = (BYTE*) malloc(HWID_LENGTH); rc4 = crypto_rc4_init(license->LicensingEncryptionKey, LICENSING_ENCRYPTION_KEY_LENGTH); if (!rc4) { fprintf(stderr, "%s: unable to allocate a rc4\n", __FUNCTION__); return; } crypto_rc4(rc4, HWID_LENGTH, license->HardwareId, buffer); crypto_rc4_free(rc4); license->EncryptedHardwareId->type = BB_DATA_BLOB; license->EncryptedHardwareId->data = buffer; license->EncryptedHardwareId->length = HWID_LENGTH; #ifdef WITH_DEBUG_LICENSE fprintf(stderr, "LicensingEncryptionKey:\n"); winpr_HexDump(license->LicensingEncryptionKey, 16); fprintf(stderr, "\n"); fprintf(stderr, "HardwareId:\n"); winpr_HexDump(license->HardwareId, HWID_LENGTH); fprintf(stderr, "\n"); fprintf(stderr, "EncryptedHardwareId:\n"); winpr_HexDump(license->EncryptedHardwareId->data, HWID_LENGTH); fprintf(stderr, "\n"); #endif license_write_platform_challenge_response_packet(license, s, mac_data); license_send(license, s, PLATFORM_CHALLENGE_RESPONSE); }
void license_read_platform_challenge_packet(rdpLicense* license, STREAM* s) { DEBUG_LICENSE("Receiving Platform Challenge Packet"); stream_seek(s, 4); /* ConnectFlags, Reserved (4 bytes) */ /* EncryptedPlatformChallenge */ license->encrypted_platform_challenge->type = BB_ANY_BLOB; license_read_binary_blob(s, license->encrypted_platform_challenge); license->encrypted_platform_challenge->type = BB_ENCRYPTED_DATA_BLOB; /* MACData (16 bytes) */ stream_seek(s, 16); license_decrypt_platform_challenge(license); }
void license_send_platform_challenge_response_packet(rdpLicense* license) { STREAM* s; int length; uint8* buffer; CryptoRc4 rc4; uint8 mac_data[16]; s = license_send_stream_init(license); DEBUG_LICENSE("Sending Platform Challenge Response Packet"); license->encrypted_platform_challenge->type = BB_DATA_BLOB; length = license->platform_challenge->length + HWID_LENGTH; buffer = (uint8*) xmalloc(length); memcpy(buffer, license->platform_challenge->data, license->platform_challenge->length); memcpy(&buffer[license->platform_challenge->length], license->hwid, HWID_LENGTH); security_mac_data(license->mac_salt_key, buffer, length, mac_data); xfree(buffer); buffer = (uint8*) xmalloc(HWID_LENGTH); rc4 = crypto_rc4_init(license->licensing_encryption_key, LICENSING_ENCRYPTION_KEY_LENGTH); crypto_rc4(rc4, HWID_LENGTH, license->hwid, buffer); crypto_rc4_free(rc4); #ifdef WITH_DEBUG_LICENSE printf("Licensing Encryption Key:\n"); freerdp_hexdump(license->licensing_encryption_key, 16); printf("HardwareID:\n"); freerdp_hexdump(license->hwid, 20); printf("Encrypted HardwareID:\n"); freerdp_hexdump(buffer, 20); #endif license->encrypted_hwid->type = BB_DATA_BLOB; license->encrypted_hwid->data = buffer; license->encrypted_hwid->length = HWID_LENGTH; license_write_platform_challenge_response_packet(license, s, mac_data); license_send(license, s, PLATFORM_CHALLENGE_RESPONSE); }
BOOL license_read_platform_challenge_packet(rdpLicense* license, STREAM* s) { DEBUG_LICENSE("Receiving Platform Challenge Packet"); if(stream_get_left(s) < 4) return FALSE; stream_seek(s, 4); /* ConnectFlags, Reserved (4 bytes) */ /* EncryptedPlatformChallenge */ license->encrypted_platform_challenge->type = BB_ANY_BLOB; license_read_binary_blob(s, license->encrypted_platform_challenge); license->encrypted_platform_challenge->type = BB_ENCRYPTED_DATA_BLOB; /* MACData (16 bytes) */ if(!stream_skip(s, 16)) return FALSE; license_decrypt_platform_challenge(license); return TRUE; }
BOOL license_send(rdpLicense* license, wStream* s, BYTE type) { int length; BYTE flags; UINT16 wMsgSize; UINT16 sec_flags; DEBUG_LICENSE("Sending %s Packet", LICENSE_MESSAGE_STRINGS[type & 0x1F]); length = Stream_GetPosition(s); Stream_SetPosition(s, 0); sec_flags = SEC_LICENSE_PKT; wMsgSize = length - LICENSE_PACKET_HEADER_MAX_LENGTH + 4; /** * Using EXTENDED_ERROR_MSG_SUPPORTED here would cause mstsc to crash when * running in server mode! This flag seems to be incorrectly documented. */ flags = PREAMBLE_VERSION_3_0; rdp_write_header(license->rdp, s, length, MCS_GLOBAL_CHANNEL_ID); rdp_write_security_header(s, sec_flags); license_write_preamble(s, type, flags, wMsgSize); #ifdef WITH_DEBUG_LICENSE fprintf(stderr, "Sending %s Packet, length %d\n", LICENSE_MESSAGE_STRINGS[type & 0x1F], wMsgSize); winpr_HexDump(Stream_Pointer(s) - 4, wMsgSize); #endif Stream_SetPosition(s, length); Stream_SealLength(s); if (transport_write(license->rdp->transport, s) < 0) return FALSE; Stream_Free(s, TRUE); return TRUE; }
boolean certificate_read_server_x509_certificate_chain(rdpCertificate* certificate, STREAM* s) { int i; uint32 certLength; uint32 numCertBlobs; DEBUG_CERTIFICATE("Server X.509 Certificate Chain"); stream_read_uint32(s, numCertBlobs); /* numCertBlobs */ certificate->x509_cert_chain = certificate_new_x509_certificate_chain(numCertBlobs); for (i = 0; i < (int) numCertBlobs; i++) { stream_read_uint32(s, certLength); DEBUG_CERTIFICATE("\nX.509 Certificate #%d, length:%d", i + 1, certLength); certificate->x509_cert_chain->array[i].data = (uint8*) xmalloc(certLength); stream_read(s, certificate->x509_cert_chain->array[i].data, certLength); certificate->x509_cert_chain->array[i].length = certLength; if (numCertBlobs - i == 2) { rdpCertInfo cert_info; DEBUG_CERTIFICATE("License Server Certificate"); certificate_read_x509_certificate(&certificate->x509_cert_chain->array[i], &cert_info); DEBUG_LICENSE("modulus length:%d", cert_info.modulus.length); freerdp_blob_free(&cert_info.modulus); } else if (numCertBlobs - i == 1) { DEBUG_CERTIFICATE("Terminal Server Certificate"); certificate_read_x509_certificate(&certificate->x509_cert_chain->array[i], &certificate->cert_info); DEBUG_CERTIFICATE("modulus length:%d", certificate->cert_info.modulus.length); } } return true; }
void license_read_upgrade_license_packet(rdpLicense* license, STREAM* s) { DEBUG_LICENSE("Receiving Upgrade License Packet"); license->state = LICENSE_STATE_COMPLETED; }
boolean license_recv(rdpLicense* license, STREAM* s) { uint16 length; uint16 channelId; uint16 sec_flags; uint8 flags; uint8 bMsgType; uint16 wMsgSize; if (!rdp_read_header(license->rdp, s, &length, &channelId)) { printf("Incorrect RDP header.\n"); return false; } rdp_read_security_header(s, &sec_flags); if (!(sec_flags & SEC_LICENSE_PKT)) { stream_rewind(s, RDP_SECURITY_HEADER_LENGTH); if (rdp_recv_out_of_sequence_pdu(license->rdp, s) != true) { printf("Unexpected license packet.\n"); return false; } return true; } license_read_preamble(s, &bMsgType, &flags, &wMsgSize); /* preamble (4 bytes) */ DEBUG_LICENSE("Receiving %s Packet", LICENSE_MESSAGE_STRINGS[bMsgType & 0x1F]); switch (bMsgType) { case LICENSE_REQUEST: license_read_license_request_packet(license, s); license_send_new_license_request_packet(license); break; case PLATFORM_CHALLENGE: license_read_platform_challenge_packet(license, s); license_send_platform_challenge_response_packet(license); break; case NEW_LICENSE: license_read_new_license_packet(license, s); break; case UPGRADE_LICENSE: license_read_upgrade_license_packet(license, s); break; case ERROR_ALERT: license_read_error_alert_packet(license, s); break; default: printf("invalid bMsgType:%d\n", bMsgType); return false; } return true; }
void license_read_new_license_packet(rdpLicense* license, wStream* s) { DEBUG_LICENSE("Receiving New License Packet"); license->state = LICENSE_STATE_COMPLETED; }
int license_recv(rdpLicense* license, wStream* s) { BYTE flags; BYTE bMsgType; UINT16 wMsgSize; UINT16 length; UINT16 channelId; UINT16 securityFlags; if (!rdp_read_header(license->rdp, s, &length, &channelId)) { WLog_ERR(TAG, "Incorrect RDP header."); return -1; } if (!rdp_read_security_header(s, &securityFlags)) return -1; if (securityFlags & SEC_ENCRYPT) { if (!rdp_decrypt(license->rdp, s, length - 4, securityFlags)) { WLog_ERR(TAG, "rdp_decrypt failed"); return -1; } } if (!(securityFlags & SEC_LICENSE_PKT)) { int status; if (!(securityFlags & SEC_ENCRYPT)) Stream_Rewind(s, RDP_SECURITY_HEADER_LENGTH); status = rdp_recv_out_of_sequence_pdu(license->rdp, s); if (status < 0) { WLog_ERR(TAG, "unexpected license packet."); return status; } return 0; } if (!license_read_preamble(s, &bMsgType, &flags, &wMsgSize)) /* preamble (4 bytes) */ return -1; DEBUG_LICENSE("Receiving %s Packet", LICENSE_MESSAGE_STRINGS[bMsgType & 0x1F]); switch (bMsgType) { case LICENSE_REQUEST: if (!license_read_license_request_packet(license, s)) return -1; if (!license_send_new_license_request_packet(license)) return -1; break; case PLATFORM_CHALLENGE: if (!license_read_platform_challenge_packet(license, s)) return -1; if (!license_send_platform_challenge_response_packet(license)) return -1; break; case NEW_LICENSE: license_read_new_license_packet(license, s); break; case UPGRADE_LICENSE: license_read_upgrade_license_packet(license, s); break; case ERROR_ALERT: if (!license_read_error_alert_packet(license, s)) return -1; break; default: WLog_ERR(TAG, "invalid bMsgType:%d", bMsgType); return FALSE; } return 0; }