Process presented licenses, and generate RC4 keys.

diff --git a/Makefile b/Makefile
index e49a4003f6d32358c4c1a3959954dff24b12201f..c71c0a7eef31976193f5d3958e86ed0e37195a19 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@ CFLAGS=-g -Wall
 LIBS=-lssl
 
 all: rdpsrv protodiff
 LIBS=-lssl
 
 all: rdpsrv protodiff

-OBJS=rdpsrv.o iso.o tcp.o util.o mcs.o secure.o channels.o rdp.o
+OBJS=rdpsrv.o iso.o tcp.o util.o mcs.o secure.o channels.o rdp.o licence.o

 OBJS_PROTODIFF=protodiff.o tcp.o util.o
 
 rdpsrv: $(OBJS)
 OBJS_PROTODIFF=protodiff.o tcp.o util.o
 
 rdpsrv: $(OBJS)

diff --git a/licence.c b/licence.c
new file mode 100644 (file)
index 0000000..f862ecd
--- /dev/null
+++ b/licence.c
@@ -0,0 +1,64 @@
+/*
+   rdesktop: A Remote Desktop Protocol client.
+   RDP licensing negotiation
+   Copyright (C) Matthew Chapman 1999-2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "rdesktop.h"
+
+#include <openssl/rc4.h>
+
+extern char g_username[16];
+extern char hostname[16];
+
+static uint8 g_licence_key[16];
+static uint8 g_licence_sign_key[16];
+
+BOOL g_licence_issued = False;
+
+/* Generate a session key and RC4 keys, given client and server randoms */
+void
+licence_generate_keys(uint8 * client_key, uint8 * server_key, uint8 * client_rsa)
+{
+       uint8 session_key[48];
+       uint8 temp_hash[48];
+
+       /* Generate session key - two rounds of sec_hash_48 */
+       sec_hash_48(temp_hash, client_rsa, client_key, server_key, 65);
+       sec_hash_48(session_key, temp_hash, server_key, client_key, 65);
+
+       /* Store first 16 bytes of session key, for generating signatures */
+       memcpy(g_licence_sign_key, session_key, 16);
+
+       /* Generate RC4 key */
+       sec_hash_16(g_licence_key, &session_key[16], client_key, server_key);
+
+       {
+               int i;
+
+               printf("g_license_key:\n");
+               for (i = 0; i < 16; ++i)
+                       printf(" 0x%02x", g_licence_key[i]);
+               printf("\n");
+
+               printf("g_license_sign_key:\n");
+               for (i = 0; i < 16; ++i)
+                       printf(" 0x%02x", g_licence_sign_key[i]);
+               printf("\n");
+       }
+}
+

diff --git a/secure.c b/secure.c
index 573b77d3598112f35fe5e9bbbfa8c60cf05e4705..a52a134ffdb671a23987e3c23952ff683e55b21c 100644 (file)
--- a/secure.c
+++ b/secure.c
@@ -739,8 +739,74 @@ unsigned char demand_license[] = {
        0x69, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x41, 0x00, 0x30, 0x00,
        0x32, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x04, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0xf6, 0x00, 0x00,
        0x01, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66,
        0x69, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x41, 0x00, 0x30, 0x00,
        0x32, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x04, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0xf6, 0x00, 0x00,
        0x01, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66,

-       0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x00
+       0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x00 

 };
 };

+unsigned char authreq_license[] = {
+       0x02, 0x03, 0x26, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x0a, 0x00, 0x37, 0x58, 0x0f, 0xc6,
+       0x59, 0xfb, 0x03, 0xb2, 0x2a, 0xb7, 0xfa, 0x65, 0xac, 0x02, 0x8d, 0x8b, 0xda, 0xf7, 0xc5, 0x20,
+       0x1b, 0xe3, 0x65, 0x26, 0xc4, 0x6a
+};
+unsigned char result_license[] = {
+        0xff, 0x03, 0x10, 0x00, 0x08, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x6a, 0xbd, 0x00, 0x00
+};
+
+#define EXPECT8(value) { in_uint8(s, unknown); if (unknown != (value)) printf("Unknown value on code line %u; expected 0x%x, got 0x%x\n", __LINE__, (value), unknown); }
+#define EXPECT16(value) { in_uint16_le(s, unknown); if (unknown != (value)) printf("Unknown value on code line %u; expected 0x%x, got 0x%x\n", __LINE__, (value), unknown); }
+#define EXPECT32(value) { in_uint32_le(s, unknown); if (unknown != (value)) printf("Unknown value on code line %u; expected 0x%x, got 0x%x\n", __LINE__, (value), unknown); }
+
+void
+process_presented_license(STREAM s)
+{
+       unsigned char client_license_random[SEC_RANDOM_SIZE];
+       unsigned char client_license_rsa_data[SEC_MODULUS_SIZE];
+
+       uint16 length, license_size;
+       uint32 unknown;
+       uint8 *license, hwid[LICENCE_HWID_SIZE], signature[LICENCE_SIGNATURE_SIZE];
+       int i;
+       
+       EXPECT8(2);                   // version
+       in_uint16_le(s, length);
+
+       EXPECT32(1);                  // unknown
+       EXPECT16(0);
+       EXPECT16(0x0201);
+
+       in_uint8a(s, client_license_random, SEC_RANDOM_SIZE);
+       EXPECT16(0);
+       EXPECT16(SEC_MODULUS_SIZE + SEC_PADDING_SIZE);
+       in_uint8a(s, client_license_rsa_data, SEC_MODULUS_SIZE);
+       in_uint8s(s, SEC_PADDING_SIZE);
+
+       EXPECT16(1);
+       in_uint16_le(s, license_size);
+
+       license = (uint8 *)xmalloc(license_size);
+       in_uint8a(s, license, license_size);
+
+       printf("Received license:\n");
+       for (i = 0; i < license_size; ++i)
+               printf(" 0x%02x", license[i]);
+       printf("\n");
+
+       EXPECT16(1);
+       EXPECT16(LICENCE_HWID_SIZE);
+       in_uint8a(s, hwid, LICENCE_HWID_SIZE);
+
+       printf("License hardware ID:\n");
+       for (i = 0; i < LICENCE_HWID_SIZE; ++i)
+               printf(" 0x%02x", hwid[i]);
+       printf("\n");
+
+       in_uint8a(s, signature, LICENCE_SIGNATURE_SIZE);
+
+       if (!s_check_end(s)) {
+               printf("Unknown data at the end of presented license!");
+       }
+
+       // now we can generate the keys we need
+       licence_generate_keys(client_license_random, demand_license + 4, client_license_rsa_data);
+}

 
 /* Receive secure transport packet */
 STREAM
 
 /* Receive secure transport packet */
 STREAM


@@ -766,7 +832,14 @@ sec_recv(void)
 
                        if (sec_flags & SEC_LICENCE_NEG)
                        {
 
                        if (sec_flags & SEC_LICENCE_NEG)
                        {

-                               printf("SEC_LICENSE_NEG unknown\n");
+                               uint8 tag;
+                               in_uint8(s, tag);
+                               printf("SEC_LICENSE_NEG tag %x\n", tag);
+                               
+                               if (tag == LICENCE_TAG_PRESENT) {
+                                       process_presented_license(s);
+                               }
+                               

                                //licence_process(s);
                                continue;
                        }
                                //licence_process(s);
                                continue;
                        }