BOOL certificate_read_server_x509_certificate_chain(rdpCertificate* certificate, wStream* s)
{
int i;
UINT32 certLength;
UINT32 numCertBlobs;
BOOL ret;
DEBUG_CERTIFICATE("Server X.509 Certificate Chain");
if (Stream_GetRemainingLength(s) < 4)
return FALSE;
Stream_Read_UINT32(s, numCertBlobs); /* numCertBlobs */
certificate->x509_cert_chain = certificate_new_x509_certificate_chain(numCertBlobs);
if (!certificate->x509_cert_chain)
return FALSE;
for (i = 0; i < (int) numCertBlobs; i++)
{
if (Stream_GetRemainingLength(s) < 4)
return FALSE;
Stream_Read_UINT32(s, certLength);
if (Stream_GetRemainingLength(s) < certLength)
return FALSE;
DEBUG_CERTIFICATE("\nX.509 Certificate #%d, length:%d", i + 1, certLength);
certificate->x509_cert_chain->array[i].data = (BYTE*) malloc(certLength);
if (!certificate->x509_cert_chain->array[i].data)
return FALSE;
Stream_Read(s, certificate->x509_cert_chain->array[i].data, certLength);
certificate->x509_cert_chain->array[i].length = certLength;
if (numCertBlobs - i == 2)
{
rdpCertInfo cert_info;
DEBUG_CERTIFICATE("License Server Certificate");
ret = certificate_read_x509_certificate(&certificate->x509_cert_chain->array[i], &cert_info);
DEBUG_LICENSE("modulus length:%d", (int) cert_info.ModulusLength);
if (cert_info.Modulus)
free(cert_info.Modulus);
if (!ret) {
fprintf(stderr, "failed to read License Server, content follows:\n");
winpr_HexDump(certificate->x509_cert_chain->array[i].data, certificate->x509_cert_chain->array[i].length);
return FALSE;
}
}
else if (numCertBlobs - i == 1)
{
DEBUG_CERTIFICATE("Terminal Server Certificate");
if (!certificate_read_x509_certificate(&certificate->x509_cert_chain->array[i], &certificate->cert_info))
return FALSE;
DEBUG_CERTIFICATE("modulus length:%d", (int) certificate->cert_info.ModulusLength);
}
}
return TRUE;
}
BOOL license_send_new_license_request_packet(rdpLicense* license)
{
wStream* s;
char* username;
DEBUG_LICENSE("Sending New License Packet");
s = license_send_stream_init(license);
if (!s)
return FALSE;
if (license->rdp->settings->Username != NULL)
username = license->rdp->settings->Username;
else
username = "******";
license->ClientUserName->data = (BYTE*) username;
license->ClientUserName->length = strlen(username) + 1;
license->ClientMachineName->data = (BYTE*) license->rdp->settings->ClientHostname;
license->ClientMachineName->length = strlen(license->rdp->settings->ClientHostname) + 1;
if (!license_write_new_license_request_packet(license, s) ||
!license_send(license, s, NEW_LICENSE_REQUEST))
{
return FALSE;
}
license->ClientUserName->data = NULL;
license->ClientUserName->length = 0;
license->ClientMachineName->data = NULL;
license->ClientMachineName->length = 0;
return TRUE;
}
boolean license_send(rdpLicense* license, STREAM* s, uint8 type)
{
int length;
uint8 flags;
uint16 wMsgSize;
uint16 sec_flags;
DEBUG_LICENSE("Sending %s Packet", LICENSE_MESSAGE_STRINGS[type & 0x1F]);
length = stream_get_length(s);
stream_set_pos(s, 0);
sec_flags = SEC_LICENSE_PKT;
wMsgSize = length - LICENSE_PACKET_HEADER_MAX_LENGTH + 4;
/**
* Using EXTENDED_ERROR_MSG_SUPPORTED here would cause mstsc to crash when
* running in server mode! This flag seems to be incorrectly documented.
*/
flags = PREAMBLE_VERSION_3_0;
rdp_write_header(license->rdp, s, length, MCS_GLOBAL_CHANNEL_ID);
rdp_write_security_header(s, sec_flags);
license_write_preamble(s, type, flags, wMsgSize);
#ifdef WITH_DEBUG_LICENSE
printf("Sending %s Packet, length %d\n", LICENSE_MESSAGE_STRINGS[type & 0x1F], wMsgSize);
freerdp_hexdump(s->p - 4, wMsgSize);
#endif
stream_set_pos(s, length);
if (transport_write(license->rdp->transport, s) < 0)
return false;
return true;
}
BOOL license_send(rdpLicense* license, wStream* s, BYTE type)
{
int length;
BYTE flags;
UINT16 wMsgSize;
rdpRdp* rdp = license->rdp;
DEBUG_LICENSE("Sending %s Packet", LICENSE_MESSAGE_STRINGS[type & 0x1F]);
length = Stream_GetPosition(s);
wMsgSize = length - license->PacketHeaderLength;
Stream_SetPosition(s, license->PacketHeaderLength);
flags = PREAMBLE_VERSION_3_0;
/**
* Using EXTENDED_ERROR_MSG_SUPPORTED here would cause mstsc to crash when
* running in server mode! This flag seems to be incorrectly documented.
*/
if (!rdp->settings->ServerMode)
flags |= EXTENDED_ERROR_MSG_SUPPORTED;
license_write_preamble(s, type, flags, wMsgSize);
#ifdef WITH_DEBUG_LICENSE
WLog_DBG(TAG, "Sending %s Packet, length %d", LICENSE_MESSAGE_STRINGS[type & 0x1F], wMsgSize);
winpr_HexDump(TAG, WLOG_DEBUG, Stream_Pointer(s) - LICENSE_PREAMBLE_LENGTH, wMsgSize);
#endif
Stream_SetPosition(s, length);
rdp_send(rdp, s, MCS_GLOBAL_CHANNEL_ID);
rdp->sec_flags = 0;
return TRUE;
}
BOOL license_read_platform_challenge_packet(rdpLicense* license, wStream* s)
{
BYTE MacData[16];
UINT32 ConnectFlags = 0;
DEBUG_LICENSE("Receiving Platform Challenge Packet");
if (Stream_GetRemainingLength(s) < 4)
return FALSE;
Stream_Read_UINT32(s, ConnectFlags); /* ConnectFlags, Reserved (4 bytes) */
/* EncryptedPlatformChallenge */
license->EncryptedPlatformChallenge->type = BB_ANY_BLOB;
license_read_binary_blob(s, license->EncryptedPlatformChallenge);
license->EncryptedPlatformChallenge->type = BB_ENCRYPTED_DATA_BLOB;
if (Stream_GetRemainingLength(s) < 16)
return FALSE;
Stream_Read(s, MacData, 16); /* MACData (16 bytes) */
if (!license_decrypt_platform_challenge(license))
return FALSE;
#ifdef WITH_DEBUG_LICENSE
WLog_DBG(TAG, "ConnectFlags: 0x%08X", ConnectFlags);
WLog_DBG(TAG, "EncryptedPlatformChallenge:");
winpr_HexDump(TAG, WLOG_DEBUG, license->EncryptedPlatformChallenge->data, license->EncryptedPlatformChallenge->length);
WLog_DBG(TAG, "PlatformChallenge:");
winpr_HexDump(TAG, WLOG_DEBUG, license->PlatformChallenge->data, license->PlatformChallenge->length);
WLog_DBG(TAG, "MacData:");
winpr_HexDump(TAG, WLOG_DEBUG, MacData, 16);
#endif
return TRUE;
}
BOOL license_send_platform_challenge_response_packet(rdpLicense* license)
{
wStream* s;
int length;
BYTE* buffer;
WINPR_RC4_CTX* rc4;
BYTE mac_data[16];
BOOL status;
DEBUG_LICENSE("Sending Platform Challenge Response Packet");
s = license_send_stream_init(license);
license->EncryptedPlatformChallenge->type = BB_DATA_BLOB;
length = license->PlatformChallenge->length + HWID_LENGTH;
buffer = (BYTE*) malloc(length);
if (!buffer)
return FALSE;
CopyMemory(buffer, license->PlatformChallenge->data, license->PlatformChallenge->length);
CopyMemory(&buffer[license->PlatformChallenge->length], license->HardwareId, HWID_LENGTH);
status = security_mac_data(license->MacSaltKey, buffer, length, mac_data);
free(buffer);
if (!status)
return FALSE;
rc4 = winpr_RC4_New(license->LicensingEncryptionKey,
LICENSING_ENCRYPTION_KEY_LENGTH);
if (!rc4)
return FALSE;
buffer = (BYTE*) malloc(HWID_LENGTH);
if (!buffer)
return FALSE;
status = winpr_RC4_Update(rc4, HWID_LENGTH, license->HardwareId, buffer);
winpr_RC4_Free(rc4);
if (!status)
{
free(buffer);
return FALSE;
}
license->EncryptedHardwareId->type = BB_DATA_BLOB;
license->EncryptedHardwareId->data = buffer;
license->EncryptedHardwareId->length = HWID_LENGTH;
#ifdef WITH_DEBUG_LICENSE
WLog_DBG(TAG, "LicensingEncryptionKey:");
winpr_HexDump(TAG, WLOG_DEBUG, license->LicensingEncryptionKey, 16);
WLog_DBG(TAG, "HardwareId:");
winpr_HexDump(TAG, WLOG_DEBUG, license->HardwareId, HWID_LENGTH);
WLog_DBG(TAG, "EncryptedHardwareId:");
winpr_HexDump(TAG, WLOG_DEBUG, license->EncryptedHardwareId->data, HWID_LENGTH);
#endif
return license_write_platform_challenge_response_packet(license, s, mac_data) &&
license_send(license, s, PLATFORM_CHALLENGE_RESPONSE);
}
BOOL license_send_valid_client_error_packet(rdpLicense* license)
{
wStream* s;
s = license_send_stream_init(license);
DEBUG_LICENSE("Sending Error Alert Packet");
Stream_Write_UINT32(s, STATUS_VALID_CLIENT); /* dwErrorCode */
Stream_Write_UINT32(s, ST_NO_TRANSITION); /* dwStateTransition */
license_write_binary_blob(s, license->ErrorInfo);
return license_send(license, s, ERROR_ALERT);
}
void license_send_platform_challenge_response_packet(rdpLicense* license)
{
wStream* s;
int length;
BYTE* buffer;
CryptoRc4 rc4;
BYTE mac_data[16];
DEBUG_LICENSE("Sending Platform Challenge Response Packet");
s = license_send_stream_init(license);
license->EncryptedPlatformChallenge->type = BB_DATA_BLOB;
length = license->PlatformChallenge->length + HWID_LENGTH;
buffer = (BYTE*) malloc(length);
CopyMemory(buffer, license->PlatformChallenge->data, license->PlatformChallenge->length);
CopyMemory(&buffer[license->PlatformChallenge->length], license->HardwareId, HWID_LENGTH);
security_mac_data(license->MacSaltKey, buffer, length, mac_data);
free(buffer);
buffer = (BYTE*) malloc(HWID_LENGTH);
rc4 = crypto_rc4_init(license->LicensingEncryptionKey, LICENSING_ENCRYPTION_KEY_LENGTH);
if (!rc4)
{
fprintf(stderr, "%s: unable to allocate a rc4\n", __FUNCTION__);
return;
}
crypto_rc4(rc4, HWID_LENGTH, license->HardwareId, buffer);
crypto_rc4_free(rc4);
license->EncryptedHardwareId->type = BB_DATA_BLOB;
license->EncryptedHardwareId->data = buffer;
license->EncryptedHardwareId->length = HWID_LENGTH;
#ifdef WITH_DEBUG_LICENSE
fprintf(stderr, "LicensingEncryptionKey:\n");
winpr_HexDump(license->LicensingEncryptionKey, 16);
fprintf(stderr, "\n");
fprintf(stderr, "HardwareId:\n");
winpr_HexDump(license->HardwareId, HWID_LENGTH);
fprintf(stderr, "\n");
fprintf(stderr, "EncryptedHardwareId:\n");
winpr_HexDump(license->EncryptedHardwareId->data, HWID_LENGTH);
fprintf(stderr, "\n");
#endif
license_write_platform_challenge_response_packet(license, s, mac_data);
license_send(license, s, PLATFORM_CHALLENGE_RESPONSE);
}
void license_read_platform_challenge_packet(rdpLicense* license, STREAM* s)
{
DEBUG_LICENSE("Receiving Platform Challenge Packet");
stream_seek(s, 4); /* ConnectFlags, Reserved (4 bytes) */
/* EncryptedPlatformChallenge */
license->encrypted_platform_challenge->type = BB_ANY_BLOB;
license_read_binary_blob(s, license->encrypted_platform_challenge);
license->encrypted_platform_challenge->type = BB_ENCRYPTED_DATA_BLOB;
/* MACData (16 bytes) */
stream_seek(s, 16);
license_decrypt_platform_challenge(license);
}
void license_send_platform_challenge_response_packet(rdpLicense* license)
{
STREAM* s;
int length;
uint8* buffer;
CryptoRc4 rc4;
uint8 mac_data[16];
s = license_send_stream_init(license);
DEBUG_LICENSE("Sending Platform Challenge Response Packet");
license->encrypted_platform_challenge->type = BB_DATA_BLOB;
length = license->platform_challenge->length + HWID_LENGTH;
buffer = (uint8*) xmalloc(length);
memcpy(buffer, license->platform_challenge->data, license->platform_challenge->length);
memcpy(&buffer[license->platform_challenge->length], license->hwid, HWID_LENGTH);
security_mac_data(license->mac_salt_key, buffer, length, mac_data);
xfree(buffer);
buffer = (uint8*) xmalloc(HWID_LENGTH);
rc4 = crypto_rc4_init(license->licensing_encryption_key, LICENSING_ENCRYPTION_KEY_LENGTH);
crypto_rc4(rc4, HWID_LENGTH, license->hwid, buffer);
crypto_rc4_free(rc4);
#ifdef WITH_DEBUG_LICENSE
printf("Licensing Encryption Key:\n");
freerdp_hexdump(license->licensing_encryption_key, 16);
printf("HardwareID:\n");
freerdp_hexdump(license->hwid, 20);
printf("Encrypted HardwareID:\n");
freerdp_hexdump(buffer, 20);
#endif
license->encrypted_hwid->type = BB_DATA_BLOB;
license->encrypted_hwid->data = buffer;
license->encrypted_hwid->length = HWID_LENGTH;
license_write_platform_challenge_response_packet(license, s, mac_data);
license_send(license, s, PLATFORM_CHALLENGE_RESPONSE);
}
BOOL license_read_platform_challenge_packet(rdpLicense* license, STREAM* s)
{
DEBUG_LICENSE("Receiving Platform Challenge Packet");
if(stream_get_left(s) < 4)
return FALSE;
stream_seek(s, 4); /* ConnectFlags, Reserved (4 bytes) */
/* EncryptedPlatformChallenge */
license->encrypted_platform_challenge->type = BB_ANY_BLOB;
license_read_binary_blob(s, license->encrypted_platform_challenge);
license->encrypted_platform_challenge->type = BB_ENCRYPTED_DATA_BLOB;
/* MACData (16 bytes) */
if(!stream_skip(s, 16))
return FALSE;
license_decrypt_platform_challenge(license);
return TRUE;
}
BOOL license_send(rdpLicense* license, wStream* s, BYTE type)
{
int length;
BYTE flags;
UINT16 wMsgSize;
UINT16 sec_flags;
DEBUG_LICENSE("Sending %s Packet", LICENSE_MESSAGE_STRINGS[type & 0x1F]);
length = Stream_GetPosition(s);
Stream_SetPosition(s, 0);
sec_flags = SEC_LICENSE_PKT;
wMsgSize = length - LICENSE_PACKET_HEADER_MAX_LENGTH + 4;
/**
* Using EXTENDED_ERROR_MSG_SUPPORTED here would cause mstsc to crash when
* running in server mode! This flag seems to be incorrectly documented.
*/
flags = PREAMBLE_VERSION_3_0;
rdp_write_header(license->rdp, s, length, MCS_GLOBAL_CHANNEL_ID);
rdp_write_security_header(s, sec_flags);
license_write_preamble(s, type, flags, wMsgSize);
#ifdef WITH_DEBUG_LICENSE
fprintf(stderr, "Sending %s Packet, length %d\n", LICENSE_MESSAGE_STRINGS[type & 0x1F], wMsgSize);
winpr_HexDump(Stream_Pointer(s) - 4, wMsgSize);
#endif
Stream_SetPosition(s, length);
Stream_SealLength(s);
if (transport_write(license->rdp->transport, s) < 0)
return FALSE;
Stream_Free(s, TRUE);
return TRUE;
}
boolean certificate_read_server_x509_certificate_chain(rdpCertificate* certificate, STREAM* s)
{
int i;
uint32 certLength;
uint32 numCertBlobs;
DEBUG_CERTIFICATE("Server X.509 Certificate Chain");
stream_read_uint32(s, numCertBlobs); /* numCertBlobs */
certificate->x509_cert_chain = certificate_new_x509_certificate_chain(numCertBlobs);
for (i = 0; i < (int) numCertBlobs; i++)
{
stream_read_uint32(s, certLength);
DEBUG_CERTIFICATE("\nX.509 Certificate #%d, length:%d", i + 1, certLength);
certificate->x509_cert_chain->array[i].data = (uint8*) xmalloc(certLength);
stream_read(s, certificate->x509_cert_chain->array[i].data, certLength);
certificate->x509_cert_chain->array[i].length = certLength;
if (numCertBlobs - i == 2)
{
rdpCertInfo cert_info;
DEBUG_CERTIFICATE("License Server Certificate");
certificate_read_x509_certificate(&certificate->x509_cert_chain->array[i], &cert_info);
DEBUG_LICENSE("modulus length:%d", cert_info.modulus.length);
freerdp_blob_free(&cert_info.modulus);
}
else if (numCertBlobs - i == 1)
{
DEBUG_CERTIFICATE("Terminal Server Certificate");
certificate_read_x509_certificate(&certificate->x509_cert_chain->array[i], &certificate->cert_info);
DEBUG_CERTIFICATE("modulus length:%d", certificate->cert_info.modulus.length);
}
}
return true;
}
void license_read_upgrade_license_packet(rdpLicense* license, STREAM* s)
{
DEBUG_LICENSE("Receiving Upgrade License Packet");
license->state = LICENSE_STATE_COMPLETED;
}
boolean license_recv(rdpLicense* license, STREAM* s)
{
uint16 length;
uint16 channelId;
uint16 sec_flags;
uint8 flags;
uint8 bMsgType;
uint16 wMsgSize;
if (!rdp_read_header(license->rdp, s, &length, &channelId))
{
printf("Incorrect RDP header.\n");
return false;
}
rdp_read_security_header(s, &sec_flags);
if (!(sec_flags & SEC_LICENSE_PKT))
{
stream_rewind(s, RDP_SECURITY_HEADER_LENGTH);
if (rdp_recv_out_of_sequence_pdu(license->rdp, s) != true)
{
printf("Unexpected license packet.\n");
return false;
}
return true;
}
license_read_preamble(s, &bMsgType, &flags, &wMsgSize); /* preamble (4 bytes) */
DEBUG_LICENSE("Receiving %s Packet", LICENSE_MESSAGE_STRINGS[bMsgType & 0x1F]);
switch (bMsgType)
{
case LICENSE_REQUEST:
license_read_license_request_packet(license, s);
license_send_new_license_request_packet(license);
break;
case PLATFORM_CHALLENGE:
license_read_platform_challenge_packet(license, s);
license_send_platform_challenge_response_packet(license);
break;
case NEW_LICENSE:
license_read_new_license_packet(license, s);
break;
case UPGRADE_LICENSE:
license_read_upgrade_license_packet(license, s);
break;
case ERROR_ALERT:
license_read_error_alert_packet(license, s);
break;
default:
printf("invalid bMsgType:%d\n", bMsgType);
return false;
}
return true;
}
void license_read_new_license_packet(rdpLicense* license, wStream* s)
{
DEBUG_LICENSE("Receiving New License Packet");
license->state = LICENSE_STATE_COMPLETED;
}
int license_recv(rdpLicense* license, wStream* s)
{
BYTE flags;
BYTE bMsgType;
UINT16 wMsgSize;
UINT16 length;
UINT16 channelId;
UINT16 securityFlags;
if (!rdp_read_header(license->rdp, s, &length, &channelId))
{
WLog_ERR(TAG, "Incorrect RDP header.");
return -1;
}
if (!rdp_read_security_header(s, &securityFlags))
return -1;
if (securityFlags & SEC_ENCRYPT)
{
if (!rdp_decrypt(license->rdp, s, length - 4, securityFlags))
{
WLog_ERR(TAG, "rdp_decrypt failed");
return -1;
}
}
if (!(securityFlags & SEC_LICENSE_PKT))
{
int status;
if (!(securityFlags & SEC_ENCRYPT))
Stream_Rewind(s, RDP_SECURITY_HEADER_LENGTH);
status = rdp_recv_out_of_sequence_pdu(license->rdp, s);
if (status < 0)
{
WLog_ERR(TAG, "unexpected license packet.");
return status;
}
return 0;
}
if (!license_read_preamble(s, &bMsgType, &flags, &wMsgSize)) /* preamble (4 bytes) */
return -1;
DEBUG_LICENSE("Receiving %s Packet", LICENSE_MESSAGE_STRINGS[bMsgType & 0x1F]);
switch (bMsgType)
{
case LICENSE_REQUEST:
if (!license_read_license_request_packet(license, s))
return -1;
if (!license_send_new_license_request_packet(license))
return -1;
break;
case PLATFORM_CHALLENGE:
if (!license_read_platform_challenge_packet(license, s))
return -1;
if (!license_send_platform_challenge_response_packet(license))
return -1;
break;
case NEW_LICENSE:
license_read_new_license_packet(license, s);
break;
case UPGRADE_LICENSE:
license_read_upgrade_license_packet(license, s);
break;
case ERROR_ALERT:
if (!license_read_error_alert_packet(license, s))
return -1;
break;
default:
WLog_ERR(TAG, "invalid bMsgType:%d", bMsgType);
return FALSE;
}
return 0;
}
