From: Steinar H. Gunderson Date: Sun, 6 Feb 2005 01:35:18 +0000 (+0000) Subject: Lots of changes: Fix Valgrind hits, send RESULT on license, try to send (encrypted... X-Git-Url: https://git.sesse.net/?p=rdpsrv;a=commitdiff_plain;h=6ef7eb955ba235ee0665af718791409ccf01eb73 Lots of changes: Fix Valgrind hits, send RESULT on license, try to send (encrypted) DEMAND_ACTIVE again. --- diff --git a/licence.c b/licence.c index f862ecd..28c035b 100644 --- a/licence.c +++ b/licence.c @@ -62,3 +62,44 @@ licence_generate_keys(uint8 * client_key, uint8 * server_key, uint8 * client_rsa } } +// "TEST" in UTF-16 +unsigned char license_token[] = { + 0x54, 0x00, 0x45, 0x00, 0x53, 0x00, 0x54, 0x00, 0x00, 0x00 +}; + +void +send_authreq() +{ + RC4_KEY crypt_key; + uint8 in_token[LICENCE_TOKEN_SIZE], encrypt_token[LICENCE_TOKEN_SIZE]; + uint8 signature[LICENCE_SIGNATURE_SIZE]; + + STREAM s = sec_init(38, SEC_LICENCE_NEG); + + out_uint8(s, LICENCE_TAG_AUTHREQ); + out_uint8(s, 3); // version + out_uint16_le(s, 38); // length + + // unknown + out_uint16_le(s, 0xffff); + out_uint16_le(s, 0xffff); + out_uint16_le(s, 0x0000); + + out_uint16_le(s, LICENCE_TOKEN_SIZE); + memcpy(in_token, license_token, LICENCE_TOKEN_SIZE); + + // encrypt the token + RC4_set_key(&crypt_key, 16, g_licence_key); + RC4(&crypt_key, LICENCE_TOKEN_SIZE, in_token, encrypt_token); + + out_uint8p(s, encrypt_token, LICENCE_TOKEN_SIZE); + + // what are we supposed to sign here, really? guess at the + // token, nothing else has been sent... + sec_sign(signature, 16, g_licence_sign_key, 16, encrypt_token, LICENCE_TOKEN_SIZE); + out_uint8p(s, signature, LICENCE_SIGNATURE_SIZE); + + s_mark_end(s); + sec_send(s, SEC_LICENCE_NEG); +} + diff --git a/mcs.c b/mcs.c index 6c5bbb7..b0ddff7 100644 --- a/mcs.c +++ b/mcs.c @@ -398,6 +398,7 @@ mcs_send_connect_response() const unsigned char *ptr = buf; memcpy(buf, private_key, sizeof(private_key)); privkey = d2i_RSAPrivateKey(NULL, &ptr, sizeof(private_key)); + RSA_blinding_off(privkey); // fix Valgrind hits -- YES, I know it's evil free(buf); printf("Loaded private key (%u bytes)\n", sizeof(private_key)); diff --git a/proto.h b/proto.h index ac1baac..ea5eeda 100644 --- a/proto.h +++ b/proto.h @@ -36,6 +36,7 @@ BOOL iso_recv_connect(int server_sock); void iso_disconnect(void); /* licence.c */ void licence_process(STREAM s); +void send_authreq(); /* mcs.c */ STREAM mcs_init(int length); BOOL mcs_recv_connect_initial(); diff --git a/secure.c b/secure.c index a52a134..1282a7f 100644 --- a/secure.c +++ b/secure.c @@ -342,10 +342,10 @@ sec_init(uint32 flags, int maxlen) int hdrlen; STREAM s; - /*if (!g_licence_issued) */ + if (!g_licence_issued) hdrlen = (flags & SEC_ENCRYPT) ? 12 : 4; -/* else - hdrlen = (flags & SEC_ENCRYPT) ? 12 : 0; */ + else + hdrlen = (flags & SEC_ENCRYPT) ? 12 : 0; s = mcs_init(maxlen + hdrlen); s_push_layer(s, sec_hdr, hdrlen); @@ -361,8 +361,9 @@ sec_send_to_channel(STREAM s, uint32 flags, uint16 channel) // DEBUG(("sending packet to channel %u\n", channel)); s_pop_layer(s, sec_hdr); -// if (!g_licence_issued || (flags & SEC_ENCRYPT)) + if (!g_licence_issued || (flags & SEC_ENCRYPT)) { out_uint32_le(s, flags); + } if (flags & SEC_ENCRYPT) { @@ -375,6 +376,7 @@ sec_send_to_channel(STREAM s, uint32 flags, uint16 channel) #endif sec_sign(s->p, 8, sec_sign_key, rc4_key_len, s->p + 8, datalen); + printf("First byte of signature is 0x%x, at %p\n", (s->p)[0], s->p); sec_encrypt(s->p + 8, datalen); } @@ -729,6 +731,7 @@ sec_process_mcs_data(STREAM s) } extern unsigned char cacert[]; +extern BOOL g_licence_issued; unsigned char demand_license[] = { 0x01, 0x03, 0x86, 0x00, 0x9c, 0x6e, 0xef, 0x5a, 0x26, 0x45, 0x88, 0x86, 0x0e, 0xdf, 0xa4, 0x4a, @@ -741,13 +744,30 @@ unsigned char demand_license[] = { 0x01, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x0e, 0x00, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x00 }; -unsigned char authreq_license[] = { - 0x02, 0x03, 0x26, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x0a, 0x00, 0x37, 0x58, 0x0f, 0xc6, - 0x59, 0xfb, 0x03, 0xb2, 0x2a, 0xb7, 0xfa, 0x65, 0xac, 0x02, 0x8d, 0x8b, 0xda, 0xf7, 0xc5, 0x20, - 0x1b, 0xe3, 0x65, 0x26, 0xc4, 0x6a -}; unsigned char result_license[] = { - 0xff, 0x03, 0x10, 0x00, 0x08, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x6a, 0xbd, 0x00, 0x00 + 0xff, 0x03, 0x10, 0x00, 0x07, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0xa0, 0x5f, 0x00, 0x00 +}; + +unsigned char demand_active[] = { + 0x24, 0x01, 0x11, 0x00, 0xea, 0x03, 0xea, 0x03, 0x01, 0x00, 0x04, 0x00, 0x0e, 0x01, 0x52, 0x44, + 0x50, 0x00, 0x09, 0x00, 0x00, 0x00, 0x09, 0x00, 0x08, 0x00, 0xea, 0x03, 0x40, 0xe4, 0x01, 0x00, + 0x18, 0x00, 0x01, 0x00, 0x03, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x11, 0x04, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x0e, 0x00, 0x04, 0x00, 0x02, 0x00, 0x1c, 0x00, 0x08, 0x00, + 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x20, 0x03, 0x58, 0x02, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, + 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x03, 0x00, 0x58, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x42, 0x0f, 0x00, 0x01, 0x00, + 0x14, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x22, 0x00, 0x01, 0x01, 0x01, 0x01, 0x01, 0x00, + 0x00, 0x00, 0x01, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x00, 0x01, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0xa1, 0x06, 0x00, 0x00, 0x40, 0x42, + 0x0f, 0x00, 0x40, 0x42, 0x0f, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, + 0x08, 0x00, 0x06, 0x00, 0x00, 0x00, 0x12, 0x00, 0x08, 0x00, 0x01, 0x00, 0x00, 0x00, 0x08, 0x00, + 0x0a, 0x00, 0x01, 0x00, 0x19, 0x00, 0x19, 0x00, 0x0d, 0x00, 0x58, 0x00, 0x35, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0xed, 0xbf, 0xa5, 0xcd, 0xb1, 0xae, 0xbe, + 0x88, 0x35, 0x56, 0xe5, 0xc2, 0x01, 0xaf, 0xbe, 0xc8, 0xed, 0xbf, 0xa5, 0x8c, 0x33, 0x40, 0xe4, + 0x08, 0x30, 0x40, 0xe4, 0x01, 0x00, 0x00, 0x00, 0x08, 0x30, 0x40, 0xe4, 0x00, 0x00, 0x00, 0x00, + 0xc0, 0xed, 0xbf, 0xa5, 0x34, 0xf5, 0xae, 0xbe, 0x08, 0x30, 0x40, 0xe4, 0xb4, 0xed, 0xbf, 0xa5, + 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x0a, 0x00, 0x01, 0x00, 0x19, 0x00, 0x19, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00 }; #define EXPECT8(value) { in_uint8(s, unknown); if (unknown != (value)) printf("Unknown value on code line %u; expected 0x%x, got 0x%x\n", __LINE__, (value), unknown); } @@ -806,6 +826,7 @@ process_presented_license(STREAM s) // now we can generate the keys we need licence_generate_keys(client_license_random, demand_license + 4, client_license_rsa_data); +// send_authreq(); } /* Receive secure transport packet */ @@ -838,9 +859,21 @@ sec_recv(void) if (tag == LICENCE_TAG_PRESENT) { process_presented_license(s); + + s = sec_init(sizeof(result_license), SEC_LICENCE_NEG); + out_uint8p(s, result_license, sizeof(result_license)); + s_mark_end(s); + sec_send(s, SEC_LICENCE_NEG); + + //g_licence_issued = 1; + + printf("Sending DEMAND_ACTIVE (0x%x bytes)\n", sizeof(demand_active)); + s = sec_init(sizeof(demand_active), SEC_ENCRYPT); + out_uint8p(s, demand_active, sizeof(demand_active)); + s_mark_end(s); + sec_send(s, SEC_ENCRYPT); } - //licence_process(s); continue; }