licence.c@ 33656

Last change on this file since 33656 was 33656, checked in by vboxsync, 14 years ago
*: rebrand Sun (L)GPL disclaimers
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 8.8 KB

Line
1	/* -- c-basic-offset: 8 --
2	rdesktop: A Remote Desktop Protocol client.
3	RDP licensing negotiation
4	Copyright (C) Matthew Chapman 1999-2007
5
6	This program is free software; you can redistribute it and/or modify
7	it under the terms of the GNU General Public License as published by
8	the Free Software Foundation; either version 2 of the License, or
9	(at your option) any later version.
10
11	This program is distributed in the hope that it will be useful,
12	but WITHOUT ANY WARRANTY; without even the implied warranty of
13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	GNU General Public License for more details.
15
16	You should have received a copy of the GNU General Public License
17	along with this program; if not, write to the Free Software
18	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19	*/
20
21	/*
22	* Oracle GPL Disclaimer: For the avoidance of doubt, except that if any license choice
23	* other than GPL or LGPL is available it will apply instead, Oracle elects to use only
24	* the General Public License version 2 (GPLv2) at this time for any software where
25	* a choice of GPL license versions is made available with the language indicating
26	* that GPLv2 or any later version may be used, or where a choice of which version
27	* of the GPL is applied is otherwise unspecified.
28	*/
29
30	#include "rdesktop.h"
31	#include "ssl.h"
32
33	extern char g_username[64];
34	extern char g_hostname[16];
35
36	static uint8 g_licence_key[16];
37	static uint8 g_licence_sign_key[16];
38
39	RD_BOOL g_licence_issued = False;
40
41	/* Generate a session key and RC4 keys, given client and server randoms */
42	static void
43	licence_generate_keys(uint8 * client_random, uint8 * server_random, uint8 * pre_master_secret)
44	{
45	uint8 master_secret[48];
46	uint8 key_block[48];
47
48	/* Generate master secret and then key material */
49	sec_hash_48(master_secret, pre_master_secret, client_random, server_random, 'A');
50	sec_hash_48(key_block, master_secret, server_random, client_random, 'A');
51
52	/* Store first 16 bytes of session key as MAC secret */
53	memcpy(g_licence_sign_key, key_block, 16);
54
55	/* Generate RC4 key from next 16 bytes */
56	sec_hash_16(g_licence_key, &key_block[16], client_random, server_random);
57	}
58
59	static void
60	licence_generate_hwid(uint8 * hwid)
61	{
62	buf_out_uint32(hwid, 2);
63	strncpy((char *) (hwid + 4), g_hostname, LICENCE_HWID_SIZE - 4);
64	}
65
66	/* Present an existing licence to the server */
67	static void
68	licence_present(uint8 * client_random, uint8 * rsa_data,
69	uint8 * licence_data, int licence_size, uint8 * hwid, uint8 * signature)
70	{
71	uint32 sec_flags = SEC_LICENCE_NEG;
72	uint16 length =
73	16 + SEC_RANDOM_SIZE + SEC_MODULUS_SIZE + SEC_PADDING_SIZE +
74	licence_size + LICENCE_HWID_SIZE + LICENCE_SIGNATURE_SIZE;
75	STREAM s;
76
77	s = sec_init(sec_flags, length + 4);
78
79	out_uint8(s, LICENCE_TAG_PRESENT);
80	out_uint8(s, 2); /* version */
81	out_uint16_le(s, length);
82
83	out_uint32_le(s, 1);
84	out_uint16(s, 0);
85	out_uint16_le(s, 0x0201);
86
87	out_uint8p(s, client_random, SEC_RANDOM_SIZE);
88	out_uint16(s, 0);
89	out_uint16_le(s, (SEC_MODULUS_SIZE + SEC_PADDING_SIZE));
90	out_uint8p(s, rsa_data, SEC_MODULUS_SIZE);
91	out_uint8s(s, SEC_PADDING_SIZE);
92
93	out_uint16_le(s, 1);
94	out_uint16_le(s, licence_size);
95	out_uint8p(s, licence_data, licence_size);
96
97	out_uint16_le(s, 1);
98	out_uint16_le(s, LICENCE_HWID_SIZE);
99	out_uint8p(s, hwid, LICENCE_HWID_SIZE);
100
101	out_uint8p(s, signature, LICENCE_SIGNATURE_SIZE);
102
103	s_mark_end(s);
104	sec_send(s, sec_flags);
105	}
106
107	/* Send a licence request packet */
108	static void
109	licence_send_request(uint8 * client_random, uint8 * rsa_data, char user, char host)
110	{
111	uint32 sec_flags = SEC_LICENCE_NEG;
112	uint16 userlen = strlen(user) + 1;
113	uint16 hostlen = strlen(host) + 1;
114	uint16 length = 128 + userlen + hostlen;
115	STREAM s;
116
117	s = sec_init(sec_flags, length + 2);
118
119	out_uint8(s, LICENCE_TAG_REQUEST);
120	out_uint8(s, 2); /* version */
121	out_uint16_le(s, length);
122
123	out_uint32_le(s, 1);
124	out_uint16(s, 0);
125	out_uint16_le(s, 0xff01);
126
127	out_uint8p(s, client_random, SEC_RANDOM_SIZE);
128	out_uint16(s, 0);
129	out_uint16_le(s, (SEC_MODULUS_SIZE + SEC_PADDING_SIZE));
130	out_uint8p(s, rsa_data, SEC_MODULUS_SIZE);
131	out_uint8s(s, SEC_PADDING_SIZE);
132
133	out_uint16_le(s, LICENCE_TAG_USER);
134	out_uint16_le(s, userlen);
135	out_uint8p(s, user, userlen);
136
137	out_uint16_le(s, LICENCE_TAG_HOST);
138	out_uint16_le(s, hostlen);
139	out_uint8p(s, host, hostlen);
140
141	s_mark_end(s);
142	sec_send(s, sec_flags);
143	}
144
145	/* Process a licence demand packet */
146	static void
147	licence_process_demand(STREAM s)
148	{
149	uint8 null_data[SEC_MODULUS_SIZE];
150	uint8 *server_random;
151	uint8 signature[LICENCE_SIGNATURE_SIZE];
152	uint8 hwid[LICENCE_HWID_SIZE];
153	uint8 *licence_data;
154	int licence_size;
155	SSL_RC4 crypt_key;
156
157	/* Retrieve the server random from the incoming packet */
158	in_uint8p(s, server_random, SEC_RANDOM_SIZE);
159
160	/* We currently use null client keys. This is a bit naughty but, hey,
161	the security of licence negotiation isn't exactly paramount. */
162	memset(null_data, 0, sizeof(null_data));
163	licence_generate_keys(null_data, server_random, null_data);
164
165	licence_size = load_licence(&licence_data);
166	if (licence_size > 0)
167	{
168	/* Generate a signature for the HWID buffer */
169	licence_generate_hwid(hwid);
170	sec_sign(signature, 16, g_licence_sign_key, 16, hwid, sizeof(hwid));
171
172	/* Now encrypt the HWID */
173	ssl_rc4_set_key(&crypt_key, g_licence_key, 16);
174	ssl_rc4_crypt(&crypt_key, hwid, hwid, sizeof(hwid));
175
176	licence_present(null_data, null_data, licence_data, licence_size, hwid, signature);
177	xfree(licence_data);
178	return;
179	}
180
181	licence_send_request(null_data, null_data, g_username, g_hostname);
182	}
183
184	/* Send an authentication response packet */
185	static void
186	licence_send_authresp(uint8 * token, uint8 * crypt_hwid, uint8 * signature)
187	{
188	uint32 sec_flags = SEC_LICENCE_NEG;
189	uint16 length = 58;
190	STREAM s;
191
192	s = sec_init(sec_flags, length + 2);
193
194	out_uint8(s, LICENCE_TAG_AUTHRESP);
195	out_uint8(s, 2); /* version */
196	out_uint16_le(s, length);
197
198	out_uint16_le(s, 1);
199	out_uint16_le(s, LICENCE_TOKEN_SIZE);
200	out_uint8p(s, token, LICENCE_TOKEN_SIZE);
201
202	out_uint16_le(s, 1);
203	out_uint16_le(s, LICENCE_HWID_SIZE);
204	out_uint8p(s, crypt_hwid, LICENCE_HWID_SIZE);
205
206	out_uint8p(s, signature, LICENCE_SIGNATURE_SIZE);
207
208	s_mark_end(s);
209	sec_send(s, sec_flags);
210	}
211
212	/* Parse an authentication request packet */
213	static RD_BOOL
214	licence_parse_authreq(STREAM s, uint8 token, uint8 signature)
215	{
216	uint16 tokenlen;
217
218	in_uint8s(s, 6); /* unknown: f8 3d 15 00 04 f6 */
219
220	in_uint16_le(s, tokenlen);
221	if (tokenlen != LICENCE_TOKEN_SIZE)
222	{
223	error("token len %d\n", tokenlen);
224	return False;
225	}
226
227	in_uint8p(s, *token, tokenlen);
228	in_uint8p(s, *signature, LICENCE_SIGNATURE_SIZE);
229
230	return s_check_end(s);
231	}
232
233	/* Process an authentication request packet */
234	static void
235	licence_process_authreq(STREAM s)
236	{
237	uint8 in_token = NULL, in_sig;
238	uint8 out_token[LICENCE_TOKEN_SIZE], decrypt_token[LICENCE_TOKEN_SIZE];
239	uint8 hwid[LICENCE_HWID_SIZE], crypt_hwid[LICENCE_HWID_SIZE];
240	uint8 sealed_buffer[LICENCE_TOKEN_SIZE + LICENCE_HWID_SIZE];
241	uint8 out_sig[LICENCE_SIGNATURE_SIZE];
242	SSL_RC4 crypt_key;
243
244	/* Parse incoming packet and save the encrypted token */
245	licence_parse_authreq(s, &in_token, &in_sig);
246	memcpy(out_token, in_token, LICENCE_TOKEN_SIZE);
247
248	/* Decrypt the token. It should read TEST in Unicode. */
249	ssl_rc4_set_key(&crypt_key, g_licence_key, 16);
250	ssl_rc4_crypt(&crypt_key, in_token, decrypt_token, LICENCE_TOKEN_SIZE);
251
252	/* Generate a signature for a buffer of token and HWID */
253	licence_generate_hwid(hwid);
254	memcpy(sealed_buffer, decrypt_token, LICENCE_TOKEN_SIZE);
255	memcpy(sealed_buffer + LICENCE_TOKEN_SIZE, hwid, LICENCE_HWID_SIZE);
256	sec_sign(out_sig, 16, g_licence_sign_key, 16, sealed_buffer, sizeof(sealed_buffer));
257
258	/* Now encrypt the HWID */
259	ssl_rc4_set_key(&crypt_key, g_licence_key, 16);
260	ssl_rc4_crypt(&crypt_key, hwid, crypt_hwid, LICENCE_HWID_SIZE);
261
262	licence_send_authresp(out_token, crypt_hwid, out_sig);
263	}
264
265	/* Process an licence issue packet */
266	static void
267	licence_process_issue(STREAM s)
268	{
269	SSL_RC4 crypt_key;
270	uint32 length;
271	uint16 check;
272	int i;
273
274	in_uint8s(s, 2); /* 3d 45 - unknown */
275	in_uint16_le(s, length);
276	if (!s_check_rem(s, length))
277	return;
278
279	ssl_rc4_set_key(&crypt_key, g_licence_key, 16);
280	ssl_rc4_crypt(&crypt_key, s->p, s->p, length);
281
282	in_uint16(s, check);
283	if (check != 0)
284	return;
285
286	g_licence_issued = True;
287
288	in_uint8s(s, 2); /* pad */
289
290	/* advance to fourth string */
291	length = 0;
292	for (i = 0; i < 4; i++)
293	{
294	in_uint8s(s, length);
295	in_uint32_le(s, length);
296	if (!s_check_rem(s, length))
297	return;
298	}
299
300	g_licence_issued = True;
301	save_licence(s->p, length);
302	}
303
304	/* Process a licence packet */
305	void
306	licence_process(STREAM s)
307	{
308	uint8 tag;
309
310	in_uint8(s, tag);
311	in_uint8s(s, 3); /* version, length */
312
313	switch (tag)
314	{
315	case LICENCE_TAG_DEMAND:
316	licence_process_demand(s);
317	break;
318
319	case LICENCE_TAG_AUTHREQ:
320	licence_process_authreq(s);
321	break;
322
323	case LICENCE_TAG_ISSUE:
324	licence_process_issue(s);
325	break;
326
327	case LICENCE_TAG_REISSUE:
328	case LICENCE_TAG_RESULT:
329	break;
330
331	default:
332	unimpl("licence tag 0x%x\n", tag);
333	}
334	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/VBox/RDP/client/licence.c@ 33656

Download in other formats: