X-Git-Url: https://git.sesse.net/?p=rdpsrv;a=blobdiff_plain;f=secure.c;h=56c8bef117fba0929c4d2c3e129adfaf8be2bc44;hp=573b77d3598112f35fe5e9bbbfa8c60cf05e4705;hb=99f2e8c32508ab193c1d42221c86cb7fca4be9ab;hpb=d5d7588c8ae4d998f73076b4fdd149b206ca0e70 diff --git a/secure.c b/secure.c index 573b77d..56c8bef 100644 --- a/secure.c +++ b/secure.c @@ -169,6 +169,8 @@ sec_generate_keys(uint8 * client_key, uint8 * server_key, int rc4_key_size) printf("0x%02x ", sec_encrypt_key[i]); printf("\n"); } + + g_encryption = 1; } static uint8 pad_54[40] = { @@ -264,6 +266,8 @@ sec_encrypt(uint8 * data, int length) use_count = 0; } + printf("RC4-ing %u bytes with DECRYPT, uc=%u\n", length, use_count); + RC4(&rc4_decrypt_key, length, data, data); use_count++; } @@ -342,10 +346,11 @@ sec_init(uint32 flags, int maxlen) int hdrlen; STREAM s; - /*if (!g_licence_issued) */ + if (!g_licence_issued) hdrlen = (flags & SEC_ENCRYPT) ? 12 : 4; -/* else - hdrlen = (flags & SEC_ENCRYPT) ? 12 : 0; */ + else + hdrlen = (flags & SEC_ENCRYPT) ? 12 : 0; + printf("HDRLEN is %u\n", hdrlen); s = mcs_init(maxlen + hdrlen); s_push_layer(s, sec_hdr, hdrlen); @@ -361,8 +366,9 @@ sec_send_to_channel(STREAM s, uint32 flags, uint16 channel) // DEBUG(("sending packet to channel %u\n", channel)); s_pop_layer(s, sec_hdr); -// if (!g_licence_issued || (flags & SEC_ENCRYPT)) + if (!g_licence_issued || (flags & SEC_ENCRYPT)) { out_uint32_le(s, flags); + } if (flags & SEC_ENCRYPT) { @@ -375,6 +381,7 @@ sec_send_to_channel(STREAM s, uint32 flags, uint16 channel) #endif sec_sign(s->p, 8, sec_sign_key, rc4_key_len, s->p + 8, datalen); + printf("First byte of signature is 0x%x, at %p\n", (s->p)[0], s->p); sec_encrypt(s->p + 8, datalen); } @@ -729,6 +736,7 @@ sec_process_mcs_data(STREAM s) } extern unsigned char cacert[]; +extern BOOL g_licence_issued; unsigned char demand_license[] = { 0x01, 0x03, 0x86, 0x00, 0x9c, 0x6e, 0xef, 0x5a, 0x26, 0x45, 0x88, 0x86, 0x0e, 0xdf, 0xa4, 0x4a, @@ -739,9 +747,93 @@ unsigned char demand_license[] = { 0x69, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x41, 0x00, 0x30, 0x00, 0x32, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x04, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0xf6, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, - 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x00 + 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x00 +}; +unsigned char result_license[] = { + 0xff, 0x03, 0x10, 0x00, 0x07, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0xa0, 0x5f, 0x00, 0x00 +}; + +unsigned char demand_active[] = { + 0x24, 0x01, 0x11, 0x00, 0xea, 0x03, 0xea, 0x03, 0x01, 0x00, 0x04, 0x00, 0x0e, 0x01, 0x52, 0x44, + 0x50, 0x00, 0x09, 0x00, 0x00, 0x00, 0x09, 0x00, 0x08, 0x00, 0xea, 0x03, 0x40, 0xe4, 0x01, 0x00, + 0x18, 0x00, 0x01, 0x00, 0x03, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x11, 0x04, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x0e, 0x00, 0x04, 0x00, 0x02, 0x00, 0x1c, 0x00, 0x08, 0x00, + 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x20, 0x03, 0x58, 0x02, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, + 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x03, 0x00, 0x58, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x42, 0x0f, 0x00, 0x01, 0x00, + 0x14, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x01, 0x01, 0x01, 0x01, 0x00, + 0x00, 0x00, 0x01, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x00, 0x01, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0xa1, 0x06, 0x00, 0x00, 0x40, 0x42, + 0x0f, 0x00, 0x40, 0x42, 0x0f, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, + 0x08, 0x00, 0x06, 0x00, 0x00, 0x00, 0x12, 0x00, 0x08, 0x00, 0x01, 0x00, 0x00, 0x00, 0x08, 0x00, + 0x0a, 0x00, 0x01, 0x00, 0x19, 0x00, 0x19, 0x00, 0x0d, 0x00, 0x58, 0x00, 0x35, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0xed, 0xbf, 0xa5, 0xcd, 0xb1, 0xae, 0xbe, + 0x88, 0x35, 0x56, 0xe5, 0xc2, 0x01, 0xaf, 0xbe, 0xc8, 0xed, 0xbf, 0xa5, 0x8c, 0x33, 0x40, 0xe4, + 0x08, 0x30, 0x40, 0xe4, 0x01, 0x00, 0x00, 0x00, 0x08, 0x30, 0x40, 0xe4, 0x00, 0x00, 0x00, 0x00, + 0xc0, 0xed, 0xbf, 0xa5, 0x34, 0xf5, 0xae, 0xbe, 0x08, 0x30, 0x40, 0xe4, 0xb4, 0xed, 0xbf, 0xa5, + 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x19, 0x00, 0x19, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00 }; +#define EXPECT8(value) { in_uint8(s, unknown); if (unknown != (value)) printf("Unknown value on code line %u; expected 0x%x, got 0x%x\n", __LINE__, (value), unknown); } +#define EXPECT16(value) { in_uint16_le(s, unknown); if (unknown != (value)) printf("Unknown value on code line %u; expected 0x%x, got 0x%x\n", __LINE__, (value), unknown); } +#define EXPECT32(value) { in_uint32_le(s, unknown); if (unknown != (value)) printf("Unknown value on code line %u; expected 0x%x, got 0x%x\n", __LINE__, (value), unknown); } + +void +process_presented_license(STREAM s) +{ + unsigned char client_license_random[SEC_RANDOM_SIZE]; + unsigned char client_license_rsa_data[SEC_MODULUS_SIZE]; + + uint16 length, license_size; + uint32 unknown; + uint8 *license, hwid[LICENCE_HWID_SIZE], signature[LICENCE_SIGNATURE_SIZE]; + int i; + + EXPECT8(2); // version + in_uint16_le(s, length); + + EXPECT32(1); // unknown + EXPECT16(0); + EXPECT16(0x0201); + + in_uint8a(s, client_license_random, SEC_RANDOM_SIZE); + EXPECT16(0); + EXPECT16(SEC_MODULUS_SIZE + SEC_PADDING_SIZE); + in_uint8a(s, client_license_rsa_data, SEC_MODULUS_SIZE); + in_uint8s(s, SEC_PADDING_SIZE); + + EXPECT16(1); + in_uint16_le(s, license_size); + + license = (uint8 *)xmalloc(license_size); + in_uint8a(s, license, license_size); + + printf("Received license:\n"); + for (i = 0; i < license_size; ++i) + printf(" 0x%02x", license[i]); + printf("\n"); + + EXPECT16(1); + EXPECT16(LICENCE_HWID_SIZE); + in_uint8a(s, hwid, LICENCE_HWID_SIZE); + + printf("License hardware ID:\n"); + for (i = 0; i < LICENCE_HWID_SIZE; ++i) + printf(" 0x%02x", hwid[i]); + printf("\n"); + + in_uint8a(s, signature, LICENCE_SIGNATURE_SIZE); + + if (!s_check_end(s)) { + printf("Unknown data at the end of presented license!"); + } + + // now we can generate the keys we need + licence_generate_keys(client_license_random, demand_license + 4, client_license_rsa_data); +// send_authreq(); +} + /* Receive secure transport packet */ STREAM sec_recv(void) @@ -750,7 +842,7 @@ sec_recv(void) uint16 channel; STREAM s; - while ((s = mcs_recv(&channel)) != NULL) + if ((s = mcs_recv(&channel)) != NULL) { if (/*g_encryption || !g_licence_issued*/ 1) { @@ -766,9 +858,32 @@ sec_recv(void) if (sec_flags & SEC_LICENCE_NEG) { - printf("SEC_LICENSE_NEG unknown\n"); - //licence_process(s); - continue; + uint8 tag; + in_uint8(s, tag); + printf("SEC_LICENSE_NEG tag %x\n", tag); + + if (tag == LICENCE_TAG_PRESENT) { + process_presented_license(s); + + { + STREAM s; + s = sec_init(SEC_LICENCE_NEG, sizeof(result_license)); + out_uint8p(s, result_license, sizeof(result_license)); + s_mark_end(s); + sec_send(s, SEC_LICENCE_NEG); + } + + { + STREAM s; + printf("Sending DEMAND_ACTIVE (0x%x bytes)\n", sizeof(demand_active)); + s = sec_init(SEC_ENCRYPT, sizeof(demand_active)); + out_uint8p(s, demand_active, sizeof(demand_active)); + s_mark_end(s); + sec_send(s, SEC_ENCRYPT); + } + } + + return NULL; } if (sec_flags & SEC_LOGON_INFO) @@ -780,13 +895,13 @@ sec_recv(void) { STREAM s; - s = sec_init(sizeof(demand_license), SEC_LICENCE_NEG); + s = sec_init(SEC_LICENCE_NEG, sizeof(demand_license)); out_uint8p(s, demand_license, sizeof(demand_license)); s_mark_end(s); sec_send(s, SEC_LICENCE_NEG); } - continue; + return NULL; } if (sec_flags & SEC_CLIENT_RANDOM) { @@ -819,7 +934,7 @@ sec_recv(void) // now we can generate the keys sec_generate_keys(inr + SEC_RANDOM_SIZE, cacert, 1); - continue; + return NULL; } } @@ -827,7 +942,7 @@ sec_recv(void) if (channel != MCS_GLOBAL_CHANNEL) { channel_process(s, channel); - continue; + return NULL; } return s;