Lots of changes: Fix Valgrind hits, send RESULT on license, try to send (encrypted...

author Steinar H. Gunderson <sesse@samfundet.no>

Sun, 6 Feb 2005 01:35:18 +0000 (01:35 +0000)

committer Steinar H. Gunderson <sesse@samfundet.no>

Sun, 6 Feb 2005 01:35:18 +0000 (01:35 +0000)
author Steinar H. Gunderson <sesse@samfundet.no>
Sun, 6 Feb 2005 01:35:18 +0000 (01:35 +0000)
committer Steinar H. Gunderson <sesse@samfundet.no>
Sun, 6 Feb 2005 01:35:18 +0000 (01:35 +0000)
diff --git a/licence.c b/licence.c

index f862ecdcf91d158de0abc8c09094c1217d1bd252..28c035becf4f07cc94340f65a65f108fe9153f0b 100644 (file)
--- a/licence.c
+++ b/licence.c
@@ -62,3 +62,44 @@ licence_generate_keys(uint8 * client_key, uint8 * server_key, uint8 * client_rsa
         }
  }
  
+// "TEST" in UTF-16
+unsigned char license_token[] = {
+       0x54, 0x00, 0x45, 0x00, 0x53, 0x00, 0x54, 0x00, 0x00, 0x00
+};
+
+void
+send_authreq()
+{
+       RC4_KEY crypt_key;
+       uint8 in_token[LICENCE_TOKEN_SIZE], encrypt_token[LICENCE_TOKEN_SIZE];
+       uint8 signature[LICENCE_SIGNATURE_SIZE];
+
+       STREAM s = sec_init(38, SEC_LICENCE_NEG);
+       
+       out_uint8(s, LICENCE_TAG_AUTHREQ);
+       out_uint8(s, 3);  // version
+       out_uint16_le(s, 38); // length
+
+       // unknown
+       out_uint16_le(s, 0xffff);
+       out_uint16_le(s, 0xffff);
+       out_uint16_le(s, 0x0000);
+
+       out_uint16_le(s, LICENCE_TOKEN_SIZE);
+       memcpy(in_token, license_token, LICENCE_TOKEN_SIZE);
+
+       // encrypt the token
+       RC4_set_key(&crypt_key, 16, g_licence_key);
+       RC4(&crypt_key, LICENCE_TOKEN_SIZE, in_token, encrypt_token);
+
+       out_uint8p(s, encrypt_token, LICENCE_TOKEN_SIZE);
+
+       // what are we supposed to sign here, really? guess at the
+       // token, nothing else has been sent...
+       sec_sign(signature, 16, g_licence_sign_key, 16, encrypt_token, LICENCE_TOKEN_SIZE);
+       out_uint8p(s, signature, LICENCE_SIGNATURE_SIZE);
+
+       s_mark_end(s);
+       sec_send(s, SEC_LICENCE_NEG);
+}
+
diff --git a/mcs.c b/mcs.c

index 6c5bbb77ef4e3209de3dca695d520dd92a8e7499..b0ddff7dc9a4bd91a76be110b33a6cb7ea173bbd 100644 (file)
--- a/mcs.c
+++ b/mcs.c
@@ -398,6 +398,7 @@ mcs_send_connect_response()
                 const unsigned char *ptr = buf;
                 memcpy(buf, private_key, sizeof(private_key));
                 privkey = d2i_RSAPrivateKey(NULL, &ptr, sizeof(private_key));
+               RSA_blinding_off(privkey);   // fix Valgrind hits -- YES, I know it's evil
                 free(buf);
  
                 printf("Loaded private key (%u bytes)\n", sizeof(private_key));
diff --git a/proto.h b/proto.h

index ac1baacf88a73bdd608e17ece2bd36e9d4f62225..ea5eeda78f6c7560faefbcc719a90c05c055645a 100644 (file)
--- a/proto.h
+++ b/proto.h
@@ -36,6 +36,7 @@ BOOL iso_recv_connect(int server_sock);
  void iso_disconnect(void);
  /* licence.c */
  void licence_process(STREAM s);
+void send_authreq();
  /* mcs.c */
  STREAM mcs_init(int length);
  BOOL mcs_recv_connect_initial();
diff --git a/secure.c b/secure.c

index a52a134ffdb671a23987e3c23952ff683e55b21c..1282a7f1d096f3211435752c0961f0099d9168de 100644 (file)
--- a/secure.c
+++ b/secure.c
@@ -342,10 +342,10 @@ sec_init(uint32 flags, int maxlen)
         int hdrlen;
         STREAM s;
  
-       /*if (!g_licence_issued) */
+       if (!g_licence_issued) 
                 hdrlen = (flags & SEC_ENCRYPT) ? 12 : 4;
-/*     else
-               hdrlen = (flags & SEC_ENCRYPT) ? 12 : 0; */
+       else
+               hdrlen = (flags & SEC_ENCRYPT) ? 12 : 0; 
         s = mcs_init(maxlen + hdrlen);
         s_push_layer(s, sec_hdr, hdrlen);
  
@@ -361,8 +361,9 @@ sec_send_to_channel(STREAM s, uint32 flags, uint16 channel)
  //     DEBUG(("sending packet to channel %u\n", channel));
         
         s_pop_layer(s, sec_hdr);
-//     if (!g_licence_issued || (flags & SEC_ENCRYPT))
+       if (!g_licence_issued || (flags & SEC_ENCRYPT)) {
                 out_uint32_le(s, flags);
+       }
  
         if (flags & SEC_ENCRYPT)
         {
@@ -375,6 +376,7 @@ sec_send_to_channel(STREAM s, uint32 flags, uint16 channel)
  #endif
  
                 sec_sign(s->p, 8, sec_sign_key, rc4_key_len, s->p + 8, datalen);
+               printf("First byte of signature is 0x%x, at %p\n", (s->p)[0], s->p);
                 sec_encrypt(s->p + 8, datalen);
         }
  
@@ -729,6 +731,7 @@ sec_process_mcs_data(STREAM s)
  }
  
  extern unsigned char cacert[];
+extern BOOL g_licence_issued;
  
  unsigned char demand_license[] = {
         0x01, 0x03, 0x86, 0x00, 0x9c, 0x6e, 0xef, 0x5a, 0x26, 0x45, 0x88, 0x86, 0x0e, 0xdf, 0xa4, 0x4a,
@@ -741,13 +744,30 @@ unsigned char demand_license[] = {
         0x01, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66,
         0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x00 
  };
-unsigned char authreq_license[] = {
-       0x02, 0x03, 0x26, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x0a, 0x00, 0x37, 0x58, 0x0f, 0xc6,
-       0x59, 0xfb, 0x03, 0xb2, 0x2a, 0xb7, 0xfa, 0x65, 0xac, 0x02, 0x8d, 0x8b, 0xda, 0xf7, 0xc5, 0x20,
-       0x1b, 0xe3, 0x65, 0x26, 0xc4, 0x6a
-};
  unsigned char result_license[] = {
-        0xff, 0x03, 0x10, 0x00, 0x08, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x6a, 0xbd, 0x00, 0x00
+        0xff, 0x03, 0x10, 0x00, 0x07, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0xa0, 0x5f, 0x00, 0x00
+};
+
+unsigned char demand_active[] = {
+       0x24, 0x01, 0x11, 0x00, 0xea, 0x03, 0xea, 0x03, 0x01, 0x00, 0x04, 0x00, 0x0e, 0x01, 0x52, 0x44,
+       0x50, 0x00, 0x09, 0x00, 0x00, 0x00, 0x09, 0x00, 0x08, 0x00, 0xea, 0x03, 0x40, 0xe4, 0x01, 0x00,
+       0x18, 0x00, 0x01, 0x00, 0x03, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x11, 0x04, 0x00, 0x00,
+       0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x0e, 0x00, 0x04, 0x00, 0x02, 0x00, 0x1c, 0x00, 0x08, 0x00,
+       0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x20, 0x03, 0x58, 0x02, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00,
+       0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x03, 0x00, 0x58, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x42, 0x0f, 0x00, 0x01, 0x00,
+       0x14, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x01, 0x01, 0x01, 0x01, 0x00,
+       0x00, 0x00, 0x01, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
+       0x01, 0x00, 0x01, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0xa1, 0x06, 0x00, 0x00, 0x40, 0x42,
+       0x0f, 0x00, 0x40, 0x42, 0x0f, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00,
+       0x08, 0x00, 0x06, 0x00, 0x00, 0x00, 0x12, 0x00, 0x08, 0x00, 0x01, 0x00, 0x00, 0x00, 0x08, 0x00,
+       0x0a, 0x00, 0x01, 0x00, 0x19, 0x00, 0x19, 0x00, 0x0d, 0x00, 0x58, 0x00, 0x35, 0x00, 0x00, 0x00,
+       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0xed, 0xbf, 0xa5, 0xcd, 0xb1, 0xae, 0xbe,
+       0x88, 0x35, 0x56, 0xe5, 0xc2, 0x01, 0xaf, 0xbe, 0xc8, 0xed, 0xbf, 0xa5, 0x8c, 0x33, 0x40, 0xe4,
+       0x08, 0x30, 0x40, 0xe4, 0x01, 0x00, 0x00, 0x00, 0x08, 0x30, 0x40, 0xe4, 0x00, 0x00, 0x00, 0x00,
+       0xc0, 0xed, 0xbf, 0xa5, 0x34, 0xf5, 0xae, 0xbe, 0x08, 0x30, 0x40, 0xe4, 0xb4, 0xed, 0xbf, 0xa5,
+       0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x19, 0x00, 0x19, 0x00, 0x00, 0x00,
+       0x00, 0x00, 0x00, 0x00
  };
  
  #define EXPECT8(value) { in_uint8(s, unknown); if (unknown != (value)) printf("Unknown value on code line %u; expected 0x%x, got 0x%x\n", __LINE__, (value), unknown); }
@@ -806,6 +826,7 @@ process_presented_license(STREAM s)
  
         // now we can generate the keys we need
         licence_generate_keys(client_license_random, demand_license + 4, client_license_rsa_data);
+//     send_authreq();
  }
  
  /* Receive secure transport packet */
@@ -838,9 +859,21 @@ sec_recv(void)
                                 
                                 if (tag == LICENCE_TAG_PRESENT) {
                                         process_presented_license(s);
+
+                                       s = sec_init(sizeof(result_license), SEC_LICENCE_NEG);
+                                       out_uint8p(s, result_license, sizeof(result_license));
+                                       s_mark_end(s);
+                                       sec_send(s, SEC_LICENCE_NEG);
+                                       
+                                       //g_licence_issued = 1;
+                                       
+                                       printf("Sending DEMAND_ACTIVE (0x%x bytes)\n", sizeof(demand_active));
+                                       s = sec_init(sizeof(demand_active), SEC_ENCRYPT);
+                                       out_uint8p(s, demand_active, sizeof(demand_active));
+                                       s_mark_end(s);
+                                       sec_send(s, SEC_ENCRYPT);
                                 }
                                 
-                               //licence_process(s);
                                 continue;
                         }
author	Steinar H. Gunderson <sesse@samfundet.no>
	Sun, 6 Feb 2005 01:35:18 +0000 (01:35 +0000)
committer	Steinar H. Gunderson <sesse@samfundet.no>
	Sun, 6 Feb 2005 01:35:18 +0000 (01:35 +0000)
licence.c		patch \| blob \| history
mcs.c		patch \| blob \| history
proto.h		patch \| blob \| history
secure.c		patch \| blob \| history